Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Slow Computer


  • Please log in to reply
19 replies to this topic

#1 Ychain

Ychain

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 09 May 2007 - 08:07 PM

To begin this problem started 2 days ago. Sometimes IE doesn't work while FF does. If I use the processes tab on the task manager more processes take about 11x more memory than it used too.

Logfile of HijackThis v1.99.1
Scan saved at 8:10:14 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\HP_Owner\My Documents\Virus Removal\HiJack\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {05CEE175-D4A1-4FA5-A4FA-7BA252D2D0A8} - c:\windows\system32\jhicjhi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: piesnsjj - C:\WINDOWS\SYSTEM32\jhicjhi.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Ychain, 09 May 2007 - 08:14 PM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 10 May 2007 - 06:42 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Ychain :thumbsup:

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

***************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

***************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


[b]Also post a new Hijackthis log please.

Posted Image
Posted Image

#3 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 11 May 2007 - 08:00 AM

Ok, I finished everything and Vundofix couldn't find anything.
And because of that It doesn't have a log in c:. So far I haven't
noticed any change whatsoever.





SDFix: Version 1.83

Run by HP_Owner - Thu 05/10/2007 - 16:26:43.29

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX
EXAMPLE
NDnet1
Runtime

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000213
\??\C:\WINDOWS\system32\main.sys
\??\C:\WINDOWS\system32\ksys.sys
\??\C:\WINDOWS\System32\drivers\runtime.sys

Client IP-IPX - Deleted
EXAMPLE - Deleted
NDnet1 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\T12EQW~1.EXE - Deleted
C:\!KillBox\ie_updater.exe - Deleted
C:\Documents and Settings\HP_Owner\ie_updater.exe - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\tmp*.tmp - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Westwood\\RenegadeMPDemo\\rd.exe"="C:\\Westwood\\RenegadeMPDemo\\rd.exe:*:Disabled:Renegade"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*:Enabled:World Switcher for RuneScape"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\Program Files\America Online 9.0a\aolphx.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\America Online 9.0a\RBM.exe
C:\Program Files\America Online 9.0b\aolphx.exe
C:\Program Files\America Online 9.0b\aoltray.exe
C:\Program Files\America Online 9.0b\RBM.exe
C:\Program Files\America Online 9.0c\AOLphx.exe
C:\Program Files\America Online 9.0c\rbm.exe
C:\Documents and Settings\HP_Owner\Local Settings\Temp\xfjleinr.sys
C:\Documents and Settings\LocalService\Local Settings\Temp\win1090.tmp
C:\Documents and Settings\LocalService\Local Settings\Temp\win5B5B.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temp\BIT90.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temp\win18F7.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temp\win24.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temp\win4ECF.tmp
C:\Documents and Settings\NetworkService\Local Settings\Temp\win5F97.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6752e343d22c025be1f290a6267a146d\BIT2A.tmp
C:\WINDOWS\Temp\3jtgmmov.TMP
C:\WINDOWS\Temp\winE482.tmp
C:\WINDOWS\Temp\winF584.tmp

Finished







HP_Owner - 07-02-03 22:38:41.17 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\HP_Owner\Desktop\aimbot"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Documents\Settings
C:\Program Files\Cowabanga
C:\Program Files\Common Files\{34D31DD3-07CF-1033-0902-040804030001}
C:\Program Files\Common Files\{74D31DD3-07CF-1033-0902-040804030001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\HP_Owner\Application Data\WNSXS~1
C:\QooBox\Purity\Program Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\TSKS~1
C:\QooBox\Purity\WINDOWS\MANTEC~1
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1
C:\QooBox\Purity\WINDOWS\MANTEC~1\regedit.exe
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0000
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0001
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0002
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0003
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0004
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0005
C:\QooBox\Purity\WINDOWS\MANTEC~1\MANTEC~1\ctxad-539.0006
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\MBOLS~1\services.exe


((((((((((((((((((((((((((((((( Files Created from 2007-01-03 to 2007-02-03 ))))))))))))))))))))))))))))))))))


2007-02-03 22:19 2 --a------ C:\WINDOWS\system32\wtssvsu.exe
2007-02-03 22:18 60,416 --a------ C:\WINDOWS\system32\utkw.dll
2007-02-03 22:17 36,864 --a------ C:\WINDOWS\system32\svchosts.exe
2007-01-31 16:39 109,666 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-01-08 17:52 892,928 --a------ C:\WINDOWS\system32\MousePage.dll
2007-01-08 17:52 29,184 --a------ C:\WINDOWS\system32\drivers\HidMouse.sys
2007-01-08 17:52 110,592 --a------ C:\WINDOWS\system32\Hook.dll
2007-01-08 17:52 1,089,536 --a------ C:\WINDOWS\system32\XWheel.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-03 22:41 -------- d-------- C:\Program Files\Common Files
2007-02-03 22:37 -------- d-------- C:\Program Files\Mozilla Firefox
2007-02-03 21:32 -------- d-------- C:\Program Files\SwiftSwitch
2007-02-03 19:31 -------- d-------- C:\Program Files\GameSpy Arcade
2007-02-03 18:54 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-02-03 18:54 -------- d-------- C:\Program Files\SanDisk
2007-02-03 13:41 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2007-01-31 16:31 -------- d-------- C:\Program Files\softnyx
2007-01-30 23:24 1070 --a------ C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2007-01-27 17:13 -------- d-------- C:\Program Files\Loradon Online
2007-01-25 14:08 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-01-22 19:42 -------- d-------- C:\Program Files\Tibia
2007-01-21 09:19 -------- d-------- C:\Program Files\Kuma Games
2007-01-20 12:52 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Viewpoint
2007-01-15 19:55 -------- d-------- C:\Program Files\Verizon
2007-01-13 16:08 -------- d-------- C:\Program Files\KnightOnline
2007-01-08 17:52 -------- d-------- C:\Program Files\HP
2007-01-03 13:36 -------- d-------- C:\Program Files\ArtMoney
2007-01-02 11:50 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Adobe
2007-01-01 15:41 -------- d-------- C:\Program Files\mIRC
2006-12-31 15:23 -------- d-------- C:\Program Files\Common Files\Motive
2006-12-31 15:22 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Verizon
2006-12-31 15:20 -------- d-------- C:\Program Files\PlayLinc
2006-12-29 23:39 -------- d-------- C:\Program Files\GVPtoAVI
2006-12-29 18:10 -------- d-------- C:\Program Files\Java
2006-12-27 14:24 -------- d-------- C:\Program Files\RK Autocutter
2006-12-27 14:24 -------- d-------- C:\Program Files\Internet Explorer
2006-12-27 14:24 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\Tor
2006-12-24 11:06 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\wsInspector
2006-12-22 22:37 -------- d-------- C:\Program Files\Ares
2006-12-22 14:08 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-19 23:08 -------- d-------- C:\Program Files\Google
2006-12-15 19:35 -------- d-------- C:\Program Files\MSN Messenger
2006-12-13 22:06 69632 --a------ C:\WINDOWS\system32\ps2.exe
2006-12-13 22:06 69632 --a------ C:\WINDOWS\system32\igfxtray.exe
2006-12-12 15:00 -------- d-------- C:\Documents and Settings\HP_Owner\Application Data\SmartDraw
2006-12-12 14:03 -------- d-------- C:\Program Files\Common Files\SupportSoft
2006-12-10 12:46 -------- d-------- C:\Program Files\GraphicsGale FreeEdition
2006-12-09 16:51 -------- d-------- C:\Program Files\America Online 9.0b
2006-12-08 18:01 -------- d-------- C:\Program Files\Virtual Villagers
2006-11-12 21:38 12334 --a------ C:\U.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"Acme.PCHButton"="C:\\PROGRA~1\\HELPAN~1\\HPQ\\XPXWWPP5\\plugin\\bin\\PCHButton.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"LSBWatcher"="c:\\hp\\drivers\\hplsbwatcher\\lsburnwatcher.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb08.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"VerizonServicepoint.exe"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\Verizon\\SMARTB~1\\MotiveSB.exe"
"hcsystray"="C:\\Program Files\\Kuma Games\\hcsystray\\hc_tray.exe"
"{74D31DD3-07CF-1033-0902-040804030001}"="\"C:\\Program Files\\Common Files\\{74D31DD3-07CF-1033-0902-040804030001}\\Update.exe\" te-110-12-0000213"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-02-03 22:41:35.06
C:\ComboFix.txt ... 07-02-03 22:41
C:\ComboFix2.txt ... 06-11-01 19:16









Logfile of HijackThis v1.99.1
Scan saved at 22:28, on 2007-05-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Owner\My Documents\Virus Removal\HiJack\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {05CEE175-D4A1-4FA5-A4FA-7BA252D2D0A8} - c:\windows\system32\jhicjhi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: piesnsjj - C:\WINDOWS\SYSTEM32\jhicjhi.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 May 2007 - 08:25 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\U.exe
C:\WINDOWS\SYSTEM32\jhicjhi.dll
C:\WINDOWS\system32\wtssvsu.exe
C:\WINDOWS\system32\utkw.dll
C:\WINDOWS\system32\svchosts.exe

Folders to delete:
C:\Program Files\GameSpy Arcade
C:\Documents and Settings\HP_Owner\Application Data\Viewpoint

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Also post a new Hijackthis log please.

