Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

17pholmes101186.exe And Mrofinu1001186.exe


  • This topic is locked This topic is locked
38 replies to this topic

#1 helpT_T

helpT_T

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 05 July 2008 - 07:43 PM

Prior to running this program I had restored my PC to the oldest date possible to see if I could simply get rid of this problem that way, didn't work. This is the reason for the 2005 AV.
Also, after seeing this 'log' I went ahead and removed what it added to my hosts file, just so you know.

Main:


Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-05 18:31:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-07-05 23:31:32 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-07-05 18:29:15 UTC - RP3 - Installed Java™ 6 Update 6
2: 2008-07-05 18:00:29 UTC - RP2 - ComboFix created restore point
1: 2008-07-05 09:42:21 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:19 PM, on 7/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\mrofinu1001186.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sakora] C:\Program Files\Sakora\Sakora.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9334 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 pxark - c:\windows\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>

S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
S3 catchme - c:\combofix\catchme.sys (file missing)
S3 PcdrNdisuio (PCDRNDISUIO Usermode I/O Protocol) - c:\windows\system32\drivers\pcdrndisuio.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CSIScanner - "c:\program files\prevxcsi\prevxcsi.exe" /service <Not Verified; Prevx; Prevx>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-05 18:08:09 268 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-05 04:22:18 286 --a------ C:\WINDOWS\Tasks\Easy Internet Sign-up.job
2008-07-02 11:20:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-05-28 02:40:16 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-06-05 and 2008-07-05 -----------------------------

2008-07-05 18:33:26 55296 --a------ C:\WINDOWS\17PHolmes1001186.exe
2008-07-05 18:33:09 0 d-------- C:\Program Files\Trend Micro
2008-07-05 13:25:17 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Sun
2008-07-05 13:05:46 41984 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-07-05 13:00:00 78848 --a------ C:\WINDOWS\zip.exe
2008-07-05 13:00:00 97860 --a------ C:\WINDOWS\VFind.exe
2008-07-05 13:00:00 223232 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-05 13:00:00 148480 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-05 13:00:00 205824 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-05 13:00:00 109568 --a------ C:\WINDOWS\sed.exe
2008-07-05 13:00:00 91164 --a------ C:\WINDOWS\grep.exe
2008-07-05 13:00:00 101792 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47:54 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47:54 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-05 12:30:30 0 dr-hs---- C:\cmdcons
2008-07-05 12:30:17 0 d-------- C:\WINDOWS\setupupd
2008-07-05 12:01:53 0 d-------- C:\Program Files\Sakora
2008-07-05 11:57:08 17408 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-07-05 11:57:08 0 d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:51:32 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Macromedia
2008-07-05 04:07:09 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Recent
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Templates
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Start Menu
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\SendTo
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\PrintHood
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\NetHood
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\My Documents
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Favorites
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Desktop
2008-07-05 04:05:38 0 d---s---- C:\Documents and Settings\Compaq_Owner.DILLON\Cookies
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Real
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Identities
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05:37 1048576 --ah----- C:\Documents and Settings\Compaq_Owner.DILLON\NTUSER.DAT
2008-07-05 03:34:40 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34:28 0 d-------- C:\Program Files\Belarc
2008-06-27 17:45:55 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44:41 0 d-------- C:\Python25
2008-06-27 17:27:22 0 d-------- C:\Program Files\i.Hex
2008-06-27 16:25:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39:43 0 d-------- C:\Program Files\sisagp
2008-06-26 20:39:31 253952 --a------ C:\WINDOWS\Progress.exe <Not Verified;; Progress Application>
2008-06-26 20:39:13 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-25 20:20:25 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Sun
2008-06-25 01:57:07 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00:19 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 02:14:00 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-22 19:35:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 03:22:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\WinRAR
2008-06-22 02:38:12 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01:39 0 d-------- C:\Program Files\Windows Live
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Templates
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\SendTo
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\PrintHood
2008-06-21 15:42:31 2097152 --ah----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NTUSER.DAT
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NetHood
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\My Documents
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Local Settings
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Favorites
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Desktop
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Cookies
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Real
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Microsoft
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Identities
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 14:10:20 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Macromedia
2008-06-21 14:10:19 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Adobe
2008-06-21 14:08:51 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Mozilla
2008-06-21 13:44:33 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Recent
2008-06-19 13:21:22 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14:28 0 d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17:00 0 d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47:04 0 d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56:13 0 d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34:21 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07:31 0 d-------- C:\webserver
2008-06-12 23:18:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25:23 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22:12 0 d-------- C:\Program Files\Tencent


-- Find3M Report ---------------------------------------------------------------

2008-07-05 13:30:24 0 d-------- C:\Program Files\Java
2008-07-05 04:22:18 0 d-------- C:\Program Files\Easy Internet signup
2008-07-05 03:45:46 0 d-------- C:\Program Files\Windows NT
2008-07-05 03:45:41 0 d-------- C:\Program Files\Movie Maker
2008-07-05 03:45:40 0 d-------- C:\Program Files\Messenger
2008-07-01 23:22:56 2317 --a------ C:\WINDOWS\mozver.dat
2008-06-22 22:08:42 69385 --a------ C:\WINDOWS\hpoins05.dat
2008-06-04 01:25:21 331776 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-04 01:25:20 83968 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 20:48:58 0 d-------- C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 20:48:47 102400 --a------ C:\Program Files\[S][E][X].exe <Not Verified; The team; [S][E][X]>
2008-06-01 14:00:23 0 d-------- C:\Program Files\Web Publish
2008-05-31 17:20:55 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 23:35:57 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 23:27:28 17408 --a------ C:\WINDOWS\sysgz.dll
2008-05-27 12:33:50 0 d-------- C:\Program Files\VentSrv
2008-05-25 14:01:40 0 d-------- C:\Program Files\softnyx
2008-05-24 18:00:27 0 d-------- C:\Program Files\AoA Audio Extractor
2008-05-19 14:16:52 0 d-------- C:\Program Files\mIRC
2008-05-14 12:48:54 0 d-------- C:\Program Files\Topaz Labs LLC
2008-05-12 22:51:36 0 d-------- C:\Program Files\CamStudio
2008-05-12 22:38:37 0 d-------- C:\Program Files\Frontcam
2008-05-12 22:24:07 0 d-------- C:\Program Files\HyCam2
2008-05-10 20:07:29 0 d-------- C:\Program Files\DNA


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [01/04/2005 06:54 PM C:\WINDOWS\system32\SiSPower.dll]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/03/2004 01:59 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 06:22 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 05:36 PM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 09:29 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [02/26/2005 12:34 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 03:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/28/2005 02:05 AM]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [07/05/2008 04:45 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Sakora"=C:\Program Files\Sakora\Sakora.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [1/17/2008 10:59:58 PM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [5/28/2005 2:17:01 AM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [5/28/2005 1:54:29 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info
127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info
127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info
127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info
127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info


-- End of Deckard's System Scanner: finished at 2008-07-05 18:33:45 ------------

Extra


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3400+
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 383.48 MiB / 118.07 MiB
Pagefile Memory (total/avail): 920.57 MiB / 657.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.84 MiB

C: is Fixed (NTFS) - 227.76 GiB total, 109.92 GiB free.
D: is Fixed (FAT32) - 5.1 GiB total, 0.37 GiB free.
E: is CDROM (CDFS)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2500KS-00MJB0 - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 5.11 GiB - D:
\PARTITION1 (bootable) - Installable File System - 227.76 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Norton Internet Security v2005 (Symantec Corporation)
AV: Norton Internet Security v2005 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"="C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe:*:Enabled:BackWeb for Presario"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Compaq_Owner.DILLON\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DILLON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Compaq_Owner.DILLON
LOGONSERVER=\\DILLON
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\COMPAQ~1.DIL\LOCALS~1\Temp
TMP=C:\DOCUME~1\COMPAQ~1.DIL\LOCALS~1\Temp
USERDOMAIN=DILLON
USERNAME=Compaq_Owner
USERPROFILE=C:\Documents and Settings\Compaq_Owner.DILLON
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Compaq_Owner.DILLON (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem --> agrsmdel
Blackhawk Striker 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Holidays from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D06AB82F-D68E-405A-9886-AB8804291B6D\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Bounce Symphony from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CC_ccProxyExt --> MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
ccPxyCore --> MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Compaq Connections --> C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 6750491
Compaq Organize --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Crystal Maze from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Final Drive Nitro from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\657A0149-EEC7-4FB2-AB4F-CB7AA027748E\Uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help and Support Additions --> WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HP Boot Optimizer --> MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
KBD --> C:\HP\KBD\KBD.EXE uninstalled
Lexibox Deluxe from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE --> MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Norton AntiSpam --> MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security --> MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security --> MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security --> MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security --> MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security --> MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security --> MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Internet Security 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Security Center --> MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update --> MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Overball from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\FA7F5211-C629-4711-BD82-7DFFB08CB518\Uninstall.exe"
PC-Doctor for Windows --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Phoenix Assault from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\CCCDE323-C76D-44DA-BB5B-B8ABE767756E\Uninstall.exe"
Polar Bowler from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Prevx CSI --> "C:\Program Files\PrevxCSI\prevxcsi.exe" /prop UNINSTALL=Y
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove Adobe Photoshop Album 2.0 Starter Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Adobe_PhotoShop_Album\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Microsoft Money 2005 installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove WeatherBug installer --> c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\WeatherBug\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Shooting Stars Pool from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem1.inf
Slyder from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E\Uninstall.exe"
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpySubtract --> C:\Program Files\InterMute\SpySubtract\SpySub.exe -uninstall
Super Granny from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tradewinds from Compaq (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type21 / Error
Event Submitted/Written: 07/05/2008 00:12:01 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application MTE3MTk6ODoxNg.exe, version 0.0.0.0, faulting module MTE3MTk6ODoxNg.exe, version 0.0.0.0, fault address 0x0000eb4c.
Processing media-specific event for [MTE3MTk6ODoxNg.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type91 / Warning
Event Submitted/Written: 07/05/2008 01:04:23 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type72 / Error
Event Submitted/Written: 07/05/2008 00:50:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type71 / Error
Event Submitted/Written: 07/05/2008 00:49:21 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
AmdK8
Fips
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SYMTDI
Tcpip

Event Record #/Type70 / Error
Event Submitted/Written: 07/05/2008 00:49:21 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type69 / Error
Event Submitted/Written: 07/05/2008 00:49:21 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-07-05 18:33:45 ------------

Thanks in advance for the assistance.

Edited by helpT_T, 06 July 2008 - 03:51 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 06 July 2008 - 06:46 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Also post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 06 July 2008 - 08:14 PM

Hi Sam, thank you for taking the time to help me :thumbsup:


Malwarebytes' Log

Malwarebytes' Anti-Malware 1.19
Database version: 929
Windows 5.1.2600 Service Pack 2

7:55:15 PM 7/6/2008
mbam-log-7-6-2008 (19-55-15).txt

Scan type: Quick Scan
Objects scanned: 53373
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\TEMP\VRR1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRR40.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRR46.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRR4F.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRRC9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\VRRCB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings\Temporary Internet Files\Content.IE5\01234567\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1001186.exe (Trojan.Agent) -> Delete on reboot.




New DDS log
Main:

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-06 20:08:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:08:45 PM, on 7/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9089 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 20:01:12 55296 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-07-06 02:00:19 0 d-------- C:\Program Files\Panda Security
2008-07-06 01:53:02 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Malwarebytes
2008-07-06 01:52:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 01:52:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 01:52:48 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 01:41:39 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Adobe
2008-07-06 01:37:02 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla
2008-07-05 18:33:09 0 d-------- C:\Program Files\Trend Micro
2008-07-05 13:25:17 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Sun
2008-07-05 13:00:00 78848 --a------ C:\WINDOWS\zip.exe
2008-07-05 13:00:00 97860 --a------ C:\WINDOWS\VFind.exe
2008-07-05 13:00:00 223232 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-05 13:00:00 148480 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-05 13:00:00 205824 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-05 13:00:00 109568 --a------ C:\WINDOWS\sed.exe
2008-07-05 13:00:00 91164 --a------ C:\WINDOWS\grep.exe
2008-07-05 13:00:00 101792 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47:54 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47:54 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-05 12:30:30 0 dr-hs---- C:\cmdcons
2008-07-05 12:30:17 0 d-------- C:\WINDOWS\setupupd
2008-07-05 11:57:08 17408 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-07-05 11:57:08 0 d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:51:32 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Macromedia
2008-07-05 04:07:09 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Recent
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Templates
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Start Menu
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\SendTo
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\PrintHood
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\NetHood
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\My Documents
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Favorites
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Desktop
2008-07-05 04:05:38 0 d---s---- C:\Documents and Settings\Compaq_Owner.DILLON\Cookies
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Real
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Identities
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05:37 1310720 --ah----- C:\Documents and Settings\Compaq_Owner.DILLON\NTUSER.DAT
2008-07-05 03:34:40 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34:28 0 d-------- C:\Program Files\Belarc
2008-06-27 17:45:55 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44:41 0 d-------- C:\Python25
2008-06-27 17:27:22 0 d-------- C:\Program Files\i.Hex
2008-06-27 16:25:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39:43 0 d-------- C:\Program Files\sisagp
2008-06-26 20:39:31 253952 --a------ C:\WINDOWS\Progress.exe <Not Verified; ; Progress Application>
2008-06-26 20:39:13 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-25 20:20:25 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Sun
2008-06-25 01:57:07 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00:19 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 02:14:00 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-22 19:35:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 03:22:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\WinRAR
2008-06-22 02:38:12 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01:39 0 d-------- C:\Program Files\Windows Live
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Templates
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\SendTo
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\PrintHood
2008-06-21 15:42:31 2097152 --ah----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NTUSER.DAT
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NetHood
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\My Documents
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Local Settings
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Favorites
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Desktop
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Cookies
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Real
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Microsoft
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Identities
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 14:10:20 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Macromedia
2008-06-21 14:10:19 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Adobe
2008-06-21 14:08:51 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Mozilla
2008-06-21 13:44:33 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Recent
2008-06-19 13:21:22 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14:28 0 d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17:00 0 d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47:04 0 d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56:13 0 d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34:21 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07:31 0 d-------- C:\webserver
2008-06-12 23:18:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25:23 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22:12 0 d-------- C:\Program Files\Tencent


-- Find3M Report ---------------------------------------------------------------

2008-07-06 02:33:26 153600 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-07-06 02:33:25 180736 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 134144 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 120832 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-07-06 02:16:35 366080 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:32 127488 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:31 133120 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:30 184320 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:29 139264 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:29 241664 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:26 154624 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:16 246272 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-07-06 02:16:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:16:13 143360 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-07-06 02:16:12 151552 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:12 259072 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:10 442368 --a------ C:\WINDOWS\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:09 268288 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-07-06 02:16:05 76800 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:04 180224 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:38 124416 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:36 1141248 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:22 102400 --a------ C:\WINDOWS\ALCXMNTR.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Audio - Event Monitor>
2008-07-06 01:52:48 0 d-------- C:\Program Files\Common Files
2008-07-05 13:30:24 0 d-------- C:\Program Files\Java
2008-07-05 04:22:18 0 d-------- C:\Program Files\Easy Internet signup
2008-07-05 03:45:46 0 d-------- C:\Program Files\Windows NT
2008-07-05 03:45:41 0 d-------- C:\Program Files\Movie Maker
2008-07-05 03:45:40 0 d-------- C:\Program Files\Messenger
2008-07-01 23:22:56 2317 --a------ C:\WINDOWS\mozver.dat
2008-06-22 22:08:42 69385 --a------ C:\WINDOWS\hpoins05.dat
2008-06-04 01:25:21 331776 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-04 01:25:20 83968 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 20:48:58 0 d-------- C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 20:48:47 102400 --a------ C:\Program Files\[S][E][X].exe <Not Verified; The team; [S][E][X]>
2008-06-01 14:00:23 0 d-------- C:\Program Files\Web Publish
2008-05-31 17:20:55 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 23:35:57 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 23:27:28 17408 --a------ C:\WINDOWS\sysgz.dll
2008-05-27 12:33:50 0 d-------- C:\Program Files\VentSrv
2008-05-25 14:01:40 0 d-------- C:\Program Files\softnyx
2008-05-24 18:00:27 0 d-------- C:\Program Files\AoA Audio Extractor
2008-05-19 14:16:52 0 d-------- C:\Program Files\mIRC
2008-05-14 12:48:54 0 d-------- C:\Program Files\Topaz Labs LLC
2008-05-12 22:51:36 0 d-------- C:\Program Files\CamStudio
2008-05-12 22:38:37 0 d-------- C:\Program Files\Frontcam
2008-05-12 22:24:07 0 d-------- C:\Program Files\HyCam2
2008-05-10 20:07:29 0 d-------- C:\Program Files\DNA


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [01/04/2005 06:54 PM C:\WINDOWS\system32\SiSPower.dll]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/03/2004 01:59 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 06:22 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 05:36 PM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 09:29 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [07/06/2008 02:16 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 03:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/06/2008 02:15 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [07/06/2008 08:01 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/06/2008 02:15 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [1/17/2008 10:59:58 PM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [5/28/2005 2:17:01 AM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [5/28/2005 1:54:29 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-07-06 20:09:04 ------------


Extra.txt didn't pop up this time. So if you need that as well, I'm sorry...

Thanks again for the assistance.

Edited by helpT_T, 06 July 2008 - 08:15 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 07 July 2008 - 07:36 AM

No problem, we only need the main.txt from here on out.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


=================


Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\mrofinu1001186.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Even if it doesn't ask you to, make sure to reboot your computer now.


Please post a new log from DSS.
Let me know how your computer is behaving now.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 July 2008 - 12:54 PM

After I had finished with 'OTMoveIt2' and went to restart. explorer.exe would crash when I pressed the "Turn Off Computer" button in the start menu. After I manually shut down/turned back on, everything seems to be the same. Except for the crashing of explorer upon that button click, that seems to be fine now.

