Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

servekidd

19 Posts

2413

June 10th, 2008 22:00

Warning message and bugs all over my screen

Oops, i pressed enter by accident

 

My symptoms are simply by what the subject says, I have a blue screen with a warning sign saying that I have spyware or virus. Then i have the screensaver of bugs eating my screen away. I used Kaspersky, and Uniblue Spychecker, but they haven't been able to get the screen back to normal. Please help =] thanks

 

Hijack log

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:53:39 PM, on 6/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe
C:\WINDOWS\system32\lphcrc8j0e567.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Uniblue\PowerSuite\PowerSuite.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://seek.yisou.com/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://seek.yisou.com/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.myspace.com/julie_ngoc
O1 - Hosts: AmsServer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [VMConsole.exe] C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe /windowmin
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Uniblue SpyEraser] "C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" -m
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: HD_CertService - Unknown owner - C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MioNet - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13117 bytes
 

 

bamajim

10.4K Posts

June 11th, 2008 00:00

servekidd

1. Go HERE and download File Lister.
  • Save it to your Desktop
    Rt Click ->> Extract all ->> And extract it to your Desktop
    Additional help on extracting zip files can be found HERE
    Open the File Lister Folder.
    Rt Click FileLister.vbe ->>Select Open Then Open to confirm.
    As the program runs, it will appear that nothing is happening.
    When the program is fnished it will produce a log for you C:\Files.txt






Copy and paste the contents of that log in your reply.








Microsoft MVP Consumer-Security

 


"The world is what you make of it"



servekidd

19 Posts

June 11th, 2008 01:00

I don't know if it's still trying to log my files or not, but it has been an 2 hours already. The wsscript has not finished yet. I opened the file in C drive, and there wasn't much in it. I opened task manager, and i found that that wscript was using 50% cpu. Is that normal?

bamajim

10.4K Posts

June 11th, 2008 11:00

servekidd

 

No it should only take a matter of minutes.

 

Reboot your PC in Safe Mode that rerun File Lister.

 

It should produce a log in no longer thatn 2 to 3 minutes.

 

Also look to see if it produced a log but did not auto open. The log file will be located at C:\Files.txt.

 



 

Microsoft MVP Consumer-Security

 


"The world is what you make of it"
 

 

servekidd

19 Posts

June 11th, 2008 19:00

The program will open but there is nothing on the taskbar, as nothing comes to view.

bamajim

10.4K Posts

June 11th, 2008 20:00

servekidd

Let's change tools

Please download Combofix and save to your desktop:
  • Note: It is important that it is saved directly to your desktop
    Close any open browsers.
    Double click on combofix.exe and follow the prompts.
    When it's finished it will produce a log.
    Post the contents of the C:\ComboFix.txt into your next reply.
    Note: Do not mouseclick combofix's window whilst it's running.
    That may cause the program to freeze/hang.




















Microsoft MVP Consumer-Security

 


"The world is what you make of it"




