Malwarebytes reports MS Juan and Im in trouble....
CastleCops
-> Trend Micro HijackThis Logs
Author: ViciousOne, Location: USA
Posted: Mon Jun 23, 2008 6:25 am Post subject: Malwarebytes reports MS Juan and Im in trouble....
Here is the HiJack this file.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:29 AM, on 6/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: {bc09cf2c-b6c1-897b-77f4-dc8da8c88032} - {23088c8a-d8cd-4f77-b798-1c6bc2fc90cb} - C:\WINDOWS\system32\hwjuaihi.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A57EE9D7-0534-496A-B2B0-E95866D0C1B0} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{771C9281-363B-4893-AFAB-FCE21AA40158}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: bw+0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw+0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw-0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw-0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw00 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw00s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw10 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw10s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw20 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw20s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw30 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw30s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw40 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw40s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw50 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw50s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw60 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw60s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw70 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw70s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw80 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw80s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw90 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw90s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwa0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwa0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwb0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwb0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwc0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwc0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwd0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwd0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwe0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwe0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwf0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwf0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwg0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwh0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwh0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwi0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwi0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwj0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwj0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwk0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwk0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwl0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwl0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwm0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwm0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwn0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwn0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwo0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwo0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwp0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwp0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwq0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwq0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwr0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwr0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bws0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bws0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwt0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwt0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwu0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwu0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwv0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwv0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bww0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bww0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwx0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwx0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwy0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwy0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwz0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwz0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: offline-8876480 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0031161214028147) (0031161214028147mcinstcleanup) - Unknown owner - C:\DOCUME~1\Paul\LOCALS~1\Temp\003116~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 16307 bytes
Author: ViciousOne, Location: USA
Posted: Mon Jun 23, 2008 6:26 am Post subject:
Here is the ComboFix file
ComboFix 08-06-20.4 - Paul 2008-06-23 0:25:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1458 [GMT -5:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-22 23:44 . 2008-04-22 23:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-22 23:44 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-22 23:44 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-22 23:44 . 2008-04-22 23:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-22 23:44 . 2008-04-22 23:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-22 23:44 . 2008-04-22 23:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-22 23:44 . 2008-04-22 23:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-22 23:44 . 2008-04-22 23:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-22 23:44 . 2008-04-22 02:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-22 02:26 . 2008-06-22 02:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 23:50 . 2008-06-21 23:51 <DIR> d-------- C:\4aa3cbe6a2bad83a59885d
2008-06-21 23:10 . 2008-05-07 00:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-21 11:39 . 2008-06-21 11:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-21 11:32 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003206_.tmp
2008-06-21 11:23 . 2008-06-21 11:44 <DIR> d-------- C:\804e969aaaff11fc66