OTMoveIt2 Log

C:\WINDOWS\mrofinu1001186.exe moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07072008_123852

Main:

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-07 12:44:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:45 PM, on 7/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\sslaunch.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9058 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-07 12:43:38 41984 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-07-07 03:32:46 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\vlc
2008-07-06 02:00:19 0 d-------- C:\Program Files\Panda Security
2008-07-06 01:53:02 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Malwarebytes
2008-07-06 01:52:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 01:52:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 01:52:48 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 01:41:39 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Adobe
2008-07-06 01:37:02 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla
2008-07-05 18:33:09 0 d-------- C:\Program Files\Trend Micro
2008-07-05 13:25:17 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Sun
2008-07-05 13:00:00 78848 --a------ C:\WINDOWS\zip.exe
2008-07-05 13:00:00 97860 --a------ C:\WINDOWS\VFind.exe
2008-07-05 13:00:00 223232 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-05 13:00:00 148480 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-05 13:00:00 205824 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-05 13:00:00 109568 --a------ C:\WINDOWS\sed.exe
2008-07-05 13:00:00 91164 --a------ C:\WINDOWS\grep.exe
2008-07-05 13:00:00 101792 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47:54 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47:54 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-05 12:30:30 0 dr-hs---- C:\cmdcons
2008-07-05 12:30:17 0 d-------- C:\WINDOWS\setupupd
2008-07-05 11:57:08 17408 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-07-05 11:57:08 0 d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:51:32 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Macromedia
2008-07-05 04:07:09 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Recent
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Templates
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Start Menu
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\SendTo
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\PrintHood
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\NetHood
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\My Documents
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Favorites
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Desktop
2008-07-05 04:05:38 0 d---s---- C:\Documents and Settings\Compaq_Owner.DILLON\Cookies
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Real
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Identities
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05:37 1310720 --ah----- C:\Documents and Settings\Compaq_Owner.DILLON\NTUSER.DAT
2008-07-05 03:34:40 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34:28 0 d-------- C:\Program Files\Belarc
2008-06-27 17:45:55 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44:41 0 d-------- C:\Python25
2008-06-27 17:27:22 0 d-------- C:\Program Files\i.Hex
2008-06-27 16:25:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39:43 0 d-------- C:\Program Files\sisagp
2008-06-26 20:39:31 253952 --a------ C:\WINDOWS\Progress.exe <Not Verified; ; Progress Application>
2008-06-26 20:39:13 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-25 20:20:25 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Sun
2008-06-25 01:57:07 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00:19 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 02:14:00 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-22 19:35:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 03:22:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\WinRAR
2008-06-22 02:38:12 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01:39 0 d-------- C:\Program Files\Windows Live
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Templates
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\SendTo
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\PrintHood
2008-06-21 15:42:31 2097152 --ah----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NTUSER.DAT
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NetHood
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\My Documents
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Local Settings
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Favorites
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Desktop
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Cookies
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Real
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Microsoft
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Identities
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 14:10:20 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Macromedia
2008-06-21 14:10:19 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Adobe
2008-06-21 14:08:51 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Mozilla
2008-06-21 13:44:33 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Recent
2008-06-19 13:21:22 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14:28 0 d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17:00 0 d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47:04 0 d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56:13 0 d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34:21 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07:31 0 d-------- C:\webserver
2008-06-12 23:18:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25:23 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22:12 0 d-------- C:\Program Files\Tencent


-- Find3M Report ---------------------------------------------------------------

2008-07-06 02:33:26 153600 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-07-06 02:33:25 180736 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 134144 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 120832 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-07-06 02:16:35 366080 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:32 127488 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:31 133120 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:30 184320 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:29 139264 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:29 241664 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:26 154624 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:16 246272 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-07-06 02:16:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:16:13 143360 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-07-06 02:16:12 151552 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:12 259072 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:10 442368 --a------ C:\WINDOWS\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:09 268288 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-07-06 02:16:05 76800 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:04 180224 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:38 124416 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:36 1141248 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:22 102400 --a------ C:\WINDOWS\ALCXMNTR.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Audio - Event Monitor>
2008-07-06 01:52:48 0 d-------- C:\Program Files\Common Files
2008-07-05 13:30:24 0 d-------- C:\Program Files\Java
2008-07-05 04:22:18 0 d-------- C:\Program Files\Easy Internet signup
2008-07-05 03:45:46 0 d-------- C:\Program Files\Windows NT
2008-07-05 03:45:41 0 d-------- C:\Program Files\Movie Maker
2008-07-05 03:45:40 0 d-------- C:\Program Files\Messenger
2008-07-01 23:22:56 2317 --a------ C:\WINDOWS\mozver.dat
2008-06-22 22:08:42 69385 --a------ C:\WINDOWS\hpoins05.dat
2008-06-04 01:25:21 331776 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-04 01:25:20 83968 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 20:48:58 0 d-------- C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 20:48:47 102400 --a------ C:\Program Files\[S][E][X].exe <Not Verified; The team; [S][E][X]>
2008-06-01 14:00:23 0 d-------- C:\Program Files\Web Publish
2008-05-31 17:20:55 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 23:35:57 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 23:27:28 17408 --a------ C:\WINDOWS\sysgz.dll
2008-05-27 12:33:50 0 d-------- C:\Program Files\VentSrv
2008-05-25 14:01:40 0 d-------- C:\Program Files\softnyx
2008-05-24 18:00:27 0 d-------- C:\Program Files\AoA Audio Extractor
2008-05-19 14:16:52 0 d-------- C:\Program Files\mIRC
2008-05-14 12:48:54 0 d-------- C:\Program Files\Topaz Labs LLC
2008-05-12 22:51:36 0 d-------- C:\Program Files\CamStudio
2008-05-12 22:38:37 0 d-------- C:\Program Files\Frontcam
2008-05-12 22:24:07 0 d-------- C:\Program Files\HyCam2
2008-05-10 20:07:29 0 d-------- C:\Program Files\DNA


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [01/04/2005 06:54 PM C:\WINDOWS\system32\SiSPower.dll]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/03/2004 01:59 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 06:22 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 05:36 PM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 09:29 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [07/06/2008 02:16 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 03:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/06/2008 02:15 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [07/07/2008 12:43 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/06/2008 02:15 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [1/17/2008 10:59:58 PM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [5/28/2005 2:17:01 AM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [5/28/2005 1:54:29 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-07-07 12:45:10 ------------

Thanks again Sam :thumbsup:

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 07 July 2008 - 02:15 PM

It's still hanging in there.

Download and scan with the free 15 day trial of Counterspy
Save the report when it's finished:
  • Once Counterspy has done scanning,the 'Scan Results' box will appear.
  • Click on 'View Results'.
  • Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to Remove.
  • Then click on Take Action.
  • Once everything has been removed,click on View Details.
  • Copy and Paste those details into your next reply here.

================


Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 July 2008 - 03:04 PM

When I tried to install 'Counterspy' I get this error.
Posted Image

So, I couldn't do that.

ComboFix log:

ComboFix 08-07-04.6 - Compaq_Owner 2008-07-07 14:49:33.2 - NTFSx86
Running from: C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 12:38 . 2008-07-07 12:38 <DIR> d-------- C:\_OTMoveIt
2008-07-07 03:32 . 2008-07-07 03:32 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\vlc
2008-07-06 02:00 . 2008-07-06 02:00 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 02:00 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-06 01:53 . 2008-07-06 01:53 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Malwarebytes
2008-07-06 01:53 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 01:52 . 2008-07-06 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 01:52 . 2008-07-06 01:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 01:52 . 2008-07-06 01:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 01:52 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:33 . 2008-07-05 18:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 18:31 . 2008-07-05 18:31 <DIR> d-------- C:\Deckard
2008-07-05 13:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-05 12:47 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47 . 2008-07-05 12:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-05 11:57 . 2008-07-05 11:57 <DIR> d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57 . 2008-07-06 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:57 . 2008-07-05 11:57 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-05 04:06 . 2004-08-04 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-05 04:05 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05 . 2008-07-05 04:07 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON
2008-07-05 04:05 . 2008-07-05 04:06 1,872 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PY059AA-ABA SR1550NX NA530_YC_0Pres_QCNH525_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M384_J250_7AMD_8Athlon 64_92.41_#070423_N10390900_Z11C1048C_G10396330.MRK
2008-07-05 04:03 . 2005-05-28 02:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-05 03:57 . 2004-08-04 01:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-05 03:57 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 03:34 . 2008-07-05 03:44 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34 . 2008-07-03 00:34 <DIR> d-------- C:\Program Files\Belarc
2008-06-27 17:45 . 2008-06-27 17:50 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44 . 2008-06-27 17:45 <DIR> d-------- C:\Python25
2008-06-27 17:27 . 2008-07-04 22:35 <DIR> d-------- C:\Program Files\i.Hex
2008-06-27 16:25 . 2008-06-27 16:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56 . 2008-06-27 00:56 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39 . 2008-06-26 20:39 <DIR> d-------- C:\Program Files\sisagp
2008-06-26 20:39 . 2008-06-26 20:40 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-26 20:39 . 2006-03-22 21:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-06-26 20:39 . 2006-04-12 19:35 253,952 --a------ C:\WINDOWS\Progress.exe
2008-06-25 01:57 . 2008-06-25 02:00 <DIR> d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00 . 2008-06-24 10:00 <DIR> d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 09:58 . 2008-06-24 09:58 268 --ah----- C:\sqmdata13.sqm
2008-06-24 09:58 . 2008-06-24 09:58 244 --ah----- C:\sqmnoopt13.sqm
2008-06-24 02:14 . 2008-06-24 02:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-23 03:43 . 2008-06-23 03:43 268 --ah----- C:\sqmdata12.sqm
2008-06-23 03:43 . 2008-06-23 03:43 244 --ah----- C:\sqmnoopt12.sqm
2008-06-22 19:35 . 2008-07-01 18:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 14:39 . 2008-06-22 14:39 268 --ah----- C:\sqmdata11.sqm
2008-06-22 14:39 . 2008-06-22 14:39 244 --ah----- C:\sqmnoopt11.sqm
2008-06-22 02:38 . 2008-06-24 09:58 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01 . 2008-06-22 02:37 <DIR> d-------- C:\Program Files\Windows Live
2008-06-21 15:42 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 15:42 . 2008-06-27 17:45 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002
2008-06-19 13:21 . 2008-06-19 13:21 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14 . 2008-06-19 12:14 <DIR> d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17 . 2008-06-18 01:17 <DIR> d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47 . 2008-06-18 00:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56 . 2008-06-17 15:19 <DIR> d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34 . 2008-06-13 11:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07 . 2008-06-26 17:33 <DIR> d-------- C:\webserver
2008-06-12 23:18 . 2008-06-12 23:23 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25 . 2008-06-11 10:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22 . 2008-06-13 11:33 <DIR> d-------- C:\Program Files\Tencent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 07:33 180,736 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2008-07-06 07:33 153,600 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-07-06 07:33 134,144 ----a-w C:\WINDOWS\system32\spoolsv.exe
2008-07-06 07:33 120,832 ----a-w C:\WINDOWS\system32\alg.exe
2008-07-06 07:33 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-07-06 07:15 124,416 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-07-06 07:15 102,400 ----a-w C:\WINDOWS\ALCXMNTR.EXE
2008-07-06 07:15 1,141,248 ----a-w C:\WINDOWS\explorer.exe
2008-07-05 18:30 --------- d-----w C:\Program Files\Java
2008-07-05 09:22 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-27 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-06-22 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-21 17:55 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\DNA
2008-06-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 16:01 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-06-04 06:25 83,968 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-04 06:25 331,776 ----a-w C:\WINDOWS\Setup1.exe
2008-06-02 01:48 102,400 ----a-w C:\Program Files\[S][E][X].exe
2008-06-02 01:48 --------- d-----w C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 19:00 --------- d-----w C:\Program Files\Web Publish
2008-05-31 22:20 --------- d-----w C:\Program Files\Apple Software Update
2008-05-31 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-31 04:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-31 04:35 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\SystemRequirementsLab
2008-05-28 04:27 17,408 ----a-w C:\WINDOWS\sysgz.dll
2008-05-28 04:05 --------- d--h--w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\ijjigame
2008-05-27 17:33 --------- d-----w C:\Program Files\VentSrv
2008-05-27 00:51 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Winamp
2008-05-25 19:01 --------- d-----w C:\Program Files\softnyx
2008-05-24 23:00 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-05-23 22:24 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Ventrilo
2008-05-20 18:43 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\mIRC
2008-05-20 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nexon
2008-05-19 19:16 --------- d-----w C:\Program Files\mIRC
2008-05-14 17:48 --------- d-----w C:\Program Files\Topaz Labs LLC
2008-05-13 03:51 --------- d-----w C:\Program Files\CamStudio
2008-05-13 03:38 --------- d-----w C:\Program Files\Frontcam
2008-05-13 03:24 --------- d-----w C:\Program Files\HyCam2
2008-05-11 01:07 --------- d-----w C:\Program Files\DNA
2008-01-07 01:07 166 ----a-w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.000\Application Data\wklnhst.dat
.

------- Sigcheck -------

2008-07-06 02:15 1141248 db8e138652062cfbb93621f1bdf21a4b C:\WINDOWS\explorer.exe
2007-06-13 06:26 1043968 fb237eddcc9a4b593ccf7aafb064f16b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:00 1042944 373ed79f059451fce67c5f6d44668ed7 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 06:00 1042944 cda52e87bd17dfeaac944e6216d2737c C:\WINDOWS\system32\dllcache\explorer.exe