servekidd

19 Posts

June 11th, 2008 23:00

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
2008-04-25 18:22    62728    --a------    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Uniblue Registry Booster"="C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 11:15 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-10-21 18:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-10-21 21:44 2744832 C:\WINDOWS\ALCWZRD.EXE]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2004-09-21 22:54 151552]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 01:08 28672]
"VMConsole.exe"="C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VMConsole.exe" [2004-06-23 23:37 557056]
"HP SchedIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe" [2002-04-22 12:56 94208]
"HP AutoIndexer"="C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe" [2002-04-22 12:57 90112]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-06 17:26 185632]
"MioNet"="C:\Program Files\MioNet\MioNetLauncher.exe" [2007-08-31 21:14 32768]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"vidc.DAVC"= davcvfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Lisha Xiao\\My Documents\\eMule\\eMule.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitComet\\Downloads\\utorrent.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Joe\\vbalink172l\\vbaserver.exe"=
"C:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"=
"C:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"=
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\Retrospect.exe"=
"C:\\Program Files\\Retrospect\\Retrospect Express HD 2.0\\retrorun.exe"=
"C:\\Program Files\\Steam\\steamapps\\theblackpickle\\day of defeat\\hl.exe"=
"C:\\Program Files\\MioNet\\MioNetManager.exe"=
"C:\\Program Files\\MioNet\\jvm\\bin\\MioNet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9705:TCP"= 9705:TCP:BitComet 9705 TCP
"9705:UDP"= 9705:UDP:BitComet 9705 UDP
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 HD_CertService;HD_CertService;C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe [2007-05-15 11:37]
R2 MioNet;MioNet;"C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" []
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-07-25 18:36]
S3 2242w39a;2242w39a;C:\DOCUME~1\LISHAX~1\LOCALS~1\Temp\5S2O1WX []
S3 CIDCUSB;CIDC USB KEY Driver;C:\WINDOWS\system32\Drivers\cidcusb.sys [2007-02-28 21:30]
S3 musbehco;musbehco;C:\DOCUME~1\LISHAX~1\LOCALS~1\Temp\musbehco.sys []
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 14:47]
S3 WdfDynam;WdfDynam;C:\WINDOWS\system32\DRIVERS\WdfDynam.sys [2005-04-05 15:31]
S3 XDva011;XDva011;C:\WINDOWS\system32\XDva011.sys []
S3 XDva020;XDva020;C:\WINDOWS\system32\XDva020.sys []
S3 XDva030;XDva030;C:\WINDOWS\system32\XDva030.sys []
S3 zebrbus;Sony Ericsson Composite Device driver;C:\WINDOWS\system32\DRIVERS\zebrbus.sys [2006-07-25 18:36]
S3 zebrmdfl;Sony Ericsson Modem Filter;C:\WINDOWS\system32\DRIVERS\zebrmdfl.sys [2006-07-25 18:36]
S3 zebrmdm;Sony Ericsson Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdm.sys [2006-07-25 18:36]
S3 zebrmdmc;Sony Ericsson mRouter Port (WDM);C:\WINDOWS\system32\DRIVERS\zebrmdmc.sys [2006-07-25 18:36]
S3 zebrsce;Sony Ericsson PC-Connect Port;C:\WINDOWS\system32\DRIVERS\zebrsce.sys [2006-07-25 18:36]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-07 23:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-04-14 01:51:27 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-11 01:22:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:22:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2242w39a]
"ImagePath"="\??\C:\DOCUME~1\LISHAX~1\LOCALS~1\Temp\5S2O1WX"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Retrospect\Retrospect Express HD 2.0\retrorun.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
.
**************************************************************************
.
Completion time: 2008-06-11 19:32:49 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-11 23:32:38

Pre-Run: 52,236,365,824 bytes free
Post-Run: 53,372,690,432 bytes free

431    --- E O F ---    2008-06-11 04:17:13

servekidd

19 Posts

June 11th, 2008 23:00

ComboFix 08-06-10.5 - Billy 2008-06-11 19:04:49.1 - NTFSx86
Running from: C:\Documents and Settings\Billy\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Billy\Application Data\AXPDefender
C:\Documents and Settings\Billy\Application Data\ShoppingReport
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Billy\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\Lisha Xiao\Application Data\macromedia\Flash Player\#SharedObjects\UZX6D9U8\www.broadcaster.com
C:\Documents and Settings\Lisha Xiao\Application Data\macromedia\Flash Player\#SharedObjects\UZX6D9U8\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Lisha Xiao\Application Data\macromedia\Flash Player\#SharedObjects\UZX6D9U8\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Lisha Xiao\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Lisha Xiao\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Lisha Xiao\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Uninst.exe
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll

.

servekidd

19 Posts

June 11th, 2008 23:00

Ok I did it, however i had to divide it to parts because of the character limit. The last post it before the Reg Loading Points.

