Jump to content

dondada

Members
  • Content Count

    43
  • Joined

  • Last visited

About dondada

  • Rank
    Member

Previous Fields

  • System Specifications:
    windows XP dul core amd 2.5 g service pack 3
  1. hello I need help getting with this problem I scan my computer with super anit spyware, bitdefender, spybot, malwarebytes and other and even though it did kill other virus, when im on google it still keep redirecting to another web site
  2. + 2009-04-19 21:57 . 2009-04-19 21:57 16384 c:\windows\temp\Perflib_Perfdata_62c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-12-08 1253376] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX1000"="c:\windows\vVX1000.exe" [2008-08-05 721936] "UltraMon"="g:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576] "CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032] "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-19 13500416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800] "iolo AntiVirus"="g:\program files\iolo\AntiVirus\ioloAV.exe" [2008-03-05 1095520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-19 86016] "CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-19 1626112] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-03-20 23552] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2004-05-21 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - g:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128] Microsoft Office.lnk - g:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk backup=c:\windows\pss\Color Calibration.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "g:\\Program Files\\FTP Commander\\ftpcomm.exe"= "g:\\Program Files\\ooVoo\\ooVoo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 R1 9cba63d4;9cba63d4;c:\windows\System32\drivers\9cba63d4.sys [2007-04-05 0] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-03-21 98328] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-21 98328] R3 cpuz130;cpuz130; [x] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-03-21 171032] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-21 171032] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-03-21 528920] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-21 528920] R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [2008-03-21 163352] R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-21 163352] R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [2008-03-21 259096] R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-21 259096] R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [2008-03-21 134168] R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-21 134168] R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [2008-03-21 309784] R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-21 309784] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-03-21 99352] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-21 99352] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-03-21 1324056] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-21 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-03-21 72728] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-21 72728] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-03-21 534040] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-21 534040] R3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2007-09-28 135168] R3 MEMSWEEP2;MEMSWEEP2; [x] R3 SBRE;SBRE; [x] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [2008-05-29 7168] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2008-03-27 27136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \Shell\AutoRun\command - Q:\FormCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3969d97-a6ab-11dd-93d1-0018f390ee41}] \Shell\AutoRun\command - R:\RDEapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2009-04-10 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job - c:\windows\vVX1000.exe [2008-10-30 00:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ebay.com/ FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\xd0k4et3.default\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-19 15:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pciempoe] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3448) g:\program files\UltraMon\RTSUltraMonHook.dll c:\windows\system32\ctagent.dll c:\windows\system32\msi.dll g:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe c:\program files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe g:\program files\UltraMon\UltraMonTaskbar.exe . ************************************************************************** . Completion time: 2009-04-19 15:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-19 22:07 ComboFix2.txt 2009-04-18 06:12 ComboFix3.txt 2009-04-11 20:27 ComboFix4.txt 2009-04-09 04:48 ComboFix5.txt 2009-04-18 21:50 Pre-Run: 19,506,434,048 bytes free Post-Run: 19,557,355,520 bytes free 351
  3. ComboFix 09-04-19.01 - Troy 2009-04-18 14:52.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2488 [GMT -7:00] Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt AV: iolo AntiVirus® *On-access scanning disabled* (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_Pciempoe ((((((((((((((((((((((((( Files Created from 2009-03-19 to 2009-04-19 ))))))))))))))))))))))))))))))) . 2009-04-18 21:21 . 2009-04-18 21:21 -------- d-sha-r C:\autorun.inf 2009-04-15 03:49 . 2009-04-15 03:52 131072 ----a-w c:\windows\system32\datestamp.dll 2009-04-15 03:43 . 2009-04-15 03:47 -------- d-----w c:\program files\FBM Software 2009-04-15 03:23 . 2009-04-15 03:23 -------- dc-h--w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-04-15 03:21 . 2009-04-15 03:21 -------- d-s---w c:\documents and settings\Administrator.MASTERMI-1HQMKG\UserData 2009-04-15 02:32 . 2009-04-15 02:32 -------- d-----w C:\!KillBox 2009-04-14 02:15 . 2009-04-14 02:15 123 ----a-w c:\windows\rootkitno.ini 2009-04-14 02:14 . 2009-04-14 02:14 -------- d-----w c:\documents and settings\Administrator.MASTERMI-1HQMKG\Local Settings\Application Data\Help 2009-04-14 02:02 . 2009-04-14 02:02 -------- d-----w c:\documents and settings\Troy\Local Settings\Application Data\Help 2009-04-14 00:33 . 2009-04-14 02:14 -------- d-----w C:\RootkitNO 2009-04-14 00:33 . 2009-04-14 02:13 2 --shatr c:\windows\winstart.bat 2009-04-13 03:39 . 2009-04-13 03:39 4932148 ----a-w c:\windows\{00000001-00000000-00000006-00001102-00000004-40021102}.CDF 2009-04-13 03:26 . 2009-04-19 21:55 64 ----a-w c:\windows\system32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-19 21:55 64 ----a-w c:\windows\system32\BMXState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-19 21:55 384 ----a-w c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-40021102}.dat 2009-04-13 03:26 . 2009-04-19 21:55 384 ----a-w c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-40021102}.dat 2009-04-13 03:26 . 2009-04-19 21:55 1104 ----a-w c:\windows\system32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-19 21:55 1104 ----a-w c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:17 . 2009-04-13 03:17 -------- d-----w c:\documents and settings\Troy\Application Data\EmuPatchMixDSP 2009-04-13 03:15 . 2004-05-21 02:52 45451 ----a-r c:\windows\system32\Emu.ini 2009-04-13 03:15 . 2004-05-21 02:52 140 ----a-w c:\windows\system32\ctzapxx.ini 2009-04-13 03:15 . 2004-05-21 02:50 20480 ----a-w c:\windows\INRES.DLL 2009-04-12 18:19 . 2009-04-12 18:19 -------- d-----w c:\program files\Trend Micro 2009-04-12 17:40 . 2004-08-04 07:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll 2009-04-12 17:40 . 2001-08-18 05:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll 2009-04-12 17:40 . 2001-08-18 05:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll 2009-04-12 17:40 . 2001-08-18 05:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe 2009-04-12 17:40 . 2001-08-18 05:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe 2009-04-12 17:40 . 2001-08-23 19:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls 2009-04-12 17:40 . 2001-08-18 05:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe 2009-04-12 17:40 . 2001-08-17 19:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys 2009-04-12 17:40 . 2004-08-04 05:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys 2009-04-12 17:40 . 2004-08-04 05:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys 2009-04-12 17:40 . 2004-08-04 07:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll 2009-04-12 17:38 . 2004-08-04 05:29 12415 -c--a-w c:\windows\system32\dllcache\wadv01nt.sys 2009-04-12 17:37 . 2004-08-04 07:56 82432 -c--a-w c:\windows\system32\dllcache\tp4mon.exe 2009-04-12 17:36 . 2001-08-18 05:36 106584 -c--a-w c:\windows\system32\dllcache\spdports.dll 2009-04-12 17:35 . 2001-08-18 05:36 57856 -c--a-w c:\windows\system32\dllcache\EXCH_scripto.dll 2009-04-12 17:34 . 2001-08-17 20:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys 2009-04-12 17:33 . 2001-08-18 05:36 123776 -c--a-w c:\windows\system32\dllcache\nv3.dll 2009-04-12 17:32 . 2004-08-04 06:10 49024 -c--a-w c:\windows\system32\dllcache\mstape.sys 2009-04-12 17:32 . 2001-08-17 20:48 12416 -c--a-w c:\windows\system32\dllcache\msriffwv.sys 2009-04-12 17:32 . 2001-08-17 21:00 2944 -c--a-w c:\windows\system32\dllcache\msmpu401.sys 2009-04-12 17:32 . 2004-08-04 06:00 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys 2009-04-12 17:32 . 2001-08-23 19:00 98304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll 2009-04-12 17:32 . 2001-08-23 19:00 1875968 -c--a-w c:\windows\system32\dllcache\msir3jp.lex 2009-04-12 17:32 . 2001-08-17 21:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys 2009-04-12 17:32 . 2001-08-17 20:48 6016 -c--a-w c:\windows\system32\dllcache\msfsio.sys 2009-04-12 17:32 . 2001-08-17 20:52 17280 -c--a-w c:\windows\system32\dllcache\mraid35x.sys 2009-04-12 17:32 . 2001-08-17 20:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys 2009-04-12 17:32 . 2001-08-17 20:52 6528 -c--a-w c:\windows\system32\dllcache\miniqic.sys 2009-04-12 17:30 . 2001-08-23 19:00 9216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll 2009-04-12 17:29 . 2004-08-04 05:59 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys 2009-04-12 17:28 . 2001-08-17 20:28 542879 -c--a-w c:\windows\system32\dllcache\hsf_msft.sys 2009-04-12 17:27 . 2001-08-18 05:36 43520 -c--a-w c:\windows\system32\dllcache\EXCH_fcachdll.dll 2009-04-12 17:26 . 2001-08-18 05:36 236060 -c--a-w c:\windows\system32\dllcache\ditrace.exe 2009-04-12 17:25 . 2001-08-17 20:58 9344 -c--a-w c:\windows\system32\dllcache\compbatt.sys 2009-04-12 17:24 . 2001-08-23 19:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll 2009-04-12 17:23 . 2001-08-18 05:37 24576 -c--a-w c:\windows\system32\dllcache\agcgauge.ax 2009-04-12 17:22 . 2004-08-04 06:20 2180992 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-12 17:22 . 2001-08-23 19:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe 2009-04-12 17:22 . 2001-08-23 19:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll 2009-04-12 17:22 . 2001-08-23 19:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll 2009-04-12 17:22 . 2001-08-23 19:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll 2009-04-12 17:22 . 2001-08-23 19:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe 2009-04-12 17:22 . 2001-08-23 19:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll 2009-04-12 17:22 . 2001-08-23 19:00 94720 -c--a-w c:\windows\system32\dllcache\certmap.ocx 2009-04-12 17:16 . 2008-10-08 05:54 -------- d-----w C:\SDFix 2009-04-12 03:37 . 2009-04-12 03:37 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-12 03:32 . 2009-04-12 03:32 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-12 03:31 . 2009-04-12 03:31 -------- d-----w c:\windows\ShellNew 2009-04-12 03:27 . 2009-04-17 01:52 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI 2009-04-11 20:36 . 1999-09-22 15:18 2167684 ----a-w c:\windows\system32\CT2MGM.SF2 2009-04-11 20:36 . 2004-05-21 02:40 118868 ----a-w c:\windows\system32\commonfx.dll 2009-04-11 20:36 . 2004-05-21 02:33 65536 ----a-w c:\windows\system32\a3d.dll 2009-04-11 20:36 . 2001-08-18 05:36 98304 -c--a-w c:\windows\system32\dllcache\a3d.dll 2009-04-11 20:36 . 2000-02-25 04:49 1048576 ----a-w c:\windows\system32\CT1MGM.ROM 2009-04-11 18:56 . 2004-08-04 07:56 769536 -c--a-w c:\windows\system32\dllcache\sprb0410.dll 2009-04-11 18:55 . 2004-08-04 07:56 148480 -c--a-w c:\windows\system32\dllcache\wscui.cpl 2009-04-11 18:54 . 2004-08-04 07:56 7680 -c--a-w c:\windows\system32\dllcache\pwsdata.dll 2009-04-11 18:53 . 2004-08-04 07:56 22528 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll 2009-04-11 18:53 . 2004-08-04 07:56 92160 -c--a-w c:\windows\system32\dllcache\evntwin.exe 2009-04-11 18:53 . 2004-08-04 07:56 267776 -c--a-w c:\windows\system32\dllcache\fxssvc.exe 2009-04-11 18:53 . 2004-08-04 07:56 6144 -c--a-w c:\windows\system32\dllcache\snmpmib.dll 2009-04-11 18:53 . 2004-08-04 07:56 400384 -c--a-w c:\windows\system32\dllcache\fxsxp32.dll 2009-04-11 18:53 . 2004-08-04 07:56 188416 -c--a-w c:\windows\system32\dllcache\snmpsmir.dll 2009-04-11 18:53 . 2004-08-04 07:56 39936 -c--a-w c:\windows\system32\dllcache\hostmib.dll 2009-04-11 18:53 . 2004-08-04 07:56 214528 -c--a-w c:\windows\system32\dllcache\icwconn1.exe 2009-04-11 18:53 . 2004-08-04 07:56 6656 -c--a-w c:\windows\system32\dllcache\fxsres.dll 2009-04-11 18:53 . 2004-08-04 07:56 246272 -c--a-w c:\windows\system32\dllcache\fxst30.dll 2009-04-11 18:51 . 2004-08-04 07:56 8704 -c--a-w c:\windows\system32\dllcache\fxsperf.dll 2009-04-11 18:51 . 2004-08-04 07:56 154112 -c--a-w c:\windows\system32\dllcache\fxsui.dll 2009-04-11 18:51 . 2004-08-04 07:56 55296 -c--a-w c:\windows\system32\dllcache\fxsevent.dll 2009-04-11 18:51 . 2004-08-04 07:56 18944 -c--a-w c:\windows\system32\dllcache\lprmon.dll 2009-04-11 18:51 . 2004-08-04 07:56 20480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe 2009-04-11 18:51 . 2004-08-04 07:56 27136 -c--a-w c:\windows\system32\dllcache\fxsdrv.dll 2009-04-11 18:51 . 2004-08-04 07:56 86016 -c--a-w c:\windows\system32\dllcache\icwconn2.exe 2009-04-11 18:50 . 2004-08-04 07:56 35328 -c--a-w c:\windows\system32\dllcache\iprip.dll 2009-04-11 18:50 . 2004-08-04 07:56 143360 -c--a-w c:\windows\system32\dllcache\fxsclnt.exe 2009-04-11 18:50 . 2004-08-04 07:56 456704 -c--a-w c:\windows\system32\dllcache\smtpsvc.dll 2009-04-11 18:50 . 2004-08-04 07:56 33792 -c--a-w c:\windows\system32\dllcache\lmmib2.dll 2009-04-11 18:50 . 2004-08-04 07:56 40448 -c--a-w c:\windows\system32\dllcache\snmpthrd.dll 2009-04-11 18:50 . 2004-08-04 07:56 101888 -c--a-w c:\windows\system32\dllcache\evntagnt.dll 2009-04-11 18:50 . 2004-08-04 07:56 331264 -c--a-w c:\windows\system32\dllcache\aqueue.dll 2009-04-11 18:50 . 2009-04-11 18:50 -------- d-----w c:\windows\ServicePackFiles 2009-04-11 18:49 . 2004-08-04 05:33 4190352 -c--a-w c:\windows\system32\dllcache\luna.mst 2009-04-11 18:43 . 2004-08-04 07:56 2897920 -c--a-w c:\windows\system32\dllcache\xpsp2res.dll 2009-04-11 18:43 . 2004-08-04 07:56 2897920 ------w c:\windows\system32\xpsp2res.dll 2009-04-11 05:10 . 2004-08-04 07:56 1689088 ----a-w c:\windows\system32\SET12A7.tmp 2009-04-11 05:10 . 2004-08-04 07:56 1134592 ----a-w c:\windows\system32\SET124F.tmp 2009-04-11 05:03 . 2004-08-04 07:56 1032192 ----a-w c:\windows\SET729.tmp 2009-04-11 05:01 . 2004-08-04 07:56 45568 ----a-w c:\windows\system32\SET671.tmp 2009-04-11 05:00 . 2004-08-04 07:56 586240 ----a-w c:\windows\system32\SET5AC.tmp 2009-04-11 04:59 . 2004-08-04 07:56 43520 ----a-w c:\windows\system32\SET4D8.tmp 2009-04-11 04:58 . 2004-08-04 07:56 134656 ----a-w c:\windows\system32\SET37F.tmp 2009-04-11 04:57 . 2004-08-04 07:56 359936 ----a-w c:\windows\system32\SET16A.tmp 2009-04-11 04:57 . 2004-08-04 07:56 91648 ----a-w c:\windows\system32\SET169.tmp 2009-04-11 04:40 . 2004-08-04 08:02 79996 -c--a-w c:\windows\system32\dllcache\apps.chm 2009-04-11 04:39 . 2004-08-04 07:56 69632 -c--a-w c:\windows\system32\dllcache\msscds32.ax 2009-04-11 03:59 . 2009-04-15 00:59 1198333 ----a-w c:\windows\setupapi.log.3.old 2009-04-11 01:42 . 2009-04-11 01:42 -------- d-----w c:\program files\Windows Resource Kits 2009-04-11 01:08 . 2004-08-04 07:56 23552 ----a-w c:\windows\system32\SET5D6.tmp 2009-04-11 01:07 . 2004-08-04 07:56 994304 ----a-w c:\windows\system32\SET4CF.tmp 2009-04-11 01:06 . 2004-08-04 07:56 8192 ----a-w c:\windows\system32\SET396.tmp 2009-04-10 14:21 . 2004-08-04 07:56 1689088 ----a-w c:\windows\system32\SET1112.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-19 21:55 . 2008-04-06 02:14 -------- d-----w c:\documents and settings\Troy\Application Data\DNA 2009-04-18 06:07 . 2008-04-06 02:14 -------- d-----w c:\program files\DNA 2009-04-18 05:42 . 2009-04-18 05:42 2550 ----a-w C:\avenger.txt 2009-04-18 05:40 . 2008-01-05 04:21 475208 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-15 03:46 . 2008-10-30 04:38 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-14 02:13 . 2009-04-09 01:52 250 ----a-w C:\msnvirrem.log 2009-04-12 17:19 . 2008-10-30 05:12 88224 ----a-w c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 02:51 . 2009-04-12 02:19 1923 ----a-w C:\rapport.txt 2009-04-11 19:02 . 2009-04-10 05:19 86665 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-04-11 18:42 . 2001-08-23 19:00 250032 --sha-r C:\ntldr 2009-04-10 04:26 . 2007-04-05 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-10 04:23 . 2008-10-30 04:27 22720 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-09 01:53 . 2009-04-09 01:52 165 ----a-w C:\msnvirremOLD.log 2009-04-08 06:02 . 2007-04-04 23:48 -------- d-----w c:\program files\ecover 2009-04-08 05:55 . 2008-04-06 02:15 -------- d-----w c:\documents and settings\Troy\Application Data\BitTorrent 2009-04-06 22:32 . 2009-04-12 17:28 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 22:32 . 2009-04-12 17:28 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-05 22:45 . 2009-02-09 21:55 -------- d-----w c:\program files\Yahoo! 2009-04-05 22:44 . 2009-02-09 21:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-04 19:54 . 2009-02-17 07:15 -------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory 2009-04-04 04:44 . 2008-04-07 06:45 -------- d-----w c:\program files\Common Files\SB Solutions 2009-04-04 02:31 . 2008-04-06 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-03-28 04:57 . 2007-03-06 03:11 -------- d-----w c:\documents and settings\Troy\Application Data\FEP 2009-03-26 23:41 . 2008-01-01 11:58 -------- d-----w c:\program files\FriendBlasterPro 2009-03-13 04:42 . 2009-03-13 04:42 -------- d-----w c:\documents and settings\Troy\Application Data\Cover Expert 2009-03-11 02:51 . 2009-03-11 02:51 -------- d-----w c:\program files\btscanner 2009-03-02 02:07 . 2009-03-02 02:07 921624 ----a-w C:\img2-001.raw 2009-03-02 01:44 . 2008-10-31 01:49 -------- d-----w c:\program files\Bonjour 2009-02-24 07:05 . 2008-11-02 03:13 111928 ----a-w c:\windows\system32\PnkBstrB.exe 2009-02-13 06:31 . 2009-02-13 06:31 3532 ----a-w C:\drmHeader.bin 2008-12-29 01:09 . 2008-11-02 03:13 22328 ----a-w c:\documents and settings\Troy\Application Data\PnkBstrK.sys 2007-03-06 03:16 . 2007-03-06 03:11 1324 --sh--w c:\windows\lcfep6c.drv . ((((((((((((((((((((((((((((( [email protected]_06.07.51 ))))))))))))))))))))))))))))))))))))))))) .