2008-07-06 02:15 124416 29a3fd06645654f6a93fb1b5cdd7b7aa C:\WINDOWS\system32\ctfmon.exe
2004-08-04 06:00 91648 048fee5ce0a2c1cfedfeecd1d8443ab7 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 19:17 68608 c77f5ad4fba717436a9f46f4c9c4d177 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 06:00 68608 74d2f8c3f9d107f6b47657cc26259661 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-07-06 02:33 134144 31712d8d78c568180785835a1f146e4c C:\WINDOWS\system32\spoolsv.exe
2004-08-04 06:00 101376 baf64a9d999d348dc506b6afe3407175 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot@2008-07-05_13.12.52.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 18:00:00 75,264 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
+ 2004-08-04 18:00:00 86,016 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
- 2008-07-05 17:50:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 17:42:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-12-14 18:02:20 901,120 ------w C:\WINDOWS\CREATOR\ToolsCDLauncher.exe
+ 2004-12-14 18:02:20 933,888 ------w C:\WINDOWS\CREATOR\ToolsCDLauncher.exe
- 2006-08-10 01:29:32 540,672 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HGStart9USA.exe
+ 2006-08-10 01:29:32 651,264 ----a-w C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HGStart9USA.exe
- 2002-07-26 08:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2002-07-26 08:13:12 274,432 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
- 2007-06-14 21:50:14 1,038,336 ----a-r C:\WINDOWS\Installer\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}\Icon0E6AB9FC.exe
+ 2007-06-14 21:50:14 1,049,088 ----a-r C:\WINDOWS\Installer\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}\Icon0E6AB9FC.exe
- 2007-06-14 21:50:14 178,688 ----a-r C:\WINDOWS\Installer\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}\Icon0E6AB9FC1.exe
+ 2007-06-14 21:50:14 222,208 ----a-r C:\WINDOWS\Installer\{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}\Icon0E6AB9FC1.exe
- 2005-01-27 04:57:04 166,912 ----a-r C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
+ 2005-01-27 04:57:04 210,432 ----a-r C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
- 2007-06-18 08:02:02 32,768 ----a-r C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
+ 2007-06-18 08:02:02 45,056 ----a-r C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
- 2008-06-23 03:07:52 65,536 ----a-r C:\WINDOWS\Installer\{8F7A4D82-B168-4F89-99C2-B9873EC877AF}\ARPPRODUCTICON.exe
+ 2008-06-23 03:07:52 77,824 ----a-r C:\WINDOWS\Installer\{8F7A4D82-B168-4F89-99C2-B9873EC877AF}\ARPPRODUCTICON.exe
- 2008-06-23 03:07:52 29,184 ----a-r C:\WINDOWS\Installer\{8F7A4D82-B168-4F89-99C2-B9873EC877AF}\Icon8F7A4D82.exe
+ 2008-06-23 03:07:52 39,936 ----a-r C:\WINDOWS\Installer\{8F7A4D82-B168-4F89-99C2-B9873EC877AF}\Icon8F7A4D82.exe
- 2005-05-28 07:14:01 44,544 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2005-05-28 07:14:01 55,296 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2005-05-28 07:14:01 27,136 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2005-05-28 07:14:01 37,888 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2005-05-28 07:14:01 4,096 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2005-05-28 07:14:01 14,848 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2005-05-28 07:14:01 23,040 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2005-05-28 07:14:01 33,792 ----a-r C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-04-24 08:06:15 32,768 ----a-r C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\icon.exe
+ 2007-04-24 08:06:15 45,056 ----a-r C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\icon.exe
- 2008-06-28 07:11:48 65,536 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
+ 2008-06-28 07:11:48 77,824 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\BridgeCommonShortcut_B74D4E101033000000000001_1.exe
- 2008-06-28 07:11:48 1,904,640 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe
+ 2008-06-28 07:11:48 2,015,232 ----a-r C:\WINDOWS\Installer\{B74D4E10-1033-0000-0000-000000000001}\ESLaunchShortcut_B74D4E10103300000000000000000001.exe
- 2005-05-28 07:15:07 131,072 ----a-r C:\WINDOWS\Installer\{BE20E2F5-1903-4AAE-B1AF-2046E586C925}\ARPPRODUCTICON.exe
+ 2005-05-28 07:15:07 143,360 ----a-r C:\WINDOWS\Installer\{BE20E2F5-1903-4AAE-B1AF-2046E586C925}\ARPPRODUCTICON.exe
- 2005-05-28 07:15:07 131,072 ----a-r C:\WINDOWS\Installer\{BE20E2F5-1903-4AAE-B1AF-2046E586C925}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
+ 2005-05-28 07:15:07 143,360 ----a-r C:\WINDOWS\Installer\{BE20E2F5-1903-4AAE-B1AF-2046E586C925}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe
- 2008-06-22 08:03:29 32,768 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
+ 2008-06-22 08:03:29 77,824 ----a-r C:\WINDOWS\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
- 2008-06-28 07:15:37 65,536 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
+ 2008-06-28 07:15:37 77,824 ----a-r C:\WINDOWS\Installer\{E9787678-1033-0000-8E67-000000000001}\AppLanuchShortcut_E9787678103300008E67000000000001_1.exe
- 2003-02-21 09:09:46 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2003-02-21 09:09:46 135,168 ----a-w C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe
- 2004-07-15 15:49:18 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2004-07-15 15:49:18 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
- 2004-07-15 15:49:26 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2008-07-06 07:16:01 110,592 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
- 2004-07-15 15:49:22 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 15:49:22 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 21:24:10 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 21:24:10 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
- 2004-07-16 01:23:28 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2004-07-16 01:23:28 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
- 2003-02-21 18:12:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 18:12:24 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
- 2003-10-09 04:30:14 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-10-09 04:30:14 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
- 2003-02-21 21:24:38 7,680 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 21:24:38 18,432 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
- 2004-07-15 14:35:30 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 14:35:30 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
- 2003-02-21 21:24:42 15,872 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 21:24:42 26,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
- 2003-02-21 21:24:52 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 21:24:52 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe
- 2004-07-16 04:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2004-07-16 04:28:50 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
- 2004-07-16 04:28:50 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-16 04:28:50 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
- 2004-08-11 06:20:00 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2004-08-11 06:20:00 118,784 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
- 2003-02-21 09:09:46 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-21 09:09:46 151,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
- 2003-02-21 21:25:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 21:25:24 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
- 2003-02-21 21:25:30 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 21:25:30 23,040 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
- 2004-06-23 03:51:38 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-06-23 03:51:38 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
- 2004-07-16 01:23:20 737,280 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-16 01:23:20 749,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
- 2007-10-24 07:47:22 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2007-10-24 07:47:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
- 2007-10-24 07:47:22 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2007-10-24 07:47:22 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
- 2007-10-24 07:47:22 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2007-10-24 07:47:22 217,088 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
- 2007-10-24 07:47:40 106,496 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2007-10-24 07:47:40 184,320 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
- 2007-10-24 07:47:28 5,120 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2007-10-24 07:47:28 81,408 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
- 2007-10-24 07:47:40 9,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2007-10-24 07:47:40 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
- 2007-10-24 07:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2007-10-24 07:47:40 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
- 2007-10-24 07:47:34 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2007-10-24 07:47:34 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
- 2007-10-24 07:47:36 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2007-10-24 07:47:36 147,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
- 2007-10-24 07:47:40 53,248 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2007-10-24 07:47:40 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
- 2007-10-24 07:47:40 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2007-10-24 07:47:40 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
- 2007-10-11 15:55:14 159,744 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
+ 2007-10-11 15:55:14 237,568 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe
- 2007-10-11 15:55:10 864,256 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
+ 2007-10-11 15:55:10 909,312 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
- 2007-10-11 15:55:14 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
+ 2007-10-11 15:55:14 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe
- 2007-10-11 15:55:14 122,880 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
+ 2007-10-11 15:55:14 233,472 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
- 2007-10-11 15:55:14 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
+ 2007-10-11 15:55:14 253,952 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe
- 2007-10-09 18:58:12 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
+ 2007-10-09 18:58:12 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
- 2000-08-31 13:00:00 74,240 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 107,008 ----a-w C:\WINDOWS\Nircmd.exe
- 1998-05-07 16:04:38 63,488 ----a-w C:\WINDOWS\system\hpsysdrv.exe
+ 2008-07-06 07:15:48 129,024 ----a-w C:\WINDOWS\system\hpsysdrv.exe
- 2004-08-04 11:00:00 153,088 ----a-w C:\WINDOWS\system32\chkntfs.exe
+ 2004-08-04 11:00:00 185,856 ----a-w C:\WINDOWS\system32\chkntfs.exe
- 2004-08-04 11:00:00 114,688 ----a-w C:\WINDOWS\system32\cisvc.exe
+ 2008-07-06 07:16:04 180,224 ----a-w C:\WINDOWS\system32\cisvc.exe
- 2004-08-04 11:00:00 44,032 ----a-w C:\WINDOWS\system32\clipsrv.exe
+ 2008-07-06 07:16:05 76,800 ----a-w C:\WINDOWS\system32\clipsrv.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\Com\comrepl.exe
+ 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\Com\comrepl.exe
- 2004-08-04 11:00:00 5,120 ----a-w C:\WINDOWS\system32\Com\comrereg.exe
+ 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\Com\comrereg.exe
- 2008-07-05 17:50:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-07-07 17:42:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-07-05 17:50:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-07-07 17:42:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-07-05 17:50:50 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-07 17:42:44 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-07 19:32:27 11,776 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YDOT8R01\unpr[1].exe
+ 2008-07-07 19:31:38 1,760 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YPMRAP4V\wpad[1].dat
- 2004-08-04 11:00:00 183,808 ----a-w C:\WINDOWS\system32\dllcache\accwiz.exe
+ 2004-08-04 11:00:00 194,560 ----a-w C:\WINDOWS\system32\dllcache\accwiz.exe
- 2004-08-04 11:00:00 4,096 ----a-w C:\WINDOWS\system32\dllcache\actmovie.exe
+ 2004-08-04 11:00:00 47,616 ----a-w C:\WINDOWS\system32\dllcache\actmovie.exe
- 2003-03-25 06:52:04 16,439 ----a-w C:\WINDOWS\system32\dllcache\admin.exe
+ 2003-03-25 06:52:04 28,727 ----a-w C:\WINDOWS\system32\dllcache\admin.exe
- 2004-08-04 11:00:00 256,512 ----a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2004-08-04 11:00:00 267,264 ----a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\ahui.exe
+ 2004-08-04 11:00:00 109,056 ----a-w C:\WINDOWS\system32\dllcache\ahui.exe
- 2004-08-04 11:00:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\alg.exe
+ 2004-08-04 11:00:00 153,600 ----a-w C:\WINDOWS\system32\dllcache\alg.exe
- 2004-08-04 11:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\arp.exe
+ 2004-08-04 11:00:00 128,512 ----a-w C:\WINDOWS\system32\dllcache\arp.exe
- 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\at.exe
+ 2004-08-04 11:00:00 35,840 ----a-w C:\WINDOWS\system32\dllcache\at.exe
- 2004-08-04 11:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\atmadm.exe
+ 2004-08-04 11:00:00 54,784 ----a-w C:\WINDOWS\system32\dllcache\atmadm.exe
- 2004-08-04 11:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\attrib.exe
+ 2004-08-04 11:00:00 120,320 ----a-w C:\WINDOWS\system32\dllcache\attrib.exe
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\auditusr.exe
+ 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\auditusr.exe
- 2003-03-25 06:52:04 16,439 ----a-w C:\WINDOWS\system32\dllcache\author.exe
+ 2003-03-25 06:52:04 28,727 ----a-w C:\WINDOWS\system32\dllcache\author.exe
- 2004-08-04 11:00:00 42,577 ----a-w C:\WINDOWS\system32\dllcache\bckgzm.exe
+ 2004-08-04 11:00:00 151,633 ----a-w C:\WINDOWS\system32\dllcache\bckgzm.exe
- 2004-08-04 11:00:00 71,680 ----a-w C:\WINDOWS\system32\dllcache\blastcln.exe
+ 2004-08-04 11:00:00 180,736 ----a-w C:\WINDOWS\system32\dllcache\blastcln.exe
- 2004-08-04 11:00:00 4,608 ----a-w C:\WINDOWS\system32\dllcache\bootok.exe
+ 2004-08-04 11:00:00 80,896 ----a-w C:\WINDOWS\system32\dllcache\bootok.exe
- 2004-08-04 11:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe
+ 2004-08-04 11:00:00 48,640 ----a-w C:\WINDOWS\system32\dllcache\bootvrfy.exe
- 2004-08-04 11:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\cacls.exe
+ 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\dllcache\cacls.exe
- 2004-08-04 11:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\calc.exe
+ 2004-08-04 11:00:00 158,208 ----a-w C:\WINDOWS\system32\dllcache\calc.exe
- 2004-08-04 11:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\cb32.exe
+ 2004-08-04 11:00:00 24,576 ----a-w C:\WINDOWS\system32\dllcache\cb32.exe
- 2003-03-25 06:52:04 188,480 ----a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
+ 2003-03-25 06:52:04 200,768 ----a-w C:\WINDOWS\system32\dllcache\cfgwiz.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\change.exe
+ 2004-08-04 11:00:00 53,248 ----a-w C:\WINDOWS\system32\dllcache\change.exe
- 2004-08-04 11:00:00 80,384 ----a-w C:\WINDOWS\system32\dllcache\charmap.exe
+ 2004-08-04 11:00:00 123,904 ----a-w C:\WINDOWS\system32\dllcache\charmap.exe
- 2004-08-04 11:00:00 13,312 ----a-w C:\WINDOWS\system32\dllcache\chglogon.exe
+ 2004-08-04 11:00:00 56,832 ----a-w C:\WINDOWS\system32\dllcache\chglogon.exe
- 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\chgport.exe
+ 2004-08-04 11:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\chgport.exe
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\chgusr.exe
+ 2004-08-04 11:00:00 57,856 ----a-w C:\WINDOWS\system32\dllcache\chgusr.exe
- 2004-08-04 11:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
+ 2004-08-04 11:00:00 22,528 ----a-w C:\WINDOWS\system32\dllcache\chkdsk.exe
- 2004-08-04 11:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\chkntfs.exe
+ 2004-08-04 11:00:00 54,784 ----a-w C:\WINDOWS\system32\dllcache\chkntfs.exe
- 2004-08-04 11:00:00 42,575 ----a-w C:\WINDOWS\system32\dllcache\chkrzm.exe
+ 2004-08-04 11:00:00 53,327 ----a-w C:\WINDOWS\system32\dllcache\chkrzm.exe
- 2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\cidaemon.exe
+ 2004-08-04 11:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\cidaemon.exe
- 2004-08-04 11:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\cisvc.exe
+ 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\cisvc.exe
- 2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\dllcache\ckcnv.exe
+ 2004-08-04 11:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\ckcnv.exe
- 2004-08-04 11:00:00 64,000 ----a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe
+ 2004-08-04 11:00:00 140,288 ----a-w C:\WINDOWS\system32\dllcache\cleanmgr.exe
- 2004-08-04 11:00:00 102,912 ----a-w C:\WINDOWS\system32\dllcache\clipbrd.exe
+ 2004-08-04 11:00:00 146,432 ----a-w C:\WINDOWS\system32\dllcache\clipbrd.exe
- 2004-08-04 11:00:00 33,280 ----a-w C:\WINDOWS\system32\dllcache\clipsrv.exe
+ 2004-08-04 11:00:00 109,568 ----a-w C:\WINDOWS\system32\dllcache\clipsrv.exe
- 2004-08-04 11:00:00 388,608 ----a-w C:\WINDOWS\system32\dllcache\cmd.exe
+ 2004-08-04 11:00:00 464,896 ----a-w C:\WINDOWS\system32\dllcache\cmd.exe
- 2004-08-04 11:00:00 47,104 ----a-w C:\WINDOWS\system32\dllcache\cmdl32.exe
+ 2004-08-04 11:00:00 90,624 ----a-w C:\WINDOWS\system32\dllcache\cmdl32.exe
- 2004-08-04 11:00:00 39,936 ----a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
+ 2004-08-04 11:00:00 50,688 ----a-w C:\WINDOWS\system32\dllcache\cmmon32.exe
- 2004-08-04 11:00:00 63,488 ----a-w C:\WINDOWS\system32\dllcache\cmstp.exe
+ 2004-08-04 11:00:00 74,240 ----a-w C:\WINDOWS\system32\dllcache\cmstp.exe
- 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\comp.exe
+ 2004-08-04 11:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\comp.exe
- 2004-08-04 11:00:00 17,408 ----a-w C:\WINDOWS\system32\dllcache\compact.exe
+ 2004-08-04 11:00:00 28,160 ----a-w C:\WINDOWS\system32\dllcache\compact.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\comrepl.exe
+ 2004-08-04 11:00:00 53,248 ----a-w C:\WINDOWS\system32\dllcache\comrepl.exe
- 2004-08-04 11:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\comrereg.exe
+ 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\comrereg.exe
- 2004-08-04 11:00:00 1,032,192 ----a-w C:\WINDOWS\system32\dllcache\conf.exe
+ 2004-08-04 11:00:00 1,077,248 ----a-w C:\WINDOWS\system32\dllcache\conf.exe
- 2004-08-04 11:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\conime.exe
+ 2004-08-04 11:00:00 38,400 ----a-w C:\WINDOWS\system32\dllcache\conime.exe
- 2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\control.exe
+ 2004-08-04 11:00:00 84,480 ----a-w C:\WINDOWS\system32\dllcache\control.exe
- 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\convert.exe
+ 2004-08-04 11:00:00 24,576 ----a-w C:\WINDOWS\system32\dllcache\convert.exe
- 2004-08-04 11:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\cprofile.exe
+ 2004-08-04 11:00:00 128,000 ----a-w C:\WINDOWS\system32\dllcache\cprofile.exe
- 2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2004-08-04 11:00:00 110,592 ----a-w C:\WINDOWS\system32\dllcache\cscript.exe
- 2004-08-04 11:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe
+ 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\dcomcnfg.exe
- 2004-08-04 11:00:00 30,208 ----a-w C:\WINDOWS\system32\dllcache\ddeshare.exe
+ 2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\ddeshare.exe
- 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\defrag.exe
+ 2004-08-04 11:00:00 35,840 ----a-w C:\WINDOWS\system32\dllcache\defrag.exe
- 2004-08-04 11:00:00 82,432 ----a-w C:\WINDOWS\system32\dllcache\dfrgfat.exe
+ 2004-08-04 11:00:00 125,952 ----a-w C:\WINDOWS\system32\dllcache\dfrgfat.exe
- 2004-08-04 11:00:00 104,960 ----a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe
+ 2004-08-04 11:00:00 148,480 ----a-w C:\WINDOWS\system32\dllcache\dfrgntfs.exe
- 2004-08-04 11:00:00 539,136 ----a-w C:\WINDOWS\system32\dllcache\dialer.exe
+ 2004-08-04 11:00:00 549,888 ----a-w C:\WINDOWS\system32\dllcache\dialer.exe
- 2004-08-04 11:00:00 85,504 ----a-w C:\WINDOWS\system32\dllcache\diantz.exe
+ 2004-08-04 11:00:00 194,560 ----a-w C:\WINDOWS\system32\dllcache\diantz.exe
- 2004-08-04 11:00:00 163,840 ----a-w C:\WINDOWS\system32\dllcache\diskpart.exe
+ 2004-08-04 11:00:00 207,360 ----a-w C:\WINDOWS\system32\dllcache\diskpart.exe
- 2004-08-04 11:00:00 17,920 ----a-w C:\WINDOWS\system32\dllcache\diskperf.exe
+ 2004-08-04 11:00:00 28,672 ----a-w C:\WINDOWS\system32\dllcache\diskperf.exe
- 2004-08-04 11:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\dllhost.exe
+ 2004-08-04 11:00:00 48,640 ----a-w C:\WINDOWS\system32\dllcache\dllhost.exe
- 2004-08-04 11:00:00 4,608 ----a-w C:\WINDOWS\system32\dllcache\dllhst3g.exe
+ 2004-08-04 11:00:00 48,128 ----a-w C:\WINDOWS\system32\dllcache\dllhst3g.exe
- 2004-08-04 11:00:00 224,768 ----a-w C:\WINDOWS\system32\dllcache\dmadmin.exe
+ 2004-08-04 11:00:00 268,288 ----a-w C:\WINDOWS\system32\dllcache\dmadmin.exe
- 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\dmremote.exe
+ 2004-08-04 11:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\dmremote.exe
- 2004-08-04 11:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\doskey.exe
+ 2004-08-04 11:00:00 54,272 ----a-w C:\WINDOWS\system32\dllcache\doskey.exe
- 2004-08-04 11:00:00 30,208 ----a-w C:\WINDOWS\system32\dllcache\dplaysvr.exe
+ 2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\dplaysvr.exe
- 2004-08-04 11:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\dpnsvr.exe
+ 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\dllcache\dpnsvr.exe
- 2004-08-04 11:00:00 83,456 ----a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
+ 2004-08-04 11:00:00 94,208 ----a-w C:\WINDOWS\system32\dllcache\dpvsetup.exe
- 2004-08-04 11:00:00 45,568 ----a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
+ 2004-08-04 11:00:00 56,320 ----a-w C:\WINDOWS\system32\dllcache\drwtsn32.exe
- 2004-08-04 11:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\dumprep.exe
+ 2004-08-04 11:00:00 119,808 ----a-w C:\WINDOWS\system32\dllcache\dumprep.exe
- 2004-08-04 11:00:00 17,920 ----a-w C:\WINDOWS\system32\dllcache\dvdupgrd.exe
+ 2004-08-04 11:00:00 126,976 ----a-w C:\WINDOWS\system32\dllcache\dvdupgrd.exe
- 2004-08-04 11:00:00 180,224 ----a-w C:\WINDOWS\system32\dllcache\dwwin.exe
+ 2004-08-04 11:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\dwwin.exe
- 2004-08-04 11:00:00 1,298,432 ----a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
+ 2004-08-04 11:00:00 1,310,720 ----a-w C:\WINDOWS\system32\dllcache\dxdiag.exe
- 2004-08-04 11:00:00 39,424 ----a-w C:\WINDOWS\system32\dllcache\esentutl.exe
+ 2004-08-04 11:00:00 50,176 ----a-w C:\WINDOWS\system32\dllcache\esentutl.exe
- 2004-08-04 11:00:00 193,024 ----a-w C:\WINDOWS\system32\dllcache\eudcedit.exe
+ 2004-08-04 11:00:00 203,776 ----a-w C:\WINDOWS\system32\dllcache\eudcedit.exe
- 2004-08-04 11:00:00 8,704 ----a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
+ 2004-08-04 11:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\eventvwr.exe
- 2004-08-04 11:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\evntcmd.exe
+ 2004-08-04 11:00:00 133,120 ----a-w C:\WINDOWS\system32\dllcache\evntcmd.exe
- 2004-08-04 11:00:00 92,160 ----a-w C:\WINDOWS\system32\dllcache\evntwin.exe
+ 2004-08-04 11:00:00 102,912 ----a-w C:\WINDOWS\system32\dllcache\evntwin.exe
- 2001-08-18 12:36:54 23,040 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
+ 2001-08-18 12:36:54 99,328 ----a-w C:\WINDOWS\system32\dllcache\EXCH_regtrace.exe
- 2004-08-04 18:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\expand.exe
+ 2004-08-04 18:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\expand.exe