Posted Image
Posted Image

#5 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 11 May 2007 - 04:54 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\gchlnwlg

*******************

Script file located at: \??\C:\Program Files\lgvmjdkd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\U.exe not found!
Deletion of file C:\U.exe failed!

Could not process line:
C:\U.exe
Status: 0xc0000034



Could not open file C:\WINDOWS\SYSTEM32\jhicjhi.dll for deletion
Deletion of file C:\WINDOWS\SYSTEM32\jhicjhi.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\jhicjhi.dll
Status: 0xc0000022



File C:\WINDOWS\system32\wtssvsu.exe not found!
Deletion of file C:\WINDOWS\system32\wtssvsu.exe failed!

Could not process line:
C:\WINDOWS\system32\wtssvsu.exe
Status: 0xc0000034



File C:\WINDOWS\system32\utkw.dll not found!
Deletion of file C:\WINDOWS\system32\utkw.dll failed!

Could not process line:
C:\WINDOWS\system32\utkw.dll
Status: 0xc0000034



File C:\WINDOWS\system32\svchosts.exe not found!
Deletion of file C:\WINDOWS\system32\svchosts.exe failed!

Could not process line:
C:\WINDOWS\system32\svchosts.exe
Status: 0xc0000034

Folder C:\Program Files\GameSpy Arcade deleted successfully.
Folder C:\Documents and Settings\HP_Owner\Application Data\Viewpoint deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





Logfile of HijackThis v1.99.1
Scan saved at 16:57, on 2007-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Owner\My Documents\Virus Removal\HiJack\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: (no name) - {05CEE175-D4A1-4FA5-A4FA-7BA252D2D0A8} - c:\windows\system32\jhicjhi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Knight Online Toolbar Helper - {9D006D63-579B-4D77-9C12-15623661ADDA} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Knight Online Toolbar - {E7D38ED4-2933-43B8-B0B9-52D11CE9CA10} - C:\Program Files\Knight Online Toolbar\v3.2.0.0\Knight_Online_Toolbar.dll
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: piesnsjj - C:\WINDOWS\SYSTEM32\jhicjhi.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Ychain, 11 May 2007 - 05:03 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 11 May 2007 - 05:25 PM

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

***************************

Download chercher.zip by Malekal_morte to your Desktop:
http://www.malekal.com/download/telecharger.com/chercher.zip

* Right click with your mouse onto the 'chercher.zip', unzip all.
* You will get a new folder.
* Open this folder and Double-Click onto 'chercher.cmd'
* A DOS Window opens, let it open and wait until it asks you to press any key.
* Notepad will open with a long report.

Copy this report and paste it to your next reply.

It may take more than one reply to post both logs.
Posted Image
Posted Image

#7 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 15 May 2007 - 04:22 PM

C:\WINDOWS\System32\ksys.sys -->2007-05-15 15:43:13
C:\WINDOWS\System32\winlogon.exe -->2007-05-14 23:04:42
C:\WINDOWS\System32\ws2_32.dll -->2007-05-14 23:04:41
C:\WINDOWS\System32\libssl32.dll -->2007-05-14 17:38:48
C:\WINDOWS\System32\libeay32.dll -->2007-05-14 17:38:48
C:\WINDOWS\System32\qmujmnta.dll -->2007-05-14 17:36:10
C:\WINDOWS\System32\ixhilqrn.dll -->2007-05-14 17:36:02
C:\WINDOWS\System32\ixhilqrn.dll.bak -->2007-05-13 17:07:12
C:\WINDOWS\System32\jhicjhi.dll -->2007-05-13 17:07:10
C:\WINDOWS\System32\yxsvgdla.txt -->2007-05-11 16:17:49
C:\WINDOWS\System32\uanfsjfd.txt -->2007-05-11 16:08:59
C:\WINDOWS\System32\wpa.dbl -->2007-05-10 19:25:10
C:\WINDOWS\System32\5_exception.nls -->2007-05-10 18:41:21
C:\WINDOWS\System32\ws2_32(2)(3).dll -->2007-05-10 15:38:11
C:\WINDOWS\System32\winlogon(2)(3).exe -->2007-05-10 15:38:11
C:\WINDOWS\System32\main(12).sys -->2007-05-10 15:30:39
C:\WINDOWS\System32\main(4).sys -->2007-05-10 13:05:16
C:\WINDOWS\System32\main(5).sys -->2007-05-10 02:45:29
C:\WINDOWS\System32\main(6).sys -->2007-05-10 01:09:30
C:\WINDOWS\System32\main(7).sys -->2007-05-10 00:43:58
C:\WINDOWS\System32\main(8).sys -->2007-05-09 22:51:57
C:\WINDOWS\System32\main(9).sys -->2007-05-09 19:48:48
C:\WINDOWS\System32\main(2).sys -->2007-05-09 12:59:50
C:\WINDOWS\System32\main(3).sys -->2007-05-08 22:55:44
C:\WINDOWS\System32\main(11).sys -->2007-05-08 22:55:44

C:\WINDOWS\WindowsUpdate.log -->2007-05-15 15:50:05
C:\WINDOWS\0.log -->2007-05-15 15:43:05
C:\WINDOWS\SchedLgU.Txt -->2007-05-15 15:42:48
C:\WINDOWS\bootstat.dat -->2007-05-15 15:41:11
C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt -->2007-05-15 00:51:38
C:\WINDOWS\wmsetup.log -->2007-05-14 23:44:44
C:\WINDOWS\QTFont.qfn -->2007-05-14 23:43:01
C:\WINDOWS\QTFont.for -->2007-05-13 14:29:53
C:\WINDOWS\wiadebug.log -->2007-05-13 07:49:56
C:\WINDOWS\wiaservc.log -->2007-05-13 07:49:47
C:\WINDOWS\setupapi.log -->2007-05-10 20:41:23
C:\WINDOWS\WB.ini -->2007-05-10 19:30:13
C:\WINDOWS\ntbtlog.txt -->2007-05-10 17:56:07
C:\WINDOWS\MSI30-KB884016.log -->2007-05-08 21:32:19
C:\WINDOWS\setupact.log -->2007-05-03 20:38:08