  4. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-17 23:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2656) g:\program files\UltraMon\RTSUltraMonHook.dll c:\windows\system32\msi.dll g:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe c:\program files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\Microsoft LifeCam\LifeTray.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe g:\program files\UltraMon\UltraMonTaskbar.exe . ************************************************************************** . Completion time: 2009-04-18 23:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 06:11 ComboFix2.txt 2009-04-11 20:27 ComboFix3.txt 2009-04-09 04:48 ComboFix4.txt 2009-04-09 04:23 Pre-Run: 19,825,532,928 bytes free Post-Run: 19,969,851,392 bytes free 378
  5. . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 06:07 . 2008-04-06 02:14 -------- d-----w c:\program files\DNA 2009-04-18 06:07 . 2008-04-06 02:14 -------- d-----w c:\documents and settings\Troy\Application Data\DNA 2009-04-18 05:42 . 2009-04-18 05:42 2550 ----a-w C:\avenger.txt 2009-04-18 05:40 . 2008-01-05 04:21 475208 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-15 03:46 . 2008-10-30 04:38 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-14 02:13 . 2009-04-09 01:52 250 ----a-w C:\msnvirrem.log 2009-04-12 17:19 . 2008-10-30 05:12 88224 ----a-w c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 02:51 . 2009-04-12 02:19 1923 ----a-w C:\rapport.txt 2009-04-11 19:02 . 2009-04-10 05:19 86665 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-04-11 18:42 . 2001-08-23 19:00 250032 --sha-r C:\ntldr 2009-04-10 04:26 . 2007-04-05 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-10 04:23 . 2008-10-30 04:27 22720 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-09 01:53 . 2009-04-09 01:52 165 ----a-w C:\msnvirremOLD.log 2009-04-08 06:02 . 2007-04-04 23:48 -------- d-----w c:\program files\ecover 2009-04-08 05:55 . 2008-04-06 02:15 -------- d-----w c:\documents and settings\Troy\Application Data\BitTorrent 2009-04-06 22:32 . 2009-04-12 17:28 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 22:32 . 2009-04-12 17:28 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-05 22:45 . 2009-02-09 21:55 -------- d-----w c:\program files\Yahoo! 2009-04-05 22:44 . 2009-02-09 21:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-04 19:54 . 2009-02-17 07:15 -------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory 2009-04-04 04:44 . 2008-04-07 06:45 -------- d-----w c:\program files\Common Files\SB Solutions 2009-04-04 02:31 . 2008-04-06 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-03-28 04:57 . 2007-03-06 03:11 -------- d-----w c:\documents and settings\Troy\Application Data\FEP 2009-03-26 23:41 . 2008-01-01 11:58 -------- d-----w c:\program files\FriendBlasterPro 2009-03-13 04:42 . 2009-03-13 04:42 -------- d-----w c:\documents and settings\Troy\Application Data\Cover Expert 2009-03-11 02:51 . 2009-03-11 02:51 -------- d-----w c:\program files\btscanner 2009-03-02 02:07 . 2009-03-02 02:07 921624 ----a-w C:\img2-001.raw 2009-03-02 01:44 . 2008-10-31 01:49 -------- d-----w c:\program files\Bonjour 2009-02-24 07:05 . 2008-11-02 03:13 111928 ----a-w c:\windows\system32\PnkBstrB.exe 2009-02-13 06:31 . 2009-02-13 06:31 3532 ----a-w C:\drmHeader.bin 2008-12-29 01:09 . 2008-11-02 03:13 22328 ----a-w c:\documents and settings\Troy\Application Data\PnkBstrK.sys 2007-03-06 03:16 . 2007-03-06 03:11 1324 --sh--w c:\windows\lcfep6c.drv . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-12-08 1253376] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX1000"="c:\windows\vVX1000.exe" [2008-08-05 721936] "UltraMon"="g:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576] "CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032] "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-19 13500416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800] "iolo AntiVirus"="g:\program files\iolo\AntiVirus\ioloAV.exe" [2008-03-05 1095520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-19 86016] "CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-19 1626112] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-03-20 23552] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2004-05-21 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - g:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128] Microsoft Office.lnk - g:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk backup=c:\windows\pss\Color Calibration.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "g:\\Program Files\\FTP Commander\\ftpcomm.exe"= "g:\\Program Files\\ooVoo\\ooVoo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 R1 9cba63d4;9cba63d4;c:\windows\System32\drivers\9cba63d4.sys [2007-04-05 0] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-03-21 98328] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-21 98328] R3 cpuz130;cpuz130; [x] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-03-21 171032] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-21 171032] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-03-21 528920] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-21 528920] R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [2008-03-21 163352] R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-21 163352] R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [2008-03-21 259096] R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-21 259096] R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [2008-03-21 134168] R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-21 134168] R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [2008-03-21 309784] R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-21 309784] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-03-21 99352] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-21 99352] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-03-21 1324056] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-21 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-03-21 72728] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-21 72728] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-03-21 534040] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-21 534040] R3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2007-09-28 135168] R3 MEMSWEEP2;MEMSWEEP2; [x] R3 Pciempoe;Pciempoe; [x] R3 SBRE;SBRE; [x] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [2008-05-29 7168] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2008-03-27 27136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \Shell\AutoRun\command - Q:\FormCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f51036f-c3ff-11dc-94db-0018f390ee41}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3969d97-a6ab-11dd-93d1-0018f390ee41}] \Shell\AutoRun\command - R:\RDEapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2009-04-10 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job - c:\windows\vVX1000.exe [2008-10-30 00:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ebay.com/ FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\xd0k4et3.default\ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1
  6. ComboFix 09-04-18.03 - Troy 2009-04-17 22:37.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2588 [GMT -7:00] Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt AV: iolo AntiVirus® *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\windows\002189_.tmp c:\windows\002195_.tmp c:\windows\002203_.tmp c:\windows\002211_.tmp c:\windows\002219_.tmp c:\windows\9g2234wesdf3dfgjf23 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\002189_.tmp c:\windows\002195_.tmp c:\windows\002203_.tmp c:\windows\002211_.tmp c:\windows\002219_.tmp c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-18 05:35 . 2009-04-18 05:36 -------- d-----w C:\32788R22FWJFW 2009-04-15 03:49 . 2009-04-15 03:52 131072 ----a-w c:\windows\system32\datestamp.dll 2009-04-15 03:43 . 2009-04-15 03:47 -------- d-----w c:\program files\FBM Software 2009-04-15 03:23 . 2009-04-15 03:23 -------- dc-h--w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-04-15 03:21 . 2009-04-15 03:21 -------- d-s---w c:\documents and settings\Administrator.MASTERMI-1HQMKG\UserData 2009-04-15 02:32 . 2009-04-15 02:32 -------- d-----w C:\!KillBox 2009-04-14 02:15 . 2009-04-14 02:15 123 ----a-w c:\windows\rootkitno.ini 2009-04-14 02:14 . 2009-04-14 02:14 -------- d-----w c:\documents and settings\Administrator.MASTERMI-1HQMKG\Local Settings\Application Data\Help 2009-04-14 02:02 . 2009-04-14 02:02 -------- d-----w c:\documents and settings\Troy\Local Settings\Application Data\Help 2009-04-14 00:33 . 2009-04-14 02:14 -------- d-----w C:\RootkitNO 2009-04-14 00:33 . 2009-04-14 02:13 2 --shatr c:\windows\winstart.bat 2009-04-13 03:39 . 2009-04-13 03:39 4932148 ----a-w c:\windows\{00000001-00000000-00000006-00001102-00000004-40021102}.CDF 2009-04-13 03:26 . 2009-04-18 05:40 64 ----a-w c:\windows\system32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-18 05:40 64 ----a-w c:\windows\system32\BMXState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-18 05:40 384 ----a-w c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-40021102}.dat 2009-04-13 03:26 . 2009-04-18 05:40 384 ----a-w c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-40021102}.dat 2009-04-13 03:26 . 2009-04-18 05:40 1104 ----a-w c:\windows\system32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-18 05:40 1104 ----a-w c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:17 . 2009-04-13 03:17 -------- d-----w c:\documents and settings\Troy\Application Data\EmuPatchMixDSP 2009-04-13 03:15 . 2004-05-21 02:52 45451 ----a-r c:\windows\system32\Emu.ini 2009-04-13 03:15 . 2004-05-21 02:52 140 ----a-w c:\windows\system32\ctzapxx.ini 2009-04-13 03:15 . 2004-05-21 02:50 20480 ----a-w c:\windows\INRES.DLL 2009-04-12 18:19 . 2009-04-12 18:19 -------- d-----w c:\program files\Trend Micro 2009-04-12 17:40 . 2004-08-04 07:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll 2009-04-12 17:40 . 2001-08-18 05:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll 2009-04-12 17:40 . 2001-08-18 05:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll 2009-04-12 17:40 . 2001-08-18 05:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe 2009-04-12 17:40 . 2001-08-18 05:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe 2009-04-12 17:40 . 2001-08-23 19:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls 2009-04-12 17:40 . 2001-08-18 05:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe 2009-04-12 17:40 . 2001-08-17 19:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys 2009-04-12 17:40 . 2004-08-04 05:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys 2009-04-12 17:40 . 2004-08-04 05:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys 2009-04-12 17:40 . 2004-08-04 07:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll 2009-04-12 17:38 . 2004-08-04 05:29 12415 -c--a-w c:\windows\system32\dllcache\wadv01nt.sys 2009-04-12 17:37 . 2004-08-04 07:56 82432 -c--a-w c:\windows\system32\dllcache\tp4mon.exe 2009-04-12 17:36 . 2001-08-18 05:36 106584 -c--a-w c:\windows\system32\dllcache\spdports.dll 2009-04-12 17:35 . 2001-08-18 05:36 57856 -c--a-w c:\windows\system32\dllcache\EXCH_scripto.dll 2009-04-12 17:34 . 2001-08-17 20:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys 2009-04-12 17:33 . 2001-08-18 05:36 123776 -c--a-w c:\windows\system32\dllcache\nv3.dll 2009-04-12 17:32 . 2004-08-04 06:10 49024 -c--a-w c:\windows\system32\dllcache\mstape.sys 2009-04-12 17:32 . 2001-08-17 20:48 12416 -c--a-w c:\windows\system32\dllcache\msriffwv.sys 2009-04-12 17:32 . 2001-08-17 21:00 2944 -c--a-w c:\windows\system32\dllcache\msmpu401.sys 2009-04-12 17:32 . 2004-08-04 06:00 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys 2009-04-12 17:32 . 2001-08-23 19:00 98304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll 2009-04-12 17:32 . 2001-08-23 19:00 1875968 -c--a-w c:\windows\system32\dllcache\msir3jp.lex 2009-04-12 17:32 . 2001-08-17 21:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys 2009-04-12 17:32 . 2001-08-17 20:48 6016 -c--a-w c:\windows\system32\dllcache\msfsio.sys 2009-04-12 17:32 . 2001-08-17 20:52 17280 -c--a-w c:\windows\system32\dllcache\mraid35x.sys 2009-04-12 17:32 . 2001-08-17 20:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys 2009-04-12 17:32 . 2001-08-17 20:52 6528 -c--a-w c:\windows\system32\dllcache\miniqic.sys 2009-04-12 17:30 . 2001-08-23 19:00 9216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll 2009-04-12 17:29 . 2004-08-04 05:59 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys 2009-04-12 17:28 . 2001-08-17 20:28 542879 -c--a-w c:\windows\system32\dllcache\hsf_msft.sys 2009-04-12 17:27 . 2001-08-18 05:36 43520 -c--a-w c:\windows\system32\dllcache\EXCH_fcachdll.dll 2009-04-12 17:26 . 2001-08-18 05:36 236060 -c--a-w c:\windows\system32\dllcache\ditrace.exe 2009-04-12 17:25 . 2001-08-17 20:58 9344 -c--a-w c:\windows\system32\dllcache\compbatt.sys 2009-04-12 17:24 . 2001-08-23 19:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll 2009-04-12 17:23 . 2001-08-18 05:37 24576 -c--a-w c:\windows\system32\dllcache\agcgauge.ax 2009-04-12 17:22 . 2004-08-04 06:20 2180992 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-12 17:22 . 