- 2004-08-04 11:00:00 45,568 ----a-w C:\WINDOWS\system32\dllcache\extrac32.exe
+ 2004-08-04 11:00:00 56,320 ----a-w C:\WINDOWS\system32\dllcache\extrac32.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\fc.exe
+ 2004-08-04 11:00:00 123,904 ----a-w C:\WINDOWS\system32\dllcache\fc.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\find.exe
+ 2004-08-04 11:00:00 52,736 ----a-w C:\WINDOWS\system32\dllcache\find.exe
- 2004-08-04 11:00:00 27,136 ----a-w C:\WINDOWS\system32\dllcache\findstr.exe
+ 2004-08-04 11:00:00 37,888 ----a-w C:\WINDOWS\system32\dllcache\findstr.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\finger.exe
+ 2004-08-04 11:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\finger.exe
- 2004-08-04 11:00:00 3,072 ----a-w C:\WINDOWS\system32\dllcache\fixmapi.exe
+ 2004-08-04 11:00:00 79,360 ----a-w C:\WINDOWS\system32\dllcache\fixmapi.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\flattemp.exe
+ 2004-08-04 11:00:00 91,136 ----a-w C:\WINDOWS\system32\dllcache\flattemp.exe
- 2004-08-04 11:00:00 22,528 ----a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2004-08-04 11:00:00 131,584 ----a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-04 11:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe
+ 2004-08-04 11:00:00 97,280 ----a-w C:\WINDOWS\system32\dllcache\fontview.exe
- 2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\forcedos.exe
+ 2004-08-04 11:00:00 17,920 ----a-w C:\WINDOWS\system32\dllcache\forcedos.exe
- 2003-03-25 06:52:04 14,608 ----a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
+ 2003-03-25 06:52:04 25,360 ----a-w C:\WINDOWS\system32\dllcache\fp98sadm.exe
- 2003-03-25 06:52:04 109,328 ----a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
+ 2003-03-25 06:52:04 185,616 ----a-w C:\WINDOWS\system32\dllcache\fp98swin.exe
- 2003-03-25 06:52:04 24,632 ----a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe
+ 2003-03-25 06:52:04 36,920 ----a-w C:\WINDOWS\system32\dllcache\fpadmcgi.exe
- 2003-03-25 06:52:04 188,494 ----a-w C:\WINDOWS\system32\dllcache\fpcount.exe
+ 2003-03-25 06:52:04 299,086 ----a-w C:\WINDOWS\system32\dllcache\fpcount.exe
- 2003-03-25 06:52:04 20,538 ----a-w C:\WINDOWS\system32\dllcache\fpremadm.exe
+ 2003-03-25 06:52:04 98,362 ----a-w C:\WINDOWS\system32\dllcache\fpremadm.exe
- 2004-08-04 11:00:00 55,296 ----a-w C:\WINDOWS\system32\dllcache\freecell.exe
+ 2004-08-04 11:00:00 66,048 ----a-w C:\WINDOWS\system32\dllcache\freecell.exe
- 2004-08-04 11:00:00 56,320 ----a-w C:\WINDOWS\system32\dllcache\fsutil.exe
+ 2004-08-04 11:00:00 132,608 ----a-w C:\WINDOWS\system32\dllcache\fsutil.exe
- 2004-08-04 11:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2004-08-04 11:00:00 53,248 ----a-w C:\WINDOWS\system32\dllcache\ftp.exe
- 2004-08-04 11:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\fxsclnt.exe
+ 2004-08-04 11:00:00 154,112 ----a-w C:\WINDOWS\system32\dllcache\fxsclnt.exe
- 2004-08-04 11:00:00 229,376 ----a-w C:\WINDOWS\system32\dllcache\fxscover.exe
+ 2004-08-04 11:00:00 305,664 ----a-w C:\WINDOWS\system32\dllcache\fxscover.exe
- 2004-08-04 11:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\fxssend.exe
+ 2004-08-04 11:00:00 54,784 ----a-w C:\WINDOWS\system32\dllcache\fxssend.exe
- 2004-08-04 11:00:00 267,776 ----a-w C:\WINDOWS\system32\dllcache\fxssvc.exe
+ 2004-08-04 11:00:00 311,296 ----a-w C:\WINDOWS\system32\dllcache\fxssvc.exe
- 2004-08-04 11:00:00 39,424 ----a-w C:\WINDOWS\system32\dllcache\grpconv.exe
+ 2004-08-04 11:00:00 50,176 ----a-w C:\WINDOWS\system32\dllcache\grpconv.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\help.exe
+ 2004-08-04 11:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\help.exe
- 2004-08-04 11:00:00 768,512 ----a-w C:\WINDOWS\system32\dllcache\helpctr.exe
+ 2004-08-04 11:00:00 779,264 ----a-w C:\WINDOWS\system32\dllcache\helpctr.exe
- 2004-08-04 11:00:00 99,840 ----a-w C:\WINDOWS\system32\dllcache\helphost.exe
+ 2004-08-04 11:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\helphost.exe
- 2004-08-04 11:00:00 743,936 ----a-w C:\WINDOWS\system32\dllcache\helpsvc.exe
+ 2004-08-04 11:00:00 754,688 ----a-w C:\WINDOWS\system32\dllcache\helpsvc.exe
- 2004-08-04 11:00:00 10,752 ----a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2004-08-04 11:00:00 87,040 ----a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\dllcache\hostname.exe
+ 2004-08-04 11:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\hostname.exe
- 2004-08-04 11:00:00 42,573 ----a-w C:\WINDOWS\system32\dllcache\hrtzzm.exe
+ 2004-08-04 11:00:00 86,093 ----a-w C:\WINDOWS\system32\dllcache\hrtzzm.exe
- 2004-08-04 11:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\hscupd.exe
+ 2004-08-04 11:00:00 62,464 ----a-w C:\WINDOWS\system32\dllcache\hscupd.exe
- 2004-08-04 11:00:00 214,528 ----a-w C:\WINDOWS\system32\dllcache\icwconn1.exe
+ 2004-08-04 11:00:00 225,280 ----a-w C:\WINDOWS\system32\dllcache\icwconn1.exe
- 2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\icwconn2.exe
+ 2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\icwconn2.exe
- 2004-08-04 11:00:00 24,576 ----a-w C:\WINDOWS\system32\dllcache\icwrmind.exe
+ 2004-08-04 11:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\icwrmind.exe
- 2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\icwtutor.exe
+ 2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\icwtutor.exe
- 2004-08-04 11:00:00 34,304 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2004-08-04 11:00:00 45,056 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2004-08-04 11:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 11:00:00 93,184 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2004-08-04 11:00:00 136,704 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2004-08-04 11:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\iexpress.exe
+ 2004-08-04 11:00:00 223,744 ----a-w C:\WINDOWS\system32\dllcache\iexpress.exe
- 2004-08-04 11:00:00 150,016 ----a-w C:\WINDOWS\system32\dllcache\imapi.exe
+ 2004-08-04 11:00:00 160,768 ----a-w C:\WINDOWS\system32\dllcache\imapi.exe
- 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\inetwiz.exe
+ 2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\inetwiz.exe
- 2004-08-04 11:00:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\ipconfig.exe
+ 2004-08-04 11:00:00 99,328 ----a-w C:\WINDOWS\system32\dllcache\ipconfig.exe
- 2004-08-04 11:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\ipsec6.exe
+ 2004-08-04 11:00:00 54,784 ----a-w C:\WINDOWS\system32\dllcache\ipsec6.exe
- 2004-08-04 11:00:00 53,248 ----a-w C:\WINDOWS\system32\dllcache\ipv6.exe
+ 2004-08-04 11:00:00 64,000 ----a-w C:\WINDOWS\system32\dllcache\ipv6.exe
- 2004-08-04 11:00:00 23,552 ----a-w C:\WINDOWS\system32\dllcache\ipxroute.exe
+ 2004-08-04 11:00:00 67,072 ----a-w C:\WINDOWS\system32\dllcache\ipxroute.exe
- 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\isignup.exe
+ 2004-08-04 11:00:00 94,208 ----a-w C:\WINDOWS\system32\dllcache\isignup.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\label.exe
+ 2004-08-04 11:00:00 53,248 ----a-w C:\WINDOWS\system32\dllcache\label.exe
- 2004-08-04 11:00:00 29,696 ----a-w C:\WINDOWS\system32\dllcache\lights.exe
+ 2004-08-04 11:00:00 40,448 ----a-w C:\WINDOWS\system32\dllcache\lights.exe
- 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\lnkstub.exe
+ 2004-08-04 11:00:00 101,376 ----a-w C:\WINDOWS\system32\dllcache\lnkstub.exe
- 2004-08-04 11:00:00 75,264 ----a-w C:\WINDOWS\system32\dllcache\locator.exe
+ 2004-08-04 11:00:00 118,784 ----a-w C:\WINDOWS\system32\dllcache\locator.exe
- 2004-08-04 11:00:00 5,120 ----a-w C:\WINDOWS\system32\dllcache\lodctr.exe
+ 2004-08-04 11:00:00 48,640 ----a-w C:\WINDOWS\system32\dllcache\lodctr.exe
- 2004-08-11 15:45:04 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2004-08-11 15:45:04 205,824 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 11:00:00 59,392 ----a-w C:\WINDOWS\system32\dllcache\logman.exe
+ 2004-08-04 11:00:00 70,144 ----a-w C:\WINDOWS\system32\dllcache\logman.exe
- 2004-08-04 11:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\logoff.exe
+ 2004-08-04 11:00:00 58,880 ----a-w C:\WINDOWS\system32\dllcache\logoff.exe
- 2004-08-04 11:00:00 220,672 ----a-w C:\WINDOWS\system32\dllcache\logon.scr
+ 2004-08-04 11:00:00 329,728 ----a-w C:\WINDOWS\system32\dllcache\logon.scr
- 2004-08-04 11:00:00 514,560 ----a-w C:\WINDOWS\system32\dllcache\logonui.exe
+ 2004-08-04 11:00:00 525,312 ----a-w C:\WINDOWS\system32\dllcache\logonui.exe
- 2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\lpq.exe
+ 2004-08-04 11:00:00 115,200 ----a-w C:\WINDOWS\system32\dllcache\lpq.exe
- 2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\lpr.exe
+ 2004-08-04 11:00:00 117,248 ----a-w C:\WINDOWS\system32\dllcache\lpr.exe
- 2004-08-04 11:00:00 13,312 ----a-w C:\WINDOWS\system32\dllcache\lsass.exe
+ 2004-08-04 11:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\lsass.exe
- 2004-08-04 11:00:00 72,704 ----a-w C:\WINDOWS\system32\dllcache\magnify.exe
+ 2004-08-04 11:00:00 83,456 ----a-w C:\WINDOWS\system32\dllcache\magnify.exe
- 2004-08-04 11:00:00 85,504 ----a-w C:\WINDOWS\system32\dllcache\makecab.exe
+ 2004-08-04 11:00:00 96,256 ----a-w C:\WINDOWS\system32\dllcache\makecab.exe
- 2004-08-04 11:00:00 34,304 ----a-w C:\WINDOWS\system32\dllcache\migisol.exe
+ 2004-08-04 11:00:00 110,592 ----a-w C:\WINDOWS\system32\dllcache\migisol.exe
- 2004-08-04 11:00:00 103,424 ----a-w C:\WINDOWS\system32\dllcache\migload.exe
+ 2004-08-04 11:00:00 146,944 ----a-w C:\WINDOWS\system32\dllcache\migload.exe
- 2004-08-11 15:45:04 991,232 ----a-w C:\WINDOWS\system32\dllcache\migrate.exe
+ 2004-08-11 15:45:04 1,101,824 ----a-w C:\WINDOWS\system32\dllcache\migrate.exe
- 2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2004-08-04 11:00:00 51,200 ----a-w C:\WINDOWS\system32\dllcache\migregdb.exe
- 2004-08-04 11:00:00 240,128 ----a-w C:\WINDOWS\system32\dllcache\migwiz.exe
+ 2004-08-04 11:00:00 349,184 ----a-w C:\WINDOWS\system32\dllcache\migwiz.exe
- 2004-08-04 11:00:00 236,032 ----a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe
+ 2004-08-04 11:00:00 246,784 ----a-w C:\WINDOWS\system32\dllcache\migwiz_a.exe
- 2004-08-04 11:00:00 815,104 ----a-w C:\WINDOWS\system32\dllcache\mmc.exe
+ 2004-08-04 11:00:00 825,856 ----a-w C:\WINDOWS\system32\dllcache\mmc.exe
- 2004-08-04 11:00:00 32,768 ----a-w C:\WINDOWS\system32\dllcache\mnmsrvc.exe
+ 2004-08-04 11:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\mnmsrvc.exe
- 2004-08-04 11:00:00 143,360 ----a-w C:\WINDOWS\system32\dllcache\mobsync.exe
+ 2004-08-04 11:00:00 219,648 ----a-w C:\WINDOWS\system32\dllcache\mobsync.exe
- 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\mofcomp.exe
+ 2004-08-04 11:00:00 125,440 ----a-w C:\WINDOWS\system32\dllcache\mofcomp.exe
- 2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\mountvol.exe
+ 2004-08-04 11:00:00 117,248 ----a-w C:\WINDOWS\system32\dllcache\mountvol.exe
- 2004-08-04 11:00:00 3,555,328 ----a-w C:\WINDOWS\system32\dllcache\moviemk.exe
+ 2004-08-04 11:00:00 3,566,080 ----a-w C:\WINDOWS\system32\dllcache\moviemk.exe
- 2004-08-04 11:00:00 123,392 ----a-w C:\WINDOWS\system32\dllcache\mplay32.exe
+ 2004-08-04 11:00:00 166,912 ----a-w C:\WINDOWS\system32\dllcache\mplay32.exe
- 2004-08-04 11:00:00 4,639 ----a-w C:\WINDOWS\system32\dllcache\mplayer2.exe
+ 2004-08-04 11:00:00 48,159 ----a-w C:\WINDOWS\system32\dllcache\mplayer2.exe
- 2004-08-04 11:00:00 22,016 ----a-w C:\WINDOWS\system32\dllcache\mpnotify.exe
+ 2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\dllcache\mpnotify.exe
- 2004-08-04 11:00:00 12,800 ----a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
+ 2004-08-04 11:00:00 56,320 ----a-w C:\WINDOWS\system32\dllcache\mrinfo.exe
- 2004-08-04 11:00:00 158,208 ----a-w C:\WINDOWS\system32\dllcache\msconfig.exe
+ 2004-08-04 11:00:00 168,960 ----a-w C:\WINDOWS\system32\dllcache\msconfig.exe
- 2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\dllcache\msdtc.exe
+ 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\msdtc.exe
- 2004-08-04 11:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\msg.exe
+ 2004-08-04 11:00:00 31,744 ----a-w C:\WINDOWS\system32\dllcache\msg.exe
- 2004-08-04 11:00:00 126,976 ----a-w C:\WINDOWS\system32\dllcache\mshearts.exe
+ 2004-08-04 11:00:00 236,032 ----a-w C:\WINDOWS\system32\dllcache\mshearts.exe
- 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
+ 2004-08-04 11:00:00 138,240 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
- 2004-08-04 11:00:00 77,312 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2004-08-04 11:00:00 88,064 ----a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\dllcache\msimn.exe
+ 2004-08-04 11:00:00 103,936 ----a-w C:\WINDOWS\system32\dllcache\msimn.exe
- 2004-08-04 11:00:00 39,936 ----a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
+ 2004-08-04 11:00:00 50,688 ----a-w C:\WINDOWS\system32\dllcache\msinfo32.exe
- 2004-08-04 11:00:00 40,960 ----a-w C:\WINDOWS\system32\dllcache\msiregmv.exe
+ 2004-08-04 11:00:00 51,712 ----a-w C:\WINDOWS\system32\dllcache\msiregmv.exe
- 2004-08-04 11:00:00 28,160 ----a-w C:\WINDOWS\system32\dllcache\msoobe.exe
+ 2004-08-04 11:00:00 137,216 ----a-w C:\WINDOWS\system32\dllcache\msoobe.exe
- 2004-08-04 11:00:00 343,040 ----a-w C:\WINDOWS\system32\dllcache\mspaint.exe
+ 2004-08-04 11:00:00 452,096 ----a-w C:\WINDOWS\system32\dllcache\mspaint.exe
- 2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\dllcache\msswchx.exe
+ 2004-08-04 11:00:00 17,408 ----a-w C:\WINDOWS\system32\dllcache\msswchx.exe
- 2004-08-04 11:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\mstinit.exe
+ 2004-08-04 11:00:00 23,040 ----a-w C:\WINDOWS\system32\dllcache\mstinit.exe
- 2004-08-04 11:00:00 407,552 ----a-w C:\WINDOWS\system32\dllcache\mstsc.exe
+ 2004-08-04 11:00:00 516,608 ----a-w C:\WINDOWS\system32\dllcache\mstsc.exe
- 2004-08-04 11:00:00 53,760 ----a-w C:\WINDOWS\system32\dllcache\narrator.exe
+ 2004-08-04 11:00:00 130,048 ----a-w C:\WINDOWS\system32\dllcache\narrator.exe
- 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\nbtstat.exe
+ 2004-08-04 11:00:00 31,232 ----a-w C:\WINDOWS\system32\dllcache\nbtstat.exe
- 2004-08-04 11:00:00 4,096 ----a-w C:\WINDOWS\system32\dllcache\nddeapir.exe
+ 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\nddeapir.exe
- 2004-08-04 11:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\net.exe
+ 2004-08-04 11:00:00 118,784 ----a-w C:\WINDOWS\system32\dllcache\net.exe
- 2004-08-04 11:00:00 124,928 ----a-w C:\WINDOWS\system32\dllcache\net1.exe
+ 2004-08-04 11:00:00 135,680 ----a-w C:\WINDOWS\system32\dllcache\net1.exe
- 2004-08-04 11:00:00 111,104 ----a-w C:\WINDOWS\system32\dllcache\netdde.exe
+ 2004-08-04 11:00:00 187,392 ----a-w C:\WINDOWS\system32\dllcache\netdde.exe
- 2004-08-04 18:00:00 329,728 ----a-w C:\WINDOWS\system32\dllcache\netsetup.exe
+ 2004-08-04 18:00:00 440,832 ----a-w C:\WINDOWS\system32\dllcache\netsetup.exe
- 2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\netsh.exe
+ 2004-08-04 11:00:00 96,768 ----a-w C:\WINDOWS\system32\dllcache\netsh.exe
- 2004-08-04 11:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\netstat.exe
+ 2004-08-04 11:00:00 145,920 ----a-w C:\WINDOWS\system32\dllcache\netstat.exe
- 2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\dllcache\notepad.exe
+ 2004-08-04 11:00:00 145,408 ----a-w C:\WINDOWS\system32\dllcache\notepad.exe
- 2004-08-04 11:00:00 35,328 ----a-w C:\WINDOWS\system32\dllcache\notiflag.exe
+ 2004-08-04 11:00:00 78,848 ----a-w C:\WINDOWS\system32\dllcache\notiflag.exe
- 2004-08-04 11:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\nppagent.exe
+ 2004-08-04 11:00:00 26,112 ----a-w C:\WINDOWS\system32\dllcache\nppagent.exe
- 2004-08-04 11:00:00 76,800 ----a-w C:\WINDOWS\system32\dllcache\nslookup.exe
+ 2004-08-04 11:00:00 87,552 ----a-w C:\WINDOWS\system32\dllcache\nslookup.exe
- 2004-08-04 18:00:00 31,744 ----a-w C:\WINDOWS\system32\dllcache\ntsd.exe
+ 2004-08-04 18:00:00 108,544 ----a-w C:\WINDOWS\system32\dllcache\ntsd.exe
- 2004-08-04 11:00:00 419,840 ----a-w C:\WINDOWS\system32\dllcache\ntvdm.exe
+ 2004-08-04 11:00:00 463,360 ----a-w C:\WINDOWS\system32\dllcache\ntvdm.exe
- 2004-08-04 11:00:00 32,768 ----a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
+ 2004-08-04 11:00:00 45,056 ----a-w C:\WINDOWS\system32\dllcache\odbcad32.exe
- 2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\dllcache\odbcconf.exe
+ 2004-08-04 11:00:00 81,920 ----a-w C:\WINDOWS\system32\dllcache\odbcconf.exe
- 2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\dllcache\oemig50.exe
+ 2004-08-04 11:00:00 71,168 ----a-w C:\WINDOWS\system32\dllcache\oemig50.exe
- 2004-08-04 11:00:00 51,200 ----a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
+ 2004-08-04 11:00:00 160,256 ----a-w C:\WINDOWS\system32\dllcache\oobebaln.exe
- 2004-08-04 11:00:00 215,552 ----a-w C:\WINDOWS\system32\dllcache\osk.exe
+ 2004-08-04 11:00:00 259,072 ----a-w C:\WINDOWS\system32\dllcache\osk.exe
- 2004-08-04 11:00:00 40,448 ----a-w C:\WINDOWS\system32\dllcache\osuninst.exe
+ 2004-08-04 11:00:00 51,200 ----a-w C:\WINDOWS\system32\dllcache\osuninst.exe
- 2004-08-04 11:00:00 58,368 ----a-w C:\WINDOWS\system32\dllcache\packager.exe
+ 2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\dllcache\packager.exe
- 2004-08-04 11:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\pathping.exe
+ 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\pathping.exe
- 2004-08-04 11:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\pentnt.exe
+ 2004-08-04 11:00:00 58,880 ----a-w C:\WINDOWS\system32\dllcache\pentnt.exe
- 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe
+ 2004-08-04 11:00:00 92,160 ----a-w C:\WINDOWS\system32\dllcache\perfmon.exe
- 2004-08-04 11:00:00 281,088 ----a-w C:\WINDOWS\system32\dllcache\pinball.exe
+ 2004-08-04 11:00:00 291,840 ----a-w C:\WINDOWS\system32\dllcache\pinball.exe
- 2004-08-04 11:00:00 17,920 ----a-w C:\WINDOWS\system32\dllcache\ping.exe
+ 2004-08-04 11:00:00 126,976 ----a-w C:\WINDOWS\system32\dllcache\ping.exe
- 2004-08-04 11:00:00 33,280 ----a-w C:\WINDOWS\system32\dllcache\ping6.exe
+ 2004-08-04 11:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\ping6.exe
- 2004-08-04 11:00:00 49,152 ----a-w C:\WINDOWS\system32\dllcache\powercfg.exe
+ 2004-08-04 11:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\powercfg.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\print.exe
+ 2004-08-04 11:00:00 118,272 ----a-w C:\WINDOWS\system32\dllcache\print.exe
- 2004-08-04 11:00:00 109,568 ----a-w C:\WINDOWS\system32\dllcache\progman.exe
+ 2004-08-04 11:00:00 153,088 ----a-w C:\WINDOWS\system32\dllcache\progman.exe
- 2004-08-04 11:00:00 50,176 ----a-w C:\WINDOWS\system32\dllcache\proquota.exe
+ 2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\dllcache\proquota.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\proxycfg.exe
+ 2004-08-04 11:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\proxycfg.exe
- 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\qappsrv.exe
+ 2004-08-04 11:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\qappsrv.exe
- 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\qprocess.exe
+ 2004-08-04 11:00:00 31,232 ----a-w C:\WINDOWS\system32\dllcache\qprocess.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\query.exe
+ 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\query.exe
- 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\quser.exe
+ 2004-08-04 11:00:00 27,136 ----a-w C:\WINDOWS\system32\dllcache\quser.exe
- 2004-08-04 11:00:00 22,016 ----a-w C:\WINDOWS\system32\dllcache\qwinsta.exe
+ 2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\dllcache\qwinsta.exe
- 2004-08-04 11:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\rasautou.exe
+ 2004-08-04 11:00:00 22,528 ----a-w C:\WINDOWS\system32\dllcache\rasautou.exe
- 2004-08-04 11:00:00 11,264 ----a-w C:\WINDOWS\system32\dllcache\rasdial.exe
+ 2004-08-04 11:00:00 87,552 ----a-w C:\WINDOWS\system32\dllcache\rasdial.exe
- 2004-08-04 11:00:00 56,832 ----a-w C:\WINDOWS\system32\dllcache\rasphone.exe
+ 2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\dllcache\rasphone.exe
- 2004-08-04 11:00:00 35,840 ----a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
+ 2004-08-04 11:00:00 46,592 ----a-w C:\WINDOWS\system32\dllcache\rcimlby.exe
- 2004-08-04 11:00:00 21,504 ----a-w C:\WINDOWS\system32\dllcache\rcp.exe
+ 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\rcp.exe
- 2004-08-04 11:00:00 62,464 ----a-w C:\WINDOWS\system32\dllcache\rdpclip.exe
+ 2004-08-04 11:00:00 73,216 ----a-w C:\WINDOWS\system32\dllcache\rdpclip.exe
- 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe
+ 2004-08-04 11:00:00 57,344 ----a-w C:\WINDOWS\system32\dllcache\rdsaddin.exe
- 2004-08-04 11:00:00 67,072 ----a-w C:\WINDOWS\system32\dllcache\rdshost.exe
+ 2004-08-04 11:00:00 110,592 ----a-w C:\WINDOWS\system32\dllcache\rdshost.exe
- 2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\dllcache\recover.exe
+ 2004-08-04 11:00:00 17,920 ----a-w C:\WINDOWS\system32\dllcache\recover.exe
- 2004-08-04 11:00:00 50,176 ----a-w C:\WINDOWS\system32\dllcache\reg.exe
+ 2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\dllcache\reg.exe
- 2004-08-04 18:00:00 146,432 ----a-w C:\WINDOWS\system32\dllcache\regedit.exe
+ 2004-08-04 18:00:00 157,184 ----a-w C:\WINDOWS\system32\dllcache\regedit.exe
- 2004-08-04 11:00:00 3,584 ----a-w C:\WINDOWS\system32\dllcache\regedt32.exe
+ 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\regedt32.exe
- 2004-08-04 11:00:00 33,792 ----a-w C:\WINDOWS\system32\dllcache\regini.exe
+ 2004-08-04 11:00:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\regini.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\register.exe
+ 2004-08-04 11:00:00 91,136 ----a-w C:\WINDOWS\system32\dllcache\register.exe
- 2004-08-04 11:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\regsvr32.exe
+ 2004-08-04 11:00:00 22,528 ----a-w C:\WINDOWS\system32\dllcache\regsvr32.exe
- 2004-08-04 11:00:00 4,608 ----a-w C:\WINDOWS\system32\dllcache\regwiz.exe
+ 2004-08-04 11:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\regwiz.exe
- 2004-08-04 11:00:00 12,800 ----a-w C:\WINDOWS\system32\dllcache\replace.exe
+ 2004-08-04 11:00:00 89,088 ----a-w C:\WINDOWS\system32\dllcache\replace.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\reset.exe
+ 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\reset.exe
- 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\rexec.exe
+ 2004-08-04 11:00:00 24,576 ----a-w C:\WINDOWS\system32\dllcache\rexec.exe
- 2004-08-04 11:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\route.exe
+ 2004-08-04 11:00:00 30,720 ----a-w C:\WINDOWS\system32\dllcache\route.exe
- 2004-08-04 11:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\routemon.exe
+ 2004-08-04 11:00:00 36,352 ----a-w C:\WINDOWS\system32\dllcache\routemon.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\rsh.exe
+ 2004-08-04 11:00:00 58,368 ----a-w C:\WINDOWS\system32\dllcache\rsh.exe
- 2004-08-04 11:00:00 49,152 ----a-w C:\WINDOWS\system32\dllcache\rsm.exe
+ 2004-08-04 11:00:00 125,440 ----a-w C:\WINDOWS\system32\dllcache\rsm.exe
- 2004-08-04 11:00:00 24,576 ----a-w C:\WINDOWS\system32\dllcache\rsmsink.exe
+ 2004-08-04 11:00:00 100,864 ----a-w C:\WINDOWS\system32\dllcache\rsmsink.exe
- 2004-08-04 11:00:00 49,152 ----a-w C:\WINDOWS\system32\dllcache\rsmui.exe
+ 2004-08-04 11:00:00 92,672 ----a-w C:\WINDOWS\system32\dllcache\rsmui.exe
- 2004-08-04 11:00:00 380,416 ----a-w C:\WINDOWS\system32\dllcache\rstrui.exe
+ 2004-08-04 11:00:00 391,168 ----a-w C:\WINDOWS\system32\dllcache\rstrui.exe
- 2004-08-04 11:00:00 132,608 ----a-w C:\WINDOWS\system32\dllcache\rsvp.exe
+ 2004-08-04 11:00:00 176,128 ----a-w C:\WINDOWS\system32\dllcache\rsvp.exe
- 2004-08-04 11:00:00 77,312 ----a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
+ 2004-08-04 11:00:00 88,064 ----a-w C:\WINDOWS\system32\dllcache\rtcshare.exe
- 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\runas.exe
+ 2004-08-04 11:00:00 27,136 ----a-w C:\WINDOWS\system32\dllcache\runas.exe