C:\WINDOWS\system32\append.exe |COMPANY |03/11/2004 14:18:00
C:\WINDOWS\system32\debug.exe |COMPANY |03/11/2004 13:49:24
C:\WINDOWS\system32\dosx.exe |COMPANY |03/11/2004 13:49:28
C:\WINDOWS\system32\dvdplay.exe |COMPANY |18/08/2001 00:36:42
C:\WINDOWS\system32\edlin.exe |COMPANY |03/11/2004 13:49:48
C:\WINDOWS\system32\exe2bin.exe |COMPANY |03/11/2004 13:49:49
C:\WINDOWS\system32\fastopen.exe |COMPANY |03/11/2004 13:49:50
C:\WINDOWS\system32\Hdaudpropshortcut.exe |Windows ® Server 2003 DDK provider |18/03/2004 01:10:40
C:\WINDOWS\system32\hkcmd.exe |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\hphmon06.exe |Hewlett-Packard |07/06/2004 20:42:30
C:\WINDOWS\system32\HPZinw12.exe |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\HPZipm12.exe |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\igfxcfg.exe |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxdiag.exe |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxext.exe |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxtray.exe |Intel Corporation |21/10/2004 19:45:05
C:\WINDOWS\system32\igfxzoom.exe |Intel Corporation |21/10/2004 19:45:05
C:\WINDOWS\system32\java.exe |COMPANY |21/10/2004 19:27:32
C:\WINDOWS\system32\javaw.exe |COMPANY |21/10/2004 19:27:32
C:\WINDOWS\system32\mbblkwfx.exe |COMPANY |08/05/2007 18:17:32
C:\WINDOWS\system32\mem.exe |COMPANY |03/11/2004 13:50:13
C:\WINDOWS\system32\mscdexnt.exe |COMPANY |03/11/2004 13:50:19
C:\WINDOWS\system32\mtmnbaaa.exe |COMPANY |08/05/2007 18:17:30
C:\WINDOWS\system32\nlsfunc.exe |COMPANY |03/11/2004 13:50:37
C:\WINDOWS\system32\nvudisp.exe |NVIDIA Corporation |21/10/2004 19:31:41
C:\WINDOWS\system32\ps2.EXE |Hewlett-Packard Company |21/10/2004 20:32:25
C:\WINDOWS\system32\pxcpya64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxcpyi64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxhpinst.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxinsa64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxinsi64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\redir.exe |COMPANY |03/11/2004 13:50:56
C:\WINDOWS\system32\setver.exe |COMPANY |03/11/2004 13:51:00
C:\WINDOWS\system32\share.exe |COMPANY |03/11/2004 13:51:00
C:\WINDOWS\system32\usrmlnka.exe |U.S. Robotics Corporation |18/08/2001 00:37:00
C:\WINDOWS\system32\usrprbda.exe |U.S. Robotics Corporation |18/08/2001 00:37:00
C:\WINDOWS\system32\usrshuta.exe |U.S. Robotics Corporation |18/08/2001 00:37:00
C:\WINDOWS\system32\VTSetvga.exe |S3 Graphics, Inc. |21/10/2004 19:43:01
C:\WINDOWS\system32\VTTimer.exe |S3 Graphics, Inc. |21/10/2004 19:43:01
C:\WINDOWS\system32\VTuninst.exe |S3 Graphics, Inc. |21/10/2004 19:43:01
C:\WINDOWS\109uninst.exe |COMPANY |22/09/2006 09:38:18
C:\WINDOWS\agrsmdel.exe |Agere Systems |21/10/2004 19:57:47
C:\WINDOWS\AGRSMMSG.exe |Agere Systems |21/10/2004 19:57:47
C:\WINDOWS\ALCHUNIN.EXE |COMPANY |07/03/2006 17:10:01
C:\WINDOWS\ALCXMNTR.EXE |Realtek Semiconductor Corp. |21/10/2004 19:50:44
C:\WINDOWS\bwUnin-6.3.2.62.exe |COMPANY |21/10/2004 21:25:36
C:\WINDOWS\GPInstall.exe |Qsc |06/03/2006 21:40:15
C:\WINDOWS\Installer.exe |COMPANY |25/03/2006 22:14:11
C:\WINDOWS\IsUninst.exe |InstallShield Software Corporation |21/10/2004 18:55:38
C:\WINDOWS\itpb_3.exe |COMPANY |11/04/2007 13:45:39
C:\WINDOWS\itpb_7.exe |COMPANY |11/04/2007 16:41:16
C:\WINDOWS\iun6002.exe |Indigo Rose Corporation |18/02/2006 13:17:35
C:\WINDOWS\Knight_Online_Toolbar_Uninstaller_2390.exe |K2Network |21/04/2007 14:48:40
C:\WINDOWS\KVTE66.exe |COMPANY |06/03/2007 04:41:30
C:\WINDOWS\ms049927871959.exe |COMPANY |09/04/2007 12:04:23
C:\WINDOWS\ntbe.exe |COMPANY |10/01/2006 19:55:21
C:\WINDOWS\rk.exe |TMRG, INC. |07/10/2005 15:54:00
C:\WINDOWS\rundll.exe |COMPANY |21/03/2007 13:17:55
C:\WINDOWS\rzrunins.exe |COMPANY |26/06/2006 12:58:11
C:\WINDOWS\sammy.exe |COMPANY |11/04/2007 16:41:41
C:\WINDOWS\Sos28.exe |COMPANY |22/09/2006 09:34:22
C:\WINDOWS\stub_mma3.exe |COMPANY |26/04/2006 22:43:34
C:\WINDOWS\sys019599927871.exe |COMPANY |09/04/2007 12:04:23
C:\WINDOWS\sys0195999278712006.exe |COMPANY |19/03/2006 22:19:41
C:\WINDOWS\sys039992787195.exe |COMPANY |22/09/2006 09:34:22
C:\WINDOWS\T4CUNST.EXE |COMPANY |23/12/2005 15:11:10
C:\WINDOWS\twunk_16.exe |Twain Working Group |03/11/2004 13:52:00
C:\WINDOWS\twunk_32.exe |Twain Working Group |03/11/2004 13:52:00
C:\WINDOWS\uninst.exe |InstallShield Corporation, Inc. |19/06/2006 13:30:04
C:\WINDOWS\UninstallFirefox.exe |COMPANY |22/05/2006 00:27:43
C:\WINDOWS\uni_7eh.exe |COMPANY |22/09/2006 09:36:46
C:\WINDOWS\unvise32.exe |MindVision Software |19/11/2005 22:55:24
C:\WINDOWS\zipinst.exe |NirSoft |31/03/2006 14:55:18
C:\WINDOWS\cfg32s.dll |COMPANY |11/04/2007 13:47:31
C:\WINDOWS\comdlg64.dll |COMPANY |11/04/2007 13:52:02
C:\WINDOWS\hgdabx.dll |COMPANY |11/04/2007 17:08:17
C:\WINDOWS\iifffe.dll |COMPANY |20/03/2007 22:16:00
C:\WINDOWS\jkhghg.dll |COMPANY |11/04/2007 15:54:57
C:\WINDOWS\pmnlkh.dll |COMPANY |08/04/2007 21:35:10
C:\WINDOWS\snymsico.dll |Sony Corporation |17/09/2005 09:02:08
C:\WINDOWS\tfycc1.dll |COMPANY |31/08/2006 12:51:38
C:\WINDOWS\twain.dll |Twain Working Group |03/11/2004 13:52:00
C:\WINDOWS\twain_32.dll |Twain Working Group |03/11/2004 13:52:00
C:\WINDOWS\zlfeo.dll |COMPANY |22/01/2006 20:35:48
C:\WINDOWS\system32\append.exe |COMPANY |03/11/2004 14:18:00
C:\WINDOWS\system32\debug.exe |COMPANY |03/11/2004 13:49:24
C:\WINDOWS\system32\dosx.exe |COMPANY |03/11/2004 13:49:28
C:\WINDOWS\system32\dvdplay.exe |COMPANY |18/08/2001 00:36:42
C:\WINDOWS\system32\edlin.exe |COMPANY |03/11/2004 13:49:48
C:\WINDOWS\system32\exe2bin.exe |COMPANY |03/11/2004 13:49:49
C:\WINDOWS\system32\fastopen.exe |COMPANY |03/11/2004 13:49:50
C:\WINDOWS\system32\Hdaudpropshortcut.exe |Windows ® Server 2003 DDK provider |18/03/2004 01:10:40
C:\WINDOWS\system32\hkcmd.exe |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\hphmon06.exe |Hewlett-Packard |07/06/2004 20:42:30
C:\WINDOWS\system32\HPZinw12.exe |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\HPZipm12.exe |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\igfxcfg.exe |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxdiag.exe |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxext.exe |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxtray.exe |Intel Corporation |21/10/2004 19:45:05
C:\WINDOWS\system32\igfxzoom.exe |Intel Corporation |21/10/2004 19:45:05
C:\WINDOWS\system32\java.exe |COMPANY |21/10/2004 19:27:32
C:\WINDOWS\system32\javaw.exe |COMPANY |21/10/2004 19:27:32
C:\WINDOWS\system32\mbblkwfx.exe |COMPANY |08/05/2007 18:17:32
C:\WINDOWS\system32\mem.exe |COMPANY |03/11/2004 13:50:13
C:\WINDOWS\system32\mscdexnt.exe |COMPANY |03/11/2004 13:50:19
C:\WINDOWS\system32\mtmnbaaa.exe |COMPANY |08/05/2007 18:17:30
C:\WINDOWS\system32\nlsfunc.exe |COMPANY |03/11/2004 13:50:37
C:\WINDOWS\system32\nvudisp.exe |NVIDIA Corporation |21/10/2004 19:31:41
C:\WINDOWS\system32\ps2.EXE |Hewlett-Packard Company |21/10/2004 20:32:25
C:\WINDOWS\system32\pxcpya64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxcpyi64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxhpinst.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxinsa64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\pxinsi64.exe |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\redir.exe |COMPANY |03/11/2004 13:50:56
C:\WINDOWS\system32\setver.exe |COMPANY |03/11/2004 13:51:00
C:\WINDOWS\system32\share.exe |COMPANY |03/11/2004 13:51:00
C:\WINDOWS\system32\usrmlnka.exe |U.S. Robotics Corporation |18/08/2001 00:37:00
C:\WINDOWS\system32\usrprbda.exe |U.S. Robotics Corporation |18/08/2001 00:37:00
C:\WINDOWS\system32\usrshuta.exe |U.S. Robotics Corporation |18/08/2001 00:37:00
C:\WINDOWS\system32\VTSetvga.exe |S3 Graphics, Inc. |21/10/2004 19:43:01
C:\WINDOWS\system32\VTTimer.exe |S3 Graphics, Inc. |21/10/2004 19:43:01
C:\WINDOWS\system32\VTuninst.exe |S3 Graphics, Inc. |21/10/2004 19:43:01
C:\WINDOWS\system32\amstream.dll |COMPANY |03/11/2004 14:18:00
C:\WINDOWS\system32\atmfd.dll |Adobe Systems Incorporated |03/11/2004 14:19:07
C:\WINDOWS\system32\atmlib.dll |Adobe Systems |03/11/2004 14:19:07
C:\WINDOWS\system32\bcbmm.dll |COMPANY |21/10/2004 19:15:49
C:\WINDOWS\system32\borlndmm.dll |Borland Software Corporation |21/10/2004 19:15:50
C:\WINDOWS\system32\cc3250.dll |Inprise Corporation |21/10/2004 19:15:50
C:\WINDOWS\system32\cc3250mt.dll |Inprise Corporation |31/01/2000 14:00:00
C:\WINDOWS\system32\compatUI.dll |COMPANY |03/11/2004 14:19:13
C:\WINDOWS\system32\cPC_DMIRD.dll |Hewlett Packard |21/10/2004 19:29:08
C:\WINDOWS\system32\delphimm.dll |Inprise Corporation |21/10/2004 19:15:50
C:\WINDOWS\system32\devenum.dll |COMPANY |03/11/2004 13:49:25
C:\WINDOWS\system32\dgrpsetu.dll |Digi International, Inc. |03/11/2004 13:49:25
C:\WINDOWS\system32\dgsetup.dll |Digi International |03/11/2004 13:49:25
C:\WINDOWS\system32\divx.dll |DivXNetworks, Inc. |28/04/2007 21:42:01
C:\WINDOWS\system32\dxmasf.dll |COMPANY |03/11/2004 13:49:48
C:\WINDOWS\system32\encdec.dll |COMPANY |03/11/2004 13:49:49
C:\WINDOWS\system32\EqnClass.Dll |Equinox Systems Inc. |03/11/2004 13:49:49
C:\WINDOWS\system32\GEARAspi.dll |GEAR Software Inc. |03/10/2006 18:47:52
C:\WINDOWS\system32\hccutils.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\Hdaudprop.dll |Windows ® Server 2003 DDK provider |18/03/2004 01:10:40
C:\WINDOWS\system32\Hdaudpropres.dll |Windows ® Server 2003 DDK provider |18/03/2004 01:09:12
C:\WINDOWS\system32\HPODStormEncoder.dll |Hewlett-Packard Company |20/02/2004 21:31:16
C:\WINDOWS\system32\HPODXPAT.DLL |Hewlett Packard Company |31/01/2003 20:59:46
C:\WINDOWS\system32\hpreg.dll |COMPANY |21/10/2004 21:21:42
C:\WINDOWS\system32\hpzcoi08.dll |HP |27/03/2003 02:36:58
C:\WINDOWS\system32\hpzcon08.dll |Hewlett-Packard Company |27/03/2003 02:38:10
C:\WINDOWS\system32\HPZidr12.dll |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\HPZipr12.dll |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\HPZipt12.dll |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\HPZisn12.dll |HP |21/10/2004 20:20:57
C:\WINDOWS\system32\hpzjfw01.dll |Hewlett-Packard |21/10/2004 20:26:37
C:\WINDOWS\system32\hpzjrd01.dll |Hewlett Packard |26/04/2004 22:56:58
C:\WINDOWS\system32\hpzjsn01.dll |Hewlett Packard Company |20/05/2003 06:55:14