2001-08-23 19:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe 2009-04-12 17:22 . 2001-08-23 19:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll 2009-04-12 17:22 . 2001-08-23 19:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll 2009-04-12 17:22 . 2001-08-23 19:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll 2009-04-12 17:22 . 2001-08-23 19:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe 2009-04-12 17:22 . 2001-08-23 19:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll 2009-04-12 17:22 . 2001-08-23 19:00 94720 -c--a-w c:\windows\system32\dllcache\certmap.ocx 2009-04-12 17:16 . 2008-10-08 05:54 -------- d-----w C:\SDFix 2009-04-12 03:37 . 2009-04-12 03:37 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-12 03:32 . 2009-04-12 03:32 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-12 03:31 . 2009-04-12 03:31 -------- d-----w c:\windows\ShellNew 2009-04-12 03:27 . 2009-04-17 01:52 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI 2009-04-11 20:36 . 1999-09-22 15:18 2167684 ----a-w c:\windows\system32\CT2MGM.SF2 2009-04-11 20:36 . 2004-05-21 02:40 118868 ----a-w c:\windows\system32\commonfx.dll 2009-04-11 20:36 . 2004-05-21 02:33 65536 ----a-w c:\windows\system32\a3d.dll 2009-04-11 20:36 . 2001-08-18 05:36 98304 -c--a-w c:\windows\system32\dllcache\a3d.dll 2009-04-11 20:36 . 2000-02-25 04:49 1048576 ----a-w c:\windows\system32\CT1MGM.ROM 2009-04-11 18:56 . 2004-08-04 07:56 769536 -c--a-w c:\windows\system32\dllcache\sprb0410.dll 2009-04-11 18:55 . 2004-08-04 07:56 148480 -c--a-w c:\windows\system32\dllcache\wscui.cpl 2009-04-11 18:54 . 2004-08-04 07:56 7680 -c--a-w c:\windows\system32\dllcache\pwsdata.dll 2009-04-11 18:53 . 2004-08-04 07:56 22528 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll 2009-04-11 18:53 . 2004-08-04 07:56 92160 -c--a-w c:\windows\system32\dllcache\evntwin.exe 2009-04-11 18:53 . 2004-08-04 07:56 267776 -c--a-w c:\windows\system32\dllcache\fxssvc.exe 2009-04-11 18:53 . 2004-08-04 07:56 6144 -c--a-w c:\windows\system32\dllcache\snmpmib.dll 2009-04-11 18:53 . 2004-08-04 07:56 400384 -c--a-w c:\windows\system32\dllcache\fxsxp32.dll 2009-04-11 18:53 . 2004-08-04 07:56 188416 -c--a-w c:\windows\system32\dllcache\snmpsmir.dll 2009-04-11 18:53 . 2004-08-04 07:56 39936 -c--a-w c:\windows\system32\dllcache\hostmib.dll 2009-04-11 18:53 . 2004-08-04 07:56 214528 -c--a-w c:\windows\system32\dllcache\icwconn1.exe 2009-04-11 18:53 . 2004-08-04 07:56 6656 -c--a-w c:\windows\system32\dllcache\fxsres.dll 2009-04-11 18:53 . 2004-08-04 07:56 246272 -c--a-w c:\windows\system32\dllcache\fxst30.dll 2009-04-11 18:51 . 2004-08-04 07:56 8704 -c--a-w c:\windows\system32\dllcache\fxsperf.dll 2009-04-11 18:51 . 2004-08-04 07:56 154112 -c--a-w c:\windows\system32\dllcache\fxsui.dll 2009-04-11 18:51 . 2004-08-04 07:56 55296 -c--a-w c:\windows\system32\dllcache\fxsevent.dll 2009-04-11 18:51 . 2004-08-04 07:56 18944 -c--a-w c:\windows\system32\dllcache\lprmon.dll 2009-04-11 18:51 . 2004-08-04 07:56 20480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe 2009-04-11 18:51 . 2004-08-04 07:56 27136 -c--a-w c:\windows\system32\dllcache\fxsdrv.dll 2009-04-11 18:51 . 2004-08-04 07:56 86016 -c--a-w c:\windows\system32\dllcache\icwconn2.exe 2009-04-11 18:50 . 2004-08-04 07:56 35328 -c--a-w c:\windows\system32\dllcache\iprip.dll 2009-04-11 18:50 . 2004-08-04 07:56 143360 -c--a-w c:\windows\system32\dllcache\fxsclnt.exe 2009-04-11 18:50 . 2004-08-04 07:56 456704 -c--a-w c:\windows\system32\dllcache\smtpsvc.dll 2009-04-11 18:50 . 2004-08-04 07:56 33792 -c--a-w c:\windows\system32\dllcache\lmmib2.dll 2009-04-11 18:50 . 2004-08-04 07:56 40448 -c--a-w c:\windows\system32\dllcache\snmpthrd.dll 2009-04-11 18:50 . 2004-08-04 07:56 101888 -c--a-w c:\windows\system32\dllcache\evntagnt.dll 2009-04-11 18:50 . 2004-08-04 07:56 331264 -c--a-w c:\windows\system32\dllcache\aqueue.dll 2009-04-11 18:50 . 2009-04-11 18:50 -------- d-----w c:\windows\ServicePackFiles 2009-04-11 18:49 . 2004-08-04 05:33 4190352 -c--a-w c:\windows\system32\dllcache\luna.mst 2009-04-11 18:43 . 2004-08-04 07:56 2897920 -c--a-w c:\windows\system32\dllcache\xpsp2res.dll 2009-04-11 18:43 . 2004-08-04 07:56 2897920 ------w c:\windows\system32\xpsp2res.dll 2009-04-11 05:10 . 2004-08-04 07:56 1689088 ----a-w c:\windows\system32\SET12A7.tmp 2009-04-11 05:10 . 2004-08-04 07:56 1134592 ----a-w c:\windows\system32\SET124F.tmp 2009-04-11 05:03 . 2004-08-04 07:56 1032192 ----a-w c:\windows\SET729.tmp 2009-04-11 05:01 . 2004-08-04 07:56 45568 ----a-w c:\windows\system32\SET671.tmp 2009-04-11 05:00 . 2004-08-04 07:56 586240 ----a-w c:\windows\system32\SET5AC.tmp 2009-04-11 04:59 . 2004-08-04 07:56 43520 ----a-w c:\windows\system32\SET4D8.tmp 2009-04-11 04:58 . 2004-08-04 07:56 134656 ----a-w c:\windows\system32\SET37F.tmp 2009-04-11 04:57 . 2004-08-04 07:56 359936 ----a-w c:\windows\system32\SET16A.tmp 2009-04-11 04:57 . 2004-08-04 07:56 91648 ----a-w c:\windows\system32\SET169.tmp 2009-04-11 04:40 . 2004-08-04 08:02 79996 -c--a-w c:\windows\system32\dllcache\apps.chm 2009-04-11 04:39 . 2004-08-04 07:56 69632 -c--a-w c:\windows\system32\dllcache\msscds32.ax 2009-04-11 03:59 . 2009-04-15 00:59 1198333 ----a-w c:\windows\setupapi.log.3.old 2009-04-11 01:42 . 2009-04-11 01:42 -------- d-----w c:\program files\Windows Resource Kits 2009-04-11 01:08 . 2004-08-04 07:56 23552 ----a-w c:\windows\system32\SET5D6.tmp 2009-04-11 01:07 . 2004-08-04 07:56 994304 ----a-w c:\windows\system32\SET4CF.tmp 2009-04-11 01:06 . 2004-08-04 07:56 8192 ----a-w c:\windows\system32\SET396.tmp 2009-04-10 14:21 . 2004-08-04 07:56 1689088 ----a-w c:\windows\system32\SET1112.tmp
  7. kaspersky scan complete there were no virus virustotal.com said that file was to big and had a error
  8. kaspersky scan complete there were no virus virustotal.com said that file was to big and had a error
  9. ComboFix 09-04-18.03 - Troy 2009-04-17 22:37.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2588 [GMT -7:00] Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt AV: iolo AntiVirus® *On-access scanning disabled* (Updated) * Created a new restore point FILE :: c:\windows\002189_.tmp c:\windows\002195_.tmp c:\windows\002203_.tmp c:\windows\002211_.tmp c:\windows\002219_.tmp c:\windows\9g2234wesdf3dfgjf23 . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\002189_.tmp c:\windows\002195_.tmp c:\windows\002203_.tmp c:\windows\002211_.tmp c:\windows\002219_.tmp c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-18 05:35 . 2009-04-18 05:36 -------- d-----w C:\32788R22FWJFW 2009-04-15 03:49 . 2009-04-15 03:52 131072 ----a-w c:\windows\system32\datestamp.dll 2009-04-15 03:43 . 2009-04-15 03:47 -------- d-----w c:\program files\FBM Software 2009-04-15 03:23 . 2009-04-15 03:23 -------- dc-h--w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-04-15 03:21 . 2009-04-15 03:21 -------- d-s---w c:\documents and settings\Administrator.MASTERMI-1HQMKG\UserData 2009-04-15 02:32 . 2009-04-15 02:32 -------- d-----w C:\!KillBox 2009-04-14 02:15 . 2009-04-14 02:15 123 ----a-w c:\windows\rootkitno.ini 2009-04-14 02:14 . 2009-04-14 02:14 -------- d-----w c:\documents and settings\Administrator.MASTERMI-1HQMKG\Local Settings\Application Data\Help 2009-04-14 02:02 . 2009-04-14 02:02 -------- d-----w c:\documents and settings\Troy\Local Settings\Application Data\Help 2009-04-14 00:33 . 2009-04-14 02:14 -------- d-----w C:\RootkitNO 2009-04-14 00:33 . 2009-04-14 02:13 2 --shatr c:\windows\winstart.bat 2009-04-13 03:39 . 2009-04-13 03:39 4932148 ----a-w c:\windows\{00000001-00000000-00000006-00001102-00000004-40021102}.CDF 2009-04-13 03:26 . 2009-04-18 05:40 64 ----a-w c:\windows\system32\BMXStateBkp-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-18 05:40 64 ----a-w c:\windows\system32\BMXState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-18 05:40 384 ----a-w c:\windows\system32\DVCStateBkp-{00000001-00000000-00000006-00001102-00000004-40021102}.dat 2009-04-13 03:26 . 2009-04-18 05:40 384 ----a-w c:\windows\system32\DVCState-{00000001-00000000-00000006-00001102-00000004-40021102}.dat 2009-04-13 03:26 . 2009-04-18 05:40 1104 ----a-w c:\windows\system32\BMXCtrlState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:26 . 2009-04-18 05:40 1104 ----a-w c:\windows\system32\BMXBkpCtrlState-{00000001-00000000-00000006-00001102-00000004-40021102}.rfx 2009-04-13 03:17 . 2009-04-13 03:17 -------- d-----w c:\documents and settings\Troy\Application Data\EmuPatchMixDSP 2009-04-13 03:15 . 2004-05-21 02:52 45451 ----a-r c:\windows\system32\Emu.ini 2009-04-13 03:15 . 2004-05-21 02:52 140 ----a-w c:\windows\system32\ctzapxx.ini 2009-04-13 03:15 . 2004-05-21 02:50 20480 ----a-w c:\windows\INRES.DLL 2009-04-12 18:19 . 2009-04-12 18:19 -------- d-----w c:\program files\Trend Micro 2009-04-12 17:40 . 2004-08-04 07:56 116224 -c--a-w c:\windows\system32\dllcache\xrxwiadr.dll 2009-04-12 17:40 . 2001-08-18 05:36 23040 -c--a-w c:\windows\system32\dllcache\xrxwbtmp.dll 2009-04-12 17:40 . 2001-08-18 05:36 17408 -c--a-w c:\windows\system32\dllcache\xrxscnui.dll 2009-04-12 17:40 . 2001-08-18 05:37 4608 -c--a-w c:\windows\system32\dllcache\xrxflnch.exe 2009-04-12 17:40 . 2001-08-18 05:37 27648 -c--a-w c:\windows\system32\dllcache\xrxftplt.exe 2009-04-12 17:40 . 2001-08-23 19:00 28288 -c--a-w c:\windows\system32\dllcache\xjis.nls 2009-04-12 17:40 . 2001-08-18 05:37 99865 -c--a-w c:\windows\system32\dllcache\xlog.exe 2009-04-12 17:40 . 2001-08-17 19:11 16970 -c--a-w c:\windows\system32\dllcache\xem336n5.sys 2009-04-12 17:40 . 2004-08-04 05:29 19455 -c--a-w c:\windows\system32\dllcache\wvchntxx.sys 2009-04-12 17:40 . 2004-08-04 05:29 12063 -c--a-w c:\windows\system32\dllcache\wsiintxx.sys 2009-04-12 17:40 . 2004-08-04 07:56 8192 -c--a-w c:\windows\system32\dllcache\wshirda.dll 2009-04-12 17:38 . 2004-08-04 05:29 12415 -c--a-w c:\windows\system32\dllcache\wadv01nt.sys 2009-04-12 17:37 . 2004-08-04 07:56 82432 -c--a-w c:\windows\system32\dllcache\tp4mon.exe 2009-04-12 17:36 . 2001-08-18 05:36 106584 -c--a-w c:\windows\system32\dllcache\spdports.dll 2009-04-12 17:35 . 2001-08-18 05:36 57856 -c--a-w c:\windows\system32\dllcache\EXCH_scripto.dll 2009-04-12 17:34 . 2001-08-17 20:28 130942 -c--a-w c:\windows\system32\dllcache\ptserlv.sys 2009-04-12 17:33 . 2001-08-18 05:36 123776 -c--a-w c:\windows\system32\dllcache\nv3.dll 2009-04-12 17:32 . 2004-08-04 06:10 49024 -c--a-w c:\windows\system32\dllcache\mstape.sys 2009-04-12 17:32 . 2001-08-17 20:48 12416 -c--a-w c:\windows\system32\dllcache\msriffwv.sys 2009-04-12 17:32 . 2001-08-17 21:00 2944 -c--a-w c:\windows\system32\dllcache\msmpu401.sys 2009-04-12 17:32 . 2004-08-04 06:00 22016 -c--a-w c:\windows\system32\dllcache\msircomm.sys 2009-04-12 17:32 . 2001-08-23 19:00 98304 -c--a-w c:\windows\system32\dllcache\msir3jp.dll 2009-04-12 17:32 . 2001-08-23 19:00 1875968 -c--a-w c:\windows\system32\dllcache\msir3jp.lex 2009-04-12 17:32 . 2001-08-17 21:02 35200 -c--a-w c:\windows\system32\dllcache\msgame.sys 2009-04-12 17:32 . 2001-08-17 20:48 6016 -c--a-w c:\windows\system32\dllcache\msfsio.sys 2009-04-12 17:32 . 2001-08-17 20:52 17280 -c--a-w c:\windows\system32\dllcache\mraid35x.sys 2009-04-12 17:32 . 2001-08-17 20:57 16128 -c--a-w c:\windows\system32\dllcache\modemcsa.sys 2009-04-12 17:32 . 2001-08-17 20:52 6528 -c--a-w c:\windows\system32\dllcache\miniqic.sys 2009-04-12 17:30 . 2001-08-23 19:00 9216 -c--a-w c:\windows\system32\dllcache\kbdnecat.dll 2009-04-12 17:29 . 2004-08-04 05:59 5504 -c--a-w c:\windows\system32\dllcache\intelide.sys 2009-04-12 17:28 . 2001-08-17 20:28 542879 -c--a-w c:\windows\system32\dllcache\hsf_msft.sys 2009-04-12 17:27 . 2001-08-18 05:36 43520 -c--a-w c:\windows\system32\dllcache\EXCH_fcachdll.dll 2009-04-12 17:26 . 2001-08-18 05:36 236060 -c--a-w c:\windows\system32\dllcache\ditrace.exe 2009-04-12 17:25 . 2001-08-17 20:58 9344 -c--a-w c:\windows\system32\dllcache\compbatt.sys 2009-04-12 17:24 . 2001-08-23 19:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll 2009-04-12 17:23 . 2001-08-18 05:37 24576 -c--a-w c:\windows\system32\dllcache\agcgauge.ax 2009-04-12 17:22 . 2004-08-04 06:20 2180992 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe 2009-04-12 17:22 . 2001-08-23 19:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe 2009-04-12 17:22 . 2001-08-23 19:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll 2009-04-12 17:22 . 2001-08-23 19:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll 2009-04-12 17:22 . 2001-08-23 19:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll 2009-04-12 17:22 . 2001-08-23 19:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe 2009-04-12 17:22 . 2001-08-23 19:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll 2009-04-12 17:22 . 2001-08-23 19:00 94720 -c--a-w c:\windows\system32\dllcache\certmap.ocx 2009-04-12 17:16 . 2008-10-08 05:54 -------- d-----w C:\SDFix 2009-04-12 03:37 . 2009-04-12 03:37 664 ----a-w c:\windows\system32\d3d9caps.dat 2009-04-12 03:32 . 2009-04-12 03:32 -------- d-----w c:\program files\Microsoft ActiveSync 2009-04-12 03:31 . 2009-04-12 03:31 -------- d-----w c:\windows\ShellNew 2009-04-12 03:27 . 2009-04-17 01:52 -------- d-----w c:\documents and settings\All Users\Application Data\PrevxCSI 2009-04-11 20:36 . 1999-09-22 15:18 2167684 ----a-w c:\windows\system32\CT2MGM.SF2 2009-04-11 20:36 . 2004-05-21 02:40 118868 ----a-w c:\windows\system32\commonfx.dll 2009-04-11 20:36 . 