- 2004-08-04 11:00:00 33,280 ----a-w C:\WINDOWS\system32\dllcache\rundll32.exe
+ 2004-08-04 11:00:00 44,032 ----a-w C:\WINDOWS\system32\dllcache\rundll32.exe
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\runonce.exe
+ 2004-08-04 11:00:00 123,392 ----a-w C:\WINDOWS\system32\dllcache\runonce.exe
- 2004-08-04 11:00:00 42,574 ----a-w C:\WINDOWS\system32\dllcache\rvsezm.exe
+ 2004-08-04 11:00:00 118,862 ----a-w C:\WINDOWS\system32\dllcache\rvsezm.exe
- 2004-08-04 11:00:00 15,872 ----a-w C:\WINDOWS\system32\dllcache\rwinsta.exe
+ 2004-08-04 11:00:00 26,624 ----a-w C:\WINDOWS\system32\dllcache\rwinsta.exe
- 2004-08-04 11:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\sapisvr.exe
+ 2004-08-04 11:00:00 147,456 ----a-w C:\WINDOWS\system32\dllcache\sapisvr.exe
- 2004-08-04 11:00:00 13,312 ----a-w C:\WINDOWS\system32\dllcache\savedump.exe
+ 2004-08-04 11:00:00 122,368 ----a-w C:\WINDOWS\system32\dllcache\savedump.exe
- 2004-08-04 11:00:00 31,232 ----a-w C:\WINDOWS\system32\dllcache\sc.exe
+ 2004-08-04 11:00:00 41,984 ----a-w C:\WINDOWS\system32\dllcache\sc.exe
- 2004-08-04 11:00:00 95,744 ----a-w C:\WINDOWS\system32\dllcache\scardsvr.exe
+ 2004-08-04 11:00:00 106,496 ----a-w C:\WINDOWS\system32\dllcache\scardsvr.exe
- 2004-08-04 11:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\scrcons.exe
+ 2004-08-04 11:00:00 47,616 ----a-w C:\WINDOWS\system32\dllcache\scrcons.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\scrnsave.scr
+ 2004-08-04 11:00:00 52,736 ----a-w C:\WINDOWS\system32\dllcache\scrnsave.scr
- 2004-08-04 11:00:00 77,312 ----a-w C:\WINDOWS\system32\dllcache\sdbinst.exe
+ 2004-08-04 11:00:00 120,832 ----a-w C:\WINDOWS\system32\dllcache\sdbinst.exe
- 2004-08-04 11:00:00 108,032 ----a-w C:\WINDOWS\system32\dllcache\services.exe
+ 2004-08-04 11:00:00 118,784 ----a-w C:\WINDOWS\system32\dllcache\services.exe
- 2004-08-04 11:00:00 140,800 ----a-w C:\WINDOWS\system32\dllcache\sessmgr.exe
+ 2004-08-04 11:00:00 151,552 ----a-w C:\WINDOWS\system32\dllcache\sessmgr.exe
- 2004-08-04 11:00:00 31,232 ----a-w C:\WINDOWS\system32\dllcache\sethc.exe
+ 2004-08-04 11:00:00 140,288 ----a-w C:\WINDOWS\system32\dllcache\sethc.exe
- 2004-08-04 11:00:00 23,040 ----a-w C:\WINDOWS\system32\dllcache\setup.exe
+ 2004-08-04 11:00:00 33,792 ----a-w C:\WINDOWS\system32\dllcache\setup.exe
- 2004-08-11 15:45:04 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2004-08-11 15:45:04 929,792 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 11:00:00 73,216 ----a-w C:\WINDOWS\system32\dllcache\setup50.exe
+ 2004-08-04 11:00:00 149,504 ----a-w C:\WINDOWS\system32\dllcache\setup50.exe
- 2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\dllcache\sfc.exe
+ 2004-08-04 11:00:00 20,480 ----a-w C:\WINDOWS\system32\dllcache\sfc.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\shadow.exe
+ 2004-08-04 11:00:00 91,136 ----a-w C:\WINDOWS\system32\dllcache\shadow.exe
- 2004-08-04 11:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\shmgrate.exe
+ 2004-08-04 11:00:00 53,248 ----a-w C:\WINDOWS\system32\dllcache\shmgrate.exe
- 2004-08-04 11:00:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
+ 2004-08-04 11:00:00 88,576 ----a-w C:\WINDOWS\system32\dllcache\shrpubw.exe
- 2003-03-25 06:52:04 16,437 ----a-w C:\WINDOWS\system32\dllcache\shtml.exe
+ 2003-03-25 06:52:04 28,725 ----a-w C:\WINDOWS\system32\dllcache\shtml.exe
- 2004-08-04 11:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\shutdown.exe
+ 2004-08-04 11:00:00 30,208 ----a-w C:\WINDOWS\system32\dllcache\shutdown.exe
- 2004-08-04 11:00:00 42,573 ----a-w C:\WINDOWS\system32\dllcache\shvlzm.exe
+ 2004-08-04 11:00:00 86,093 ----a-w C:\WINDOWS\system32\dllcache\shvlzm.exe
- 2004-08-04 11:00:00 70,144 ----a-w C:\WINDOWS\system32\dllcache\sigverif.exe
+ 2004-08-04 11:00:00 179,200 ----a-w C:\WINDOWS\system32\dllcache\sigverif.exe
- 2004-08-04 11:00:00 26,112 ----a-w C:\WINDOWS\system32\dllcache\skeys.exe
+ 2004-08-04 11:00:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\skeys.exe
- 2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\smbinst.exe
+ 2004-08-04 11:00:00 51,712 ----a-w C:\WINDOWS\system32\dllcache\smbinst.exe
- 2004-08-04 11:00:00 236,544 ----a-w C:\WINDOWS\system32\dllcache\smi2smir.exe
+ 2004-08-04 11:00:00 345,600 ----a-w C:\WINDOWS\system32\dllcache\smi2smir.exe
- 2004-08-04 11:00:00 89,600 ----a-w C:\WINDOWS\system32\dllcache\smlogsvc.exe
+ 2004-08-04 11:00:00 133,120 ----a-w C:\WINDOWS\system32\dllcache\smlogsvc.exe
- 2004-08-04 11:00:00 131,584 ----a-w C:\WINDOWS\system32\dllcache\sndrec32.exe
+ 2004-08-04 11:00:00 142,336 ----a-w C:\WINDOWS\system32\dllcache\sndrec32.exe
- 2004-08-04 11:00:00 138,752 ----a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
+ 2004-08-04 11:00:00 149,504 ----a-w C:\WINDOWS\system32\dllcache\sndvol32.exe
- 2004-08-04 11:00:00 32,768 ----a-w C:\WINDOWS\system32\dllcache\snmp.exe
+ 2004-08-04 11:00:00 43,520 ----a-w C:\WINDOWS\system32\dllcache\snmp.exe
- 2004-08-04 11:00:00 8,704 ----a-w C:\WINDOWS\system32\dllcache\snmptrap.exe
+ 2004-08-04 11:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\snmptrap.exe
- 2004-08-04 11:00:00 56,832 ----a-w C:\WINDOWS\system32\dllcache\sol.exe
+ 2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\dllcache\sol.exe
- 2004-08-04 11:00:00 23,552 ----a-w C:\WINDOWS\system32\dllcache\sort.exe
+ 2004-08-04 11:00:00 34,304 ----a-w C:\WINDOWS\system32\dllcache\sort.exe
- 2004-08-04 11:00:00 538,624 ----a-w C:\WINDOWS\system32\dllcache\spider.exe
+ 2004-08-04 11:00:00 582,144 ----a-w C:\WINDOWS\system32\dllcache\spider.exe
- 2004-08-04 18:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\spnpinst.exe
+ 2004-08-04 18:00:00 22,528 ----a-w C:\WINDOWS\system32\dllcache\spnpinst.exe
- 2004-08-04 11:00:00 47,104 ----a-w C:\WINDOWS\system32\dllcache\srdiag.exe
+ 2004-08-04 11:00:00 90,624 ----a-w C:\WINDOWS\system32\dllcache\srdiag.exe
- 2004-08-04 11:00:00 704,512 ----a-w C:\WINDOWS\system32\dllcache\ss3dfo.scr
+ 2004-08-04 11:00:00 716,800 ----a-w C:\WINDOWS\system32\dllcache\ss3dfo.scr
- 2004-08-04 11:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\ssbezier.scr
+ 2004-08-04 11:00:00 96,256 ----a-w C:\WINDOWS\system32\dllcache\ssbezier.scr
- 2004-08-04 11:00:00 393,216 ----a-w C:\WINDOWS\system32\dllcache\ssflwbox.scr
+ 2004-08-04 11:00:00 405,504 ----a-w C:\WINDOWS\system32\dllcache\ssflwbox.scr
- 2004-08-04 11:00:00 20,992 ----a-w C:\WINDOWS\system32\dllcache\ssmarque.scr
+ 2004-08-04 11:00:00 31,744 ----a-w C:\WINDOWS\system32\dllcache\ssmarque.scr
- 2004-08-04 11:00:00 47,104 ----a-w C:\WINDOWS\system32\dllcache\ssmypics.scr
+ 2004-08-04 11:00:00 156,160 ----a-w C:\WINDOWS\system32\dllcache\ssmypics.scr
- 2004-08-04 11:00:00 18,944 ----a-w C:\WINDOWS\system32\dllcache\ssmyst.scr
+ 2004-08-04 11:00:00 29,696 ----a-w C:\WINDOWS\system32\dllcache\ssmyst.scr
- 2004-08-04 11:00:00 610,304 ----a-w C:\WINDOWS\system32\dllcache\sspipes.scr
+ 2004-08-04 11:00:00 622,592 ----a-w C:\WINDOWS\system32\dllcache\sspipes.scr
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\ssstars.scr
+ 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\ssstars.scr
- 2004-08-04 11:00:00 679,936 ----a-w C:\WINDOWS\system32\dllcache\sstext3d.scr
+ 2004-08-04 11:00:00 692,224 ----a-w C:\WINDOWS\system32\dllcache\sstext3d.scr
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\stimon.exe
+ 2004-08-04 11:00:00 58,368 ----a-w C:\WINDOWS\system32\dllcache\stimon.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\dllcache\subst.exe
+ 2004-08-04 11:00:00 19,968 ----a-w C:\WINDOWS\system32\dllcache\subst.exe
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
+ 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
- 2004-08-04 11:00:00 51,200 ----a-w C:\WINDOWS\system32\dllcache\syncapp.exe
+ 2004-08-04 11:00:00 94,720 ----a-w C:\WINDOWS\system32\dllcache\syncapp.exe
- 2004-08-04 11:00:00 36,864 ----a-w C:\WINDOWS\system32\dllcache\syskey.exe
+ 2004-08-04 11:00:00 80,384 ----a-w C:\WINDOWS\system32\dllcache\syskey.exe
- 2004-08-04 11:00:00 105,984 ----a-w C:\WINDOWS\system32\dllcache\sysocmgr.exe
+ 2004-08-04 11:00:00 182,272 ----a-w C:\WINDOWS\system32\dllcache\sysocmgr.exe
- 2004-08-04 11:00:00 3,072 ----a-w C:\WINDOWS\system32\dllcache\systray.exe
+ 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\systray.exe
- 2004-08-04 11:00:00 15,360 ----a-w C:\WINDOWS\system32\dllcache\taskman.exe
+ 2004-08-04 11:00:00 26,112 ----a-w C:\WINDOWS\system32\dllcache\taskman.exe
- 2004-08-04 11:00:00 135,680 ----a-w C:\WINDOWS\system32\dllcache\taskmgr.exe
+ 2004-08-04 11:00:00 146,432 ----a-w C:\WINDOWS\system32\dllcache\taskmgr.exe
- 2004-08-04 11:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
+ 2004-08-04 11:00:00 55,808 ----a-w C:\WINDOWS\system32\dllcache\tcmsetup.exe
- 2004-08-04 11:00:00 19,456 ----a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe
+ 2004-08-04 11:00:00 128,512 ----a-w C:\WINDOWS\system32\dllcache\tcpsvcs.exe
- 2003-03-25 06:52:04 32,827 ----a-w C:\WINDOWS\system32\dllcache\tcptest.exe
+ 2003-03-25 06:52:04 143,419 ----a-w C:\WINDOWS\system32\dllcache\tcptest.exe
- 2004-08-04 18:00:00 75,264 ----a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2004-08-04 18:00:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\dllcache\tftp.exe
- 2004-08-04 11:00:00 347,136 ----a-w C:\WINDOWS\system32\dllcache\tourstrt.exe
+ 2004-08-04 11:00:00 423,424 ----a-w C:\WINDOWS\system32\dllcache\tourstrt.exe
- 2004-08-04 11:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\tracert.exe
+ 2004-08-04 11:00:00 121,344 ----a-w C:\WINDOWS\system32\dllcache\tracert.exe
- 2004-08-04 11:00:00 31,744 ----a-w C:\WINDOWS\system32\dllcache\tracert6.exe
+ 2004-08-04 11:00:00 42,496 ----a-w C:\WINDOWS\system32\dllcache\tracert6.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\tscon.exe
+ 2004-08-04 11:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\tscon.exe
- 2004-08-04 11:00:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\tscupgrd.exe
+ 2004-08-04 11:00:00 120,832 ----a-w C:\WINDOWS\system32\dllcache\tscupgrd.exe
- 2004-08-04 11:00:00 14,848 ----a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe
+ 2004-08-04 11:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\tsdiscon.exe
- 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\tskill.exe
+ 2004-08-04 11:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\tskill.exe
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\dllcache\tsprof.exe
+ 2004-08-04 11:00:00 25,088 ----a-w C:\WINDOWS\system32\dllcache\tsprof.exe
- 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe
+ 2004-08-04 11:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\tsshutdn.exe
- 2004-08-04 11:00:00 25,600 ----a-w C:\WINDOWS\system32\dllcache\twunk_32.exe
+ 2004-08-04 11:00:00 134,656 ----a-w C:\WINDOWS\system32\dllcache\twunk_32.exe
- 2004-08-04 11:00:00 4,096 ----a-w C:\WINDOWS\system32\dllcache\unlodctr.exe
+ 2004-08-04 11:00:00 113,152 ----a-w C:\WINDOWS\system32\dllcache\unlodctr.exe
- 2004-08-11 15:45:04 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2004-08-11 15:45:04 204,800 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\unsecapp.exe
+ 2004-08-04 11:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\unsecapp.exe
- 2004-08-04 11:00:00 150,528 ----a-w C:\WINDOWS\system32\dllcache\uploadm.exe
+ 2004-08-04 11:00:00 161,280 ----a-w C:\WINDOWS\system32\dllcache\uploadm.exe
- 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\dllcache\upnpcont.exe
+ 2004-08-04 11:00:00 27,648 ----a-w C:\WINDOWS\system32\dllcache\upnpcont.exe
- 2004-08-04 11:00:00 18,432 ----a-w C:\WINDOWS\system32\dllcache\ups.exe
+ 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\dllcache\ups.exe
- 2004-08-04 11:00:00 24,576 ----a-w C:\WINDOWS\system32\dllcache\userinit.exe
+ 2004-08-04 11:00:00 35,328 ----a-w C:\WINDOWS\system32\dllcache\userinit.exe
- 2004-08-04 11:00:00 50,176 ----a-w C:\WINDOWS\system32\dllcache\utilman.exe
+ 2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\dllcache\utilman.exe
- 2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\dllcache\verifier.exe
+ 2004-08-04 11:00:00 174,592 ----a-w C:\WINDOWS\system32\dllcache\verifier.exe
- 2004-08-04 11:00:00 33,792 ----a-w C:\WINDOWS\system32\dllcache\vssadmin.exe
+ 2004-08-04 11:00:00 44,544 ----a-w C:\WINDOWS\system32\dllcache\vssadmin.exe
- 2004-08-04 11:00:00 289,792 ----a-w C:\WINDOWS\system32\dllcache\vssvc.exe
+ 2004-08-04 11:00:00 300,544 ----a-w C:\WINDOWS\system32\dllcache\vssvc.exe
- 2004-08-04 11:00:00 49,664 ----a-w C:\WINDOWS\system32\dllcache\w32tm.exe
+ 2004-08-04 11:00:00 93,184 ----a-w C:\WINDOWS\system32\dllcache\w32tm.exe
- 2004-08-04 11:00:00 46,080 ----a-w C:\WINDOWS\system32\dllcache\wab.exe
+ 2004-08-04 11:00:00 89,600 ----a-w C:\WINDOWS\system32\dllcache\wab.exe
- 2004-08-04 11:00:00 30,208 ----a-w C:\WINDOWS\system32\dllcache\wabmig.exe
+ 2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wabmig.exe
- 2004-08-04 11:00:00 12,288 ----a-w C:\WINDOWS\system32\dllcache\wb32.exe
+ 2004-08-04 11:00:00 57,344 ----a-w C:\WINDOWS\system32\dllcache\wb32.exe
- 2004-08-04 11:00:00 116,224 ----a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
+ 2004-08-04 11:00:00 126,976 ----a-w C:\WINDOWS\system32\dllcache\wbemtest.exe
- 2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\dllcache\wextract.exe
+ 2004-08-04 11:00:00 109,056 ----a-w C:\WINDOWS\system32\dllcache\wextract.exe
- 2004-08-04 11:00:00 433,664 ----a-w C:\WINDOWS\system32\dllcache\wiaacmgr.exe
+ 2004-08-04 11:00:00 509,952 ----a-w C:\WINDOWS\system32\dllcache\wiaacmgr.exe
- 2004-08-04 11:00:00 283,648 ----a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
+ 2004-08-04 11:00:00 327,168 ----a-w C:\WINDOWS\system32\dllcache\winhlp32.exe
- 2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe
+ 2004-08-04 11:00:00 51,712 ----a-w C:\WINDOWS\system32\dllcache\winhstb.exe
- 2004-08-04 11:00:00 502,272 ----a-w C:\WINDOWS\system32\dllcache\winlogon.exe
+ 2004-08-04 11:00:00 513,024 ----a-w C:\WINDOWS\system32\dllcache\winlogon.exe
- 2004-08-04 11:00:00 13,312 ----a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
+ 2004-08-04 11:00:00 24,064 ----a-w C:\WINDOWS\system32\dllcache\winmgmt.exe
- 2004-08-04 11:00:00 119,808 ----a-w C:\WINDOWS\system32\dllcache\winmine.exe
+ 2004-08-04 11:00:00 163,328 ----a-w C:\WINDOWS\system32\dllcache\winmine.exe
- 2004-08-04 11:00:00 11,776 ----a-w C:\WINDOWS\system32\dllcache\winmsd.exe
+ 2004-08-04 11:00:00 55,296 ----a-w C:\WINDOWS\system32\dllcache\winmsd.exe
- 2004-08-04 11:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\winver.exe
+ 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\dllcache\winver.exe
- 2004-08-04 11:00:00 196,608 ----a-w C:\WINDOWS\system32\dllcache\wmiadap.exe
+ 2004-08-04 11:00:00 207,360 ----a-w C:\WINDOWS\system32\dllcache\wmiadap.exe
- 2004-08-04 11:00:00 126,464 ----a-w C:\WINDOWS\system32\dllcache\wmiapsrv.exe
+ 2004-08-04 11:00:00 137,216 ----a-w C:\WINDOWS\system32\dllcache\wmiapsrv.exe
- 2004-08-04 11:00:00 218,112 ----a-w C:\WINDOWS\system32\dllcache\wmiprvse.exe
+ 2004-08-04 11:00:00 228,864 ----a-w C:\WINDOWS\system32\dllcache\wmiprvse.exe
- 2004-08-11 15:45:04 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2004-08-11 15:45:04 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-04 11:00:00 214,528 ----a-w C:\WINDOWS\system32\dllcache\wordpad.exe
+ 2004-08-04 11:00:00 323,584 ----a-w C:\WINDOWS\system32\dllcache\wordpad.exe
- 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
+ 2004-08-04 11:00:00 43,008 ----a-w C:\WINDOWS\system32\dllcache\wpabaln.exe
- 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe
+ 2004-08-04 11:00:00 43,008 ----a-w C:\WINDOWS\system32\dllcache\wpnpinst.exe
- 2004-08-04 11:00:00 5,632 ----a-w C:\WINDOWS\system32\dllcache\write.exe
+ 2004-08-04 11:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\write.exe
- 2004-08-04 11:00:00 13,824 ----a-w C:\WINDOWS\system32\dllcache\wscntfy.exe
+ 2004-08-04 11:00:00 122,880 ----a-w C:\WINDOWS\system32\dllcache\wscntfy.exe
- 2004-08-04 11:00:00 114,688 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2004-08-04 11:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\wscript.exe
- 2004-08-04 11:00:00 111,104 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2004-08-04 11:00:00 187,392 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-04 11:00:00 165,888 ----a-w C:\WINDOWS\system32\dllcache\wuauclt1.exe
+ 2004-08-04 11:00:00 176,640 ----a-w C:\WINDOWS\system32\dllcache\wuauclt1.exe
- 2004-08-04 11:00:00 32,256 ----a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
+ 2004-08-04 11:00:00 43,008 ----a-w C:\WINDOWS\system32\dllcache\wupdmgr.exe
- 2004-08-04 11:00:00 30,720 ----a-w C:\WINDOWS\system32\dllcache\xcopy.exe
+ 2004-08-04 11:00:00 41,472 ----a-w C:\WINDOWS\system32\dllcache\xcopy.exe
- 2004-08-04 11:00:00 36,937 ----a-w C:\WINDOWS\system32\dllcache\zclientm.exe
+ 2004-08-04 11:00:00 47,689 ----a-w C:\WINDOWS\system32\dllcache\zclientm.exe
- 2004-08-04 11:00:00 81,408 ----a-w C:\WINDOWS\system32\dllhost.exe
+ 2008-07-06 07:16:08 114,176 ----a-w C:\WINDOWS\system32\dllhost.exe
- 2004-08-04 11:00:00 235,520 ----a-w C:\WINDOWS\system32\dmadmin.exe
+ 2008-07-06 07:16:09 268,288 ----a-w C:\WINDOWS\system32\dmadmin.exe
- 2004-08-04 11:00:00 151,040 ----a-w C:\WINDOWS\system32\finger.exe
+ 2004-08-04 11:00:00 249,344 ----a-w C:\WINDOWS\system32\finger.exe
- 2004-08-04 11:00:00 409,600 ----a-w C:\WINDOWS\system32\fxssvc.exe
+ 2008-07-06 07:16:10 442,368 ----a-w C:\WINDOWS\system32\fxssvc.exe
- 2004-08-04 11:00:00 226,304 ----a-w C:\WINDOWS\system32\imapi.exe
+ 2008-07-06 07:16:12 259,072 ----a-w C:\WINDOWS\system32\imapi.exe
- 2005-05-28 06:49:07 159,837 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 06:28:39 147,456 ----a-w C:\WINDOWS\system32\java.exe
- 2005-05-28 06:49:07 61,535 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 06:28:43 147,456 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-05-28 06:49:07 139,363 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 07:37:01 217,088 ----a-w C:\WINDOWS\system32\javaws.exe
- 2004-08-04 11:00:00 40,448 ----a-w C:\WINDOWS\system32\lights.exe
+ 2004-08-04 11:00:00 61,952 ----a-w C:\WINDOWS\system32\lights.exe
- 2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\locator.exe
+ 2008-07-06 07:16:12 151,552 ----a-w C:\WINDOWS\system32\locator.exe
- 2004-08-04 11:00:00 110,592 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
+ 2008-07-06 07:16:13 143,360 ----a-w C:\WINDOWS\system32\mnmsrvc.exe
- 2004-08-04 11:00:00 82,432 ----a-w C:\WINDOWS\system32\msdtc.exe
+ 2008-07-06 07:16:16 246,272 ----a-w C:\WINDOWS\system32\msdtc.exe
- 2004-08-04 11:00:00 121,856 ----a-w C:\WINDOWS\system32\netdde.exe
+ 2008-07-06 07:16:26 154,624 ----a-w C:\WINDOWS\system32\netdde.exe
- 2004-08-04 11:00:00 178,688 ----a-w C:\WINDOWS\system32\netstat.exe
+ 2004-08-04 11:00:00 211,456 ----a-w C:\WINDOWS\system32\netstat.exe
- 2004-08-04 11:00:00 208,896 ----a-w C:\WINDOWS\system32\rsvp.exe
+ 2008-07-06 07:16:29 241,664 ----a-w C:\WINDOWS\system32\rsvp.exe
- 2004-08-04 11:00:00 106,496 ----a-w C:\WINDOWS\system32\scardsvr.exe
+ 2008-07-06 07:16:29 139,264 ----a-w C:\WINDOWS\system32\scardsvr.exe
- 2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\scrnsave.scr
+ 2004-08-04 11:00:00 52,736 ----a-w C:\WINDOWS\system32\scrnsave.scr
- 2004-08-04 11:00:00 151,552 ----a-w C:\WINDOWS\system32\sessmgr.exe
+ 2008-07-06 07:16:30 184,320 ----a-w C:\WINDOWS\system32\sessmgr.exe
- 2005-01-05 06:52:52 331,776 ----a-w C:\WINDOWS\system32\sistray.exe
+ 2005-01-05 06:52:52 344,064 ----a-w C:\WINDOWS\system32\sistray.exe
- 2004-08-04 11:00:00 100,352 ----a-w C:\WINDOWS\system32\smlogsvc.exe
+ 2008-07-06 07:16:31 133,120 ----a-w C:\WINDOWS\system32\smlogsvc.exe
- 2004-08-04 11:00:00 704,512 ----a-w C:\WINDOWS\system32\ss3dfo.scr
+ 2004-08-04 11:00:00 749,568 ----a-w C:\WINDOWS\system32\ss3dfo.scr
- 2004-08-04 11:00:00 19,968 ----a-w C:\WINDOWS\system32\ssbezier.scr
+ 2004-08-04 11:00:00 96,256 ----a-w C:\WINDOWS\system32\ssbezier.scr
- 2004-08-04 11:00:00 393,216 ----a-w C:\WINDOWS\system32\ssflwbox.scr
+ 2004-08-04 11:00:00 536,576 ----a-w C:\WINDOWS\system32\ssflwbox.scr
- 2004-08-04 11:00:00 20,992 ----a-w C:\WINDOWS\system32\ssmarque.scr
+ 2004-08-04 11:00:00 31,744 ----a-w C:\WINDOWS\system32\ssmarque.scr
- 2004-08-04 11:00:00 47,104 ----a-w C:\WINDOWS\system32\ssmypics.scr
+ 2004-08-04 11:00:00 57,856 ----a-w C:\WINDOWS\system32\ssmypics.scr
- 2004-08-04 11:00:00 18,944 ----a-w C:\WINDOWS\system32\ssmyst.scr
+ 2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\ssmyst.scr
- 2004-08-04 11:00:00 610,304 ----a-w C:\WINDOWS\system32\sspipes.scr
+ 2004-08-04 11:00:00 753,664 ----a-w C:\WINDOWS\system32\sspipes.scr
- 2004-08-04 11:00:00 14,336 ----a-w C:\WINDOWS\system32\ssstars.scr
+ 2004-08-04 11:00:00 90,624 ----a-w C:\WINDOWS\system32\ssstars.scr
- 2004-08-04 11:00:00 679,936 ----a-w C:\WINDOWS\system32\sstext3d.scr
+ 2004-08-04 11:00:00 692,224 ----a-w C:\WINDOWS\system32\sstext3d.scr
- 2004-08-04 11:00:00 29,184 ----a-w C:\WINDOWS\system32\ups.exe
+ 2008-07-06 07:16:32 127,488 ----a-w C:\WINDOWS\system32\ups.exe
- 2004-08-04 11:00:00 333,312 ----a-w C:\WINDOWS\system32\vssvc.exe
+ 2008-07-06 07:16:35 366,080 ----a-w C:\WINDOWS\system32\vssvc.exe
- 2004-08-04 11:00:00 16,384 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
+ 2004-08-04 11:00:00 27,136 ----a-w C:\WINDOWS\system32\wbem\mofcomp.exe
- 2004-08-04 11:00:00 36,864 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe
+ 2004-08-04 11:00:00 113,152 ----a-w C:\WINDOWS\system32\wbem\scrcons.exe
- 2004-08-04 11:00:00 16,896 ----a-w C:\WINDOWS\system32\wbem\unsecapp.exe
+ 2004-08-04 11:00:00 27,648 ----a-w C:\WINDOWS\system32\wbem\unsecapp.exe
- 2004-08-04 11:00:00 116,224 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe
+ 2004-08-04 11:00:00 159,744 ----a-w C:\WINDOWS\system32\wbem\wbemtest.exe
- 2004-08-04 11:00:00 13,312 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
+ 2004-08-04 11:00:00 24,064 ----a-w C:\WINDOWS\system32\wbem\winmgmt.exe
- 2004-08-04 11:00:00 196,608 ----a-w C:\WINDOWS\system32\wbem\wmiadap.exe
+ 2004-08-04 11:00:00 207,360 ----a-w C:\WINDOWS\system32\wbem\wmiadap.exe
- 2004-08-04 11:00:00 202,752 ----a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
+ 2008-07-06 07:16:37 235,520 ----a-w C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-07-06 02:15 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 01:59 218240]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 18:22 58488]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-17 17:36 132248]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 21:29 33936]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2008-07-06 02:16 389120]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54 266240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-06 02:15 258048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SiSPower"="SiSPower.dll" [2005-01-04 18:54 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]
Tencent QQ.lnk - C:\Program Files\Tencent\QQ\QQ.exe [2007-06-27 01:12:59 1208320]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.000\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 303104]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 65536]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [2008-01-17 22:59:58 53330]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-05-28 02:17:01 184320]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-05-28 01:54:29 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-05 11:57]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-07-05 11:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 16:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-07 19:08:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-05 09:22:18 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2005-05-28 07:40:16 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 14:54:47
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 14:59:48
ComboFix-quarantined-files.txt 2008-07-07 19:59:24
ComboFix2.txt 2008-07-05 18:13:31