servekidd

19 Posts

June 11th, 2008 23:00

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-11 23:20    ---------    d-----w    C:\Program Files\MioNet
2008-06-11 00:52    ---------    d-----w    C:\Program Files\FlashGet
2008-06-10 21:33    ---------    d-----w    C:\Program Files\Uniblue
2008-06-10 21:33    ---------    d-----w    C:\Documents and Settings\Billy\Application Data\Uniblue
2008-06-10 21:31    ---------    d-----w    C:\Documents and Settings\Lisha Xiao\Application Data\Lavasoft
2008-06-10 21:29    ---------    d-----w    C:\Program Files\Advanced RAM Recovery
2008-06-10 09:37    ---------    d-----w    C:\Program Files\TopText
2008-06-09 23:20    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-06-09 02:10    ---------    d-----w    C:\Documents and Settings\Billy\Application Data\Registry Booster
2008-06-08 20:11    ---------    d-----w    C:\Program Files\SpywareBlaster
2008-06-08 02:51    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-05 01:57    ---------    d-----w    C:\Program Files\WarRock
2008-06-02 20:02    ---------    d-----w    C:\Documents and Settings\Billy\Application Data\WeatherBug
2008-05-28 23:58    ---------    d-----w    C:\Program Files\NCH Swift Sound
2008-05-28 23:58    ---------    d-----w    C:\Documents and Settings\Lisha Xiao\Application Data\NCH Swift Sound
2008-05-27 20:46    ---------    d-----w    C:\Program Files\MSN Messenger
2008-05-24 01:06    ---------    d-----w    C:\Program Files\Steam
2008-05-20 19:57    ---------    d-----w    C:\Documents and Settings\Billy\Application Data\MioNet
2008-05-17 19:39    ---------    d-----w    C:\Documents and Settings\Lisha Xiao\Application Data\Registry Booster
2008-05-08 14:02    203,136    ----a-w    C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-05 23:36    ---------    d-----w    C:\Program Files\Common Files\Adobe
2008-05-05 23:34    ---------    d-----w    C:\Program Files\Common Files\Adobe Systems Shared
2008-05-01 13:27    ---------    d-----w    C:\Documents and Settings\Lisha Xiao\Application Data\MioNet
2008-04-25 22:21    26,964    ----a-w    C:\WINDOWS\system32\drivers\klopp.dat
2008-04-20 20:58    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-04-20 15:18    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-20 15:17    ---------    d-----w    C:\Documents and Settings\All Users\Application Data\RetroExp
2008-04-20 15:16    ---------    d-----w    C:\Program Files\SD EnterNET
2008-04-17 02:17    ---------    d-----w    C:\Documents and Settings\Lisha Xiao\Application Data\WeatherBug
2008-04-16 18:23    112,144    ----a-w    C:\WINDOWS\system32\drivers\kl1.sys
2008-04-14 12:30    272,128    ------w    C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 00:13    40,840    ----a-w    C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13    21,896    ----a-w    C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13    139,656    ----a-w    C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13    12,040    ----a-w    C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11    451,072    ----a-w    C:\WINDOWS\AppPatch\aclayers.dll
2008-04-13 19:28    175,744    ----a-w    C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21    162,816    ----a-w    C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20    91,520    ----a-w    C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20    361,344    ----a-w    C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20    182,656    ----a-w    C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19    75,264    ----a-w    C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19    51,328    ----a-w    C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19    48,384    ----a-w    C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19    146,048    ----a-w    C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19    138,112    ----a-w    C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18    52,480    ----a-w    C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17    83,072    ----a-w    C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17    456,576    ----a-w    C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17    105,344    ----a-w    C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16    49,536    ----a-w    C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16    141,056    ----a-w    C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15    64,512    ----a-w    C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15    60,800    ----a-w    C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15    574,976    ----a-w    C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15    334,848    ----a-w    C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14    63,744    ----a-w    C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14    143,744    ----a-w    C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00    30,080    ----a-w    C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00    225,664    ----a-w    C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00    19,072    ----a-w    C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57    41,472    ----a-w    C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57    40,576    ----a-w    C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57    34,560    ----a-w    C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57    20,864    ----a-w    C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57    152,832    ----a-w    C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57    14,336    ----a-w    C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57    10,112    ----a-w    C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56    88,320    ----a-w    C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56    69,120    ----a-w    C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56    35,072    ----a-w    C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56    34,688    ----a-w    C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56    30,592    ----a-w    C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56    30,592    ------w    C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56    12,800    ----a-w    C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56    12,800    ------w    C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56    12,288    ----a-w    C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55    14,592    ----a-w    C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54    11,264    ----a-w    C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53    71,552    ----a-w    C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53    40,320    ----a-w    C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53    36,608    ----a-w    C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53    264,832    ----a-w    C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51    61,824    ----a-w    C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51    60,800    ----a-w    C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51    59,904    ----a-w    C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51    55,808    ----a-w    C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51    101,120    ------w    C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:45    60,160    ----a-w    C:\WINDOWS\system32\drivers\drmk.sys
2008-04-13 18:44    81,664    ----a-w    C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44    799,744    ----a-w    C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44    20,992    ----a-w    C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44    153,344    ----a-w    C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43    14,208    ------w    C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43    12,672    ------w    C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41    52,352    ----a-w    C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-13 18:39    92,544    ----a-w    C:\WINDOWS\system32\drivers\mqac.sys
2008-04-13 18:39    7,552    ----a-w    C:\WINDOWS\system32\drivers\mskssrv.sys
2008-04-13 18:39    5,504    ----a-w    C:\WINDOWS\system32\drivers\mstee.sys
2008-04-13 18:39    5,376    ----a-w    C:\WINDOWS\system32\drivers\mspclock.sys
2006-05-06 16:42    7,260,160    ----a-w    C:\Program Files\mozilla firefox\plugins\libvlc.dll
2007-12-10 21:40    6,275,816    ----a-w    C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