2004-05-21 02:33 65536 ----a-w c:\windows\system32\a3d.dll 2009-04-11 20:36 . 2001-08-18 05:36 98304 -c--a-w c:\windows\system32\dllcache\a3d.dll 2009-04-11 20:36 . 2000-02-25 04:49 1048576 ----a-w c:\windows\system32\CT1MGM.ROM 2009-04-11 18:56 . 2004-08-04 07:56 769536 -c--a-w c:\windows\system32\dllcache\sprb0410.dll 2009-04-11 18:55 . 2004-08-04 07:56 148480 -c--a-w c:\windows\system32\dllcache\wscui.cpl 2009-04-11 18:54 . 2004-08-04 07:56 7680 -c--a-w c:\windows\system32\dllcache\pwsdata.dll 2009-04-11 18:53 . 2004-08-04 07:56 22528 -c--a-w c:\windows\system32\dllcache\lpdsvc.dll 2009-04-11 18:53 . 2004-08-04 07:56 92160 -c--a-w c:\windows\system32\dllcache\evntwin.exe 2009-04-11 18:53 . 2004-08-04 07:56 267776 -c--a-w c:\windows\system32\dllcache\fxssvc.exe 2009-04-11 18:53 . 2004-08-04 07:56 6144 -c--a-w c:\windows\system32\dllcache\snmpmib.dll 2009-04-11 18:53 . 2004-08-04 07:56 400384 -c--a-w c:\windows\system32\dllcache\fxsxp32.dll 2009-04-11 18:53 . 2004-08-04 07:56 188416 -c--a-w c:\windows\system32\dllcache\snmpsmir.dll 2009-04-11 18:53 . 2004-08-04 07:56 39936 -c--a-w c:\windows\system32\dllcache\hostmib.dll 2009-04-11 18:53 . 2004-08-04 07:56 214528 -c--a-w c:\windows\system32\dllcache\icwconn1.exe 2009-04-11 18:53 . 2004-08-04 07:56 6656 -c--a-w c:\windows\system32\dllcache\fxsres.dll 2009-04-11 18:53 . 2004-08-04 07:56 246272 -c--a-w c:\windows\system32\dllcache\fxst30.dll 2009-04-11 18:51 . 2004-08-04 07:56 8704 -c--a-w c:\windows\system32\dllcache\fxsperf.dll 2009-04-11 18:51 . 2004-08-04 07:56 154112 -c--a-w c:\windows\system32\dllcache\fxsui.dll 2009-04-11 18:51 . 2004-08-04 07:56 55296 -c--a-w c:\windows\system32\dllcache\fxsevent.dll 2009-04-11 18:51 . 2004-08-04 07:56 18944 -c--a-w c:\windows\system32\dllcache\lprmon.dll 2009-04-11 18:51 . 2004-08-04 07:56 20480 -c--a-w c:\windows\system32\dllcache\inetwiz.exe 2009-04-11 18:51 . 2004-08-04 07:56 27136 -c--a-w c:\windows\system32\dllcache\fxsdrv.dll 2009-04-11 18:51 . 2004-08-04 07:56 86016 -c--a-w c:\windows\system32\dllcache\icwconn2.exe 2009-04-11 18:50 . 2004-08-04 07:56 35328 -c--a-w c:\windows\system32\dllcache\iprip.dll 2009-04-11 18:50 . 2004-08-04 07:56 143360 -c--a-w c:\windows\system32\dllcache\fxsclnt.exe 2009-04-11 18:50 . 2004-08-04 07:56 456704 -c--a-w c:\windows\system32\dllcache\smtpsvc.dll 2009-04-11 18:50 . 2004-08-04 07:56 33792 -c--a-w c:\windows\system32\dllcache\lmmib2.dll 2009-04-11 18:50 . 2004-08-04 07:56 40448 -c--a-w c:\windows\system32\dllcache\snmpthrd.dll 2009-04-11 18:50 . 2004-08-04 07:56 101888 -c--a-w c:\windows\system32\dllcache\evntagnt.dll 2009-04-11 18:50 . 2004-08-04 07:56 331264 -c--a-w c:\windows\system32\dllcache\aqueue.dll 2009-04-11 18:50 . 2009-04-11 18:50 -------- d-----w c:\windows\ServicePackFiles 2009-04-11 18:49 . 2004-08-04 05:33 4190352 -c--a-w c:\windows\system32\dllcache\luna.mst 2009-04-11 18:43 . 2004-08-04 07:56 2897920 -c--a-w c:\windows\system32\dllcache\xpsp2res.dll 2009-04-11 18:43 . 2004-08-04 07:56 2897920 ------w c:\windows\system32\xpsp2res.dll 2009-04-11 05:10 . 2004-08-04 07:56 1689088 ----a-w c:\windows\system32\SET12A7.tmp 2009-04-11 05:10 . 2004-08-04 07:56 1134592 ----a-w c:\windows\system32\SET124F.tmp 2009-04-11 05:03 . 2004-08-04 07:56 1032192 ----a-w c:\windows\SET729.tmp 2009-04-11 05:01 . 2004-08-04 07:56 45568 ----a-w c:\windows\system32\SET671.tmp 2009-04-11 05:00 . 2004-08-04 07:56 586240 ----a-w c:\windows\system32\SET5AC.tmp 2009-04-11 04:59 . 2004-08-04 07:56 43520 ----a-w c:\windows\system32\SET4D8.tmp 2009-04-11 04:58 . 2004-08-04 07:56 134656 ----a-w c:\windows\system32\SET37F.tmp 2009-04-11 04:57 . 2004-08-04 07:56 359936 ----a-w c:\windows\system32\SET16A.tmp 2009-04-11 04:57 . 2004-08-04 07:56 91648 ----a-w c:\windows\system32\SET169.tmp 2009-04-11 04:40 . 2004-08-04 08:02 79996 -c--a-w c:\windows\system32\dllcache\apps.chm 2009-04-11 04:39 . 2004-08-04 07:56 69632 -c--a-w c:\windows\system32\dllcache\msscds32.ax 2009-04-11 03:59 . 2009-04-15 00:59 1198333 ----a-w c:\windows\setupapi.log.3.old 2009-04-11 01:42 . 2009-04-11 01:42 -------- d-----w c:\program files\Windows Resource Kits 2009-04-11 01:08 . 2004-08-04 07:56 23552 ----a-w c:\windows\system32\SET5D6.tmp 2009-04-11 01:07 . 2004-08-04 07:56 994304 ----a-w c:\windows\system32\SET4CF.tmp 2009-04-11 01:06 . 2004-08-04 07:56 8192 ----a-w c:\windows\system32\SET396.tmp 2009-04-10 14:21 . 2004-08-04 07:56 1689088 ----a-w c:\windows\system32\SET1112.tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-18 06:07 . 2008-04-06 02:14 -------- d-----w c:\program files\DNA 2009-04-18 06:07 . 2008-04-06 02:14 -------- d-----w c:\documents and settings\Troy\Application Data\DNA 2009-04-18 05:42 . 2009-04-18 05:42 2550 ----a-w C:\avenger.txt 2009-04-18 05:40 . 2008-01-05 04:21 475208 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-15 03:46 . 2008-10-30 04:38 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-14 02:13 . 2009-04-09 01:52 250 ----a-w C:\msnvirrem.log 2009-04-12 17:19 . 2008-10-30 05:12 88224 ----a-w c:\documents and settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-12 02:51 . 2009-04-12 02:19 1923 ----a-w C:\rapport.txt 2009-04-11 19:02 . 2009-04-10 05:19 86665 ----a-w c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-04-11 18:42 . 2001-08-23 19:00 250032 --sha-r C:\ntldr 2009-04-10 04:26 . 2007-04-05 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-10 04:23 . 2008-10-30 04:27 22720 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-09 01:53 . 2009-04-09 01:52 165 ----a-w C:\msnvirremOLD.log 2009-04-08 06:02 . 2007-04-04 23:48 -------- d-----w c:\program files\ecover 2009-04-08 05:55 . 2008-04-06 02:15 -------- d-----w c:\documents and settings\Troy\Application Data\BitTorrent 2009-04-06 22:32 . 2009-04-12 17:28 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 22:32 . 2009-04-12 17:28 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-04-05 22:45 . 2009-02-09 21:55 -------- d-----w c:\program files\Yahoo! 2009-04-05 22:44 . 2009-02-09 21:55 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-04 19:54 . 2009-02-17 07:15 -------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory 2009-04-04 04:44 . 2008-04-07 06:45 -------- d-----w c:\program files\Common Files\SB Solutions 2009-04-04 02:31 . 2008-04-06 21:40 -------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-03-28 04:57 . 2007-03-06 03:11 -------- d-----w c:\documents and settings\Troy\Application Data\FEP 2009-03-26 23:41 . 2008-01-01 11:58 -------- d-----w c:\program files\FriendBlasterPro 2009-03-13 04:42 . 2009-03-13 04:42 -------- d-----w c:\documents and settings\Troy\Application Data\Cover Expert 2009-03-11 02:51 . 2009-03-11 02:51 -------- d-----w c:\program files\btscanner 2009-03-02 02:07 . 2009-03-02 02:07 921624 ----a-w C:\img2-001.raw 2009-03-02 01:44 . 2008-10-31 01:49 -------- d-----w c:\program files\Bonjour 2009-02-24 07:05 . 2008-11-02 03:13 111928 ----a-w c:\windows\system32\PnkBstrB.exe 2009-02-13 06:31 . 2009-02-13 06:31 3532 ----a-w C:\drmHeader.bin 2008-12-29 01:09 . 2008-11-02 03:13 22328 ----a-w c:\documents and settings\Troy\Application Data\PnkBstrK.sys 2007-03-06 03:16 . 2007-03-06 03:11 1324 --sh--w c:\windows\lcfep6c.drv . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-12-08 1253376] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-22 342848] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "SetDefaultMIDI"="MIDIDef.exe" - c:\windows\system32\MIDIDEF.EXE [2008-03-20 31232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX1000"="c:\windows\vVX1000.exe" [2008-08-05 721936] "UltraMon"="g:\program files\UltraMon\UltraMon.exe" [2006-10-13 304640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "iTunesHelper"="g:\program files\iTunes\iTunesHelper.exe" [2008-10-02 289576] "CMCService"="c:\program files\ATI\Catalyst Media Center\CMCService.exe" [2008-06-06 172032] "Adobe Reader Speed Launcher"="g:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-19 13500416] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-10 153136] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2008-08-05 160800] "iolo AntiVirus"="g:\program files\iolo\AntiVirus\ioloAV.exe" [2008-03-05 1095520] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-19 86016] "CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-19 1626112] "CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\Ctxfihlp.exe [2008-03-20 23552] "CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2004-05-21 24576] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Audible Download Manager.lnk - g:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128] Microsoft Office.lnk - g:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon] [bU] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoStart IR.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoStart IR.lnk backup=c:\windows\pss\AutoStart IR.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk backup=c:\windows\pss\Color Calibration.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk backup=c:\windows\pss\NaturalColorLoad.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "g:\\Program Files\\FTP Commander\\ftpcomm.exe"= "g:\\Program Files\\ooVoo\\ooVoo.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "443:UDP"= 443:UDP:ooVoo UDP port 443 "37674:TCP"= 37674:TCP:ooVoo TCP port 37674 "37674:UDP"= 37674:UDP:ooVoo UDP port 37674 "37675:UDP"= 37675:UDP:ooVoo UDP port 37675 R1 9cba63d4;9cba63d4;c:\windows\System32\drivers\9cba63d4.sys [2007-04-05 0] R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2008-03-21 98328] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-03-21 98328] R3 cpuz130;cpuz130; [x] R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2008-03-21 171032] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2008-03-21 171032] R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2008-03-21 528920] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-03-21 528920] R3 CTEAPSFX.SYS;CTEAPSFX.SYS;c:\windows\System32\drivers\CTEAPSFX.SYS [2008-03-21 163352] R3 CTEAPSFX;CTEAPSFX;c:\windows\system32\drivers\CTEAPSFX.SYS [2008-03-21 163352] R3 CTEDSPFX.SYS;CTEDSPFX.SYS;c:\windows\System32\drivers\CTEDSPFX.SYS [2008-03-21 259096] R3 CTEDSPFX;CTEDSPFX;c:\windows\system32\drivers\CTEDSPFX.SYS [2008-03-21 259096] R3 CTEDSPIO.SYS;CTEDSPIO.SYS;c:\windows\System32\drivers\CTEDSPIO.SYS [2008-03-21 134168] R3 CTEDSPIO;CTEDSPIO;c:\windows\system32\drivers\CTEDSPIO.SYS [2008-03-21 134168] R3 CTEDSPSY.SYS;CTEDSPSY.SYS;c:\windows\System32\drivers\CTEDSPSY.SYS [2008-03-21 309784] R3 CTEDSPSY;CTEDSPSY;c:\windows\system32\drivers\CTEDSPSY.SYS [2008-03-21 309784] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2008-03-21 99352] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-03-21 99352] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2008-03-21 1324056] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2008-03-21 1324056] R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2008-03-21 72728] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2008-03-21 72728] R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2008-03-21 534040] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-03-21 534040] R3 Droppix Service;Droppix Service;c:\program files\Common Files\Droppix\DxService.exe [2007-09-28 135168] R3 MEMSWEEP2;MEMSWEEP2; [x] R3 Pciempoe;Pciempoe; [x] R3 SBRE;SBRE; [x] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S2 ioloProductUpdate;iolo Product Update Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-02-26 628584] S3 automap;Automap MIDI Driver Service;c:\windows\system32\DRIVERS\automap.sys [2008-05-29 7168] S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344] S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2008-03-27 27136] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Q] \Shell\AutoRun\command - Q:\FormCD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f51036f-c3ff-11dc-94db-0018f390ee41}] \Shell\Auto\command - Cn911.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3969d97-a6ab-11dd-93d1-0018f390ee41}] \Shell\AutoRun\command - R:\RDEapp.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-04-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] 2009-04-10 c:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000_exe.job - c:\windows\vVX1000.exe [2008-10-30 00:22] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ebay.com/ FF - ProfilePath - c:\documents and settings\Troy\Application Data\Mozilla\Firefox\Profiles\xd0k4et3.default\ FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 7171 FF - prefs.js: network.proxy.type - 1 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-17 23:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\2.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2656) g:\program files\UltraMon\RTSUltraMonHook.dll c:\windows\system32\msi.dll g:\program files\UltraMon\Resources\en\RTSUltraMonHookRes.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WinSCP\DragExt.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe c:\program files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe c:\program files\Common Files\Authentium\AntiVirus\dvpapi.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\Microsoft LifeCam\LifeTray.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Creative Professional\E-MU PatchMix DSP\EmuPatchMixDSP.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe g:\program files\UltraMon\UltraMonTaskbar.exe . ************************************************************************** . Completion time: 2009-04-18 23:12 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-18 06:11 ComboFix2.txt 2009-04-11 20:27 ComboFix3.txt 2009-04-09 04:48 ComboFix4.txt 2009-04-09 04:23 Pre-Run: 19,825,532,928 bytes free Post-Run: 19,969,851,392 bytes free 378