C:\WINDOWS\system32\hpzlnt08.dll |HP |27/03/2003 02:47:24
C:\WINDOWS\system32\hticons.dll |Hilgraeve, Inc. |03/11/2004 13:50:04
C:\WINDOWS\system32\hypertrm.dll |Hilgraeve, Inc. |03/11/2004 13:50:05
C:\WINDOWS\system32\iAlmCoIn_v3889.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\ialmdd5.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\ialmdev5.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\ialmdnt5.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\ialmgdev.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\ialmgicd.dll |Intel Corporation |21/10/2004 19:45:03
C:\WINDOWS\system32\ialmrem.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\ialmrnt5.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\iccvid.dll |Radius Inc. |03/11/2004 13:50:05
C:\WINDOWS\system32\ieencode.dll |COMPANY |03/11/2004 13:50:06
C:\WINDOWS\system32\igfxdev.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxdgps.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxdo.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxeud.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxexps.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxhk.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxpph.dll |Intel Corporation |21/10/2004 19:45:04
C:\WINDOWS\system32\igfxres.dll |Intel Corporation |21/10/2004 20:24:10
C:\WINDOWS\system32\igfxress.dll |Intel Corporation |21/10/2004 19:45:05
C:\WINDOWS\system32\igfxsrvc.dll |Intel Corporation |21/10/2004 19:45:05
C:\WINDOWS\system32\instFunc.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\ir32_32.dll |COMPANY |03/11/2004 13:50:08
C:\WINDOWS\system32\ir41_qc.dll |Intel Corporation. |03/11/2004 13:50:08
C:\WINDOWS\system32\ir41_qcx.dll |Intel Corporation. |03/11/2004 13:50:08
C:\WINDOWS\system32\ir50_32.dll |Intel Corporation |03/11/2004 13:50:08
C:\WINDOWS\system32\ir50_qc.dll |Intel Corporation. |03/11/2004 13:50:08
C:\WINDOWS\system32\ir50_qcx.dll |Intel Corporation. |03/11/2004 13:50:08
C:\WINDOWS\system32\isrdbg32.dll |Intel Corporation |03/11/2004 13:50:08
C:\WINDOWS\system32\IVIresize.dll |COMPANY |12/04/2007 18:59:12
C:\WINDOWS\system32\IVIresizeA6.dll |COMPANY |12/04/2007 18:59:12
C:\WINDOWS\system32\IVIresizeM6.dll |COMPANY |12/04/2007 18:59:12
C:\WINDOWS\system32\IVIresizeP6.dll |COMPANY |12/04/2007 18:59:12
C:\WINDOWS\system32\IVIresizePX.dll |COMPANY |12/04/2007 18:59:12
C:\WINDOWS\system32\IVIresizeW7.dll |COMPANY |12/04/2007 18:59:12
C:\WINDOWS\system32\ixhilqrn.dll |COMPANY |08/05/2007 18:33:42
C:\WINDOWS\system32\JavaAccessBridge.dll |Sun Microsystems |11/04/2003 01:04:00
C:\WINDOWS\system32\JAWTAccessBridge.dll |COMPANY |11/04/2003 01:04:00
C:\WINDOWS\system32\jgaw400.dll |Johnson-Grace Company |03/11/2004 13:50:09
C:\WINDOWS\system32\jgdw400.dll |America Online |03/11/2004 13:50:09
C:\WINDOWS\system32\jgmd400.dll |Johnson-Grace Company |03/11/2004 13:50:09
C:\WINDOWS\system32\jgpl400.dll |Johnson-Grace Company |03/11/2004 13:50:09
C:\WINDOWS\system32\jgsd400.dll |America Online |03/11/2004 13:50:09
C:\WINDOWS\system32\jgsh400.dll |Johnson-Grace Company |03/11/2004 13:50:09
C:\WINDOWS\system32\jhicjhi.dll |COMPANY |08/05/2007 18:17:46
C:\WINDOWS\system32\LCodcCMP.dll |LEAD Technologies, Inc. |24/04/2002 21:42:18
C:\WINDOWS\system32\lfbmp11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\LFCMP11n.DLL |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lfeps11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lffax11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lfgif11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lfpcd11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lfpcx11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\Lfpng11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lfpsd11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lftga11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lftif11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\lfwmf11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\libeay32.dll |OpenSSL <www.openssl.org> |14/05/2007 17:38:48
C:\WINDOWS\system32\libssl32.dll |OpenSSL <www.openssl.org> |14/05/2007 17:38:48
C:\WINDOWS\system32\lrutkggu.dll |COMPANY |08/05/2007 18:33:43
C:\WINDOWS\system32\LTDIS11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\ltfil11n.DLL |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\ltimg11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\ltkrn11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:38
C:\WINDOWS\system32\Ltwvc11n.dll |LEAD Technologies, Inc. |02/05/2003 05:06:40
C:\WINDOWS\system32\mcdvd_32.dll |MainConcept |28/04/2007 21:42:00
C:\WINDOWS\system32\mciqtz32.dll |COMPANY |03/11/2004 13:50:12
C:\WINDOWS\system32\mdwmdmsp.dll |RioPort |18/08/2001 00:36:20
C:\WINDOWS\system32\msdmo.dll |COMPANY |03/11/2004 13:50:20
C:\WINDOWS\system32\msdxmlc.dll |COMPANY |03/11/2004 13:50:21
C:\WINDOWS\system32\msencode.dll |COMPANY |03/11/2004 13:50:21
C:\WINDOWS\system32\mytojmsp.dll |COMPANY |08/05/2007 18:33:44
C:\WINDOWS\system32\nv4_disp.dll |NVIDIA Corporation |21/10/2004 17:47:24
C:\WINDOWS\system32\OemInfo.dll |Hewlett-Packard |21/10/2004 19:15:50
C:\WINDOWS\system32\omano.dll |Hewlett-Packard |21/10/2004 21:21:45
C:\WINDOWS\system32\paqsp.dll |COMPANY |18/08/2001 00:36:28
C:\WINDOWS\system32\PCDLIB32.DLL |Eastman Kodak |02/05/2003 05:06:40
C:\WINDOWS\system32\PcdrKernelModeServices.dll |COMPANY |20/08/2004 05:14:46
C:\WINDOWS\system32\pncrt.dll |Real Networks, Inc |21/10/2004 20:39:48
C:\WINDOWS\system32\pndx5016.dll |RealNetworks, Inc. |21/10/2004 20:39:49
C:\WINDOWS\system32\pndx5032.dll |RealNetworks, Inc. |21/10/2004 20:39:49
C:\WINDOWS\system32\ProgressTrace.dll |COMPANY |20/08/2004 05:14:46
C:\WINDOWS\system32\Px.dll |Sonic Solutions |10/06/2004 20:20:24
C:\WINDOWS\system32\pxdrv.dll |Sonic Solutions |02/07/2004 10:01:00
C:\WINDOWS\system32\PxMas.dll |Sonic Solutions |10/06/2004 20:18:14
C:\WINDOWS\system32\pxsfs.dll |Sonic Solutions |21/10/2004 20:37:36
C:\WINDOWS\system32\PxWave.dll |Sonic Solutions |10/06/2004 20:17:40
C:\WINDOWS\system32\PXWMA.dll |Sonic Solutions |10/06/2004 20:20:30
C:\WINDOWS\system32\python22.dll |PythonLabs at Zope Corporation |21/10/2004 19:16:51
C:\WINDOWS\system32\PythonCOM22.dll |COMPANY |21/10/2004 19:17:08
C:\WINDOWS\system32\PyWinTypes22.dll |COMPANY |21/10/2004 19:17:08
C:\WINDOWS\system32\qcap.dll |COMPANY |03/11/2004 13:50:54
C:\WINDOWS\system32\qdv.dll |COMPANY |03/11/2004 13:50:54
C:\WINDOWS\system32\qdvd.dll |COMPANY |03/11/2004 13:50:54
C:\WINDOWS\system32\qedit.dll |COMPANY |03/11/2004 13:50:54
C:\WINDOWS\system32\qedwipes.dll |COMPANY |03/11/2004 13:50:54
C:\WINDOWS\system32\qmujmnta.dll |COMPANY |14/05/2007 17:36:10
C:\WINDOWS\system32\quartz.dll |COMPANY |03/11/2004 13:50:54
C:\WINDOWS\system32\RDBios32.dll |Hewlett Packard |21/10/2004 19:29:08
C:\WINDOWS\system32\rmoc3260.dll |RealNetworks, Inc. |21/10/2004 20:39:53
C:\WINDOWS\system32\S32EVNT1.DLL |Symantec Corporation |22/10/2004 16:12:14
C:\WINDOWS\system32\sbe.dll |COMPANY |03/11/2004 13:50:58
C:\WINDOWS\system32\ShellvRTF.dll |XSS |21/10/2004 20:59:57
C:\WINDOWS\system32\SiSBase.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\sisgl.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\sisgrv.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\SiSInst.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\SiSParse.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\SiSPInst.dll |Silicon Integrated Systems Corporation |21/10/2004 19:45:57
C:\WINDOWS\system32\slbcsp.dll |Schlumberger Technology Corporation |03/11/2004 13:51:02
C:\WINDOWS\system32\slbiop.dll |Schlumberger Technology Corporation |03/11/2004 13:51:02
C:\WINDOWS\system32\slbrccsp.dll |Schlumberger Technology Corporation |03/11/2004 13:51:02
C:\WINDOWS\system32\spnike.dll |S3/Diamond Multimedia |18/08/2001 00:36:32
C:\WINDOWS\system32\sprio600.dll |S3/Diamond Multimedia |18/08/2001 00:36:32
C:\WINDOWS\system32\sprio800.dll |S3/Diamond Multimedia |18/08/2001 00:36:32
C:\WINDOWS\system32\spxcoins.dll |Perle Systems Ltd. |03/11/2004 13:51:10
C:\WINDOWS\system32\SymNeti.dll |Symantec Corporation |13/08/2004 21:00:28
C:\WINDOWS\system32\SymRedir.dll |Symantec Corporation |13/08/2004 21:00:26
C:\WINDOWS\system32\tsd32.dll |COMPANY |03/11/2004 13:52:00
C:\WINDOWS\system32\umloader.dll |Sonic Solutions |07/01/2004 10:01:00
C:\WINDOWS\system32\usrcntra.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrcoina.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrdpa.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrdtea.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrfaxa.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrlbva.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrrtosa.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrsdpia.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrsvpia.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrv42a.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrv80a.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrvoica.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\usrvpa.dll |U.S. Robotics Corporation |18/08/2001 00:36:34
C:\WINDOWS\system32\vtdisp.dll |VIA/S3 Graphics Co, Ltd. |21/10/2004 19:43:00
C:\WINDOWS\system32\VTDisply.dll |S3 Graphics Co., Ltd. |21/10/2004 19:43:00
C:\WINDOWS\system32\VTGamma2.dll |S3 Graphics Co., Ltd. |21/10/2004 19:43:00
C:\WINDOWS\system32\vticd.dll |VIA/S3 Graphics, Inc. |21/10/2004 19:43:00
C:\WINDOWS\system32\VTInfo2.dll |S3 Graphics Co., Ltd. |21/10/2004 19:43:00
C:\WINDOWS\system32\VTovrlay.dll |S3 Graphics Co., Ltd. |21/10/2004 19:43:01
C:\WINDOWS\system32\VXBLOCK.dll |Sonic Solutions |17/02/2004 10:00:00
C:\WINDOWS\system32\WBDBT32I.DLL |Wilson WindowWare, Inc. |21/10/2004 19:15:50
C:\WINDOWS\system32\WBDBV32I.DLL |Wilson WindowWare, Inc. |21/10/2004 19:15:50
C:\WINDOWS\system32\wbload.dll |COMPANY |10/05/2007 19:13:40
C:\WINDOWS\system32\wbsys.dll |Stardock.Net, Inc |10/05/2007 19:13:40
C:\WINDOWS\system32\win87em.dll |COMPANY |03/11/2004 13:52:07
C:\WINDOWS\system32\WindowsAccessBridge.dll |Sun Microsystems |11/04/2003 01:04:00
C:\WINDOWS\system32\wsiShared.dll |COMPANY |10/07/2004 18:55:38
C:\WINDOWS\system32\xvidcore.dll |COMPANY |28/04/2007 21:42:00
C:\WINDOWS\system32\xvidvfw.dll |COMPANY |28/04/2007 21:42:00