servekidd

19 Posts

June 11th, 2008 23:00

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CNSMINKP
-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2008-05-11 to 2008-06-11  )))))))))))))))))))))))))))))))
.

2008-06-10 23:57 . 2008-04-13 14:47    25,856    --a------    C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-10 23:57 . 2008-04-13 14:47    25,856    --a--c---    C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-10 21:14 . 2008-06-10 21:14        d--------    C:\Documents and Settings\All Users\Application Data\Uniblue
2008-06-10 21:01 . 2008-06-10 21:01        d--------    C:\Program Files\Windows Media Connect 2
2008-06-10 20:56 . 2008-06-10 20:59        d--------    C:\WINDOWS\system32\drivers\UMDF
2008-06-10 20:47 . 2008-04-14 08:30    272,128    -----c---    C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:47 . 2008-05-08 10:02    203,136    -----c---    C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 19:42 . 2008-06-10 19:42        d--------    C:\Program Files\Trend Micro
2008-06-10 18:12 . 2008-06-10 18:12        d--------    C:\Documents and Settings\Billy\Application Data\Sony Corporation
2008-06-10 16:50 . 2008-06-10 16:50        d--------    C:\Documents and Settings\Billy\Application Data\Teleca
2008-06-10 16:50 . 2008-06-10 16:50        d--------    C:\Documents and Settings\Billy\Application Data\Sony Ericsson
2008-06-10 16:48 . 2008-06-10 16:38    52,736    --a------    C:\WINDOWS\system32\blphcrc8j0e567.scr
2008-06-10 16:28 . 2008-06-10 16:18    52,736    --a------    C:\WINDOWS\system32\33C.tmp
2008-06-10 16:18 . 2008-06-10 16:08    52,736    --a------    C:\WINDOWS\system32\339.tmp
2008-06-10 15:58 . 2008-06-10 15:48    52,736    --a------    C:\WINDOWS\system32\151.tmp
2008-06-10 15:48 . 2008-06-10 15:38    52,736    --a------    C:\WINDOWS\system32\C3.tmp
2008-06-10 15:38 . 2008-06-10 15:27    52,736    --a------    C:\WINDOWS\system32\C0.tmp
2008-06-10 15:27 . 2008-06-10 15:17    52,736    --a------    C:\WINDOWS\system32\BC.tmp
2008-06-10 15:17 . 2008-06-10 15:07    52,736    --a------    C:\WINDOWS\system32\B9.tmp
2008-06-10 15:07 . 2008-06-10 14:57    52,736    --a------    C:\WINDOWS\system32\B6.tmp
2008-06-10 14:57 . 2008-06-10 14:47    52,736    --a------    C:\WINDOWS\system32\B3.tmp
2008-06-10 14:47 . 2008-06-10 14:37    52,736    --a------    C:\WINDOWS\system32\B0.tmp
2008-06-10 14:37 . 2008-06-10 14:27    52,736    --a------    C:\WINDOWS\system32\AD.tmp
2008-06-10 14:27 . 2008-06-10 14:17    52,736    --a------    C:\WINDOWS\system32\AA.tmp
2008-06-10 14:17 . 2008-06-10 14:07    52,736    --a------    C:\WINDOWS\system32\A7.tmp
2008-06-10 14:07 . 2008-06-10 13:57    52,736    --a------    C:\WINDOWS\system32\A3.tmp
2008-06-10 13:57 . 2008-06-10 13:47    52,736    --a------    C:\WINDOWS\system32\A0.tmp
2008-06-10 13:47 . 2008-06-10 13:37    52,736    --a------    C:\WINDOWS\system32\9C.tmp