2008-06-21 10:38 . 2008-06-22 23:44 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-20 23:55 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-20 23:38 . 2008-06-20 23:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 23:38 . 2008-06-20 23:38 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Malwarebytes
2008-06-20 23:38 . 2008-06-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 23:38 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-20 23:38 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 22:26 . 2008-06-20 22:26 99,328 --a------ C:\WINDOWS\system32\hwjuaihi.dll
2008-06-20 22:15 . 2008-06-23 00:28 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-20 22:11 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 22:10 . 2004-08-04 07:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-20 21:40 . 2004-08-04 07:00 1,086,058 -ra------ C:\WINDOWS\SET84.tmp
2008-06-20 21:40 . 2004-08-04 07:00 1,042,903 -ra------ C:\WINDOWS\SET81.tmp
2008-06-20 21:40 . 2004-08-04 07:00 13,753 -ra------ C:\WINDOWS\SET90.tmp
2008-06-20 21:26 . 2004-08-04 07:00 1,086,058 -ra------ C:\WINDOWS\SET83.tmp
2008-06-20 21:26 . 2004-08-04 07:00 1,042,903 -ra------ C:\WINDOWS\SET80.tmp
2008-06-20 21:26 . 2004-08-04 07:00 13,753 -ra------ C:\WINDOWS\SET8F.tmp
2008-06-20 21:21 . 2008-06-23 00:28 64,900 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000D-00001102-00000005-00311102}.rfx
2008-06-20 21:21 . 2008-06-23 00:28 54,164 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000005-00311102}.rfx
2008-06-20 21:21 . 2008-06-23 00:28 54,164 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000D-00001102-00000005-00311102}.rfx
2008-06-20 20:53 . 2008-06-20 20:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Simply Super Software
2008-06-20 20:53 . 2008-06-20 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-20 19:16 . 2008-06-20 19:16 13,824 --a------ C:\WINDOWS\system32\ini.dll
2008-06-20 19:15 . 2008-06-20 22:23 <DIR> d-------- C:\Program Files\Trojan Remover
2008-06-20 19:15 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-20 19:15 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-20 19:15 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-20 19:15 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-20 19:15 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-20 14:42 . 2008-06-20 14:42 99,328 --a------ C:\WINDOWS\system32\pqfdiibo.dll
2008-06-20 14:42 . 2008-06-20 14:42 90,624 --a------ C:\WINDOWS\system32\xtwahapt.dll
2008-06-20 12:04 . 2008-06-20 12:04 99,328 --a------ C:\WINDOWS\system32\qsqhxkhs.dll
2008-06-20 12:03 . 2008-06-20 12:03 90,624 --a------ C:\WINDOWS\system32\xciabsjx.dll
2008-06-20 12:03 . 2008-06-20 12:03 79,872 --a------ C:\WINDOWS\system32\aglnnsgw.dll.vir
2008-06-20 01:06 . 2008-06-20 01:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-20 01:06 . 2008-06-20 01:06 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-20 00:46 . 2008-06-20 20:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-20 00:04 . 2008-06-20 00:04 <DIR> d-------- C:\Program Files\Intelore
2008-06-19 19:57 . 2008-06-19 19:57 <DIR> d-------- C:\Kung Fu Panda 2008 XviD
2008-06-18 21:09 . 2008-06-18 23:57 <DIR> d-------- C:\Guitar Stuff
2008-06-18 18:46 . 2008-06-18 18:46 <DIR> d-------- C:\Water4gas
2008-06-10 20:31 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 01:33 . 2008-06-10 01:33 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Sibelius Software
2008-06-10 01:32 . 2008-06-10 01:32 <DIR> d-------- C:\Program Files\Sibelius Software
2008-06-10 00:06 . 2008-06-10 00:06 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\MH GED
2008-06-10 00:05 . 2008-06-10 00:05 <DIR> d-------- C:\Program Files\McGraw Hill
2008-06-10 00:01 . 2008-06-10 00:01 <DIR> d-------- C:\Program Files\Petersons
2008-06-10 00:00 . 2008-06-10 00:09 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-09 21:28 . 2008-06-09 21:28 <DIR> d-------- C:\Program Files\PowerISO
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\Program Files\MSBuild
2008-06-07 08:31 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-01 23:58 . 2008-06-02 00:23 <DIR> d-------- C:\YouTubeVideos
2008-06-01 23:12 . 2008-06-01 23:12 <DIR> d-------- C:\Program Files\4U Computing
2008-06-01 17:41 . 2008-06-01 17:41 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ieSpell
2008-06-01 17:36 . 2008-06-01 17:36 <DIR> d-------- C:\Program Files\ieSpell
2008-05-28 15:52 . 2008-05-28 15:52 268 --ah----- C:\sqmdata19.sqm
2008-05-28 15:52 . 2008-05-28 15:52 244 --ah----- C:\sqmnoopt19.sqm
2008-05-26 22:10 . 2008-05-26 22:10 268 --ah----- C:\sqmdata18.sqm
2008-05-26 22:10 . 2008-05-26 22:10 244 --ah----- C:\sqmnoopt18.sqm
2008-05-24 10:51 . 2008-05-24 10:51 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-24 10:51 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 06:56 --------- d-----w C:\Documents and Settings\Paul\Application Data\uTorrent
2008-06-22 06:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 06:01 --------- d-----w C:\Program Files\McAfee
2008-06-21 01:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-21 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 01:18 --------- d-----w C:\Program Files\DivX
2008-06-20 01:08 --------- d-----w C:\Program Files\Xvid
2008-06-16 17:18 --------- d-----w C:\Documents and Settings\Paul\Application Data\SiteAdvisor
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 06:32 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2008-06-10 05:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-10 05:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 00:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-26 14:04 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-21 03:13 --------- d-----w C:\Documents and Settings\Paul\Application Data\LimeWire
2008-05-15 01:55 --------- d-----w C:\Documents and Settings\Paul\Application Data\U3
2008-05-09 03:13 --------- d-----w C:\Documents and Settings\Paul\Application Data\Wal-Mart Digital Photo Manager
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 04:50 --------- d-----w C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-05-02 22:40 3,532 ----a-w C:\drmHeader.bin
2008-05-02 22:24 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-02 22:24 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 21:26 --------- d-----w C:\Documents and Settings\Jordan\Application Data\Nero
2008-04-23 20:35 --------- d-----w C:\Documents and Settings\Lauren\Application Data\Apple Computer
2008-04-23 20:34 --------- d-----w C:\Program Files\Yahoo!