  10. ComboFix 09-04-04.01 - Administrator 2009-04-11 13:08:51.3 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3313 [GMT -7:00] Running from: c:\documents and settings\Administrator.MASTERMI-1HQMKG\Desktop\ComboFix.exe AV: iolo AntiVirus® *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\_003372_.tmp.dll c:\windows\system32\_003531_.tmp.dll c:\windows\system32\_003532_.tmp.dll c:\windows\system32\_003533_.tmp.dll c:\windows\system32\_003534_.tmp.dll c:\windows\system32\_003537_.tmp.dll c:\windows\system32\_003538_.tmp.dll c:\windows\system32\_003539_.tmp.dll c:\windows\system32\_003540_.tmp.dll c:\windows\system32\_003545_.tmp.dll c:\windows\system32\_003546_.tmp.dll c:\windows\system32\_003548_.tmp.dll c:\windows\system32\_003555_.tmp.dll c:\windows\system32\_003556_.tmp.dll c:\windows\system32\_003557_.tmp.dll c:\windows\system32\_003558_.tmp.dll c:\windows\system32\_003559_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-11 11:57 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2009-04-11 11:52 . 2004-08-04 00:56 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe 2009-04-11 11:50 . 2009-04-11 11:50 <DIR> d-------- c:\windows\ServicePackFiles 2009-04-11 11:43 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll 2009-04-11 11:28 . 2004-07-17 11:40 19,528 --a------ c:\windows\002219_.tmp 2009-04-10 22:10 . 2004-08-04 00:56 1,689,088 --a------ c:\windows\system32\SET12A7.tmp 2009-04-10 22:10 . 2004-08-04 00:56 1,134,592 --a------ c:\windows\system32\SET124F.tmp 2009-04-10 22:03 . 2004-08-04 00:56 1,032,192 --a------ c:\windows\SET729.tmp 2009-04-10 22:01 . 2004-08-04 00:56 1,082,368 --a------ c:\windows\system32\SET640.tmp 2009-04-10 22:00 . 2004-08-04 00:56 3,003,392 --a------ c:\windows\system32\SET574.tmp 2009-04-10 21:59 . 2004-08-04 00:56 8,384,000 --a------ c:\windows\system32\SET391.tmp 2009-04-10 21:58 . 2004-08-04 00:56 723,456 --a------ c:\windows\system32\SET273.tmp 2009-04-10 21:57 . 2004-08-04 00:56 359,936 --a------ c:\windows\system32\SET16A.tmp 2009-04-10 21:57 . 2004-08-04 00:56 91,648 --a------ c:\windows\system32\SET169.tmp 2009-04-10 21:42 . 2004-07-17 11:40 19,528 --a------ c:\windows\002211_.tmp 2009-04-10 18:42 . 2009-04-10 18:42 <DIR> d-------- c:\program files\Windows Resource Kits 2009-04-10 18:09 . 2004-08-04 00:56 1,032,192 --a------ c:\windows\SET688.tmp 2009-04-10 18:08 . 2004-08-04 00:56 1,082,368 --a------ c:\windows\system32\SET5A5.tmp 2009-04-10 18:07 . 2004-08-04 00:56 3,003,392 --a------ c:\windows\system32\SET4CB.tmp 2009-04-10 18:06 . 2004-08-04 00:56 8,384,000 --a------ c:\windows\system32\SET2FF.tmp 2009-04-10 18:02 . 2004-07-17 11:40 19,528 --a------ c:\windows\002203_.tmp 2009-04-10 07:21 . 2004-08-04 00:56 1,689,088 --a------ c:\windows\system32\SET1112.tmp 2009-04-10 07:21 . 2004-08-04 00:56 1,134,592 --a------ c:\windows\system32\SET10BA.tmp 2009-04-10 07:11 . 2004-08-04 00:56 1,032,192 --a------ c:\windows\SET593.tmp 2009-04-10 07:11 . 2004-08-04 00:56 194,048 --a------ c:\windows\system32\SET561.tmp 2009-04-10 07:11 . 2004-08-04 00:56 143,360 --a------ c:\windows\system32\SET55C.tmp 2009-04-10 07:11 . 2004-08-04 00:56 126,976 --a------ c:\windows\system32\SET554.tmp 2009-04-10 07:11 . 2004-08-04 00:56 101,888 --a------ c:\windows\system32\SET55F.tmp 2009-04-10 07:11 . 2004-08-04 00:56 58,880 --a------ c:\windows\system32\SET54E.tmp 2009-04-10 07:09 . 2004-08-04 00:56 1,082,368 --a------ c:\windows\system32\SET4B0.tmp 2009-04-10 07:08 . 2004-08-04 00:56 3,003,392 --a------ c:\windows\system32\SET3CC.tmp 2009-04-10 07:07 . 2004-08-04 00:56 1,708,032 --a------ c:\windows\system32\SET35F.tmp 2009-04-10 07:06 . 2004-08-04 00:56 8,384,000 --a------ c:\windows\system32\SET26A.tmp 2009-04-10 07:05 . 2004-08-04 00:56 723,456 --a------ c:\windows\system32\SET1D1.tmp 2009-04-10 07:04 . 2004-08-04 00:56 359,936 --a------ c:\windows\system32\SET160.tmp 2009-04-10 07:04 . 2004-08-04 00:56 264,192 --a------ c:\windows\system32\SET176.tmp 2009-04-10 07:04 . 2004-08-04 00:56 176,640 --a------ c:\windows\system32\SET188.tmp 2009-04-10 07:04 . 2004-08-04 00:56 172,032 --a------ c:\windows\system32\SET186.tmp 2009-04-10 07:04 . 2004-08-04 00:56 92,672 --a------ c:\windows\system32\SET185.tmp 2009-04-10 07:04 . 2004-08-04 00:56 82,944 --a------ c:\windows\system32\SET172.tmp 2009-04-10 07:04 . 2004-08-04 00:56 22,528 --a------ c:\windows\system32\SET165.tmp 2009-04-10 07:04 . 2004-08-04 00:56 19,968 --a------ c:\windows\system32\SET170.tmp 2009-04-10 07:04 . 2004-08-04 00:56 19,968 --a------ c:\windows\system32\SET167.tmp 2009-04-10 07:04 . 2004-08-04 00:56 18,432 --a------ c:\windows\system32\SET163.tmp 2009-04-10 07:04 . 2004-08-04 00:56 5,632 --a------ c:\windows\system32\SET184.tmp 2009-04-10 06:49 . 2004-07-17 11:40 19,528 --a------ c:\windows\002195_.tmp 2009-04-09 23:51 . 2009-04-09 23:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-04-09 23:40 . 2004-08-04 00:56 1,689,088 --a------ c:\windows\system32\SET1011.tmp 2009-04-09 23:39 . 2004-08-04 00:56 1,134,592 --a------ c:\windows\system32\SETFB9.tmp 2009-04-09 23:31 . 2004-08-04 00:56 1,082,368 --a------ c:\windows\system32\SET3B0.tmp 2009-04-09 23:30 . 2004-08-04 00:56 3,003,392 --a------ c:\windows\system32\SET301.tmp 2009-04-09 23:29 . 2004-08-04 00:56 1,708,032 --a------ c:\windows\system32\SET2AD.tmp 2009-04-09 23:28 . 2004-08-04 00:56 8,384,000 --a------ c:\windows\system32\SET211.tmp 2009-04-09 23:27 . 2004-08-04 00:56 359,936 --a------ c:\windows\system32\SET16C.tmp 2009-04-09 23:27 . 2004-08-04 00:56 264,192 --a------ c:\windows\system32\SET17E.tmp 2009-04-09 23:27 . 2004-08-04 00:56 82,944 --a------ c:\windows\system32\SET17B.tmp 2009-04-09 23:27 . 2004-08-04 00:56 22,528 --a------ c:\windows\system32\SET171.tmp 2009-04-09 23:27 . 2004-08-04 00:56 19,968 --a------ c:\windows\system32\SET17A.tmp 2009-04-09 23:27 . 2004-08-04 00:56 19,968 --a------ c:\windows\system32\SET173.tmp 2009-04-09 23:27 . 2004-08-04 00:56 18,432 --a------ c:\windows\system32\SET16F.tmp 2009-04-09 23:12 . 2004-07-17 11:40 19,528 --a------ c:\windows\002189_.tmp 2009-04-09 22:18 . 2009-04-09 22:18 749 -rah----- c:\windows\WindowsShell.Manifest 2009-04-09 22:18 . 2009-04-09 22:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2009-04-09 22:18 . 2009-04-09 22:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2009-04-09 22:18 . 2009-04-09 22:18 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2009-04-09 22:18 . 2009-04-09 22:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2009-04-09 22:18 . 2009-04-09 22:18 488 -rah----- c:\windows\system32\logonui.exe.manifest 2009-04-09 21:50 . 2006-05-16 04:23 205,312 -ra------ c:\windows\system32\fdco1ins.dll 2009-04-09 21:50 . 2006-05-16 04:23 159,232 -ra------ c:\windows\system32\fdco_l1036.dll 2009-04-09 21:50 . 2006-05-16 04:23 159,232 -ra------ c:\windows\system32\fdco_l1034.dll 2009-04-09 21:50 . 2006-05-16 04:23 159,232 -ra------ c:\windows\system32\fdco_l1031.dll 2009-04-09 21:50 . 2006-05-16 04:23 158,720 -ra------ c:\windows\system32\fdco_l1046.dll 2009-04-09 21:50 . 2006-05-16 04:23 158,720 -ra------ c:\windows\system32\fdco_l1040.dll 2009-04-09 21:50 . 2006-05-16 04:23 156,672 -ra------ c:\windows\system32\fdco_l1042.dll 2009-04-09 21:50 . 2006-05-16 04:23 156,672 -ra------ c:\windows\system32\fdco_l1041.dll 2009-04-09 21:50 . 2006-05-16 04:23 155,648 -ra------ c:\windows\system32\fdco_l1028.dll 2009-04-09 21:50 . 2006-05-16 04:23 155,136 -ra------ c:\windows\system32\fdco_l2052.dll 2009-04-09 21:50 . 2006-05-16 04:25 52,736 -ra------ c:\windows\system32\drivers\NVENETFD.sys 2009-04-09 21:45 . 2001-08-23 12:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT 2009-04-09 21:45 . 2001-08-23 12:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT 2009-04-09 21:45 . 2001-08-23 12:00 37,484 --a--c--- c:\windows\system32\dllcache\MW770.CAT 2009-04-09 21:45 . 2001-08-23 12:00 24,661 --a------ c:\windows\system32\spxcoins.dll 2009-04-09 21:45 . 2001-08-23 12:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll 2009-04-09 21:45 . 2001-08-23 12:00 13,608 -ra------ c:\windows\SET63.tmp 2009-04-09 21:45 . 2001-08-23 12:00 13,472 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT 2009-04-09 21:45 . 2001-08-23 12:00 13,312 --a------ c:\windows\system32\irclass.dll 2009-04-09 21:45 . 2001-08-23 12:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll 2009-04-09 21:45 . 2001-08-23 12:00 8,574 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT 2009-04-09 21:45 . 2001-08-23 13:00 7,382 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT 2009-04-09 21:44 . 2009-04-10 19:55 1,136,095 --a------ c:\windows\setupapi.log.2.old 2009-04-09 21:44 . 2001-08-23 12:00 1,085,913 -ra------ c:\windows\SET57.tmp 2009-04-09 21:31 . 2009-04-09 21:31 <DIR> d-------- c:\documents and settings\Default User\Application Data\DivX 2009-04-09 21:27 . 2001-08-23 12:00 73,728 --a--c--- c:\windows\system32\dllcache\icwtutor.exe 2009-04-09 21:27 . 2001-08-23 12:00 61,440 --a--c--- c:\windows\system32\dllcache\icwres.dll 2009-04-09 21:27 . 2001-08-23 12:00 40,960 --a--c--- c:\windows\system32\dllcache\trialoc.dll 2009-04-09 20:22 . 2001-08-23 12:00 1,085,913 -ra------ c:\windows\SET58.tmp 2009-04-09 20:22 . 2001-08-23 12:00 13,608 -ra------ c:\windows\SET64.tmp 2009-04-09 19:03 . 2009-04-09 21:22 394,281 --a------ c:\windows\setupapi.old 2009-04-09 19:02 . 2009-04-11 12:22 3,594 --a------ c:\windows\imsins.BAK 2009-04-08 21:49 . 2009-04-08 21:49 <DIR> d-------- c:\documents and settings\Administrator.MASTERMI-1HQMKG\Application Data\iolo 2009-04-08 19:01 . 2009-04-08 19:01 432 --a------ c:\windows\system32\iolo.ini 2009-04-08 18:55 . 2009-04-08 18:55 <DIR> d-------- c:\program files\iolo 2009-04-08 18:55 . 2009-04-08 18:55 <DIR> d-------- c:\program files\Common Files\Authentium 2009-04-08 18:55 . 2009-04-08 18:55 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo 2009-04-08 18:55 . 2007-07-25 08:42 126,976 --a------ c:\windows\system32\iavlsp.dll 2009-04-08 18:54 . 2009-04-08 18:55 <DIR> d-------- c:\documents and settings\Troy\Application Data\iolo 2009-04-08 18:54 . 2009-04-08 20:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo 2009-04-08 18:53 . 2009-04-08 18:53 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-04-08 07:40 . 2009-04-08 07:40 <DIR> d-------- c:\documents and settings\Administrator.MASTERMI-1HQMKG\Application Data\Malwarebytes 2009-04-07 22:57 . 2009-04-07 22:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-04-06 22:57 . 2009-04-06 22:57 <DIR> d-------- c:\documents and settings\Troy\Application Data\MSN6 2009-04-06 22:57 . 2009-04-06 22:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6 2009-04-06 22:49 . 2009-04-06 22:49 <DIR> d-------- c:\documents and settings\Troy\Application Data\oovootb 2009-04-06 22:41 . 2009-04-07 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\EmailNotifier 2009-04-06 21:41 . 2009-04-06 22:16 <DIR> d-------- c:\program files\Enigma Software Group 2009-04-06 00:33 . 2007-04-06 22:09 <DIR> d-------- c:\documents and settings\Troy\Application Data\SUPERAntiSpyware.com 2009-04-06 00:33 . 2009-04-06 00:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-05 22:00 . 2009-04-05 22:00 <DIR> d-------- c:\documents and settings\Troy\Application Data\Malwarebytes 2009-04-05 22:00 . 2009-04-05 22:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-04-05 21:53 . 2009-04-05 21:53 95 --a------ c:\windows\wininit.ini 2009-04-05 14:44 . 2009-04-05 16:21 <DIR> d-------- c:\documents and settings\Troy\DoctorWeb 2009-04-04 18:02 . 2009-04-04 18:02 1 --a------ c:\windows\9g2234wesdf3dfgjf23 2009-04-04 15:12 . 2009-04-04 15:13 327 --a------ c:\windows\pdf2word.INI 2009-04-04 12:38 . 2007-04-05 12:48 0 --a------ c:\windows\system32\drivers\9cba63d4.sys 2009-04-04 12:23 . 2009-04-04 12:23 21,878,064 --a------ c:\documents and settings\Troy\nvRGKTFOBS.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-11 20:19 --------- d-----w c:\program files\DNA 2009-04-11 20:19 --------- d-----w c:\documents and settings\Troy\Application Data\DNA 2009-04-10 04:26 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-08 06:02 --------- d-----w c:\program files\ecover 2009-04-08 05:55 --------- d-----w c:\documents and settings\Troy\Application Data\BitTorrent 2009-04-05 22:45 --------- d-----w c:\program files\Yahoo! 