2008-06-10 13:37 . 2008-06-10 13:27    52,736    --a------    C:\WINDOWS\system32\99.tmp
2008-06-10 13:26 . 2008-06-10 13:16    52,736    --a------    C:\WINDOWS\system32\96.tmp
2008-06-10 13:16 . 2008-06-10 13:06    52,736    --a------    C:\WINDOWS\system32\93.tmp
2008-06-10 13:06 . 2008-06-10 12:56    52,736    --a------    C:\WINDOWS\system32\89.tmp
2008-06-10 12:56 . 2008-06-10 12:46    52,736    --a------    C:\WINDOWS\system32\86.tmp
2008-06-10 12:46 . 2008-06-10 12:36    52,736    --a------    C:\WINDOWS\system32\83.tmp
2008-06-10 12:36 . 2008-06-10 12:26    52,736    --a------    C:\WINDOWS\system32\80.tmp
2008-06-10 12:26 . 2008-06-10 12:16    52,736    --a------    C:\WINDOWS\system32\7D.tmp
2008-06-10 12:16 . 2008-06-10 12:06    52,736    --a------    C:\WINDOWS\system32\7A.tmp
2008-06-10 12:06 . 2008-06-10 11:56    52,736    --a------    C:\WINDOWS\system32\77.tmp
2008-06-10 11:56 . 2008-06-10 11:46    52,736    --a------    C:\WINDOWS\system32\74.tmp
2008-06-10 11:46 . 2008-06-10 11:36    52,736    --a------    C:\WINDOWS\system32\71.tmp
2008-06-10 11:36 . 2008-06-10 11:26    52,736    --a------    C:\WINDOWS\system32\6E.tmp
2008-06-10 11:26 . 2008-06-10 11:16    52,736    --a------    C:\WINDOWS\system32\6B.tmp
2008-06-10 11:16 . 2008-06-10 11:06    52,736    --a------    C:\WINDOWS\system32\68.tmp
2008-06-10 11:06 . 2008-06-10 10:56    52,736    --a------    C:\WINDOWS\system32\65.tmp
2008-06-10 10:56 . 2008-06-10 10:45    52,736    --a------    C:\WINDOWS\system32\62.tmp
2008-06-10 10:45 . 2008-06-10 10:35    52,736    --a------    C:\WINDOWS\system32\5F.tmp
2008-06-10 10:35 . 2008-06-10 10:25    52,736    --a------    C:\WINDOWS\system32\5C.tmp
2008-06-10 10:25 . 2008-06-10 10:15    52,736    --a------    C:\WINDOWS\system32\59.tmp
2008-06-10 10:15 . 2008-06-10 10:05    52,736    --a------    C:\WINDOWS\system32\56.tmp
2008-06-10 10:05 . 2008-06-10 09:55    52,736    --a------    C:\WINDOWS\system32\50.tmp
2008-06-10 09:55 . 2008-06-10 09:45    52,736    --a------    C:\WINDOWS\system32\4D.tmp
2008-06-10 09:45 . 2008-06-10 09:35    52,736    --a------    C:\WINDOWS\system32\4A.tmp
2008-06-10 09:35 . 2008-06-10 09:25    52,736    --a------    C:\WINDOWS\system32\47.tmp
2008-06-10 09:25 . 2008-06-10 09:15    52,736    --a------    C:\WINDOWS\system32\44.tmp
2008-06-10 09:15 . 2008-06-10 09:05    52,736    --a------    C:\WINDOWS\system32\41.tmp
2008-06-10 09:05 . 2008-06-10 08:55    52,736    --a------    C:\WINDOWS\system32\3E.tmp
2008-06-10 08:55 . 2008-06-10 08:45    52,736    --a------    C:\WINDOWS\system32\3B.tmp
2008-06-10 08:45 . 2008-06-10 08:35    52,736    --a------    C:\WINDOWS\system32\38.tmp
2008-06-10 08:35 . 2008-06-10 08:25    52,736    --a------    C:\WINDOWS\system32\35.tmp
2008-06-10 08:25 . 2008-06-10 08:15    52,736    --a------    C:\WINDOWS\system32\31.tmp
2008-06-10 08:15 . 2008-06-10 08:05    52,736    --a------    C:\WINDOWS\system32\2E.tmp
2008-06-10 08:05 . 2008-06-10 07:55    52,736    --a------    C:\WINDOWS\system32\2B.tmp