2008-04-23 04:07 --------- d-----w C:\Program Files\America's Army
2008-04-14 10:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 10:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 10:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 10:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 10:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 10:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 10:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 10:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 10:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 10:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 10:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 10:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 10:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 10:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 10:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 10:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-04 01:37 2,256 ----a-w C:\WINDOWS\current_settings.bin
2007-12-25 18:11 22,328 ----a-w C:\Documents and Settings\Paul\Application Data\PnkBstrK.sys
2007-11-29 11:27 7,168 ----a-w C:\Documents and Settings\Jordan\queue.dat
2007-11-29 11:27 2,396,160 ----a-w C:\Documents and Settings\Jordan\FahCore_81.exe
2007-11-12 08:44 7,168 ----a-w C:\Documents and Settings\Lauren\queue.dat
2007-11-12 08:44 2,338,816 ----a-w C:\Documents and Settings\Lauren\FahCore_78.exe
2007-11-12 08:43 2,392,064 ----a-w C:\Documents and Settings\Lauren\FahCore_80.exe
2007-10-18 00:56 2,392,064 ----a-w C:\Documents and Settings\Jordan\FahCore_80.exe
2007-10-02 19:24 7,168 ----a-w C:\Documents and Settings\Gidget\queue.dat
2007-10-02 19:24 2,338,816 ----a-w C:\Documents and Settings\Gidget\FahCore_78.exe
2007-09-26 03:46 2,392,064 ----a-w C:\Documents and Settings\VF26N0\FahCore_80.exe
2007-09-23 04:36 7,168 ----a-w C:\Documents and Settings\VF26N0\queue.dat
2007-09-22 23:17 2,338,816 ----a-w C:\Documents and Settings\Jordan\FahCore_78.exe
2007-08-08 23:34 92,064 ----a-w C:\Documents and Settings\Paul\mqdmmdm.sys
2007-08-08 23:34 9,232 ----a-w C:\Documents and Settings\Paul\mqdmmdfl.sys
2007-08-08 23:34 79,328 ----a-w C:\Documents and Settings\Paul\mqdmserd.sys
2007-08-08 23:34 66,656 ----a-w C:\Documents and Settings\Paul\mqdmbus.sys
2007-08-08 23:34 6,208 ----a-w C:\Documents and Settings\Paul\mqdmcmnt.sys
2007-08-08 23:34 5,936 ----a-w C:\Documents and Settings\Paul\mqdmwhnt.sys
2007-08-08 23:34 4,048 ----a-w C:\Documents and Settings\Paul\mqdmcr.sys
2007-08-08 23:34 25,600 ----a-w C:\Documents and Settings\Paul\usbsermptxp.sys
2007-08-08 23:34 22,768 ----a-w C:\Documents and Settings\Paul\usbsermpt.sys
2007-02-06 05:40 7,168 ----a-w C:\Documents and Settings\Paul\queue.dat
.
((((((((((((((((((((((((((((( snapshot@2008-06-22_ 1.34.01.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 16:29:04 213,216 -c--a-w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
+ 2006-05-25 15:29:04 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
- 2006-05-25 16:29:04 371,424 -c--a-w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
+ 2006-05-25 15:29:04 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\updspapi.dll
- 2006-05-24 18:32:48 213,216 -c--a-w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
+ 2006-05-24 17:32:48 213,216 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
- 2006-05-24 18:32:48 371,424 -c--a-w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
+ 2006-05-24 17:32:48 371,424 -c----w C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\updspapi.dll
- 2008-06-22 06:24:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 05:35:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 11:05:51 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2004-08-04 12:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2008-04-14 10:41:50 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
- 2004-08-04 12:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2008-04-14 10:41:50 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
- 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2008-04-14 10:41:52 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
- 2006-06-23 11:02:50 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2008-04-14 10:41:54 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
- 2006-06-23 11:02:50 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2008-04-14 10:41:54 205,312 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
- 2006-06-23 11:02:50 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2008-04-14 10:41:54 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2008-04-14 10:41:56 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2008-04-14 10:42:24 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
- 2004-08-04 12:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2008-04-14 10:41:56 143,360 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
- 2004-08-04 12:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2008-04-14 10:41:56 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
- 2004-08-04 12:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2008-04-14 10:41:56 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
- 2006-06-23 08:35:52 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2008-04-14 10:42:24 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
- 2006-06-23 11:02:50 251,392 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2008-04-14 10:41:56 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2006-10-27 21:09:58 287,744 -c--a-w C:\WINDOWS\ie7\ieproxy.dll
- 2004-08-04 12:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2008-04-14 10:41:56 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
- 2004-08-04 12:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2008-04-14 10:41:56 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2006-10-27 21:09:58 180,736 -c--a-w C:\WINDOWS\ie7\ieui.dll
- 2004-08-04 12:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2008-04-14 10:42:24 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
- 2004-08-04 12:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2008-04-14 10:41:56 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
- 2006-06-23 11:02:50 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2008-04-14 10:41:56 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
- 2006-06-23 11:02:50 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2008-04-14 10:41:58 15,872 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
- 2004-08-04 12:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2008-04-14 10:41:58 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2006-10-17 18:58:32 12,288 -c--a-w C:\WINDOWS\ie7\msfeedssync.exe
- 2004-08-04 12:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2008-04-14 10:42:28 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
- 2006-07-28 11:28:54 3,054,080 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2008-04-21 06:44:29 3,066,880 -c--a-w C:\WINDOWS\ie7\mshtml.dll
- 2006-06-23 11:02:51 448,512 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2008-04-14 10:42:00 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2008-04-14 02:56:28 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
- 2006-06-23 11:02:51 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2008-04-14 10:42:02 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
- 2006-06-23 11:02:51 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2008-04-14 10:42:02 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