2009-04-05 22:44 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-04-04 19:54 --------- d-----w c:\documents and settings\All Users\Application Data\Watermark Factory 2009-04-04 04:44 --------- d-----w c:\program files\Common Files\SB Solutions 2009-04-04 02:31 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink 2009-03-28 04:57 --------- d-----w c:\documents and settings\Troy\Application Data\FEP 2009-03-26 23:41 --------- d-----w c:\program files\FriendBlasterPro 2009-03-11 06:40 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-11 02:51 --------- d-----w c:\program files\btscanner 2009-03-02 01:44 --------- d-----w c:\program files\Bonjour 2009-02-16 21:20 --------- d-----w c:\program files\Common Files\SWF Studio 2009-02-16 21:19 --------- d-----w c:\program files\WildGames 2009-02-16 21:19 --------- d-----w c:\documents and settings\All Users\Application Data\WildTangent 2009-02-13 06:31 3,532 ----a-w C:\drmHeader.bin 2009-02-12 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-02-12 08:56 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-11 01:33 --------- d-----w c:\documents and settings\Troy\Application Data\iPhoneRingToneMaker 2008-12-29 01:09 22,328 ----a-w c:\documents and settings\Troy\Application Data\PnkBstrK.sys 2007-03-06 03:16 1,324 --sh--w c:\windows\lcfep6c.drv . 6\bthserv.dll + 2004-08-04 07:56:42 30,208 ------w c:\windows\ServicePackFiles\i386\bthserv.dll - 2004-08-04 07:10:36 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys + 2004-08-04 06:10:36 18,944 ------w c:\windows\ServicePackFiles\i386\bthusb.sys - 2004-08-04 08:56:42 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll + 2004-08-04 07:56:42 50,688 ------w c:\windows\ServicePackFiles\i386\btpanui.dll - 2004-08-04 08:56:42 59,904 ------w c:\windows\ServicePackFiles\i386\cabinet.dll + 2004-08-04 07:56:42 59,904 ------w c:\windows\ServicePackFiles\i386\cabinet.dll - 2004-08-04 08:56:42 84,480 ------w c:\windows\ServicePackFiles\i386\cabview.dll + 2004-08-04 07:56:42 84,480 ------w c:\windows\ServicePackFiles\i386\cabview.dll - 2004-08-04 08:56:42 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll + 2004-08-04 07:56:42 385,024 ------w c:\windows\ServicePackFiles\i386\callcont.dll - 2004-08-04 08:56:42 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll + 2004-08-04 07:56:42 50,688 ------w c:\windows\ServicePackFiles\i386\camocx.dll - 2004-07-20 02:54:04 94,208 ------w c:\windows\ServicePackFiles\i386\caspol.exe + 2004-07-20 01:54:04 94,208 ------w c:\windows\ServicePackFiles\i386\caspol.exe - 2004-08-04 08:56:42 229,888 ---- + 2004-08-04 05:59:14 150,656 ------w c:\windows\ServicePackFiles\i386\halapic.dll - 2004-08-04 06:59:14 134,400 ------w c:\windows\ServicePackFiles\i386\halmacpi.dll + 2004-08-04 05:59:14 134,400 ------w c:\windows\ServicePackFiles\i386\halmacpi.dll - 2004-08-04 06:59:20 152,704 ------w c:\windows\ServicePackFiles\i386\halmps.dll + 2004-08-04 05:59:20 152,704 ------w c:\windows\ServicePackFiles\i386\halmps.dll - 2004-08-04 06:59:20 77,696 ------w c:\windows\ServicePackFiles\i386\halsp.dll + 2004-08-04 05:59:20 77,696 ------w c:\windows\ServicePackFiles\i386\halsp.dll - 2004-08-04 08:56:44 7,168 ------w c:\windows\ServicePackFiles\i386\hccoin.dll + 2004-08-04 07:56:44 7,168 ------w c:\windows\ServicePackFiles\i386\hccoin.dll - 2004-08-04 08:56:50 768,512 ------w c:\windows\ServicePackFiles\i386\helpctr.exe + 2004-08-04 07:56:50 768,512 ------w c:\windows\ServicePackFiles\i386\helpctr.exe - 2004-08-04 08:56:52 743,936 ------w c:\windows\ServicePackFiles\i386\helpsvc.exe + 2004-08-04 07:56:52 743,936 ------w c:\windows\ServicePackFiles\i386\helpsvc.exe - 2004-08-04 08:56:52 10,752 ------w c:\windows\ServicePackFiles\i386\hh.exe + 2004-08-04 07:56:52 10,752 ------w c:\windows\ServicePackFiles\i386\hh.exe - 2004-08-04 08:56:44 38,912 ------w c:\windows\ServicePackFiles\i386\hhsetup.dll + 2004-08-04 07:56:44 38,912 ------w c:\windows\ServicePackFiles\i386\hhsetup.dll - 2004-08-04 08:56:44 20,992 ------w c:\windows\ServicePackFiles\i386\hid.dll + 2004-08-04 07:56:44 20,992 ------w c:\windows\ServicePackFiles\i386\hid.dll - 2004-08-04 07:10:38 25,600 ------w c:\windows\ServicePackFiles\i386\hidbth.sys + 2004-08-04 06:10:38 25,600 ------w c:\windows\ServicePackFiles\i386\hidbth.sys - 2004-08-04 07:08:20 36,224 ------w c:\windows\ServicePackFiles\i386\hidclass.sys + 2004-08-04 06:08:20 36,224 ------w c:\windows\ServicePackFiles\i386\hidclass.sys - 2004-08-04 07:08:20 15,104 ------w c:\windows\ServicePackFiles\i386\hidir.sys + 2004-08-04 06:08:20 15,104 ------w c:\windows\ServicePackFiles\i386\hidir.sys - 2004-08-04 07:08:18 24,960 ------w c:\windows\ServicePackFiles\i386\hidparse.sys + 2004-08-04 06:08:18 24,960 ------w c:\windows\ServicePackFiles\i386\hidparse.sys - 2004-08-04 08:56:44 21,504 ------w c:\windows\ServicePackFiles\i386\hidserv.dll + 2004-08-04 07:56:44 21,504 ------w c:\windows\ServicePackFiles\i386\hidserv.dll - 2004-08-04 08:56:44 38,912 ------w c:\windows\ServicePackFiles\i386\hmmapi.dll + 2004-08-04 07:56:44 38,912 ------w c:\windows\ServicePackFiles\i386\hmmapi.dll - 2004-08-04 08:56:44 344,064 ------w c:\windows\ServicePackFiles\i386\hnetcfg.dll + 2004-08-04 07:56:44 344,064 ------w c:\windows\ServicePackFiles\i386\hnetcfg.dll - 2004-08-04 08:56:44 330,752 ------w c:\windows\ServicePackFiles\i386\hnetwiz.dll + 2004-08-04 07:56:44 330,752 ------w c:\windows\ServicePackFiles\i386\hnetwiz.dll - 2004-08-04 08:56:44 39,936 ------w c:\windows\ServicePackFiles\i386\hostmib.dll + 2004-08-04 07:56:44 39,936 ------w c:\windows\ServicePackFiles\i386\hostmib.dll - 2004-08-04 08:56:44 144,896 ------w c:\windows\ServicePackFiles\i386\hotplug.dll + 2004-08-04 07:56:44 144,896 ------w c:\windows\ServicePackFiles\i386\hotplug.dll - 2004-08-04 08:56:44 10,752 ------w c:\windows\ServicePackFiles\i386\hpcjrr.dll + 2004-08-04 07:56:44 10,752 ------w c:\windows\ServicePackFiles\i386\hpcjrr.dll - 2004-08-04 08:56:44 10,240 ------w c:\windows\ServicePackFiles\i386\hpcjrrps.dll + 2004-08-04 07:56:44 10,240 ------w c:\windows\ServicePackFiles\i386\hpcjrrps.dll - 2004-08-04 08:56:44 87,552 ------w c:\windows\ServicePackFiles\i386\hpfud50.dll + 2004-08-04 07:56:44 87,552 ------w c:\windows\ServicePackFiles\i386\hpfud50.dll - 2004-08-04 08:56:52 18,944 ------w c:\windows\ServicePackFiles\i386\hscupd.exe + 2004-08-04 07:56:52 18,944 ------w c:\windows\ServicePackFiles\i386\hscupd.exe - 2004-08-04 06:41:48 220,032 ------w c:\windows\ServicePackFiles\i386\hsfbs2s2.sys + 2004-08-04 05:41:48 220,032 ------w c:\windows\ServicePackFiles\i386\hsfbs2s2.sys - 2004-08-04 08:56:44 32,285 ------w c:\windows\ServicePackFiles\i386\hsfcisp2.dll + 2004-08-04 07:56:44 32,285 ------w c:\windows\ServicePackFiles\i386\hsfcisp2.dll - 2004-08-04 06:41:50 685,056 ------w c:\windows\ServicePackFiles\i386\hsfcxts2.sys + 2004-08-04 05:41:50 685,056 ------w c:\windows\ServicePackFiles\i386\hsfcxts2.sys - 2004-08-04 06:41:56 1,041,536 ------w c:\windows\ServicePackFiles\i386\hsfdpsp2.sys + 2004-08-04 05:41:56 1,041,536 ------w c:\windows\ServicePackFiles\i386\hsfdpsp2.sys - 2004-08-04 07:00:14 263,040 ------w c:\windows\ServicePackFiles\i386\http.sys + 2004-08-04 06:00:14 263,040 ------w c:\windows\ServicePackFiles\i386\http.sys - 2004-08-04 08:56:44 24,576 ------w c:\windows\ServicePackFiles\i386\httpapi.dll + 2004-08-04 07:56:44 24,576 ------w c:\windows\ServicePackFiles\i386\httpapi.dll - 2004-08-04 08:56:44 268,288 ------w c:\windows\ServicePackFiles\i386\httpext.dll + 2004-08-04 07:56:44 268,288 ------w c:\windows\ServicePackFiles\i386\httpext.dll - 2004-08-04 08:56:44 8,192 ------w c:\windows\ServicePackFiles\i386\httpmb51.dll + 2004-08-04 07:56:44 8,192 ------w c:\windows\ServicePackFiles\i386\httpmb51.dll - 2004-08-04 08:56:44 61,440 ------w c:\windows\ServicePackFiles\i386\httpod51.dll + 2004-08-04 07:56:44 61,440 ------w c:\windows\ServicePackFiles\i386\httpod51.dll - 2004-08-04 08:56:44 41,984 ------w c:\windows\ServicePackFiles\i386\htui.dll + 2004-08-04 07:56:44 41,984 ------w c:\windows\ServicePackFiles\i386\htui.dll - 2004-08-04 08:56:44 345,088 ------w c:\windows\ServicePackFiles\i386\hypertrm.dll + 2004-08-04 07:56:44 345,088 ------w c:\windows\ServicePackFiles\i386\hypertrm.dll - 2004-08-04 07:00:52 8,192 ------w c:\windows\ServicePackFiles\i386\i2omgmt.sys + 2004-08-04 06:00:52 8,192 ------w c:\windows\ServicePackFiles\i386\i2omgmt.sys - 2004-08-04 07:00:52 18,560 ------w c:\windows\ServicePackFiles\i386\i2omp.sys + 2004-08-04 06:00:52 18,560 ------w c:\windows\ServicePackFiles\i386\i2omp.sys - 2004-08-04 07:14:38 52,736 ------w c:\windows\ServicePackFiles\i386\i8042prt.sys + 2004-08-04 06:14:38 52,736 ------w c:\windows\ServicePackFiles\i386\i8042prt.sys - 2004-08-04 08:56:44 702,845 ------w c:\windows\ServicePackFiles\i386\i81xdnt5.dll + 2004-08-04 07:56:44 702,845 ------w c:\windows\ServicePackFiles\i386\i81xdnt5.dll - 2004-08-04 06:29:38 161,020 ------w c:\windows\ServicePackFiles\i386\i81xnt5.sys + 2004-08-04 05:29:38 161,020 ------w c:\windows\ServicePackFiles\i386\i81xnt5.sys - 2004-08-04 08:56:44 119,808 ------w c:\windows\ServicePackFiles\i386\iasrad.dll + 2004-08-04 07:56:44 119,808 ------w c:\windows\ServicePackFiles\i386\iasrad.dll - 2004-08-04 08:56:44 11,264 ------w c:\windows\ServicePackFiles\i386\icaapi.dll + 2004-08-04 07:56:44 11,264 ------w c:\windows\ServicePackFiles\i386\icaapi.dll - 2004-08-04 08:56:44 80,384 ------w c:\windows\ServicePackFiles\i386\iccvid.dll + 2004-08-04 07:56:44 80,384 ------w c:\windows\ServicePackFiles\i386\iccvid.dll - 2004-08-04 08:56:44 253,952 ------w c:\windows\ServicePackFiles\i386\icm32.dll + 2004-08-04 07:56:44 253,952 ------w c:\windows\ServicePackFiles\i386\icm32.dll - 2004-08-04 08:56:08 3,584 ------w c:\windows\ServicePackFiles\i386\icmp.dll + 2004-08-04 07:56:08 3,584 ------w c:\windows\ServicePackFiles\i386\icmp.dll - 2004-08-04 08:56:44 4,096 ------w c:\windows\ServicePackFiles\i386\iconlib.dll + 2004-08-04 07:56:44 4,096 ------w c:\windows\ServicePackFiles\i386\iconlib.dll - 2004-08-04 08:56:44 61,440 ------w c:\windows\ServicePackFiles\i386\icwconn.dll + 2004-08-04 07:56:44 61,440 ------w c:\windows\ServicePackFiles\i386\icwconn.dll - 2004-08-04 08:56:52 214,528 ------w c:\windows\ServicePackFiles\i386\icwconn1.exe + 2004-08-04 07:56:52 214,528 ------w c:\windows\ServicePackFiles\i386\icwconn1.exe - 2004-08-04 08:56:52 86,016 ------w c:\windows\ServicePackFiles\i386\icwconn2.exe + 2004-08-04 07:56:52 86,016 ------w c:\windows\ServicePackFiles\i386\icwconn2.exe - 2004-08-04 08:56:44 73,728 ------w c:\windows\ServicePackFiles\i386\icwdial.dll + 2004-08-04 07:56:44 73,728 ------w c:\windows\ServicePackFiles\i386\icwdial.dll - 2004-08-04 08:56:44 32,768 ------w c:\windows\ServicePackFiles\i386\icwdl.dll + 2004-08-04 07:56:44 32,768 ------w c:\windows\ServicePackFiles\i386\icwdl.dll - 2004-08-04 08:56:44 172,032 ------w c:\windows\ServicePackFiles\i386\icwhelp.dll + 2004-08-04 07:56:44 172,032 ------w c:\windows\ServicePackFiles\i386\icwhelp.dll - 2004-08-04 08:56:44 65,536 ------w c:\windows\ServicePackFiles\i386\icwphbk.dll + 2004-08-04 07:56:44 65,536 ------w c:\windows\ServicePackFiles\i386\icwphbk.dll - 2004-08-04 08:56:52 24,576 ------w c:\windows\ServicePackFiles\i386\icwrmind.exe + 2004-08-04 07:56:52 24,576 ------w c:\windows\ServicePackFiles\i386\icwrmind.exe - 2004-08-04 08:56:44 49,152 ------w c:\windows\ServicePackFiles\i386\icwutil.dll + 2004-08-04 07:56:44 49,152 ------w c:\windows\ServicePackFiles\i386\icwutil.dll - 2004-08-04 08:56:44 120,832 ------w c:\windows\ServicePackFiles\i386\idq.dll + 2004-08-04 07:56:44 120,832 ------w c:\windows\ServicePackFiles\i386\idq.dll - 2004-08-04 08:56:52 34,304 ------w c:\windows\ServicePackFiles\i386\ie4uinit.exe + 2004-08-04 07:56:52 34,304 ------w c:\windows\ServicePackFiles\i386\ie4uinit.exe - 2004-08-04 08:56:44 139,264 ------w c:\windows\ServicePackFiles\i386\ieakeng.dll + 2004-08-04 07:56:44 139,264 ------w c:\windows\ServicePackFiles\i386\ieakeng.dll - 2004-08-04 08:56:44 216,576 ------w c:\windows\ServicePackFiles\i386\ieaksie.dll + 2004-08-04 07:56:44 216,576 ------w c:\windows\ServicePackFiles\i386\ieaksie.dll - 2004-08-04 08:56:44 323,584 ------w c:\windows\ServicePackFiles\i386\iedkcs32.dll + 2004-08-04 07:56:44 323,584 ------w c:\windows\ServicePackFiles\i386\iedkcs32.dll - 2004-08-04 08:56:52 18,432 ------w c:\windows\ServicePackFiles\i386\iedw.exe + 2004-08-04 07:56:52 18,432 ------w c:\windows\ServicePackFiles\i386\iedw.exe - 2004-08-04 08:56:44 81,920 ------w c:\windows\ServicePackFiles\i386\ieencode.dll + 2004-08-04 07:56:44 81,920 ------w c:\windows\ServicePackFiles\i386\ieencode.dll - 2004-07-20 02:54:06 7,680 ------w c:\windows\ServicePackFiles\i386\ieexec.exe + 2004-07-20 01:54:06 7,680 ------w c:\windows\ServicePackFiles\i386\ieexec.exe - 2004-07-20 02:54:06 7,168 ------w c:\windows\ServicePackFiles\i386\ieexecremote.dll + 2004-07-20 01:54:06 7,168 ------w c:\windows\ServicePackFiles\i386\ieexecremote.dll - 2004-07-20 02:54:06 32,768 ------w c:\windows\ServicePackFiles\i386\iehost.dll + 2004-07-20 01:54:06 32,768 ------w c:\windows\ServicePackFiles\i386\iehost.dll - 2004-08-04 08:56:44 249,344 ------w c:\windows\ServicePackFiles\i386\iepeers.dll + 2004-08-04 07:56:44 249,344 ------w c:\windows\ServicePackFiles\i386\iepeers.dll - 2004-08-04 08:56:44 48,640 ------w c:\windows\ServicePackFiles\i386\iernonce.dll + 2004-08-04 07:56:44 48,640 ------w c:\windows\ServicePackFiles\i386\iernonce.dll - 2004-08-04 08:56:44 62,976 ------w c:\windows\ServicePackFiles\i386\iesetup.dll + 2004-08-04 07:56:44 62,976 ------w c:\windows\ServicePackFiles\i386\iesetup.dll - 2004-08-04 08:56:52 93,184 ------w c:\windows\ServicePackFiles\i386\iexplore.exe + 2004-08-04 07:56:52 93,184 ------w c:\windows\ServicePackFiles\i386\iexplore.exe - 2004-08-04 08:56:52 114,688 ------w c:\windows\ServicePackFiles\i386\iexpress.exe + 2004-08-04 07:56:52 114,688 ------w c:\windows\ServicePackFiles\i386\iexpress.exe - 2004-08-04 08:56:44 