2008-06-10 07:55 . 2008-06-10 07:45    52,736    --a------    C:\WINDOWS\system32\28.tmp
2008-06-10 07:45 . 2008-06-10 07:35    52,736    --a------    C:\WINDOWS\system32\25.tmp
2008-06-10 07:35 . 2008-06-10 07:25    52,736    --a------    C:\WINDOWS\system32\22.tmp
2008-06-10 07:25 . 2008-06-10 07:14    52,736    --a------    C:\WINDOWS\system32\1F.tmp
2008-06-10 07:14 . 2008-06-10 07:04    52,736    --a------    C:\WINDOWS\system32\1C.tmp
2008-06-10 07:04 . 2008-06-10 06:54    52,736    --a------    C:\WINDOWS\system32\18.tmp
2008-06-10 06:54 . 2008-06-10 06:44    52,736    --a------    C:\WINDOWS\system32\14.tmp
2008-06-10 06:07 . 2008-06-10 05:56    52,736    --a------    C:\WINDOWS\system32\292.tmp
2008-06-10 05:35 . 2008-06-10 00:44    52,736    --a------    C:\WINDOWS\system32\C8.tmp
2008-06-10 00:44 . 2008-06-10 00:34    52,736    --a------    C:\WINDOWS\system32\C5.tmp
2008-06-10 00:34 . 2008-06-10 00:24    52,736    --a------    C:\WINDOWS\system32\C2.tmp
2008-06-10 00:24 . 2008-06-10 00:14    52,736    --a------    C:\WINDOWS\system32\BF.tmp
2008-06-10 00:04 . 2008-06-09 23:54    52,736    --a------    C:\WINDOWS\system32\A8.tmp
2008-06-09 23:54 . 2008-06-09 23:44    52,736    --a------    C:\WINDOWS\system32\A5.tmp
2008-06-09 23:44 . 2008-06-09 23:33    52,736    --a------    C:\WINDOWS\system32\A2.tmp
2008-06-09 23:33 . 2008-06-09 23:20    52,736    --a------    C:\WINDOWS\system32\9F.tmp
2008-06-09 19:43 . 2008-06-09 19:53    96,966    --a------    C:\WINDOWS\system32\drivers\klin.dat
2008-06-09 19:43 . 2008-06-09 19:53    88,774    --a------    C:\WINDOWS\system32\drivers\klick.dat
2008-06-09 19:41 . 2008-06-09 19:41        d--------    C:\Program Files\Kaspersky Lab
2008-06-09 19:41 . 2008-06-11 19:24        d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-09 19:41 . 2008-06-11 19:17    5,634,080    --ahs----    C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-09 19:41 . 2008-06-11 19:18    761,888    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-09 19:41 . 2008-06-11 19:17    45,096    --ahs----    C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-09 19:41 . 2008-06-11 19:18    3,684    --ahs----    C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-09 19:36 . 2008-06-09 19:49        d--------    C:\Documents and Settings\Bing Zhong\Application Data\MioNet
2008-06-09 19:32 . 2008-06-09 19:32        d--------    C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-09 19:27 . 2008-06-09 19:27        d--------    C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 23:11 . 2008-06-08 23:01    52,736    --a------    C:\WINDOWS\system32\15D5.tmp
2008-06-08 23:01 . 2008-06-08 22:51    52,736    --a------    C:\WINDOWS\system32\15D2.tmp
2008-06-08 22:46 . 2008-06-08 22:46        d--------    C:\WINDOWS\system32\scripting
2008-06-08 22:46 . 2008-06-08 22:46        d--------    C:\WINDOWS\system32\en
2008-06-08 22:46 . 2008-06-08 22:46        d--------    C:\WINDOWS\system32\bits