- 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2008-04-14 10:42:04 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
- 2006-06-23 11:02:51 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2008-04-14 10:42:04 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
- 2006-10-27 21:10:42 31,856 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
- 2006-10-27 21:07:32 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
- 2006-09-06 23:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
- 2006-09-06 23:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
- 2004-08-04 12:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2008-04-14 10:42:10 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
- 2006-07-25 20:33:39 613,888 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2008-04-14 10:42:10 619,520 -c--a-w C:\WINDOWS\ie7\urlmon.dll
- 2006-09-18 14:15:52 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2008-04-14 10:42:10 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
- 2004-08-04 12:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2008-04-14 10:42:10 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2006-10-17 19:05:58 206,336 -c--a-w C:\WINDOWS\ie7\winfxdocobj.exe
- 2006-06-23 11:02:52 658,944 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2008-04-21 06:44:29 666,112 -c--a-w C:\WINDOWS\ie7\wininet.dll
- 2008-03-01 13:06:20 124,928 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll.000
- 2008-03-01 13:06:21 347,136 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll.000
- 2008-03-01 13:06:21 214,528 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll.000
- 2008-03-01 13:06:21 133,120 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll.000
- 2008-02-29 08:55:23 70,656 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe.000
- 2008-03-01 13:06:21 153,088 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll.000
- 2008-03-01 13:06:21 230,400 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll.000
- 2008-02-15 05:44:25 161,792 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll
- 2008-03-01 13:06:22 384,512 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll.000
- 2008-03-01 13:06:24 44,544 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll.000
- 2008-02-22 10:00:51 13,824 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe
- 2008-02-29 08:55:46 625,664 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe.000
- 2008-03-01 13:06:25 27,648 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll.000
- 2008-03-01 23:36:30 3,591,680 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll
- 2008-03-01 13:06:28 478,208 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll.000
- 2008-03-01 13:06:28 193,024 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll.000
- 2008-03-01 13:06:29 671,232 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll.000
- 2008-03-01 13:06:29 102,912 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll.000
- 2008-03-01 13:06:29 44,544 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll.000
+ 2007-03-06 01:22:31 22,752 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spcustom.dll
+ 2007-03-06 01:22:33 14,048 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spmsg.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst.exe
+ 2007-03-06 01:22:56 716,000 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\update.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\updspapi.dll
- 2008-03-01 13:06:29 105,984 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll.000
- 2008-03-01 13:06:30 1,159,680 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll.000
- 2008-03-01 13:06:30 233,472 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll.000
- 2008-03-01 13:06:31 826,368 -c--a-w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll
- 2008-04-14 10:41:50 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
+ 2007-08-13 23:39:20 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
- 2008-04-14 10:41:50 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-06-22 04:13:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-06-23 04:34:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-06-22 04:13:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-06-23 04:34:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-06-22 04:13:41 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-23 04:34:57 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-13 23:39:20 71,680 -c----w C:\WINDOWS\system32\dllcache\admparse.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-09-23 18:12:50 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-13 23:42:54 17,408 -c----w C:\WINDOWS\system32\dllcache\corpol.dll
- 2008-04-14 10:41:52 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2007-08-13 23:54:10 33,792 -c--a-w C:\WINDOWS\system32\dllcache\custsat.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-13 23:18:02 60,416 -c----w C:\WINDOWS\system32\dllcache\hmmapi.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00:00 221,184 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-13 23:44:02 69,120 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-13 23:45:18 78,336 -c----w C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2007-08-13 23:54:10 191,488 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-13 23:39:12 55,296 -c----w C:\WINDOWS\system32\dllcache\iesetup.dll
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-13 23:36:06 36,352 -c----w C:\WINDOWS\system32\dllcache\imgutil.dll
+ 2007-08-13 23:39:02 92,672 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-13 23:38:04 491,520 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-13 23:44:18 40,960 -c----w C:\WINDOWS\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:32:30 45,568 -c----w C:\WINDOWS\system32\dllcache\mshta.exe
- 2008-04-21 06:44:29 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-13 23:01:12 48,128 -c----w C:\WINDOWS\system32\dllcache\mshtmler.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2007-08-13 23:54:10 156,160 -c--a-w C:\WINDOWS\system32\dllcache\msls31.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2006-09-23 18:12:50 1,497,088 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2006-09-23 18:12:50 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-13 23:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\system32\dllcache\VGX.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-21 06:44:29 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-14 10:41:54 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-23 04:16:28 347,136 ------w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-14 10:41:54 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-23 04:16:28 214,528 ------w C:\WINDOWS\system32\dxtrans.dll
- 2008-04-14 10:41:54 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-23 04:16:28 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-04-14 10:42:24 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-04-22 07:39:58 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-14 10:41:56 143,360 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-04-23 04:16:28 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-14 10:41:56 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-04-23 04:16:28 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 12:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-04-20 05:07:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-04-14 10:41:56 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-04-23 04:16:28 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-14 10:41:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-04-14 10:41:56 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-04-14 10:41:56 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