Volume in drive C is HP_PAVILION
Volume Serial Number is 74D3-1DD3

Directory of C:\WINDOWS\system

1998-05-07 18:04 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes
0 Dir(s) 2,086,109,184 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 74D3-1DD3

Directory of C:\WINDOWS\system32

2004-08-04 07:00 6,144 csrss.exe
1 File(s) 6,144 bytes
0 Dir(s) 2,086,109,184 bytes free

Contenu de Downloaded Program Files
Volume in drive C is HP_PAVILION
Volume Serial Number is 74D3-1DD3

Directory of C:\WINDOWS\Downloaded Program Files

2004-10-21 18:50 <DIR> .
2004-10-21 18:50 <DIR> ..
2005-08-09 13:43 193 ampx.inf
2006-08-24 07:28 141,424 asinst.dll
2006-08-22 08:06 537 asinst.inf
2003-08-29 11:08 626 btdownload.inf
2003-08-29 11:07 36,864 BTDownloadCtrl.ocx
2003-06-25 19:00 541 ca.pub
2007-04-06 09:02 <DIR> CONFLICT.1
2007-02-18 14:18 <DIR> CONFLICT.2
2007-03-21 17:13 <DIR> CONFLICT.3
2007-02-03 22:30 <DIR> CONFLICT.4
2005-08-23 16:35 241,664 cpcScan.dll
2006-01-17 17:11 580,663 daas_s.dll
2004-10-21 18:50 65 desktop.ini
2002-07-25 21:13 24,576 dwusplay.dll
2002-07-25 21:13 196,608 dwusplay.exe
2006-06-25 12:50 1,793 erma.inf
2006-02-03 11:20 188,416 fsauc.dll
2004-01-05 10:37 468,696 GrooveAX.dll
2007-02-27 17:50 53,248 HGPlugin10USA.dll
2007-02-27 18:05 634 HGPlugin10USA.inf
2007-02-27 16:11 81,920 HgPreStartUSA.exe
2006-08-09 20:29 540,672 HGStart9USA.exe
2006-04-22 18:51 88,136 HPGetDownloadManager.ocx
2007-02-27 18:07 46,752 ijjiNotify.exe
2007-02-27 18:07 538,272 ijjistarter.exe
2004-04-13 09:04 307,200 isusweb.dll
2003-08-25 18:12 1,096 iuctl.inf
2007-01-30 15:28 902 jinstall-1_5_0_11.inf
2004-08-03 14:16 79,144 LogInfo.dll
2000-01-20 14:25 1,162 Microsoft XML Parser for Java.osd
2004-07-13 12:41 227 MsnMessengerSetupDownloader.inf
2004-11-05 16:58 119,496 MsnMessengerSetupDownloader.ocx
2005-05-26 04:19 293 muweb.inf
2004-06-01 01:30 509,680 OTOYAX.dll
2003-12-08 09:14 86,016 pcpConnCheck.dll
2003-12-08 09:13 443 pcpconncheck.inf
2004-08-18 15:47 241 popcaploader.inf
2006-11-09 14:36 5,019 swflash.inf
2005-01-12 10:12 1,111,104 vzbb.dll
2002-09-29 21:11 228 webmoo.inf
2003-06-30 22:41 1,689 WMV9VCM.inf
2005-05-26 04:19 291 wuweb.inf
38 File(s) 5,456,531 bytes

Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.1

2007-04-06 09:02 <DIR> .
2007-04-06 09:02 <DIR> ..
2006-08-09 20:56 53,248 HGPlugin9USA.dll
2006-08-09 20:58 390 HGPlugin9USA.inf
2006-08-09 20:29 540,672 HGStart9USA.exe
2007-04-06 09:02 88,136 HPGetDownloadManager.ocx
2005-12-05 20:58 83,680 LogInfo.dll
2004-09-30 08:52 214,312 SysInfo.dll
2005-12-05 20:54 611 SysInfo.inf
7 File(s) 981,049 bytes

Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.2

2007-02-18 14:18 <DIR> .
2007-02-18 14:18 <DIR> ..
2006-08-09 20:56 53,248 HGPlugin9USA.dll
2006-08-09 20:58 390 HGPlugin9USA.inf
2006-08-09 20:29 540,672 HGStart9USA.exe
2005-12-05 20:58 83,680 LogInfo.dll
2004-09-30 08:52 214,312 SysInfo.dll
2005-12-05 20:54 611 SysInfo.inf
6 File(s) 892,913 bytes

Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.3

2007-03-21 17:13 <DIR> .
2007-03-21 17:13 <DIR> ..
2006-08-09 20:56 53,248 HGPlugin9USA.dll
2006-08-09 20:58 390 HGPlugin9USA.inf
2006-08-09 20:29 540,672 HGStart9USA.exe
2005-12-05 20:58 83,680 LogInfo.dll
2004-09-30 08:52 214,312 SysInfo.dll
2005-12-05 20:54 611 SysInfo.inf
6 File(s) 892,913 bytes

Directory of C:\WINDOWS\Downloaded Program Files\CONFLICT.4

2007-02-03 22:30 <DIR> .
2007-02-03 22:30 <DIR> ..
2005-12-05 19:58 83,680 LogInfo.dll
2004-09-30 07:52 214,312 SysInfo.dll
2 File(s) 297,992 bytes

Total Files Listed:
59 File(s) 8,521,398 bytes
14 Dir(s) 2,086,092,800 bytes free

Volume in drive C is HP_PAVILION
Volume Serial Number is 74D3-1DD3

Directory of C:\Program Files

2007-05-11 23:45 <DIR> .
2007-05-11 23:45 <DIR> ..
2005-11-06 13:58 <DIR> 1964
2007-04-07 13:41 <DIR> AC Tool
2007-05-03 20:37 <DIR> Adobe
2006-08-01 20:01 <DIR> Advanced GIF Animator
2006-03-07 17:09 <DIR> Alchemy Mindworks
2006-08-01 20:00 <DIR> America Online 9.0
2006-08-01 20:02 <DIR> America Online 9.0a
2006-12-09 16:51 <DIR> America Online 9.0b
2006-08-01 20:00 <DIR> America Online 9.0c
2006-10-01 21:13 <DIR> America's Army
2007-02-13 21:03 <DIR> AmitySource
2006-06-19 20:43 <DIR> AOD
2006-07-03 06:57 <DIR> AOL
2006-08-01 20:02 <DIR> AOL Toolbar
2007-03-22 13:33 <DIR> Apple Software Update
2007-05-11 17:29 <DIR> Ares
2007-01-03 13:36 <DIR> ArtMoney
2006-10-08 16:18 <DIR> ASCII
2007-04-28 21:41 <DIR> AVSMedia
2004-10-21 21:25 <DIR> BackWeb
2006-07-12 22:32 <DIR> BFU
2007-04-24 19:06 <DIR> BitTorrent
2006-03-29 11:44 <DIR> Blender Foundation
2006-05-14 18:37 <DIR> BYOND
2006-07-05 22:39 <DIR> Cablenut
2006-07-03 00:08 <DIR> CCleaner
2007-04-22 18:59 <DIR> Color_Cop
2003-08-20 19:00 <DIR> Common
2007-05-10 18:37 <DIR> Common Files
2004-10-21 18:48 <DIR> ComPlus Applications
2005-12-23 12:13 <DIR> Crave
2006-10-28 22:16 <DIR> Cucusoft
2007-04-13 20:31 <DIR> Date Cracker 2000
2006-11-26 12:12 <DIR> DemonStar_Shareware
2007-03-16 14:44 <DIR> DivX
2007-05-12 20:29 <DIR> Easy Internet signup
2006-11-30 18:54 <DIR> EliteSwitch
2007-04-22 18:56 <DIR> Eltima Software
2006-11-19 22:34 <DIR> eMule
2006-02-26 00:40 <DIR> Everstrike Software
2006-07-01 16:56 <DIR> ewido anti-malware
2006-11-11 16:03 <DIR> ExeBook Self-Publisher
2007-05-03 07:35 <DIR> FileCompress
2006-07-09 07:21 <DIR> FinalAlert 2 Yuri's Revenge
2006-10-09 19:02 <DIR> Game_Maker6
2007-05-03 07:35 <DIR> GIMP-2.0
2006-08-01 20:01 <DIR> GoldWave
2006-12-19 23:08 <DIR> Google
2006-12-10 12:46 <DIR> GraphicsGale FreeEdition
2006-10-06 18:30 <DIR> Grisoft
2006-12-29 23:39 <DIR> GVPtoAVI
2004-10-21 21:30 <DIR> Help and Support Additions
2004-10-21 21:22 <DIR> Hewlett-Packard
2006-07-03 16:21 <DIR> High-Logic
2004-10-21 20:26 <DIR> HP
2006-10-28 12:52 <DIR> HyCam2
2003-08-20 19:00 <DIR> IE4
2006-04-16 22:30 <DIR> ImageShack
2005-09-03 08:57 <DIR> Infogrames Interactive
2007-02-11 16:58 <DIR> InsanityDM
2004-10-21 20:46 <DIR> IntelliMover Data Transfer Demo
2005-01-28 17:26 <DIR> interMute
2007-04-12 18:33 <DIR> Internet Explorer
2007-04-12 18:58 <DIR> InterVideo
2004-10-21 20:58 <DIR> iPod
2007-04-12 19:43 <DIR> iTunes
2007-05-03 07:31 <DIR> IWM
2004-10-21 19:27 <DIR> Java
2007-04-30 16:44 <DIR> Knight Online
2007-04-21 14:48 <DIR> Knight Online Toolbar
2007-04-14 10:05 <DIR> KnightOnline
2006-08-21 15:51 <DIR> KONAMI
2007-01-21 09:19 <DIR> Kuma Games
2006-03-01 17:46 <DIR> Lavasoft
2006-05-25 12:47 <DIR> Learn2.com
2006-03-13 14:00 <DIR> Liatro
2006-08-13 10:40 <DIR> LimeWire
2007-01-27 17:13 <DIR> Loradon Online
2006-05-21 14:31 <DIR> Macromedia
2007-04-12 18:33 <DIR> Messenger
2006-07-23 06:46 <DIR> MessenPass
2004-10-21 20:54 <DIR> Microsoft ActiveSync
2006-08-01 20:02 <DIR> Microsoft AntiSpyware
2004-10-21 18:51 <DIR> microsoft frontpage
2006-09-02 21:28 <DIR> Microsoft Games
2004-10-21 20:53 <DIR> Microsoft Office
2004-10-21 20:48 <DIR> Microsoft Plus! Digital Media Edition
2004-10-21 20:48 <DIR> Microsoft Plus! Photo Story 2 LE
2004-10-21 20:53 <DIR> Microsoft Visual Studio
2004-10-21 20:52 <DIR> Microsoft Works
2004-10-21 20:53 <DIR> Microsoft.NET
2007-05-01 18:42 <DIR> mIRC
2005-10-27 14:00 <DIR> Motive
2007-04-12 18:33 <DIR> Movie Maker
2007-05-15 16:06 <DIR> Mozilla Firefox
2003-08-20 19:00 <DIR> MSDESIGN
2004-10-21 18:47 <DIR> MSN
2004-10-21 20:38 <DIR> MSN Encarta Standard
2007-03-30 14:32 <DIR> MSN Games
2004-10-21 18:48 <DIR> MSN Gaming Zone
2007-04-17 20:21 <DIR> MSN Messenger
2006-01-25 17:01 <DIR> MSXML 4.0
2007-04-12 18:33 <DIR> NetMeeting
2006-06-20 07:21 <DIR> Network
2004-10-22 16:16 <DIR> Norton AntiVirus
2004-10-22 16:19 <DIR> Norton Personal Firewall
2006-04-01 09:39 <DIR> NovaLogic
2007-05-11 16:19 552 omfgbpau.txt
2004-10-21 21:40 <DIR> Online Services
2006-08-02 10:16 <DIR> OpenOffice.org 2.0
2003-08-20 19:00 <DIR> OS
2007-04-12 18:33 <DIR> Outlook Express
2004-10-21 21:32 <DIR> PC-Doctor for Windows
2006-12-31 15:20 <DIR> PlayLinc
2006-08-01 20:01 <DIR> Project64 1.6
2004-12-30 20:39 <DIR> Pure Networks
2007-04-12 19:38 <DIR> QuickTime
2004-10-21 20:39 <DIR> Real
2005-12-18 12:25 <DIR> Red Storm Entertainment
2006-04-13 17:37 <DIR> Renegade Entertainment
2006-01-12 21:49 <DIR> Rhapsody
2006-12-27 14:24 <DIR> RK Autocutter
2006-06-15 15:11 <DIR> Rockstar Games
2003-08-20 19:00 <DIR> SAMPLES
2006-09-25 21:29 <DIR> Samsung
2007-02-03 18:54 <DIR> SanDisk
2006-11-10 22:18 <DIR> SCAR 2.03
2006-06-09 14:08 <DIR> Seagrand
2003-08-20 19:01 <DIR> SETUP
2003-08-20 19:01 <DIR> SHARED
2006-08-01 20:01 <DIR> Shockwave.com
2007-01-31 16:31 <DIR> softnyx
2006-07-16 13:55 <DIR> Soldier of Fortune II - SP Demo
2004-10-21 20:37 <DIR> Sonic
2004-10-21 20:37 <DIR> Sonic RecordNow!
2005-11-07 22:56 <DIR> Sony
2005-09-17 09:02 <DIR> Sony Corporation
2007-05-11 23:45 <DIR> SopCast
2006-07-10 21:33 <DIR> Spybot - Search & Destroy
2006-09-04 16:37 <DIR> Stardock
2007-04-22 18:17 <DIR> Startup Inspector for Windows
2007-05-15 15:20 <DIR> SwiftSwitch
2004-10-22 16:18 <DIR> Symantec
2006-08-01 20:01 <DIR> SymNetDrv
2005-11-03 00:46 <DIR> TechSmith
2007-02-17 21:11 <DIR> Tibia
2007-04-01 13:33 <DIR> TibiaBot NG
2003-08-20 19:01 <DIR> Tutorial
2006-02-28 17:38 <DIR> Ulead Systems
2004-10-21 21:25 <DIR> Updates from HP
2007-04-01 13:34 <DIR> Valve
2003-08-20 19:01 <DIR> VB98
2007-01-15 19:55 <DIR> Verizon
2006-05-18 13:00 <DIR> Verizon Online
2006-12-02 13:44 <DIR> Viewpoint
2006-12-08 18:01 <DIR> Virtual Villagers
2006-04-14 16:34 <DIR> WildTangent
2006-06-16 07:36 <DIR> Windows Defender
2007-04-12 18:33 <DIR> Windows Media Player
2007-04-12 18:33 <DIR> Windows NT
2007-04-07 13:42 <DIR> WinRAR
2006-03-27 14:35 <DIR> Wizet
2004-10-21 18:51 <DIR> xerox
2006-10-28 22:29 <DIR> Xilisoft
1 File(s) 552 bytes
165 Dir(s) 2,086,084,608 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is 74D3-1DD3