2008-06-08 22:46 . 2008-06-08 22:46        d--------    C:\WINDOWS\l2schemas
2008-06-08 22:42 . 2008-06-08 22:47        d--------    C:\WINDOWS\ServicePackFiles
2008-06-08 22:16 . 2008-04-13 20:12    4,274,816    ---------    C:\WINDOWS\system32\nv4_disp.dll
2008-06-08 22:15 . 2008-04-13 20:12    1,737,856    ---------    C:\WINDOWS\system32\mtxparhd.dll
2008-06-08 22:14 . 2008-04-13 20:11    397,312    ---------    C:\WINDOWS\system32\mmcex.dll
2008-06-08 22:13 . 2004-08-03 22:41    1,041,536    ---------    C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-08 22:12 . 2008-04-13 20:11    870,784    ---------    C:\WINDOWS\system32\ati3d1ag.dll
2008-06-08 22:11 . 2008-04-13 20:11    136,192    ---------    C:\WINDOWS\system32\aaclient.dll
2008-06-08 20:46 . 2008-06-09 19:21        d--------    C:\Program Files\Enigma Software Group
2008-06-08 18:05 . 2008-06-08 18:05        d--------    C:\Program Files\Alwil Software
2008-06-08 17:40 . 2008-06-08 17:30    52,736    --a------    C:\WINDOWS\system32\179.tmp
2008-06-08 17:30 . 2008-06-08 17:20    52,736    --a------    C:\WINDOWS\system32\176.tmp
2008-06-08 17:20 . 2008-06-08 17:10    52,736    --a------    C:\WINDOWS\system32\173.tmp
2008-06-08 17:10 . 2008-06-08 16:59    52,736    --a------    C:\WINDOWS\system32\16F.tmp
2008-06-08 16:38 . 2008-06-08 16:27    52,736    --a------    C:\WINDOWS\system32\161.tmp
2008-06-08 16:07 . 2008-06-08 16:07        d--------    C:\Documents and Settings\Billy\Application Data\shctc8j0e567
2008-06-08 16:06 . 2008-06-08 16:06    92,160    --a------    C:\WINDOWS\system32\lphcrc8j0e567.exe
2008-06-08 16:06 . 2008-06-10 19:10    90,838    --a------    C:\WINDOWS\system32\phcrc8j0e567.bmp
2008-06-01 10:30 . 2008-06-01 10:30        d---s----    C:\Documents and Settings\Billy\UserData
2008-05-31 11:38 . 2008-05-31 11:49        d--------    C:\Documents and Settings\Billy\Contacts
2008-05-29 00:04 . 2008-05-29 00:04        d--------    C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-28 23:53 . 2008-06-10 23:02        d--------    C:\my pics
2008-05-28 16:19 . 2007-07-30 19:19    271,224    --a------    C:\WINDOWS\system32\mucltui.dll
2008-05-28 16:19 . 2007-07-30 19:19    207,736    --a------    C:\WINDOWS\system32\muweb.dll
2008-05-28 16:19 . 2007-07-30 19:19    30,072    --a------    C:\WINDOWS\system32\mucltui.dll.mui
2008-05-27 16:36 . 2008-05-27 16:44        d--hsc---    C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 16:35 . 2008-05-27 16:45        d--------    C:\Program Files\Windows Live
2008-05-27 16:35 . 2008-05-27 16:35        d--------    C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-26 15:34 . 2008-06-08 13:23    54,156    --ah-----    C:\WINDOWS\QTFont.qfn
2008-05-26 15:34 . 2008-05-26 15:34    1,409    --a------    C:\WINDOWS\QTFont.for
2008-05-20 19:37 . 2008-06-08 16:12        d-a------    C:\Documents and Settings\All Users\Application Data\TEMP