+ 2007-08-13 23:39:12 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
- 2006-10-27 21:09:58 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
+ 2007-08-13 23:54:10 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
- 2008-04-14 10:41:56 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
+ 2007-08-13 23:36:06 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
- 2008-04-14 10:41:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-04-14 10:41:58 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-23 04:16:28 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2008-04-14 10:41:58 22,016 ----a-w C:\WINDOWS\system32\licmgr10.dll
+ 2007-08-13 23:44:18 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
- 2006-10-17 18:58:32 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
+ 2007-08-13 23:36:40 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2008-04-14 10:42:28 29,184 ----a-w C:\WINDOWS\system32\mshta.exe
+ 2007-08-13 23:32:30 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
- 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-24 03:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-14 10:42:00 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-14 02:56:28 56,832 ----a-w C:\WINDOWS\system32\mshtmler.dll
+ 2007-08-13 23:01:12 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msls31.dll
+ 2007-08-13 23:54:10 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
- 2008-04-14 10:42:02 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-23 04:16:28 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2008-04-14 10:42:02 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-23 04:16:28 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-04-14 10:42:04 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-04-23 04:16:28 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-04-14 10:42:04 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-23 04:16:28 44,544 ------w C:\WINDOWS\system32\pngfilt.dll
- 2008-04-14 10:42:10 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-14 10:42:10 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-14 10:42:10 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2006-10-17 19:05:58 206,336 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
+ 2007-08-13 23:45:16 206,336 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 05:35:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_f8.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23088c8a-d8cd-4f77-b798-1c6bc2fc90cb}]
2008-06-20 22:26 99328 --a------ C:\WINDOWS\system32\hwjuaihi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"SENTINEL"= snti386.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a------ 2006-11-17 16:49 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-05-23 23:20 17920 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-05-23 23:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
--a------ 2003-06-20 10:06 118784 C:\WINDOWS\system32\ptipbmf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-03-30 10:42 36904 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-02 17:23 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-06-18 07:35 266032 C:\Program Files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--a------ 2006-07-13 15:11 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
--a------ 2007-09-24 16:57 57344 C:\Program Files\Ideazon\ZEngine\Zboard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CwCpSvc20"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-30 22:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-08-13 20:42]
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 04:04]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-23 22:40]
S2 0031161214028147mcinstcleanup;McAfee Application Installer Cleanup (0031161214028147);C:\DOCUME~1\Paul\LOCALS~1\Temp\003116~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2006-03-12 12:11]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 cel90xbe;cel90xbe;C:\DOCUME~1\Sarah\LOCALS~1\Temp\cel90xbe.sys []
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\fd_dbus.sys [2004-08-03 16:03]
S3 fd_dmdfl;FutureDial USB Modem Filter;C:\WINDOWS\system32\DRIVERS\fd_dmdfl.sys [2004-08-03 16:04]
S3 fd_dmdm;FutureDial USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\fd_dmdm.sys [2004-08-03 16:04]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-06-19 17:48]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]
S3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2008-02-23 21:24]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);C:\WINDOWS\system32\Drivers\XLoader.sys [2004-11-26 13:13]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 20:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 06:12:13 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:24 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-23 05:38:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 00:35:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-06-23 0:42:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 05:42:07
ComboFix2.txt 2008-06-22 07:09:01
ComboFix3.txt 2008-06-22 06:51:39
ComboFix4.txt 2008-06-22 06:34:27
Pre-Run: 108,976,857,088 bytes free
Post-Run: 108,941,512,704 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Pro" /noexecute=option /fastdetect /usepmtimer
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
616 --- E O F --- 2008-06-23 04:45:04
Author: ViciousOne, Location: USA
Posted: Mon Jun 23, 2008 2:09 pm Post subject:
I have scanned with the following:
McAfee AV
Trojan Remover
CCleaner
AdWare
Spybot S&D
ATF
Malwarebytes - reports MS Juan
ComboFix
HiJack This
Everytime iexplorer starts I get a Black or Grey screen and nothing happens and I have to restart.
Author: ViciousOne, Location: USA
Posted: Tue Jun 24, 2008 12:04 am Post subject: CFScript Atempt One
After my own review I created the following CFScript and ran it:
File::
C:\WINDOWS\system32\hwjuaihi.dll
C:\WINDOWS\system32\pqfdiibo.dll
C:\WINDOWS\system32\xtwahapt.dll
C:\WINDOWS\system32\qsqhxkhs.dll
C:\WINDOWS\system32\xciabsjx.dll
C:\WINDOWS\system32\aglnnsgw.dll.vir
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23088c8a-d8cd-4f77-b798-1c6bc2fc90cb}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A57EE9D7-0534-496A-B2B0-E95866D0C1B0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc09cf2c-b6c1-897b-77f4-dc8da8c88032}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MS Juan"=-
Vic
Author: ViciousOne, Location: USA
Posted: Tue Jun 24, 2008 12:07 am Post subject: Limewire and uTorrent Removed...
Before the script was run I removed uTorrent and Limewire. The new ComboFix file is below:
ComboFix 08-06-20.4 - Paul 2008-06-23 18:39:21.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1495 [GMT -5:00]
Running from: C:\Documents and Settings\Paul\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Paul\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\WINDOWS\system32\aglnnsgw.dll.vir
C:\WINDOWS\system32\hwjuaihi.dll
C:\WINDOWS\system32\pqfdiibo.dll
C:\WINDOWS\system32\qsqhxkhs.dll
C:\WINDOWS\system32\xciabsjx.dll
C:\WINDOWS\system32\xtwahapt.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aglnnsgw.dll.vir
C:\WINDOWS\system32\hwjuaihi.dll
C:\WINDOWS\system32\pqfdiibo.dll
C:\WINDOWS\system32\qsqhxkhs.dll
C:\WINDOWS\system32\xciabsjx.dll
C:\WINDOWS\system32\xtwahapt.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-23 to 2008-06-23 )))))))))))))))))))))))))))))))
.