Pre-Run: 113,819,918,336 bytes free
Post-Run: 113,769,385,984 bytes free

1128

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 07 July 2008 - 03:09 PM

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Please post the contents of the log from DrWeb and a new combofix log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 07 July 2008 - 05:48 PM

Dr..Web log

lsburnwatcher.exe;c:\hp\drivers\hplsbwatcher;Win32.Virut.5;Cured.;
kbd.exe;c:\hp\kbd;Win32.Virut.5;Cured.;
idrivert.exe;c:\program files\common files\installshield\driver\1050\intel 32;Win32.Virut.5;Cured.;
lssrvc.exe;c:\program files\common files\lightscribe;Win32.Virut.5;Cured.;
lssrvc.exe;c:\program files\common files\lightscribe;Win32.Virut.5;Cured.;
realsched.exe;c:\program files\common files\real\update_ob;Win32.Virut.5;Cured.;
hpbootop.exe;c:\program files\hewlett-packard\hp boot optimizer;Win32.Virut.5;Cured.;
hpbootop.exe;c:\program files\hewlett-packard\hp boot optimizer;Win32.Virut.5;Cured.;
hpbootop.exe;c:\program files\hewlett-packard\hp boot optimizer;Win32.Virut.5;Cured.;
hpbootop.exe;c:\program files\hewlett-packard\hp boot optimizer;Win32.Virut.5;Cured.;
hpqthb08.exe;c:\program files\hp\digital imaging\bin;Win32.Virut.5;Cured.;
hpqtra08.exe;c:\program files\hp\digital imaging\bin;Win32.Virut.5;Cured.;
hpqtra08.exe;c:\program files\hp\digital imaging\bin;Win32.Virut.5;Cured.;
spysub.exe;c:\program files\intermute\spysubtract;Win32.Virut.5;Cured.;
spysub.exe;c:\program files\intermute\spysubtract;Win32.Virut.5;Cured.;
ssengine.dll;c:\program files\intermute\spysubtract;Probably MULDROP.Trojan;Incurable.Deleted.;

New combofix log
ComboFix 08-07-05.1 - Compaq_Owner 2008-07-07 17:35:03.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.141 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.