Directory of C:\

2006-05-21 20:23 141,433 mti-hits.exe
2005-10-31 10:56 700,416 StubInstaller.exe
2 File(s) 841,849 bytes
0 Dir(s) 2,086,092,800 bytes free
c:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
c:\Documents and Settings\Administrator.ALIEN_WARE\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\aoldacl.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptScan.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\aoldacl.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\OptScan.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0a\Unagi\ampx.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\aoldacl.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\OptClean.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0b\OptScan.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0c\OptScan.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0c\aolEULanPack\cswitch.exe
c:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0c\aolEULanPack\langpack.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\PPClean.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\EEStart.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\ocpgc.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\ocpinst.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\postproc.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\AIMinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\AIMLang.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\alsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\ampx.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\aod.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\instopts.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\iphinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\muinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\ocpinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\plxoinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\postproc.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\prodpckr.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\rmb1.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\SLinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\SLinstLP.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\tbsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\toolbar.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\vwpt.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AIMLang.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\alsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ampx.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\aod.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\instopts.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\iphinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\muinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ocpinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\plxoinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\postproc.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\prodpckr.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\rmb1.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\SLinstLP.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\tbsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\toolbar.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\vwpt.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.1.8\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.39_13.48.54_swiftswitch(update).exe
c:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.40_21.15.43_swiftswitch(update).exe
c:\Documents and Settings\All Users\Application Data\SwiftSwitch\2.41_13.46.50_swiftswitch(update).exe
c:\Documents and Settings\All Users\Application Data\SwiftSwitch\swiftswitch(install).exe
c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
c:\Documents and Settings\HP_Owner\dr.exe
c:\Documents and Settings\HP_Owner\.limewire\.NetworkShare\LimeWireWin4.12.6-fixed.exe
c:\Documents and Settings\HP_Owner\.limewire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe
c:\Documents and Settings\HP_Owner\Application Data\FontCreator\FontCreatorSetup.exe
c:\Documents and Settings\HP_Owner\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.11.exe
c:\Documents and Settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\HP_Owner\Application Data\Microsoft\Installer\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}\python_icon.exe
c:\Documents and Settings\HP_Owner\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
c:\Documents and Settings\HP_Owner\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe
c:\Documents and Settings\HP_Owner\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe
c:\Documents and Settings\HP_Owner\Application Data\Microsoft\Installer\{9CCE527D-356F-41A8-9718-77A68AC065FB}\Icon9CCE527D.exe
c:\Documents and Settings\HP_Owner\Application Data\Microsoft\Installer\{CD522250-7AEE-4266-A821-6FB7C7018F13}\_294823.exe
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\pchealthde.exe
c:\Documents and Settings\HP_Owner\Application Data\SopCast\adv\SopAdver.exe
c:\Documents and Settings\HP_Owner\Desktop\avenger.exe
c:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
c:\Documents and Settings\HP_Owner\Desktop\chercher\FilesInfoCmd.exe
c:\Documents and Settings\HP_Owner\Desktop\chercher\LFiles.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\ogcaimbot.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\SDFix.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\chercher\FilesInfoCmd.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\chercher\LFiles.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\DS Roms\DeSmuME\DeSmuME.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\DS Roms\DSemu\dsemu.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\DS Roms\DSemu\DeSmuME\DeSmuME.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\EliteClient\CalculatorEditor.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\EliteClient\Eliteclient.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\isw2.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\runescape.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\rxd_2.0.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\AOE2AOK\clokspl.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\AOE2AOK\empires2.EXE
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\AOE2AOK\SETUPREG.EXE
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\AOE2AOK\Data\closedpw.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\AOE2AOK\[savefile]060606130359_NWYC\NWYC.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\Game_Maker6\Game_Maker.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\Game_Maker6\Gunbound_GIS_WC_486.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\Game_Maker6\Uninstal.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\Game_Maker6\Examples\2045.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\Game_Maker6\exe\stupid ass bear.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\Empire Earth.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\gwave513.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\HyCam2.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\LimeWireWin\LimeWireWin.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\New Folder\CWShredder.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\New Folder\ewido-setup.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\New Folder (5\byond_setup.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\New Folder (6)\New Folder (5\IPChanger20Eng.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\OpenOffice.org 2.0 Installation Files\instmsia.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\OpenOffice.org 2.0 Installation Files\instmsiw.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\OpenOffice.org 2.0 Installation Files\jdk-1_5_0_07-windows-i586-p.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\OpenOffice.org 2.0 Installation Files\setup.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\OpenOffice.org 2.0 Installation Files\vbalink.exe
c:\Documents and Settings\HP_Owner\Desktop\Folder\fps\OpenOffice.org 2.0 Installation Files\vbaserver\vbalink.exe

Edited by Ychain, 15 May 2007 - 04:24 PM.