2008-06-22 23:44 . 2008-04-22 23:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-22 23:44 . 2007-04-17 04:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-22 23:44 . 2007-03-08 00:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-22 23:44 . 2008-04-22 23:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-22 23:44 . 2008-04-22 23:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-22 23:44 . 2008-04-22 23:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-22 23:44 . 2008-04-22 23:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-22 23:44 . 2008-04-22 23:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-22 23:44 . 2008-04-22 02:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-22 02:26 . 2008-06-22 02:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 23:10 . 2008-05-07 00:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-21 11:39 . 2008-06-21 11:39 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-21 11:32 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003206_.tmp
2008-06-21 10:38 . 2008-06-23 00:41 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-06-20 23:55 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-20 23:38 . 2008-06-20 23:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 23:38 . 2008-06-20 23:38 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Malwarebytes
2008-06-20 23:38 . 2008-06-20 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-20 23:38 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-20 23:38 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-20 22:15 . 2008-06-23 18:42 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-06-20 22:11 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-20 22:10 . 2004-08-04 07:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-06-20 22:09 . 2008-06-20 22:09 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-06-20 21:40 . 2004-08-04 07:00 1,086,058 -ra------ C:\WINDOWS\SET84.tmp
2008-06-20 21:40 . 2004-08-04 07:00 1,042,903 -ra------ C:\WINDOWS\SET81.tmp
2008-06-20 21:40 . 2004-08-04 07:00 13,753 -ra------ C:\WINDOWS\SET90.tmp
2008-06-20 21:26 . 2004-08-04 07:00 1,086,058 -ra------ C:\WINDOWS\SET83.tmp
2008-06-20 21:26 . 2004-08-04 07:00 1,042,903 -ra------ C:\WINDOWS\SET80.tmp
2008-06-20 21:26 . 2004-08-04 07:00 13,753 -ra------ C:\WINDOWS\SET8F.tmp
2008-06-20 21:21 . 2008-06-23 18:42 64,900 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000D-00001102-00000005-00311102}.rfx
2008-06-20 21:21 . 2008-06-23 18:42 54,164 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000005-00311102}.rfx
2008-06-20 21:21 . 2008-06-23 18:42 54,164 --a------ C:\WINDOWS\system32\BMXState-{00000000-00000000-0000000D-00001102-00000005-00311102}.rfx
2008-06-20 20:53 . 2008-06-20 20:53 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Simply Super Software
2008-06-20 20:53 . 2008-06-20 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-06-20 19:16 . 2008-06-20 19:16 13,824 --a------ C:\WINDOWS\system32\ini.dll
2008-06-20 19:15 . 2008-06-20 22:23 <DIR> d-------- C:\Program Files\Trojan Remover
2008-06-20 19:15 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-06-20 19:15 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-06-20 19:15 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-06-20 19:15 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-06-20 19:15 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-06-20 01:06 . 2008-06-20 01:06 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-20 01:06 . 2008-06-20 01:06 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-20 00:46 . 2008-06-20 20:53 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-06-20 00:04 . 2008-06-20 00:04 <DIR> d-------- C:\Program Files\Intelore
2008-06-19 19:57 . 2008-06-19 19:57 <DIR> d-------- C:\Kung Fu Panda 2008 XviD
2008-06-18 21:09 . 2008-06-18 23:57 <DIR> d-------- C:\Guitar Stuff
2008-06-18 18:46 . 2008-06-18 18:46 <DIR> d-------- C:\Water4gas
2008-06-10 20:31 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 01:33 . 2008-06-10 01:33 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\Sibelius Software
2008-06-10 01:32 . 2008-06-10 01:32 <DIR> d-------- C:\Program Files\Sibelius Software
2008-06-10 00:06 . 2008-06-10 00:06 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\MH GED
2008-06-10 00:05 . 2008-06-10 00:05 <DIR> d-------- C:\Program Files\McGraw Hill
2008-06-10 00:01 . 2008-06-10 00:01 <DIR> d-------- C:\Program Files\Petersons
2008-06-10 00:00 . 2008-06-10 00:09 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-06-09 21:28 . 2008-06-09 21:28 <DIR> d-------- C:\Program Files\PowerISO
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-07 08:31 . 2008-06-07 08:31 <DIR> d-------- C:\Program Files\MSBuild
2008-06-07 08:31 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-06-01 23:58 . 2008-06-02 00:23 <DIR> d-------- C:\YouTubeVideos
2008-06-01 23:12 . 2008-06-01 23:12 <DIR> d-------- C:\Program Files\4U Computing
2008-06-01 17:41 . 2008-06-01 17:41 <DIR> d-------- C:\Documents and Settings\Paul\Application Data\ieSpell