2008-07-07 15:34 . 2008-07-07 16:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\DoctorWeb
2008-07-07 12:38 . 2008-07-07 12:38 <DIR> d-------- C:\_OTMoveIt
2008-07-07 03:32 . 2008-07-07 03:32 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\vlc
2008-07-06 02:00 . 2008-07-06 02:00 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 02:00 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-06 01:53 . 2008-07-06 01:53 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Malwarebytes
2008-07-06 01:53 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 01:52 . 2008-07-06 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 01:52 . 2008-07-06 01:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 01:52 . 2008-07-06 01:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 01:52 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:33 . 2008-07-05 18:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 18:31 . 2008-07-05 18:31 <DIR> d-------- C:\Deckard
2008-07-05 13:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-05 12:47 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47 . 2008-07-05 12:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-05 11:57 . 2008-07-05 11:57 <DIR> d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57 . 2008-07-06 20:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:57 . 2008-07-05 11:57 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-05 04:06 . 2004-08-04 06:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-05 04:05 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05 . 2008-07-07 15:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON
2008-07-05 04:05 . 2008-07-05 04:06 1,872 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PY059AA-ABA SR1550NX NA530_YC_0Pres_QCNH525_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M384_J250_7AMD_8Athlon 64_92.41_#070423_N10390900_Z11C1048C_G10396330.MRK
2008-07-05 04:03 . 2005-05-28 02:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-05 03:57 . 2004-08-04 01:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-05 03:57 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 03:34 . 2008-07-05 03:44 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34 . 2008-07-03 00:34 <DIR> d-------- C:\Program Files\Belarc
2008-06-27 17:45 . 2008-06-27 17:50 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44 . 2008-06-27 17:45 <DIR> d-------- C:\Python25
2008-06-27 17:27 . 2008-07-04 22:35 <DIR> d-------- C:\Program Files\i.Hex
2008-06-27 16:25 . 2008-06-27 16:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56 . 2008-06-27 00:56 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39 . 2008-06-26 20:39 <DIR> d-------- C:\Program Files\sisagp
2008-06-26 20:39 . 2008-06-26 20:40 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-26 20:39 . 2006-03-22 21:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-06-26 20:39 . 2006-04-12 19:35 253,952 --a------ C:\WINDOWS\Progress.exe
2008-06-25 01:57 . 2008-06-25 02:00 <DIR> d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00 . 2008-06-24 10:00 <DIR> d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 09:58 . 2008-06-24 09:58 268 --ah----- C:\sqmdata13.sqm
2008-06-24 09:58 . 2008-06-24 09:58 244 --ah----- C:\sqmnoopt13.sqm
2008-06-24 02:14 . 2008-06-24 02:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-23 03:43 . 2008-06-23 03:43 268 --ah----- C:\sqmdata12.sqm
2008-06-23 03:43 . 2008-06-23 03:43 244 --ah----- C:\sqmnoopt12.sqm
2008-06-22 19:35 . 2008-07-01 18:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 14:39 . 2008-06-22 14:39 268 --ah----- C:\sqmdata11.sqm
2008-06-22 14:39 . 2008-06-22 14:39 244 --ah----- C:\sqmnoopt11.sqm
2008-06-22 02:38 . 2008-06-24 09:58 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01 . 2008-06-22 02:37 <DIR> d-------- C:\Program Files\Windows Live
2008-06-21 15:42 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 15:42 . 2008-06-27 17:45 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002
2008-06-19 13:21 . 2008-06-19 13:21 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14 . 2008-06-19 12:14 <DIR> d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17 . 2008-06-18 01:17 <DIR> d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47 . 2008-06-18 00:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56 . 2008-06-17 15:19 <DIR> d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34 . 2008-06-13 11:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07 . 2008-06-26 17:33 <DIR> d-------- C:\webserver
2008-06-12 23:18 . 2008-06-12 23:23 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25 . 2008-06-11 10:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22 . 2008-06-13 11:33 <DIR> d-------- C:\Program Files\Tencent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 07:33 180,736 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2008-07-06 07:33 134,144 ----a-w C:\WINDOWS\system32\spoolsv.exe
2008-07-06 07:33 120,832 ----a-w C:\WINDOWS\system32\alg.exe
2008-07-06 07:33 110,080 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-07-06 07:33 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-07-06 07:15 124,416 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-07-06 07:15 102,400 ----a-w C:\WINDOWS\ALCXMNTR.EXE
2008-07-06 07:15 1,141,248 ----a-w C:\WINDOWS\explorer.exe
2008-07-05 18:30 --------- d-----w C:\Program Files\Java
2008-07-05 09:22 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-27 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-06-22 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-21 17:55 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\DNA
2008-06-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 16:01 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-06-04 06:25 83,968 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-04 06:25 331,776 ----a-w C:\WINDOWS\Setup1.exe
2008-06-02 01:48 102,400 ----a-w C:\Program Files\[S][E][X].exe
2008-06-02 01:48 --------- d-----w C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 19:00 --------- d-----w C:\Program Files\Web Publish
2008-05-31 22:20 --------- d-----w C:\Program Files\Apple Software Update
2008-05-31 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-31 04:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-31 04:35 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\SystemRequirementsLab
2008-05-28 04:27 17,408 ----a-w C:\WINDOWS\sysgz.dll
2008-05-28 04:05 --------- d--h--w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\ijjigame
2008-05-27 17:33 --------- d-----w C:\Program Files\VentSrv
2008-05-27 00:51 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Winamp
2008-05-25 19:01 --------- d-----w C:\Program Files\softnyx
2008-05-24 23:00 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-05-23 22:24 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Ventrilo
2008-05-20 18:43 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\mIRC
2008-05-20 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nexon
2008-05-19 19:16 --------- d-----w C:\Program Files\mIRC
2008-05-14 17:48 --------- d-----w C:\Program Files\Topaz Labs LLC
2008-05-13 03:51 --------- d-----w C:\Program Files\CamStudio
2008-05-13 03:38 --------- d-----w C:\Program Files\Frontcam
2008-05-13 03:24 --------- d-----w C:\Program Files\HyCam2
2008-05-11 01:07 --------- d-----w C:\Program Files\DNA
2008-01-07 01:07 166 ----a-w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.000\Application Data\wklnhst.dat
.

------- Sigcheck -------

2008-07-06 02:15 1141248 ad1fe0657218f5be314e896765d3cd9a C:\WINDOWS\explorer.exe
2007-06-13 06:26 1043968 fb237eddcc9a4b593ccf7aafb064f16b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:00 1042944 373ed79f059451fce67c5f6d44668ed7 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 06:00 1042944 cda52e87bd17dfeaac944e6216d2737c C:\WINDOWS\system32\dllcache\explorer.exe

2008-07-06 02:15 124416 f7ce66cc9e22db8666b2c48504ddcde1 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 06:00 91648 048fee5ce0a2c1cfedfeecd1d8443ab7 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 19:17 68608 c77f5ad4fba717436a9f46f4c9c4d177 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 06:00 68608 74d2f8c3f9d107f6b47657cc26259661 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-07-06 02:33 134144 8db407e8a7025617b399fa52d15f8eda C:\WINDOWS\system32\spoolsv.exe
2004-08-04 06:00 101376 baf64a9d999d348dc506b6afe3407175 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-07-07_17.19.46.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 22:08:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-07 22:33:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-07-06 02:15 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 01:59 218240]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 18:22 58488]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-17 17:36 132248]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 21:29 33936]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2008-07-06 02:16 278528]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54 266240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-06 02:16 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SiSPower"="SiSPower.dll" [2005-01-04 18:54 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]
Tencent QQ.lnk - C:\Program Files\Tencent\QQ\QQ.exe [2007-06-27 01:12:59 1208320]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.000\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [2008-01-17 22:59:58 53330]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-05-28 02:17:01 73728]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-05-28 01:54:29 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-05 11:57]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-07-05 11:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 16:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-07 21:08:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-05 09:22:18 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2005-05-28 07:40:16 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{FA010552-4A27-4cb1-A1BB-3E2D697F1639} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 17:38:52
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-07 17:45:00
ComboFix-quarantined-files.txt 2008-07-07 22:44:33
ComboFix2.txt 2008-07-07 19:59:50
ComboFix3.txt 2008-07-05 18:13:31

Pre-Run: 117,747,060,736 bytes free
Post-Run: 117,737,373,696 bytes free

216

















It took me about 5 tries for combofix to actually work this time... computer kept freezing. Don't know what that means.

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 08 July 2008 - 07:45 AM

Ok, we'll try minimize our use of Combofix going forward.
You can uninstall Dr Web now. We're done with it.


Use OTMoveit to delete these files.

C:\WINDOWS\system32\wmpns.dll
C:\WINDOWS\sysgz.dll
C:\Program Files\[S][E][X].exe


Please post the log from OTMoveit so I can confirm the action succeeded.
Also post a new log from DSS.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 July 2008 - 12:59 PM

C:\WINDOWS\system32\wmpns.dll unregistered successfully.
C:\WINDOWS\system32\wmpns.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\sysgz.dll
C:\WINDOWS\sysgz.dll NOT unregistered.
C:\WINDOWS\sysgz.dll moved successfully.
< C:\Program Files\[S][E][X].exe >
C:\Program Files\[S][E][X].exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07082008_123232




new DDS log:




Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-07-08 12:39:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 88% (more than 75%).
Total Physical Memory: 384 MiB (512 MiB recommended).


-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:08 PM, on 7/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
C:\Program Files\PrevxCSI\prevxcsi.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\17PHolmes1001186.exe
C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\COMPAQ~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1001186.exe 61A847B5BBF72813329B39577AFF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 8980 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 12:31:42 41984 --a------ C:\WINDOWS\17PHolmes1001186.exe
2008-07-07 17:46:25 41984 --a------ C:\WINDOWS\mrofinu1001186.exe
2008-07-07 15:34:00 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\DoctorWeb
2008-07-07 13:33:06 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\WinRAR
2008-07-07 03:32:46 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\vlc
2008-07-06 02:00:19 0 d-------- C:\Program Files\Panda Security
2008-07-06 01:53:02 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Malwarebytes
2008-07-06 01:52:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 01:52:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 01:52:48 0 d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 01:41:39 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Adobe
2008-07-06 01:37:02 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla
2008-07-05 18:33:09 0 d-------- C:\Program Files\Trend Micro
2008-07-05 13:25:17 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Sun
2008-07-05 13:00:00 78848 --a------ C:\WINDOWS\zip.exe
2008-07-05 13:00:00 97860 --a------ C:\WINDOWS\VFind.exe
2008-07-05 13:00:00 223232 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-05 13:00:00 148480 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-05 13:00:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-05 13:00:00 109568 --a------ C:\WINDOWS\sed.exe
2008-07-05 13:00:00 91164 --a------ C:\WINDOWS\grep.exe
2008-07-05 13:00:00 101792 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-07-05 12:47:55 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-05 12:47:55 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-05 12:47:55 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2008-07-05 12:47:55 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-07-05 12:47:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47:54 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47:54 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-05 12:30:30 0 dr-hs---- C:\cmdcons
2008-07-05 12:30:17 0 d-------- C:\WINDOWS\setupupd
2008-07-05 11:57:08 17408 --a------ C:\WINDOWS\system32\drivers\pxark.sys <Not Verified; Prevx; Prevx CSI>
2008-07-05 11:57:08 0 d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57:05 0 d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:51:32 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Macromedia
2008-07-05 04:07:09 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Recent
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Templates
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Start Menu
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\SendTo
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\PrintHood
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\NetHood
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\My Documents
2008-07-05 04:05:38 0 d--h----- C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings
2008-07-05 04:05:38 0 dr------- C:\Documents and Settings\Compaq_Owner.DILLON\Favorites
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Desktop
2008-07-05 04:05:38 0 d---s---- C:\Documents and Settings\Compaq_Owner.DILLON\Cookies
2008-07-05 04:05:38 0 dr-h----- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Real
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Identities
2008-07-05 04:05:38 0 d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05:37 1310720 --ah----- C:\Documents and Settings\Compaq_Owner.DILLON\NTUSER.DAT
2008-07-05 03:34:40 0 dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34:28 0 d-------- C:\Program Files\Belarc
2008-06-27 17:45:55 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44:41 0 d-------- C:\Python25
2008-06-27 17:27:22 0 d-------- C:\Program Files\i.Hex
2008-06-27 16:25:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39:43 0 d-------- C:\Program Files\sisagp
2008-06-26 20:39:31 253952 --a------ C:\WINDOWS\Progress.exe <Not Verified; ; Progress Application>
2008-06-26 20:39:13 0 d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-25 20:20:25 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Sun
2008-06-25 01:57:07 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00:19 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 02:14:00 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-22 19:35:36 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 03:22:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\WinRAR
2008-06-22 02:38:12 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01:39 0 d-------- C:\Program Files\Windows Live
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Templates
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\SendTo
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\PrintHood
2008-06-21 15:42:31 2097152 --ah----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NTUSER.DAT
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\NetHood
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\My Documents
2008-06-21 15:42:31 0 d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Local Settings
2008-06-21 15:42:31 0 dr------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Favorites
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Desktop
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Cookies
2008-06-21 15:42:31 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Real
2008-06-21 15:42:31 0 d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Microsoft
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Identities
2008-06-21 15:42:31 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 14:10:20 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Macromedia
2008-06-21 14:10:19 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Adobe
2008-06-21 14:08:51 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Mozilla
2008-06-21 13:44:33 0 dr-h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Recent
2008-06-19 13:21:22 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14:28 0 d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17:00 0 d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47:04 0 d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56:13 0 d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34:21 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07:31 0 d-------- C:\webserver
2008-06-12 23:18:28 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25:23 0 d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22:12 0 d-------- C:\Program Files\Tencent


-- Find3M Report ---------------------------------------------------------------

2008-07-06 02:33:28 110080 --a------ C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-07-06 02:33:26 180736 --a------ C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:26 134144 --a------ C:\WINDOWS\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:26 120832 --a------ C:\WINDOWS\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:33:25 0 d-a------ C:\Program Files\Common Files\LightScribe
2008-07-06 02:16:36 355328 --a------ C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:34 51200 --a------ C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:32 122368 --a------ C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:32 173568 --a------ C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:30 128512 --a------ C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:30 230912 --a------ C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:28 143872 --a------ C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:18 104448 --a------ C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-07-06 02:16:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-06 02:16:14 131072 --a------ C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-07-06 02:16:14 108032 --a------ C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:12 248320 --a------ C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:12 431616 --a------ C:\WINDOWS\system32\fxssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:10 257536 --a------ C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-07-06 02:16:06 66048 --a------ C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:16:06 136704 --a------ C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:40 124416 --a------ C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:38 1141248 --a------ C:\WINDOWS\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-06 02:15:24 102400 --a------ C:\WINDOWS\ALCXMNTR.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek Audio - Event Monitor>
2008-07-06 01:52:48 0 d-------- C:\Program Files\Common Files
2008-07-05 13:30:24 0 d-------- C:\Program Files\Java
2008-07-05 04:22:18 0 d-------- C:\Program Files\Easy Internet signup
2008-07-05 03:45:46 0 d-------- C:\Program Files\Windows NT
2008-07-05 03:45:41 0 d-------- C:\Program Files\Movie Maker
2008-07-05 03:45:40 0 d-------- C:\Program Files\Messenger
2008-07-01 23:22:56 2317 --a------ C:\WINDOWS\mozver.dat
2008-06-22 22:08:42 69385 --a------ C:\WINDOWS\hpoins05.dat
2008-06-04 01:25:21 331776 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-06-04 01:25:20 83968 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-01 20:48:58 0 d-------- C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 14:00:23 0 d-------- C:\Program Files\Web Publish
2008-05-31 17:20:55 0 d-------- C:\Program Files\Apple Software Update
2008-05-30 23:35:57 0 d-------- C:\Program Files\SystemRequirementsLab
2008-05-27 12:33:50 0 d-------- C:\Program Files\VentSrv
2008-05-25 14:01:40 0 d-------- C:\Program Files\softnyx
2008-05-24 18:00:27 0 d-------- C:\Program Files\AoA Audio Extractor
2008-05-19 14:16:52 0 d-------- C:\Program Files\mIRC
2008-05-14 12:48:54 0 d-------- C:\Program Files\Topaz Labs LLC
2008-05-12 22:51:36 0 d-------- C:\Program Files\CamStudio
2008-05-12 22:38:37 0 d-------- C:\Program Files\Frontcam
2008-05-12 22:24:07 0 d-------- C:\Program Files\HyCam2
2008-05-10 20:07:29 0 d-------- C:\Program Files\DNA


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="SiSPower.dll" [01/04/2005 06:54 PM C:\WINDOWS\system32\SiSPower.dll]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/03/2004 01:59 AM]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [08/27/2004 06:22 PM]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [08/17/2004 05:36 PM]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [08/30/2004 09:29 PM]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [07/06/2008 02:16 AM]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [10/14/2004 03:54 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/06/2008 02:16 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"runner1"="C:\WINDOWS\mrofinu1001186.exe" [07/08/2008 04:17 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/06/2008 02:15 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 7:50:52 PM]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [1/17/2008 10:59:58 PM]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [5/28/2005 2:17:01 AM]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [5/28/2005 1:54:29 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)




-- End of Deckard's System Scanner: finished at 2008-07-08 12:39:26 ------------

Computer be exactly the same as it was after this step anyways (explorer.exe still crashes when you press "Turn Off Computer"). After drweb ran and 'cured' a number of things though, a few startup programs crash when they try to run. This is of no bother to me as they will be removed eventually anyways but just thought I'd let you know everything that's happened.

Oh, and it seems 17PHolmes only appears when I'm connected to the internet. I rebooted while unplugged and instead of 17Pholmes, mrofinu was running.
When I plugged the internet back in, to post this, a D17xxx.tmp poped up, and after that 17PHolmes did as well. The tmp file is now gone from the Process list.
Once again, probably of no use to you, but I thought I'd let you know anyways.

Thanks again Sam :thumbsup:

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 08 July 2008 - 05:51 PM

Something is definitely up.
Please post a new log from Combofix.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 08 July 2008 - 06:44 PM

Computer didn't freeze this time... but combofix crashed the first time I ran it... anyways, second time I tried worked perfectly fine.