135,680 ------w c:\windows\ServicePackFiles\i386\ifmon.dll + 2004-08-04 07:56:44 135,680 ------w c:\windows\ServicePackFiles\i386\ifmon.dll - 2004-08-04 08:56:44 8,192 ------w c:\windows\ServicePackFiles\i386\igmpagnt.dll + 2004-08-04 07:56:44 8,192 ------w c:\windows\ServicePackFiles\i386\igmpagnt.dll - 2004-08-04 08:56:44 505,344 ------w c:\windows\ServicePackFiles\i386\iis.dll + 2004-08-04 07:56:44 505,344 ------w c:\windows\ServicePackFiles\i386\iis.dll - 2004-08-04 08:56:44 25,088 ------w c:\windows\ServicePackFiles\i386\iisadmin.dll + 2004-08-04 07:56:44 25,088 ------w c:\windows\ServicePackFiles\i386\iisadmin.dll - 2004-08-04 08:56:44 145,408 ------w c:\windows\ServicePackFiles\i386\iische51.dll + 2004-08-04 07:56:44 145,408 ------w c:\windows\ServicePackFiles\i386\iische51.dll - 2004-08-04 08:56:44 68,608 ------w c:\windows\ServicePackFiles\i386\iisext51.dll + 2004-08-04 07:56:44 68,608 ------w c:\windows\ServicePackFiles\i386\iisext51.dll - 2004-08-04 08:56:44 7,168 ------w c:\windows\ServicePackFiles\i386\iisfecnv.dll + 2004-08-04 07:56:44 7,168 ------w c:\windows\ServicePackFiles\i386\iisfecnv.dll - 2004-08-04 08:56:44 79,872 ------w c:\windows\ServicePackFiles\i386\iislog51.dll + 2004-08-04 07:56:44 79,872 ------w c:\windows\ServicePackFiles\i386\iislog51.dll - 2004-08-04 08:56:44 64,512 ------w c:\windows\ServicePackFiles\i386\iismap.dll + 2004-08-04 07:56:44 64,512 ------w c:\windows\ServicePackFiles\i386\iismap.dll - 2004-08-04 08:56:52 30,720 ------w c:\windows\ServicePackFiles\i386\iisrstas.exe + 2004-08-04 07:56:52 30,720 ------w c:\windows\ServicePackFiles\i386\iisrstas.exe - 2004-08-04 08:56:44 133,632 ------w c:\windows\ServicePackFiles\i386\iisrtl.dll + 2004-08-04 07:56:44 133,632 ------w c:\windows\ServicePackFiles\i386\iisrtl.dll - 2004-08-04 06:11:48 184,320 ------w c:\windows\ServicePackFiles\i386\ilasm.exe + 2004-08-04 05:11:48 184,320 ------w c:\windows\ServicePackFiles\i386\ilasm.exe - 2004-08-04 08:56:44 81,920 ------w c:\windows\ServicePackFiles\i386\ils.dll + 2004-08-04 07:56:44 81,920 ------w c:\windows\ServicePackFiles\i386\ils.dll - 2004-08-04 08:56:44 144,384 ------w c:\windows\ServicePackFiles\i386\imagehlp.dll + 2004-08-04 07:56:44 144,384 ------w c:\windows\ServicePackFiles\i386\imagehlp.dll - 2004-08-04 08:56:52 150,016 ------w c:\windows\ServicePackFiles\i386\imapi.exe + 2004-08-04 07:56:52 150,016 ------w c:\windows\ServicePackFiles\i386\imapi.exe - 2004-08-04 07:00:16 41,856 ------w c:\windows\ServicePackFiles\i386\imapi.sys + 2004-08-04 06:00:16 41,856 ------w c:\windows\ServicePackFiles\i386\imapi.sys - 2004-08-04 08:56:44 36,921 ------w c:\windows\ServicePackFiles\i386\imeshare.dll + 2004-08-04 07:56:44 36,921 ------w c:\windows\ServicePackFiles\i386\imeshare.dll - 2004-08-04 08:56:44 35,840 ------w c:\windows\ServicePackFiles\i386\imgutil.dll + 2004-08-04 07:56:44 35,840 ------w c:\windows\ServicePackFiles\i386\imgutil.dll - 2004-08-04 08:56:44 110,080 ------w c:\windows\ServicePackFiles\i386\imm32.dll + 2004-08-04 07:56:44 110,080 ------w c:\windows\ServicePackFiles\i386\imm32.dll - 2004-08-04 08:56:44 274,432 ------w c:\windows\ServicePackFiles\i386\inetcfg.dll + 2004-08-04 07:56:44 274,432 ------w c:\windows\ServicePackFiles\i386\inetcfg.dll - 2004-08-04 08:56:44 678,400 ------w c:\windows\ServicePackFiles\i386\inetcomm.dll + 2004-08-04 07:56:44 678,400 ------w c:\windows\ServicePackFiles\i386\inetcomm.dll - 2004-08-04 08:56:52 15,872 ------w c:\windows\ServicePackFiles\i386\inetin51.exe + 2004-08-04 07:56:52 15,872 ------w c:\windows\ServicePackFiles\i386\inetin51.exe - 2004-08-04 08:56:44 829,440 ------w c:\windows\ServicePackFiles\i386\inetmgr.dll + 2004-08-04 07:56:44 829,440 ------w c:\windows\ServicePackFiles\i386\inetmgr.dll - 2004-08-04 08:56:44 33,280 ------w c:\windows\ServicePackFiles\i386\inetmib1.dll + 2004-08-04 07:56:44 33,280 ------w c:\windows\ServicePackFiles\i386\inetmib1.dll - 2004-08-04 08:56:44 75,264 ------w c:\windows\ServicePackFiles\i386\inetpp.dll + 2004-08-04 07:56:44 75,264 ------w c:\windows\ServicePackFiles\i386\inetpp.dll - 2004-08-04 08:56:44 15,872 ------w c:\windows\ServicePackFiles\i386\inetppui.dll + 2004-08-04 07:56:44 15,872 ------w c:\windows\ServicePackFiles\i386\inetppui.dll - 2004-08-04 08:56:10 48,128 ------w c:\windows\ServicePackFiles\i386\inetres.dll + 2004-08-04 07:56:10 48,128 ------w c:\windows\ServicePackFiles\i386\inetres.dll - 2004-08-04 08:56:52 20,480 ------w c:\windows\ServicePackFiles\i386\inetwiz.exe + 2004-08-04 07:56:52 20,480 ------w c:\windows\ServicePackFiles\i386\inetwiz.exe - 2004-08-04 08:56:44 13,312 ------w c:\windows\ServicePackFiles\i386\infoadmn.dll + 2004-08-04 07:56:44 13,312 ------w c:\windows\ServicePackFiles\i386\infoadmn.dll - 2004-08-04 08:56:44 257,024 ------w c:\windows\ServicePackFiles\i386\infocomm.dll + 2004-08-04 07:56:44 257,024 ------w c:\windows\ServicePackFiles\i386\infocomm.dll - 2004-08-04 08:56:44 147,456 ------w c:\windows\ServicePackFiles\i386\initpki.dll + 2004-08-04 07:56:44 147,456 ------w c:\windows\ServicePackFiles\i386\initpki.dll - 2004-08-04 08:56:44 123,392 ------w c:\windows\ServicePackFiles\i386\input.dll + 2004-08-04 07:56:44 123,392 ------w c:\windows\ServicePackFiles\i386\input.dll - 2004-08-04 08:56:44 96,256 ------w c:\windows\ServicePackFiles\i386\inseng.dll + 2004-08-04 07:56:44 96,256 ------w c:\windows\ServicePackFiles\i386\inseng.dll - 2004-07-20 02:54:06 24,576 ------w c:\windows\ServicePackFiles\i386\installutil.exe + 2004-07-20 01:54:06 24,576 ------w c:\windows\ServicePackFiles\i386\installutil.exe - 2004-08-04 06:59:42 5,504 ------w c:\windows\ServicePackFiles\i386\intelide.sys + 2004-08-04 05:59:42 5,504 ------w c:\windows\ServicePackFiles\i386\intelide.sys - 2004-08-04 06:59:20 36,096 ------w c:\windows\ServicePackFiles\i386\intelppm.sys + 2004-08-04 05:59:20 36,096 ------w c:\windows\ServicePackFiles\i386\intelppm.sys - 2004-08-04 07:00:08 29,056 ------w c:\windows\ServicePackFiles\i386\ip6fw.sys + 2004-08-04 06:00:08 29,056 ------w c:\windows\ServicePackFiles\i386\ip6fw.sys - 2004-08-04 08:56:52 55,808 ------w c:\windows\ServicePackFiles\i386\ipconfig.exe + 2004-08-04 07:56:52 55,808 ------w c:\windows\ServicePackFiles\i386\ipconfig.exe - 2004-08-04 08:56:06 97,280 ------w c:\windows\ServicePackFiles\i386\ipevldpc.dll + 2004-08-04 07:56:06 97,280 ------w c:\windows\ServicePackFiles\i386\ipevldpc.dll - 2004-08-04 08:56:06 24,064 ------w c:\windows\ServicePackFiles\i386\ipevlpid.dll + 2004-08-04 07:56:06 24,064 ------w c:\windows\ServicePackFiles\i386\ipevlpid.dll - 2004-08-04 08:56:44 94,720 ------w c:\windows\ServicePackFiles\i386\iphlpapi.dll + 2004-08-04 07:56:44 94,720 ------w c:\windows\ServicePackFiles\i386\iphlpapi.dll - 2004-08-04 07:04:46 20,992 ------w c:\windows\ServicePackFiles\i386\ipinip.sys + 2004-08-04 06:04:46 20,992 ------w c:\windows\ServicePackFiles\i386\ipinip.sys - 2004-08-04 08:56:12 96,768 ------w c:\windows\ServicePackFiles\i386\ipmntdpc.dll + 2004-08-04 07:56:12 96,768 ------w c:\windows\ServicePackFiles\i386\ipmntdpc.dll - 2004-08-04 07:04:52 134,912 ------w c:\windows\ServicePackFiles\i386\ipnat.sys + 2004-08-04 06:04:52 134,912 ------w c:\windows\ServicePackFiles\i386\ipnat.sys - 2004-08-04 08:56:44 331,264 ------w c:\windows\ServicePackFiles\i386\ipnathlp.dll + 2004-08-04 07:56:44 331,264 ------w c:\windows\ServicePackFiles\i386\ipnathlp.dll - 2004-08-04 08:56:44 330,752 ------w c:\windows\ServicePackFiles\i386\ippromon.dll + 2004-08-04 07:56:44 330,752 ------w c:\windows\ServicePackFiles\i386\ippromon.dll - 2004-08-04 08:56:44 35,328 ------w c:\windows\ServicePackFiles\i386\iprip.dll + 2004-08-04 07:56:44 35,328 ------w c:\windows\ServicePackFiles\i386\iprip.dll - 2004-08-04 07:14:30 74,752 ------w c:\windows\ServicePackFiles\i386\ipsec.sys + 2004-08-04 06:14:30 74,752 ------w c:\windows\ServicePackFiles\i386\ipsec.sys - 2004-08-04 08:56:44 349,696 ------w c:\windows\ServicePackFiles\i386\ipsecsnp.dll + 2004-08-04 07:56:44 349,696 ------w c:\windows\ServicePackFiles\i386\ipsecsnp.dll - 2004-08-04 08:56:44 182,784 ------w c:\windows\ServicePackFiles\i386\ipsecsvc.dll + 2004-08-04 07:56:44 182,784 ------w c:\windows\ServicePackFiles\i386\ipsecsvc.dll - 2004-08-04 08:56:28 96,768 ------w c:\windows\ServicePackFiles\i386\ipseldpc.dll + 2004-08-04 07:56:28 96,768 ------w c:\windows\ServicePackFiles\i386\ipseldpc.dll - 2004-08-04 08:56:06 24,064 ------w c:\windows\ServicePackFiles\i386\ipselpid.dll + 2004-08-04 07:56:06 24,064 ------w c:\windows\ServicePackFiles\i386\ipselpid.dll - 2004-08-04 08:56:44 384,000 ------w c:\windows\ServicePackFiles\i386\ipsmsnap.dll + 2004-08-04 07:56:44 384,000 ------w c:\windows\ServicePackFiles\i386\ipsmsnap.dll - 2004-08-04 08:56:52 53,248 ------w c:\windows\ServicePackFiles\i386\ipv6.exe + 2004-08-04 07:56:52 53,248 ------w c:\windows\ServicePackFiles\i386\ipv6.exe - 2004-08-04 08:56:44 59,904 ------w c:\windows\ServicePackFiles\i386\ipv6mon.dll + 2004-08-04 07:56:44 59,904 ------w c:\windows\ServicePackFiles\i386\ipv6mon.dll - 2004-08-04 08:56:52 23,552 ------w c:\windows\ServicePackFiles\i386\ipxroute.exe + 2004-08-04 07:56:52 23,552 ------w c:\windows\ServicePackFiles\i386\ipxroute.exe - 2004-08-04 08:56:44 120,320 ------w c:\windows\ServicePackFiles\i386\ir41_qc.dll + 2004-08-04 07:56:44 120,320 ------w c:\windows\ServicePackFiles\i386\ir41_qc.dll - 2004-08-04 08:56:44 338,432 ------w c:\windows\ServicePackFiles\i386\ir41_qcx.dll + 2004-08-04 07:56:44 338,432 ------w c:\windows\ServicePackFiles\i386\ir41_qcx.dll - 2004-08-04 08:56:44 755,200 ------w c:\windows\ServicePackFiles\i386\ir50_32.dll + 2004-08-04 07:56:44 755,200 ------w c:\windows\ServicePackFiles\i386\ir50_32.dll - 2004-08-04 08:56:44 200,192 ------w c:\windows\ServicePackFiles\i386\ir50_qc.dll + 2004-08-04 07:56:44 200,192 ------w c:\windows\ServicePackFiles\i386\ir50_qc.dll - 2004-08-04 08:56:44 183,808 ------w c:\windows\ServicePackFiles\i386\ir50_qcx.dll + 2004-08-04 07:56:44 183,808 ------w c:\windows\ServicePackFiles\i386\ir50_qcx.dll - 2004-08-04 07:08:34 40,832 ------w c:\windows\ServicePackFiles\i386\irbus.sys + 2004-08-04 06:08:34 40,832 ------w c:\windows\ServicePackFiles\i386\irbus.sys - 2004-08-04 07:00:54 87,424 ------w c:\windows\ServicePackFiles\i386\irda.sys + 2004-08-04 06:00:54 87,424 ------w c:\windows\ServicePackFiles\i386\irda.sys - 2004-08-04 07:00:48 11,264 ------w c:\windows\ServicePackFiles\i386\irenum.sys + 2004-08-04 06:00:48 11,264 ------w c:\windows\ServicePackFiles\i386\irenum.sys - 2004-08-04 08:56:52 152,576 ------w c:\windows\ServicePackFiles\i386\irftp.exe + 2004-08-04 07:56:52 152,576 ------w c:\windows\ServicePackFiles\i386\irftp.exe - 2004-08-04 08:56:44 27,136 ------w c:\windows\ServicePackFiles\i386\irmon.dll + 2004-08-04 07:56:44 27,136 ------w c:\windows\ServicePackFiles\i386\irmon.dll - 2004-08-04 08:56:44 68,608 ------w c:\windows\ServicePackFiles\i386\isatq.dll + 2004-08-04 07:56:44 68,608 ------w c:\windows\ServicePackFiles\i386\isatq.dll - 2004-08-04 08:56:44 26,624 ------w c:\windows\ServicePackFiles\i386\iscomlog.dll + 2004-08-04 07:56:44 26,624 ------w c:\windows\ServicePackFiles\i386\iscomlog.dll - 2004-08-04 08:56:44 81,920 ------w c:\windows\ServicePackFiles\i386\isign32.dll + 2004-08-04 07:56:44 81,920 ------w c:\windows\ServicePackFiles\i386\isign32.dll - 2004-08-04 08:56:44 32,768 ------w c:\windows\ServicePackFiles\i386\isrdbg32.dll + 2004-08-04 07:56:44 32,768 ------w c:\windows\ServicePackFiles\i386\isrdbg32.dll - 2004-08-04 08:56:44 143,872 ------w c:\windows\ServicePackFiles\i386\itircl.dll + 2004-08-04 07:56:44 143,872 ------w c:\windows\ServicePackFiles\i386\itircl.dll - 2004-08-04 08:56:44 134,144 ------w c:\windows\ServicePackFiles\i386\itss.dll + 2004-08-04 07:56:44 134,144 ------w c:\windows\ServicePackFiles\i386\itss.dll - 2004-08-04 08:56:44 192,000 ------w c:\windows\ServicePackFiles\i386\iuengine.dll + 2004-08-04 07:56:44 192,000 ------w c:\windows\ServicePackFiles\i386\iuengine.dll - 2004-08-04 08:56:44 54,272 ------w c:\windows\ServicePackFiles\i386\ixsso.dll + 2004-08-04 07:56:44 54,272 ------w c:\windows\ServicePackFiles\i386\ixsso.dll - 2004-08-04 08:56:44 47,616 ------w c:\windows\ServicePackFiles\i386\iyuv_32.dll + 2004-08-04 07:56:44 47,616 ------w c:\windows\ServicePackFiles\i386\iyuv_32.dll - 2004-07-20 02:54:06 40,960 ------w c:\windows\ServicePackFiles\i386\jsc.exe + 2004-07-20 01:54:06 40,960 ------w c:\windows\ServicePackFiles\i386\jsc.exe - 2004-08-04 08:56:44 450,560 ------w c:\windows\ServicePackFiles\i386\jscript.dll + 2004-08-04 07:56:44 450,560 ------w c:\windows\ServicePackFiles\i386\jscript.dll - 2004-08-04 08:56:44 15,872 ------w c:\windows\ServicePackFiles\i386\jsproxy.dll + 2004-08-04 07:56:44 15,872 ------w c:\windows\ServicePackFiles\i386\jsproxy.dll - 2004-08-04 06:58:34 24,576 ------w c:\windows\ServicePackFiles\i386\kbdclass.sys + 2004-08-04 05:58:34 24,576 ------w c:\windows\ServicePackFiles\i386\kbdclass.sys - 2004-08-04 08:56:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdfi1.dll + 2004-08-04 07:56:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdfi1.dll - 2004-08-04 06:58:36 14,848 ------w c:\windows\ServicePackFiles\i386\kbdhid.sys + 2004-08-04 05:58:36 14,848 ------w c:\windows\ServicePackFiles\i386\kbdhid.sys - 2004-08-04 08:56:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinbe1.dll + 2004-08-04 