2008-06-01 17:36 . 2008-06-01 17:36 <DIR> d-------- C:\Program Files\ieSpell
2008-05-28 15:52 . 2008-05-28 15:52 268 --ah----- C:\sqmdata19.sqm
2008-05-28 15:52 . 2008-05-28 15:52 244 --ah----- C:\sqmnoopt19.sqm
2008-05-26 22:10 . 2008-05-26 22:10 268 --ah----- C:\sqmdata18.sqm
2008-05-26 22:10 . 2008-05-26 22:10 244 --ah----- C:\sqmnoopt18.sqm
2008-05-24 10:51 . 2008-05-24 10:51 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-24 10:51 . 2007-08-18 02:54 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-23 23:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-23 23:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-22 06:13 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-21 06:01 --------- d-----w C:\Program Files\McAfee
2008-06-21 01:52 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-21 01:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-20 01:18 --------- d-----w C:\Program Files\DivX
2008-06-20 01:08 --------- d-----w C:\Program Files\Xvid
2008-06-16 17:18 --------- d-----w C:\Documents and Settings\Paul\Application Data\SiteAdvisor
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 06:32 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2008-06-10 05:15 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-10 05:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-29 00:18 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-26 14:04 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-15 01:55 --------- d-----w C:\Documents and Settings\Paul\Application Data\U3
2008-05-09 03:13 --------- d-----w C:\Documents and Settings\Paul\Application Data\Wal-Mart Digital Photo Manager
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-06 04:50 --------- d-----w C:\Documents and Settings\Paul\Application Data\Apple Computer
2008-05-02 22:40 3,532 ----a-w C:\drmHeader.bin
2008-05-02 22:24 --------- d-----w C:\Program Files\Common Files\xing shared
2008-05-02 22:24 --------- d-----w C:\Program Files\Common Files\Real
2008-04-23 21:26 --------- d-----w C:\Documents and Settings\Jordan\Application Data\Nero
2008-04-23 20:35 --------- d-----w C:\Documents and Settings\Lauren\Application Data\Apple Computer
2008-04-23 20:34 --------- d-----w C:\Program Files\Yahoo!
2008-04-23 04:07 --------- d-----w C:\Program Files\America's Army
2008-04-14 10:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 10:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 10:42 34,816 ----a-w C:\WINDOWS\Help\sniffpol.dll
2008-04-14 10:42 33,280 ----a-w C:\WINDOWS\Help\sstub.dll
2008-04-14 10:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 10:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 10:42 279,040 ----a-w C:\WINDOWS\Help\tshoot.dll
2008-04-14 10:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 10:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 10:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 10:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 10:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 10:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 10:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 10:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 10:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
2008-04-04 01:37 2,256 ----a-w C:\WINDOWS\current_settings.bin
2007-12-25 18:11 22,328 ----a-w C:\Documents and Settings\Paul\Application Data\PnkBstrK.sys
2007-11-29 11:27 7,168 ----a-w C:\Documents and Settings\Jordan\queue.dat
2007-11-29 11:27 2,396,160 ----a-w C:\Documents and Settings\Jordan\FahCore_81.exe
2007-11-12 08:44 7,168 ----a-w C:\Documents and Settings\Lauren\queue.dat
2007-11-12 08:44 2,338,816 ----a-w C:\Documents and Settings\Lauren\FahCore_78.exe
2007-11-12 08:43 2,392,064 ----a-w C:\Documents and Settings\Lauren\FahCore_80.exe
2007-10-18 00:56 2,392,064 ----a-w C:\Documents and Settings\Jordan\FahCore_80.exe
2007-10-02 19:24 7,168 ----a-w C:\Documents and Settings\Gidget\queue.dat
2007-10-02 19:24 2,338,816 ----a-w C:\Documents and Settings\Gidget\FahCore_78.exe
2007-09-26 03:46 2,392,064 ----a-w C:\Documents and Settings\VF26N0\FahCore_80.exe
2007-09-23 04:36 7,168 ----a-w C:\Documents and Settings\VF26N0\queue.dat
2007-09-22 23:17 2,338,816 ----a-w C:\Documents and Settings\Jordan\FahCore_78.exe
2007-08-08 23:34 92,064 ----a-w C:\Documents and Settings\Paul\mqdmmdm.sys
2007-08-08 23:34 9,232 ----a-w C:\Documents and Settings\Paul\mqdmmdfl.sys
2007-08-08 23:34 79,328 ----a-w C:\Documents and Settings\Paul\mqdmserd.sys
2007-08-08 23:34 66,656 ----a-w C:\Documents and Settings\Paul\mqdmbus.sys
2007-08-08 23:34 6,208 ----a-w C:\Documents and Settings\Paul\mqdmcmnt.sys
2007-08-08 23:34 5,936 ----a-w C:\Documents and Settings\Paul\mqdmwhnt.sys
2007-08-08 23:34 4,048 ----a-w C:\Documents and Settings\Paul\mqdmcr.sys
2007-08-08 23:34 25,600 ----a-w C:\Documents and Settings\Paul\usbsermptxp.sys
2007-08-08 23:34 22,768 ----a-w C:\Documents and Settings\Paul\usbsermpt.sys
2007-02-06 05:40 7,168 ----a-w C:\Documents and Settings\Paul\queue.dat
.