#8 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 15 May 2007 - 04:24 PM

c:\Documents and Settings\LocalService\Desktop\SearchUs.exe
c:\Documents and Settings\LocalService\Desktop\TagASaurus.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\spoolsvv.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun8.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\PZ37UMN6\zup[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLYB01EF\cfg32[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLYB01EF\dv[1].exe
c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLYB01EF\pdp[1].exe
c:\Documents and Settings\NetworkService\Desktop\SearchUs.exe
c:\Documents and Settings\NetworkService\Desktop\TagASaurus.exe
c:\Documents and Settings\noobcakeman\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\noobcakeman\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
c:\Documents and Settings\noobcakeman\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
c:\Documents and Settings\noobcakeman\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
c:\Documents and Settings\noobcakeman\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
c:\Documents and Settings\noobcakeman.ALIEN_WARE\Application Data\Microsoft\Installer\{457791C5-D702-4143-A7B2-2744BE9573F2}\NewShortcut1_5B69D3033CA54B39B5ECE7D051297E77.exe
c:\Documents and Settings\noobcakeman.ALIEN_WARE\Desktop\Stargate\Stargate SG1.exe
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\instSup.dll
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\ocpchk.dll
c:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\3869.9.20\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\AOLFirewallMgr.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\aoltbchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\brwschk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\imappver.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\instph.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\instSup.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\ocpchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\ocpiman.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\plxochek.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.6.1\tbinst.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\AOLFirewallMgr.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\aoltbchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\brwschk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\imappver.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\instph.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\instSup.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ocpchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ocpiman.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\plxochek.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.7.1\tbinst.dll
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\Diagnostic Assistant\data\hprbevdb.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Default\MpEngine.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9C2131DF-A609-44D1-835B-8CD3295E73C1}\mpengine.dll
c:\Documents and Settings\All Users\Application Data\PopCap\PopCapLoader\Shockwave\heavyweapon\HeavyWeapon.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\api.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\asst_ui.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\client_motkt.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\clientutil52.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\gnu.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\GUI.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\hwinv.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\INV16.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\jsharpinterp.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\motivede.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\msxmlwrapper.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\pcdapi.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\pchapi.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\pchmsxml.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\util.dll
c:\Documents and Settings\HP_Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\de\JSharp\bin\ZipLib.dll
c:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\k2vk3ico.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\k2vk3ico.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\HP_Owner\Local Settings\Application Data\Macromedia\Flash 8\en\Configuration\External Libraries\FLfile.dll
c:\Documents and Settings\NetworkService\Local Settings\Application Data\grbqcdl.dll
c:\Documents and Settings\NetworkService\Local Settings\Application Data\wrdzujn.dll

Vérifications de quelques clefs
Recherche de clefs EGDACCESS

HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler

#9 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 15 May 2007 - 04:25 PM

Also, I can't use that Virus scanner because it requires IE. Which, I cannot use because this virus or for some other reason.

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 15 May 2007 - 07:18 PM

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\System32\ksys.sys
C:\WINDOWS\System32\qmujmnta.dll
C:\WINDOWS\System32\ixhilqrn.dll
C:\WINDOWS\System32\ixhilqrn.dll.bak
C:\WINDOWS\System32\jhicjhi.dll
C:\WINDOWS\iifffe.dll
C:\WINDOWS\jkhghg.dll
C:\WINDOWS\pmnlkh.dll
C:\WINDOWS\hgdabx.dll
C:\WINDOWS\tfycc1.dll
C:\WINDOWS\System32\yxsvgdla.txt
C:\WINDOWS\System32\uanfsjfd.txt
C:\WINDOWS\System32\5_exception.nls
C:\WINDOWS\system32\mbblkwfx.exe
C:\WINDOWS\system32\mtmnbaaa.exe
C:\WINDOWS\109uninst.exe
C:\WINDOWS\itpb_3.exe
C:\WINDOWS\itpb_7.exe
C:\WINDOWS\ms049927871959.exe
C:\WINDOWS\ntbe.exe
C:\WINDOWS\rk.exe
C:\WINDOWS\sammy.exe
C:\WINDOWS\Sos28.exe
C:\WINDOWS\stub_mma3.exe
c:\Documents and Settings\NetworkService\Local Settings\Application Data\grbqcdl.dll
c:\Documents and Settings\NetworkService\Local Settings\Application Data\wrdzujn.dll

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

********************************

download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

You should copy/print the following because you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
* After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

********************************

Download 'Blacklight Beta graphical user interface version' to your desktop:
https://europe.f-secure.com/blacklight/try.shtml
Accept the agreement,then download the program.
Click on Blacklight Beta on your desktop,accept that agreement,then hit Scan.
You'll see a list of all items found.
Don't choose rename yet!
I want to see the log first,legit items may be present.
There will be a log on your desktop with the name 'fsbl---log'
Post the contents of that log in your next reply.

Also post a new Hijackthis log please.

Edited by RichieUK, 15 May 2007 - 07:18 PM.

Posted Image
Posted Image

#11 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 16 May 2007 - 06:15 PM

Btw, now I have the ability to use windows explorer and IE. Also When I turn on my computer, on the list of
running processes iexplorer.exe is always on and it says it under system.


05/16/07 17:57:48 [Info]: BlackLight Engine 1.0.61 initialized
05/16/07 17:57:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/16/07 17:57:49 [Note]: 7019 4
05/16/07 17:57:49 [Note]: 7005 0
05/16/07 17:57:55 [Note]: 7006 0
05/16/07 17:57:55 [Note]: 7011 1788
05/16/07 17:57:56 [Note]: 7026 0
05/16/07 17:57:56 [Note]: 7026 0
05/16/07 17:57:56 [Note]: 7024 3
05/16/07 17:57:56 [Info]: Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
05/16/07 17:57:56 [Note]: 7024 3
05/16/07 17:57:56 [Info]: Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
05/16/07 17:57:56 [Note]: 7024 3
05/16/07 17:57:56 [Info]: Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
05/16/07 17:57:56 [Note]: 7024 3
05/16/07 17:57:56 [Info]: Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
05/16/07 17:58:29 [Note]: FSRAW library version 1.7.1021
05/16/07 18:05:40 [Info]: Hidden file: c:\WINDOWS\system32\drivers\runtime2.sys
05/16/07 18:05:40 [Note]: 10002 1
05/16/07 18:05:40 [Info]: Hidden file: c:\WINDOWS\system32\drivers\runtime2.sy_
05/16/07 18:05:40 [Note]: 10002 1
05/16/07 18:06:41 [Note]: 2000 1012
05/16/07 18:06:41 [Note]: 2000 1012

#12 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 16 May 2007 - 06:17 PM

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nejpanjb

*******************

Script file located at: \??\C:\WINDOWS\eidghwel.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\System32\ksys.sys deleted successfully.
File C:\WINDOWS\System32\qmujmnta.dll deleted successfully.
File C:\WINDOWS\System32\ixhilqrn.dll deleted successfully.
File C:\WINDOWS\System32\ixhilqrn.dll.bak deleted successfully.


Could not open file C:\WINDOWS\System32\jhicjhi.dll for deletion
Deletion of file C:\WINDOWS\System32\jhicjhi.dll failed!

Could not process line:
C:\WINDOWS\System32\jhicjhi.dll
Status: 0xc0000022

File C:\WINDOWS\iifffe.dll deleted successfully.
File C:\WINDOWS\jkhghg.dll deleted successfully.
File C:\WINDOWS\pmnlkh.dll deleted successfully.
File C:\WINDOWS\hgdabx.dll deleted successfully.
File C:\WINDOWS\tfycc1.dll deleted successfully.
File C:\WINDOWS\System32\yxsvgdla.txt deleted successfully.
File C:\WINDOWS\System32\uanfsjfd.txt deleted successfully.
File C:\WINDOWS\System32\5_exception.nls deleted successfully.
File C:\WINDOWS\system32\mbblkwfx.exe deleted successfully.
File C:\WINDOWS\system32\mtmnbaaa.exe deleted successfully.
File C:\WINDOWS\109uninst.exe deleted successfully.
File C:\WINDOWS\itpb_3.exe deleted successfully.
File C:\WINDOWS\itpb_7.exe deleted successfully.
File C:\WINDOWS\ms049927871959.exe deleted successfully.
File C:\WINDOWS\ntbe.exe deleted successfully.
File C:\WINDOWS\rk.exe deleted successfully.
File C:\WINDOWS\sammy.exe deleted successfully.
File C:\WINDOWS\Sos28.exe deleted successfully.
File C:\WINDOWS\stub_mma3.exe deleted successfully.
File c:\Documents and Settings\NetworkService\Local Settings\Application Data\grbqcdl.dll deleted successfully.
File c:\Documents and Settings\NetworkService\Local Settings\Application Data\wrdzujn.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

#13 Ychain

Ychain
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 16 May 2007 - 06:19 PM

I accidentally forgot to save to Dr. Web log. Sorry.

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 16 May 2007 - 06:33 PM

Run Blacklight Beta,when its done scanning see if you're able to rename the following:
Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
Hidden process: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Hidden process: C:\Program Files\Internet Explorer\iexplore.exe
Hidden file: c:\WINDOWS\system32\drivers\runtime2.sys
Hidden file: c:\WINDOWS\system32\drivers\runtime2.sy_

Restart your pc,post a new Hijackthis log please.
Let me know whats happening now.
Posted Image
Posted Image

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:36 PM

Posted 16 May 2007 - 07:12 PM

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\sys019599927871.exe
C:\WINDOWS\sys0195999278712006.exe
C:\WINDOWS\sys039992787195.exe
c:\Documents and Settings\LocalService\Desktop\SearchUs.exe
c:\Documents and Settings\LocalService\Desktop\TagASaurus.exe
c:\Documents and Settings\NetworkService\Desktop\SearchUs.exe
c:\Documents and Settings\NetworkService\Desktop\TagASaurus.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\spoolsvv.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun1.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun10.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun11.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun2.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun3.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun4.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun5.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun6.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun7.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun8.exe
c:\Documents and Settings\LocalService\Local Settings\Temp\stdrun9.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users