07:56:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdinbe1.dll - 2004-08-04 08:56:12 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinben.dll + 2004-08-04 07:56:12 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinben.dll - 2004-08-04 08:56:12 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinmal.dll + 2004-08-04 07:56:12 6,656 ------w c:\windows\ServicePackFiles\i386\kbdinmal.dll - 2004-08-04 08:56:12 5,632 ------w c:\windows\ServicePackFiles\i386\kbdmaori.dll + 2004-08-04 07:56:12 5,632 ------w c:\windows\ServicePackFiles\i386\kbdmaori.dll - 2004-08-04 08:56:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt47.dll + 2004-08-04 07:56:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt47.dll - 2004-08-04 08:56:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt48.dll + 2004-08-04 07:56:12 6,144 ------w c:\windows\ServicePackFiles\i386\kbdmlt48.dll - 2004-08-04 08:56:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdno1.dll + 2004-08-04 07:56:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdno1.dll - 2004-08-04 08:56:12 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsfi.dll + 2004-08-04 07:56:12 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsfi.dll - 2004-08-04 08:56:12 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsno.dll + 2004-08-04 07:56:12 7,680 ------w c:\windows\ServicePackFiles\i386\kbdsmsno.dll - 2004-08-04 08:56:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdukx.dll + 2004-08-04 07:56:12 7,168 ------w c:\windows\ServicePackFiles\i386\kbdukx.dll - 2004-08-04 06:59:24 7,424 ------w c:\windows\ServicePackFiles\i386\kd1394.dll + 2004-08-04 05:59:24 7,424 ------w c:\windows\ServicePackFiles\i386\kd1394.dll - 2004-08-04 08:56:44 294,400 ------w c:\windows\ServicePackFiles\i386\kerberos.dll + 2004-08-04 07:56:44 294,400 ------w c:\windows\ServicePackFiles\i386\kerberos.dll - 2004-08-04 08:56:44 983,552 ------w c:\windows\ServicePackFiles\i386\kernel32.dll + 2004-08-04 07:56:44 983,552 ------w c:\windows\ServicePackFiles\i386\kernel32.dll - 2004-08-04 06:46:56 42,537 ------w c:\windows\ServicePackFiles\i386\keyboard.sys + 2004-08-04 05:46:56 42,537 ------w c:\windows\ServicePackFiles\i386\keyboard.sys - 2004-08-04 08:56:44 150,528 ------w c:\windows\ServicePackFiles\i386\keymgr.dll + 2004-08-04 07:56:44 150,528 ------w c:\windows\ServicePackFiles\i386\keymgr.dll - 2004-08-04 07:07:50 171,776 ------w c:\windows\ServicePackFiles\i386\kmixer.sys + 2004-08-04 06:07:50 171,776 ------w c:\windows\ServicePackFiles\i386\kmixer.sys - 2004-08-04 06:49:34 92,224 ------w c:\windows\ServicePackFiles\i386\krnl386.exe + 2004-08-04 05:49:34 92,224 ------w c:\windows\ServicePackFiles\i386\krnl386.exe - 2004-08-04 08:56:44 24,576 ------w c:\windows\ServicePackFiles\i386\krnlprov.dll + 2004-08-04 07:56:44 24,576 ------w c:\windows\ServicePackFiles\i386\krnlprov.dll - 2004-08-04 07:15:22 140,928 ------w c:\windows\ServicePackFiles\i386\ks.sys + 2004-08-04 06:15:22 140,928 ------w c:\windows\ServicePackFiles\i386\ks.sys - 2004-08-04 06:59:48 92,032 ------w c:\windows\ServicePackFiles\i386\ksecdd.sys + 2004-08-04 05:59:48 92,032 ------w c:\windows\ServicePackFiles\i386\ksecdd.sys - 2004-08-04 08:56:44 4,096 ------w c:\windows\ServicePackFiles\i386\ksuser.dll + 2004-08-04 07:56:44 4,096 ------w c:\windows\ServicePackFiles\i386\ksuser.dll - 2004-08-04 06:31:52 97,792 ------w c:\windows\ServicePackFiles\i386\lang\chtmbx.dll + 2004-08-04 05:31:52 97,792 ------w c:\windows\ServicePackFiles\i386\lang\chtmbx.dll - 2004-08-04 06:31:54 56,320 ------w c:\windows\ServicePackFiles\i386\lang\chtskdic.dll + 2004-08-04 05:31:54 56,320 ------w c:\windows\ServicePackFiles\i386\lang\chtskdic.dll - 2004-08-04 06:31:54 173,568 ------w c:\windows\ServicePackFiles\i386\lang\chtskf.dll + 2004-08-04 05:31:54 173,568 ------w c:\windows\ServicePackFiles\i386\lang\chtskf.dll - 2004-08-04 06:31:54 198,656 ------w c:\windows\ServicePackFiles\i386\lang\cintime.dll + 2004-08-04 05:31:54 198,656 ------w c:\windows\ServicePackFiles\i386\lang\cintime.dll - 2004-08-04 06:31:56 480,256 ------w c:\windows\ServicePackFiles\i386\lang\cintsetp.exe + 2004-08-04 05:31:56 480,256 ------w c:\windows\ServicePackFiles\i386\lang\cintsetp.exe - 2004-08-04 06:31:40 57,399 ------w c:\windows\ServicePackFiles\i386\lang\cplexe.exe + 2004-08-04 05:31:40 57,399 ------w c:\windows\ServicePackFiles\i386\lang\cplexe.exe - 2004-08-04 07:04:38 106,496 ------w c:\windows\ServicePackFiles\i386\lang\imekrcic.dll + 2004-08-04 06:04:38 106,496 ------w c:\windows\ServicePackFiles\i386\lang\imekrcic.dll - 2004-08-04 07:04:34 86,016 ------w c:\windows\ServicePackFiles\i386\lang\imekrmbx.dll + 2004-08-04 06:04:34 86,016 ------w c:\windows\ServicePackFiles\i386\lang\imekrmbx.dll - 2004-08-04 06:31:50 811,064 ------w c:\windows\ServicePackFiles\i386\lang\imjp81k.dll + 2004-08-04 05:31:50 811,064 ------w c:\windows\ServicePackFiles\i386\lang\imjp81k.dll - 2004-08-04 06:31:52 368,696 ------w c:\windows\ServicePackFiles\i386\lang\imjpcic.dll + 2004-08-04 05:31:52 368,696 ------w c:\windows\ServicePackFiles\i386\lang\imjpcic.dll - 2004-08-04 06:31:52 716,856 ------w c:\windows\ServicePackFiles\i386\lang\imjpcus.dll + 2004-08-04 05:31:52 716,856 ------w c:\windows\ServicePackFiles\i386\lang\imjpcus.dll - 2004-08-04 06:31:54 81,976 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.dll + 2004-08-04 05:31:54 81,976 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.dll - 2004-08-04 06:31:54 307,257 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.exe + 2004-08-04 05:31:54 307,257 ------w c:\windows\ServicePackFiles\i386\lang\imjpdct.exe - 2004-08-04 06:31:56 155,705 ------w c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe + 2004-08-04 05:31:56 155,705 ------w c:\windows\ServicePackFiles\i386\lang\imjpdsvr.exe - 2004-08-04 06:31:58 196,665 ------w c:\windows\ServicePackFiles\i386\lang\imjpinst.exe + 2004-08-04 05:31:58 196,665 ------w c:\windows\ServicePackFiles\i386\lang\imjpinst.exe - 2004-08-04 06:32:00 208,952 ------w c:\windows\ServicePackFiles\i386\lang\imjpmig.exe + 2004-08-04 05:32:00 208,952 ------w c:\windows\ServicePackFiles\i386\lang\imjpmig.exe - 2004-08-04 06:32:12 233,527 ------w c:\windows\ServicePackFiles\i386\lang\imjprw.exe + 2004-08-04 05:32:12 233,527 ------w c:\windows\ServicePackFiles\i386\lang\imjprw.exe - 2004-08-04 06:32:16 262,200 ------w c:\windows\ServicePackFiles\i386\lang\imjputy.exe + 2004-08-04 05:32:16 262,200 ------w c:\windows\ServicePackFiles\i386\lang\imjputy.exe - 2004-08-04 06:32:16 274,489 ------w c:\windows\ServicePackFiles\i386\lang\imjputyc.dll + 2004-08-04 05:32:16 274,489 ------w c:\windows\ServicePackFiles\i386\lang\imjputyc.dll - 2004-08-04 06:32:28 102,456 ------w c:\windows\ServicePackFiles\i386\lang\imlang.dll + 2004-08-04 05:32:28 102,456 ------w c:\windows\ServicePackFiles\i386\lang\imlang.dll - 2004-08-04 06:31:50 59,392 ------w c:\windows\ServicePackFiles\i386\lang\imscinst.exe + 2004-08-04 05:31:50 59,392 ------w c:\windows\ServicePackFiles\i386\lang\imscinst.exe - 2004-08-04 06:32:12 15,872 ------w c:\windows\ServicePackFiles\i386\lang\padrs404.dll + 2004-08-04 05:32:12 15,872 ------w c:\windows\ServicePackFiles\i386\lang\padrs404.dll - 2004-08-04 06:31:50 15,360 ------w c:\windows\ServicePackFiles\i386\lang\padrs804.dll + 2004-08-04 05:31:50 15,360 ------w c:\windows\ServicePackFiles\i386\lang\padrs804.dll - 2004-08-04 06:31:50 175,104 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsa.dll + 2004-08-04 05:31:50 175,104 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsa.dll - 2004-08-04 06:31:50 53,760 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsd.dll + 2004-08-04 05:31:50 53,760 ------w c:\windows\ServicePackFiles\i386\lang\pintlcsd.dll - 2004-08-04 06:31:50 70,144 ------w c:\windows\ServicePackFiles\i386\lang\pintlphr.exe + 2004-08-04 05:31:50 70,144 ------w c:\windows\ServicePackFiles\i386\lang\pintlphr.exe - 2004-08-04 06:31:50 67,584 ------w c:\windows\ServicePackFiles\i386\lang\pmigrate.dll + 2004-08-04 05:31:50 67,584 ------w c:\windows\ServicePackFiles\i386\lang\pmigrate.dll - 2004-08-04 06:32:16 44,032 ------w c:\windows\ServicePackFiles\i386\lang\tintlphr.exe + 2004-08-04 05:32:16 44,032 ------w c:\windows\ServicePackFiles\i386\lang\tintlphr.exe - 2004-08-04 06:32:16 455,168 ------w c:\windows\ServicePackFiles\i386\lang\tintsetp.exe + 2004-08-04 05:32:16 455,168 ------w c:\windows\ServicePackFiles\i386\lang\tintsetp.exe - 2004-08-04 06:32:14 10,240 ------w c:\windows\ServicePackFiles\i386\lang\tmigrate.dll + 2004-08-04 05:32:14 10,240 ------w c:\windows\ServicePackFiles\i386\lang\tmigrate.dll - 2004-08-04 07:04:12 76,288 ------w c:\windows\ServicePackFiles\i386\lang\uniime.dll + 2004-08-04 06:04:12 76,288 ------w c:\windows\ServicePackFiles\i386\lang\uniime.dll - 2004-08-04 06:32:36 426,041 ------w c:\windows\ServicePackFiles\i386\lang\voicepad.dll + 2004-08-04 05:32:36 426,041 ------w c:\windows\ServicePackFiles\i386\lang\voicepad.dll - 2004-08-04 06:32:36 86,073 ------w c:\windows\ServicePackFiles\i386\lang\voicesub.dll + 2004-08-04 05:32:36 86,073 ------w c:\windows\ServicePackFiles\i386\lang\voicesub.dll - 2004-08-04 08:56:44 6,656 ------w c:\windows\ServicePackFiles\i386\laprxy.dll + 2004-08-04 07:56:44 6,656 ------w c:\windows\ServicePackFiles\i386\laprxy.dll - 2004-08-04 06:59:34 34,688 ------w c:\windows\ServicePackFiles\i386\lbrtfdc.sys + 2004-08-04 05:59:34 34,688 ------w c:\windows\ServicePackFiles\i386\lbrtfdc.sys - 2004-08-04 08:56:44 423,936 ------w c:\windows\Servic
  11. Thank you soooo much. You saved my life. You have no idea how much this helped me, and how much you save me from going to the computer geeks guys, I can get on the internet now. Do you have a donation fund that I can contribute to? I really do appreciate this. I tried to send both my logs but I think they're a little too big. So I am going to send my malwarebytes. If anything still looks suspicious, please help me out. I think something might still be in my computer. Here is my logs. Thanks for your help. Malwarebytes' Anti-Malware 1.35 Database version: 1893 Windows 5.1.2600 Service Pack 2 2009-04-16 21:42:53 mbam-log-2009-04-16 (21-42-53).txt Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|) Objects scanned: 514636 Time elapsed: 2 hour(s), 13 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. Hello, I have this problem for more than a week now. I had a virus and some trojans and used six different virus software to get rid of them. The problem started when I was trying to run a scan. My internet browser just stopped working. I noticed that I can still ping other websites and that worked. I also noticed that I can still download from itunes and open up my ftp software for my website. So I do have an internet connection, there's just something blocking my browser. I used combo fix, smitfraudfix, avg,atf-cleaner,ioloav, spyhunter, spybot, superanitspyware, kaspersky, antivir malwarebyte. Then I went into safe mode and went under the administrator and noticed I can get on the internet from there. Then I went to my log on screen in safe mode and noticed that I couldn't get on the internet even though I am in safe mode under my own account. I've been scanning for more viruses and every virus program says that I am clean. I even went to the measure of repairing windows and re-installing service pack 2 and I still have this problem. I'm using windowns xp service pack 2. I need some help. Here is my hijack log. update i see this in my browser to /C:\WINDOWS\SYTEM32\shdoclc.dll\DNSERROR.HTM Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:21:18, on 2009-04-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\PrevxCSI\prevxcsi.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\WINDOWS\vVX1000.exe G:\Program Files\UltraMon\UltraMon.exe C:\Program Files\Java\jre6\bin\jusched.exe G:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI\Catalyst Media Center\CMCService.exe G:\Program Files\UltraMon\UltraMonTaskbar.exe G:\Program Files\iolo\AntiVirus\ioloAV.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe G:\Program Files\Audible\Bin\AudibleDownloadHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Microsoft LifeCam\LifeTray.exe G:\Program Files\iolo\AntiVirus\iAVEmailScanner.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [ultraMon] "G:\Program Files\UltraMon\UltraMon.exe" /auto O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [iolo AntiVirus] "G:\Program Files\iolo\AntiVirus\ioloAV.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] G:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O4 - Global Startup: Audible Download Manager.lnk = G:\Program Files\Audible\Bin\AudibleDownloadHelper.exe O4 - Global Startup: Microsoft Office.lnk = G:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Droppix Service - Droppix - C:\Program Files\Common Files\Droppix\DxService.exe O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - G:\Program Files\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
  13. Hello, I want to thank you for your time and you have been a big help, but I decided to reinstall Windows over again because I could not get my DVD player to be recognized in the device manager anymore. My last resort was to clean install Windows. I am virus free now, error free, and I guess the forum is now closed. Thanks.
×
×
  • Create New...