((((((((((((((((((((((((((((( snapshot_2008-06-23_ 0.41.48.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-23 05:35:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 23:44:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-23 23:44:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_788.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29 39264]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VCR2"= ATIVCR2.DLL
"VIDC.DRAW"= DVIDEO.DLL
"VIDC.VCR1"= ATIVCR1.DLL
"SENTINEL"= snti386.dll
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
--a------ 2006-11-17 16:49 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-09-25 09:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 05:42 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-05-23 23:20 17920 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-05-23 23:20 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-11-01 19:12 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ptipbmf]
--a------ 2003-06-20 10:06 118784 C:\WINDOWS\system32\ptipbmf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-03-30 10:42 36904 C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-05-02 17:23 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 02:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--a------ 2006-07-13 15:11 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zboard]
--a------ 2007-09-24 16:57 57344 C:\Program Files\Ideazon\ZEngine\Zboard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CwCpSvc20"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-30 22:22]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-08-13 20:42]
R1 atitray;atitray;C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys [2007-05-22 04:04]
R3 Alpham1;Ideazon ZBoard USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 10:56]
R3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 12:49]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-23 22:40]
S2 0031161214028147mcinstcleanup;McAfee Application Installer Cleanup (0031161214028147);C:\DOCUME~1\Paul\LOCALS~1\Temp\003116~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S3 Alpham;Ideazon ZBoard Composite Keyboard Driver;C:\WINDOWS\system32\DRIVERS\Alpham.sys [2006-03-12 12:11]
S3 AmdTools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 cel90xbe;cel90xbe;C:\DOCUME~1\Sarah\LOCALS~1\Temp\cel90xbe.sys []
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\fd_dbus.sys [2004-08-03 16:03]
S3 fd_dmdfl;FutureDial USB Modem Filter;C:\WINDOWS\system32\DRIVERS\fd_dmdfl.sys [2004-08-03 16:04]
S3 fd_dmdm;FutureDial USB Modem Drivers;C:\WINDOWS\system32\DRIVERS\fd_dmdm.sys [2004-08-03 16:04]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-05-04 17:04]
S3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2008-02-23 21:24]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);C:\WINDOWS\system32\Drivers\XLoader.sys [2004-11-26 13:13]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 20:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-15 06:12:13 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:24 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
"2008-06-23 23:47:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 18:44:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-06-23 18:49:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-23 23:49:47
ComboFix2.txt 2008-06-23 05:42:14
ComboFix3.txt 2008-06-22 07:09:01
ComboFix4.txt 2008-06-22 06:51:39
ComboFix5.txt 2008-06-22 06:34:27
Pre-Run: 108,901,027,840 bytes free
Post-Run: 108,884,815,872 bytes free
336 --- E O F --- 2008-06-23 04:45:04
Author: ViciousOne, Location: USA
Posted: Tue Jun 24, 2008 2:02 am Post subject:
Sorry, I Posted the ComboFix file twice, here is the HiJack This File:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:46 PM, on 6/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775F} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlabsli.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{771C9281-363B-4893-AFAB-FCE21AA40158}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: bw+0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw+0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw-0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw-0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw00 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw00s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw10 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw10s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw20 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw20s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw30 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw30s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw40 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw40s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw50 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw50s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw60 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw60s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw70 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw70s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw80 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw80s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw90 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bw90s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwa0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwa0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwb0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwb0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwc0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwc0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwd0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwd0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwe0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwe0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwf0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwf0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwg0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwh0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwh0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwi0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwi0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwj0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwj0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwk0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwk0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwl0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwl0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwm0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwm0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwn0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwn0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwo0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwo0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwp0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwp0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwq0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwq0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwr0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwr0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bws0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bws0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwt0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwt0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwu0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwu0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwv0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwv0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bww0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bww0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwx0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwx0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwy0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwy0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwz0 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: bwz0s - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O18 - Protocol: offline-8876480 - {212930CA-6651-40D3-854D-2419483037E3} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0031161214028147) (0031161214028147mcinstcleanup) - Unknown owner - C:\DOCUME~1\Paul\LOCALS~1\Temp\003116~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
--
End of file - 16056 bytes
Author: Prince_Serendip,
Posted: Tue Jun 24, 2008 9:04 am Post subject:
You're Ready for cleaning. 
At CastleCops we screen all HijackThis logs for errors, out-of-date versions, unupdated operating systems, omissions and P2P applications; getting you [READY] for cleaning by our 1st Responders and Security Experts. Now you wait for one of them to come help you.
Author: Prince_Serendip,
Posted: Tue Jul 01, 2008 6:03 pm Post subject:
Please do not post any other logs but a HijackThis log.
Now that you've made an entry at the Unhandled Logs topic, you need to post a fresh log here (below this post).
**NOTE: You have a week to post the updated log. Do not post it as a new topic. If your new updated log is not posted, this topic will be locked and your post removed from the Unhandled Logs topic list.
CastleCops
-> Trend Micro HijackThis Logs
All times are GMT
Page 1 of 1
Powered by phpBB © 2001 phpBB Group