Log:

ComboFix 08-07-05.1 - Compaq_Owner 2008-07-08 18:29:42.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner.DILLON\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu1001186.exe
.
---- Previous Run -------
.
C:\WINDOWS\17PHolmes1001186.exe
C:\WINDOWS\mrofinu1001186.exe
C:\WINDOWS\mrofinu1001186.exe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-08 18:16 . 2004-08-04 06:00 432,128 --a------ C:\WINDOWS\system32\CF21498.exe
2008-07-08 15:25 . 2008-07-08 15:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Nexon
2008-07-07 15:34 . 2008-07-07 16:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\DoctorWeb
2008-07-07 12:38 . 2008-07-07 12:38 <DIR> d-------- C:\_OTMoveIt
2008-07-07 03:32 . 2008-07-07 03:32 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\vlc
2008-07-06 02:00 . 2008-07-06 02:00 <DIR> d-------- C:\Program Files\Panda Security
2008-07-06 02:00 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-06 01:53 . 2008-07-06 01:53 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Malwarebytes
2008-07-06 01:53 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-06 01:52 . 2008-07-06 19:39 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 01:52 . 2008-07-06 01:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-06 01:52 . 2008-07-06 01:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-06 01:52 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-05 18:33 . 2008-07-05 18:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-05 18:31 . 2008-07-05 18:31 <DIR> d-------- C:\Deckard
2008-07-05 13:30 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-05 12:47 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-07-05 12:47 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-07-05 12:47 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-07-05 12:47 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-07-05 12:47 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-05 12:47 . 2008-07-05 12:47 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-05 11:57 . 2008-07-05 11:57 <DIR> d-------- C:\Program Files\PrevxCSI
2008-07-05 11:57 . 2008-07-08 12:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-05 11:57 . 2008-07-05 11:57 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-07-05 04:05 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\WINDOWS
2008-07-05 04:05 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Symantec
2008-07-05 04:05 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\SampleView
2008-07-05 04:05 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\InterMute
2008-07-05 04:05 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Apple Computer
2008-07-05 04:05 . 2008-07-07 15:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.DILLON
2008-07-05 04:05 . 2008-07-05 04:06 1,872 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_PY059AA-ABA SR1550NX NA530_YC_0Pres_QCNH525_E53NAheRED3_47_ISalmon_SASUSTek Computer INC._V1.04_B3.12_T050420_WXH2_L409_M384_J250_7AMD_8Athlon 64_92.41_#070423_N10390900_Z11C1048C_G10396330.MRK
2008-07-05 04:03 . 2005-05-28 02:15 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-07-05 03:57 . 2004-08-04 01:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-05 03:57 . 2004-08-04 01:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-05 03:34 . 2008-07-05 03:44 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-07-03 00:34 . 2008-07-03 00:34 <DIR> d-------- C:\Program Files\Belarc
2008-06-27 17:45 . 2008-06-27 17:50 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\.idlerc
2008-06-27 17:44 . 2008-06-27 17:45 <DIR> d-------- C:\Python25
2008-06-27 17:27 . 2008-07-04 22:35 <DIR> d-------- C:\Program Files\i.Hex
2008-06-27 16:25 . 2008-06-27 16:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\vlc
2008-06-27 00:56 . 2008-06-27 00:56 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Nexon
2008-06-26 20:39 . 2008-06-26 20:39 <DIR> d-------- C:\Program Files\sisagp
2008-06-26 20:39 . 2008-06-26 20:40 <DIR> d-------- C:\Program Files\SiS VGA Utilities V3.84
2008-06-26 20:39 . 2006-03-22 21:53 337,320 --a------ C:\WINDOWS\difxapi.dll
2008-06-26 20:39 . 2006-04-12 19:35 253,952 --a------ C:\WINDOWS\Progress.exe
2008-06-25 01:57 . 2008-06-25 02:00 <DIR> d--h----- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\ijjigame
2008-06-24 10:00 . 2008-06-24 10:00 <DIR> d---s---- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\UserData
2008-06-24 09:58 . 2008-06-24 09:58 268 --ah----- C:\sqmdata13.sqm
2008-06-24 09:58 . 2008-06-24 09:58 244 --ah----- C:\sqmnoopt13.sqm
2008-06-24 02:14 . 2008-06-24 02:14 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Media Player Classic
2008-06-23 03:43 . 2008-06-23 03:43 268 --ah----- C:\sqmdata12.sqm
2008-06-23 03:43 . 2008-06-23 03:43 244 --ah----- C:\sqmnoopt12.sqm
2008-06-22 19:35 . 2008-07-01 18:05 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\AdobeUM
2008-06-22 14:39 . 2008-06-22 14:39 268 --ah----- C:\sqmdata11.sqm
2008-06-22 14:39 . 2008-06-22 14:39 244 --ah----- C:\sqmnoopt11.sqm
2008-06-22 02:38 . 2008-06-24 09:58 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Contacts
2008-06-22 02:01 . 2008-06-22 02:37 <DIR> d-------- C:\Program Files\Windows Live
2008-06-21 15:42 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\WINDOWS
2008-06-21 15:42 . 2005-05-28 02:38 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Symantec
2008-06-21 15:42 . 2005-05-28 02:30 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\SampleView
2008-06-21 15:42 . 2005-05-28 02:34 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\InterMute
2008-06-21 15:42 . 2005-05-28 02:15 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Application Data\Apple Computer
2008-06-21 15:42 . 2008-06-27 17:45 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002
2008-06-19 13:21 . 2008-06-19 13:21 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\InstallShield
2008-06-19 12:14 . 2008-06-19 12:14 <DIR> d-------- C:\Program Files\Firaxis Games
2008-06-18 01:17 . 2008-06-18 01:17 <DIR> d-------- C:\Program Files\Softnyx Canada
2008-06-18 00:47 . 2008-06-18 00:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-06-17 14:56 . 2008-06-17 15:19 <DIR> d-------- C:\Program Files\Mozilla Firefox2
2008-06-13 11:34 . 2008-06-13 11:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Tencent
2008-06-13 01:07 . 2008-06-26 17:33 <DIR> d-------- C:\webserver
2008-06-12 23:18 . 2008-06-12 23:23 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\FileZilla
2008-06-11 10:25 . 2008-06-11 10:25 <DIR> d-------- C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\QQ
2008-06-11 10:22 . 2008-06-13 11:33 <DIR> d-------- C:\Program Files\Tencent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 07:33 180,736 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2008-07-06 07:33 134,144 ----a-w C:\WINDOWS\system32\spoolsv.exe
2008-07-06 07:33 120,832 ----a-w C:\WINDOWS\system32\alg.exe
2008-07-06 07:33 110,080 ----a-w C:\WINDOWS\system32\msiexec.exe
2008-07-06 07:33 --------- d---a-w C:\Program Files\Common Files\LightScribe
2008-07-06 07:15 124,416 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-07-06 07:15 102,400 ----a-w C:\WINDOWS\ALCXMNTR.EXE
2008-07-06 07:15 1,141,248 ----a-w C:\WINDOWS\explorer.exe
2008-07-05 18:30 --------- d-----w C:\Program Files\Java
2008-07-05 09:22 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-27 03:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\NexonUS
2008-06-22 07:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-21 17:55 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\DNA
2008-06-15 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-15 16:01 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\AdobeUM
2008-06-04 06:25 83,968 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-04 06:25 331,776 ----a-w C:\WINDOWS\Setup1.exe
2008-06-02 01:48 --------- d-----w C:\Program Files\ASProtect 1.4 DEMO
2008-06-01 19:00 --------- d-----w C:\Program Files\Web Publish
2008-05-31 22:20 --------- d-----w C:\Program Files\Apple Software Update
2008-05-31 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-31 04:35 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-05-31 04:35 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\SystemRequirementsLab
2008-05-28 04:05 --------- d--h--w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\ijjigame
2008-05-27 17:33 --------- d-----w C:\Program Files\VentSrv
2008-05-27 00:51 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Winamp
2008-05-25 19:01 --------- d-----w C:\Program Files\softnyx
2008-05-24 23:00 --------- d-----w C:\Program Files\AoA Audio Extractor
2008-05-23 22:24 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\Ventrilo
2008-05-20 18:43 --------- d-----w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Application Data\mIRC
2008-05-20 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nexon
2008-05-19 19:16 --------- d-----w C:\Program Files\mIRC
2008-05-14 17:48 --------- d-----w C:\Program Files\Topaz Labs LLC
2008-05-13 03:51 --------- d-----w C:\Program Files\CamStudio
2008-05-13 03:38 --------- d-----w C:\Program Files\Frontcam
2008-05-13 03:24 --------- d-----w C:\Program Files\HyCam2
2008-05-11 01:07 --------- d-----w C:\Program Files\DNA
2008-01-07 01:07 166 ----a-w C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.000\Application Data\wklnhst.dat
.

------- Sigcheck -------

2008-07-06 02:15 1141248 ad1fe0657218f5be314e896765d3cd9a C:\WINDOWS\explorer.exe
2007-06-13 06:26 1043968 fb237eddcc9a4b593ccf7aafb064f16b C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:00 1042944 373ed79f059451fce67c5f6d44668ed7 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 06:00 1042944 cda52e87bd17dfeaac944e6216d2737c C:\WINDOWS\system32\dllcache\explorer.exe

2008-07-06 02:15 124416 f7ce66cc9e22db8666b2c48504ddcde1 C:\WINDOWS\system32\ctfmon.exe
2004-08-04 06:00 91648 048fee5ce0a2c1cfedfeecd1d8443ab7 C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-10 19:17 68608 c77f5ad4fba717436a9f46f4c9c4d177 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 06:00 68608 74d2f8c3f9d107f6b47657cc26259661 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-07-06 02:33 134144 8db407e8a7025617b399fa52d15f8eda C:\WINDOWS\system32\spoolsv.exe
2004-08-04 06:00 101376 baf64a9d999d348dc506b6afe3407175 C:\WINDOWS\system32\dllcache\spoolsv.exe
.
((((((((((((((((((((((((((((( snapshot_2008-07-07_17.19.46.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-07 22:08:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-08 21:37:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-07-06 02:15 124416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-03 01:59 218240]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 18:22 58488]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2004-08-17 17:36 132248]
"URLLSTCK.exe"="c:\Program Files\Norton Internet Security\UrlLstCk.exe" [2004-08-30 21:29 33936]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2008-07-06 02:16 278528]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 15:54 266240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-06 02:16 245760]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SiSPower"="SiSPower.dll" [2005-01-04 18:54 49152 C:\WINDOWS\system32\SiSPower.dll]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]
Tencent QQ.lnk - C:\Program Files\Tencent\QQ\QQ.exe [2007-06-27 01:12:59 1208320]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.000\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]

C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.002\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 124416]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52 53248]
Monitor Apache Servers.lnk - C:\webserver\Apache2\Apache2\bin\ApacheMonitor.exe [2008-01-17 22:59:58 53330]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-05-28 02:17:01 73728]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-05-28 01:54:29 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-07-05 11:57]
R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-07-05 11:57]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-02 16:20:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-08 21:08:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-05 09:22:18 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2005-05-28 07:40:16 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 18:33:17
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-08 18:38:18
ComboFix-quarantined-files.txt 2008-07-08 23:37:52
ComboFix2.txt 2008-07-07 22:45:01
ComboFix3.txt 2008-07-07 19:59:50
ComboFix4.txt 2008-07-05 18:13:31

Pre-Run: 117,716,189,184 bytes free
Post-Run: 117,707,956,224 bytes free

224

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:54 PM

Posted 09 July 2008 - 08:57 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 helpT_T

helpT_T
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:54 PM

Posted 09 July 2008 - 01:55 PM

After the reboot requested by the finishing of this program 17pholmes nor mrofinu appeared in the process list. Now there is DIL2F.tmp, which used to only popup right before 17pholmes would appear. Don't know if that's a good or a bad thing....

Anyways, here is the log.

Keylogger: Off
E-mail Attachment: On
1:49 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
1:49 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
1:49 PM: File System Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
Internet Communication Shield: On
1:49 PM: File System Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
1:49 PM: Shield States
1:49 PM: License Check Status (0): Success
1:49 PM: Spyware Definitions: 1239
1:48 PM: Spy Sweeper 5.5.7.124 started
1:48 PM: Spy Sweeper 5.5.7.124 started
1:48 PM: | Start of Session, Wednesday, July 09, 2008 |
***************
1:44 PM: Removal process completed. Elapsed time 00:00:29
1:44 PM: Preparing to restart your computer. Please wait...
1:44 PM: Quarantining All Traces: whenu
1:44 PM: Quarantining All Traces: atlas dmt cookie
1:44 PM: Quarantining All Traces: apmebf cookie
1:44 PM: Quarantining All Traces: mediaplex cookie
1:44 PM: Quarantining All Traces: bs.serving-sys cookie
1:44 PM: Quarantining All Traces: serving-sys cookie
1:44 PM: Quarantining All Traces: adjuggler cookie
1:44 PM: Quarantining All Traces: yadro cookie
1:44 PM: Quarantining All Traces: hitbox cookie
1:44 PM: Quarantining All Traces: zedo cookie
1:44 PM: Quarantining All Traces: advertising cookie
1:44 PM: Quarantining All Traces: specificclick.com cookie
1:44 PM: Quarantining All Traces: imrworldwide.com cookie
1:44 PM: Quarantining All Traces: adrevolver cookie
1:44 PM: Quarantining All Traces: adbureau cookie
1:44 PM: Quarantining All Traces: adlegend cookie
1:44 PM: Quarantining All Traces: realmedia cookie
1:44 PM: Quarantining All Traces: tribalfusion cookie
1:44 PM: Quarantining All Traces: doubleclick cookie
1:44 PM: Quarantining All Traces: yieldmanager cookie
1:44 PM: Quarantining All Traces: statcounter cookie
1:44 PM: Quarantining All Traces: command
1:44 PM: Quarantining All Traces: trojan.gen
1:44 PM: Quarantining All Traces: trojan-downloader-waverevenue
1:44 PM: Removal process initiated
1:41 PM: Traces Found: 97
1:41 PM: Custom Sweep has completed. Elapsed time 01:36:30
1:41 PM: File Sweep Complete, Elapsed Time: 01:34:12
1:13 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
1:04 PM: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.
1:04 PM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
1:04 PM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
1:04 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
1:04 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
12:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5d986c35-2793-4332-97de-88a86a382327.tmp". The operation completed successfully
12:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5cc5304b-ac03-4289-9cda-d827537c84e6.tmp". The operation completed successfully
12:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms70067a5f-4c45-4a4f-82f5-9750472693fa.tmp". The operation completed successfully
12:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsdc9f35e9-8313-4393-bd28-664574be1b34.tmp". The operation completed successfully
12:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms708dd9a7-f956-4c81-9e02-b460af2a434f.tmp". The operation completed successfully
12:57 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc3224c76-4880-499d-954e-e70e79cebdb2.tmp". The operation completed successfully
12:57 PM: Warning: Failed to open file "c:\documents and settings\compaq_owner.dillon\application data\mozilla\firefox\profiles\czzd2wpk.default\parent.lock". The operation completed successfully
12:25 PM: Execution Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
12:24 PM: File System Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
12:24 PM: Access to Hosts file blocked for C:\WINDOWS\TEMP\VRR92.TMP
12:19 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp4\a0006349.exe". "c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp4\a0006349.exe": File not found
12:15 PM: C:\Documents and Settings\Compaq_Owner.YOUR-F78BF48CE2.001\Desktop\ljdljbd\big moe.mp3 (ID = 1532548)
12:15 PM: Found Trojan Horse: trojan.gen
12:13 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP2\A0003468.exe (ID = 350493)
12:13 PM: Found Adware: command
12:12 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0015714.exe (ID = 1676652)
12:12 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp4\a0006350.exe". "c:\system volume information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\rp4\a0006350.exe": File not found
12:12 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP0\A0000269.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015721.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015720.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015719.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015717.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015716.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0015645.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0015638.exe (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0014639.exe (ID = 1676652)
12:11 PM: C:\QooBox\Quarantine\C\WINDOWS\mrofinu1001186.exe.tmp.vir (ID = 1676652)
12:11 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0015637.exe (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0013706.exe (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015715.exe (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0013707.exe (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0013704.exe (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0014638.exe (ID = 1676652)
12:10 PM: C:\QooBox\Quarantine\C\WINDOWS\17PHolmes1001186.exe.vir (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0012672.exe (ID = 1676652)
12:10 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || runner1 (ID = 0)
12:10 PM: C:\WINDOWS\mrofinu1001186.exe (ID = 1676652)
12:10 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0015674.exe (ID = 1676652)
12:09 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP5\A0010679.exe (ID = 1676652)
12:09 PM: C:\WINDOWS\mrofinu1001186.exe.tmp (ID = 1676652)
12:09 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP6\A0015703.exe (ID = 1676652)
12:09 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Local Settings\Temporary Internet Files\Content.IE5\WL0FY1MJ\17PHOLMES[1].CMT (ID = 1676652)
12:09 PM: C:\System Volume Information\_restore{2466a83d-1b81-456e-9766-38c2b7e48210}\RP7\A0015729.EXE (ID = 1676652)
12:08 PM: C:\WINDOWS\17PHOLMES1001186.EXE (ID = 1676652)
12:08 PM: C:\QooBox\Quarantine\C\WINDOWS\mrofinu1001186.exe.vir (ID = 1676652)
12:07 PM: C:\Program Files\Common Files\WhenU (1 subtraces) (ID = 2147486917)
12:07 PM: Found Adware: whenu
12:07 PM: Starting File Sweep
12:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || runner1 (ID = 0)
12:07 PM: C:\WINDOWS\mrofinu1001186.exe (ID = 1676652)
12:07 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 5275)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2253)
12:07 PM: Found Spy Cookie: atlas dmt cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2229)
12:07 PM: Found Spy Cookie: apmebf cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2060)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2060)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2060)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 6442)
12:07 PM: Found Spy Cookie: mediaplex cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2330)
12:07 PM: Found Spy Cookie: bs.serving-sys cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3343)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3343)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3343)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3343)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3343)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3343)
12:07 PM: Found Spy Cookie: serving-sys cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2071)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2071)
12:07 PM: Found Spy Cookie: adjuggler cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3743)
12:07 PM: Found Spy Cookie: yadro cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 5275)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 5274)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 5274)
12:07 PM: Found Spy Cookie: hitbox cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3762)
12:07 PM: Found Spy Cookie: zedo cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2175)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2175)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2175)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2175)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2175)
12:07 PM: Found Spy Cookie: advertising cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3399)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3399)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3399)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3399)
12:07 PM: Found Spy Cookie: specificclick.com cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2845)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2845)
12:07 PM: Found Spy Cookie: imrworldwide.com cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2088)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2088)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2089)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2089)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2089)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2088)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2088)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2089)
12:07 PM: Found Spy Cookie: adrevolver cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2060)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2060)
12:07 PM: Found Spy Cookie: adbureau cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 2074)
12:07 PM: Found Spy Cookie: adlegend cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3235)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3235)
12:07 PM: Found Spy Cookie: realmedia cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3589)
12:07 PM: Found Spy Cookie: tribalfusion cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 17499)
12:07 PM: Found Spy Cookie: doubleclick cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3751)
12:07 PM: Found Spy Cookie: yieldmanager cookie
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3447)
12:07 PM: C:\Documents and Settings\Compaq_Owner.DILLON\Application Data\Mozilla\Firefox\Profiles\czzd2wpk.default\cookies.txt (ID = 3447)
12:07 PM: Found Spy Cookie: statcounter cookie
12:07 PM: Starting Cookie Sweep
12:07 PM: Registry Sweep Complete, Elapsed Time:00:00:09
12:07 PM: Starting Registry Sweep
12:07 PM: Memory Sweep Complete, Elapsed Time: 00:02:00
12:07 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || runner1 (ID = 0)
12:06 PM: Detected running threat: C:\WINDOWS\mrofinu1001186.exe (ID = 1676652)
12:05 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume E:
12:05 PM: Starting Memory Sweep
12:05 PM: C:\WINDOWS\mrofinu1001186.exe (ID = 2191081)
12:05 PM: HKLM\software\microsoft\windows\currentversion\run\ || runner1 (ID = 2191081)
12:05 PM: Found Trojan Horse: trojan-downloader-waverevenue
12:05 PM: Start Custom Sweep
12:05 PM: Sweep initiated using definitions version 1239
12:01 PM: Restore from quarantine completed. Elapsed time 00:00:00
12:01 PM: Processing: trojan-downloader-waverevenue
12:01 PM: Processing: trojan-downloader-waverevenue
12:01 PM: Processing: trojan-downloader-waverevenue
12:01 PM: Restore from quarantine initiated
12:00 PM: File System Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
12:00 PM: File System Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
12:00 PM: File System Shield: found: Trojan Horse: trojan-downloader-waverevenue, version 1.0.0.0
Keylogger: Off
12:00 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
12:00 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:00 PM: Shield States
12:00 PM: License Check Status (0): Success
12:00 PM: Spyware Definitions: 1239
12:00 PM: Spy Sweeper 5.5.7.124 started
12:00 PM: Spy Sweeper 5.5.7.124 started
12:00 PM: | Start of Session, Wednesday, July 09, 2008 |
***************

Edited by helpT_T, 09 July 2008 - 01:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users