.

srizvi4

5 Posts

June 12th, 2008 04:00


+++++++++++++++++++++++++++++++++
+
+ File Lister
+
+ Version 1.0.2
+
+  By bamajim
+
+++++++++++++++++++++++++++++++++

=== Values under HKLM\~\Run ======

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Broadcom Wireless Manager UI"="C:\\WINDOWS\\system32\\WLTRAY.exe"
@=""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="c:\\PROGRA~1\\mcafee.com\\vso\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1150583545\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"SpamBlocker"="C:\\Program Files\\SpamBlockerUtility\\Bin\\4.8.4.0\\SbOEAddOn.exe"
"lphc91oj0e30p"="C:\\WINDOWS\\system32\\lphc91oj0e30p.exe"
"avgnt"="\"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


=== Values under HKCU\~\Run ======

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"DellSupport"="\"C:\\Program Files\\DellSupport\\DSAgnt.exe\" /startup"

 

srizvi4

5 Posts

June 12th, 2008 04:00

=== Files and Folders under "All Users\Application Data" Last 30 Days======

6/8/2008 8:18:09 PM    0    C:\Documents and Settings\All Users\Application Data\Avg8
6/8/2008 8:11:30 PM    372358    C:\Documents and Settings\All Users\Application Data\Avira
6/8/2008 8:11:30 PM    372358    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic
6/8/2008 8:11:31 PM    30720    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\EVENTDB
6/8/2008 8:11:30 PM    0    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\EVENTS
6/8/2008 8:11:30 PM    42645    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX
6/8/2008 8:11:30 PM    0    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED
6/8/2008 8:11:30 PM    5336    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\JOBS
6/8/2008 8:11:30 PM    280120    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES
6/8/2008 8:11:30 PM    2406    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES
6/8/2008 8:11:30 PM    8982    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\REPORTS
6/8/2008 8:11:30 PM    0    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\SYSSAFE
6/8/2008 8:11:30 PM    0    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP
6/11/2008 10:00:44 PM    0    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVGUARD_4853049c
6/8/2008 8:11:30 PM    0    C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE
6/9/2008 9:20:31 AM    20440000    C:\Documents and Settings\All Users\Application Data\Lavasoft
6/9/2008 9:20:31 AM    20440000    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware
6/9/2008 9:20:31 AM    152120    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\logs
6/9/2008 9:20:31 AM    13643482    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update
6/9/2008 9:20:31 AM    6845453    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup
6/9/2008 9:26:40 AM    2149089    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup\Help
6/9/2008 9:26:40 AM    76588    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\backup\Lang
6/9/2008 9:20:31 AM    6798029    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new
6/9/2008 9:24:04 AM    2146934    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new\Help
6/9/2008 9:26:33 AM    76887    C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\update\new\Lang
6/9/2008 9:21:10 AM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\License
6/9/2008 9:27:15 AM    0    C:\Documents and Settings\All Users\Application Data\Lavasoft\MiniMessage
6/11/2008 9:46:29 PM    706821    C:\Documents and Settings\All Users\Application Data\Malwarebytes
6/11/2008 9:46:29 PM    706821    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware
10/29/2008 5:04:09 PM    203110    C:\Documents and Settings\All Users\Application Data\WLInstaller

=== Values under HKLM\Software\microsoft\shared tools\msconfig\startupreg ======

HKLM\Software\microsoft\shared tools\msconfig\startupreg\


=== BHO's under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects ======

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
WormRadar.com IESiteBlocker.NavFilter

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}
WormRadar.com IESiteBlocker.NavFilter

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}
AOL Toolbar Launcher

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}
Browser Address Error Redirector

=== Running Processes ======

System Idle Process   [0]  
System   [4]  
smss.exe   [432]   \SystemRoot\System32\smss.exe
csrss.exe   [588]  
winlogon.exe   [616]   winlogon.exe
services.exe   [868]   C:\WINDOWS\system32\services.exe
lsass.exe   [880]   C:\WINDOWS\system32\lsass.exe
svchost.exe   [1056]   C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe   [1100]  
svchost.exe   [1136]   C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe   [1180]  
svchost.exe   [1328]  
explorer.exe   [1592]   C:\WINDOWS\Explorer.EXE
WLTRYSVC.EXE   [1628]   C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe
BCMWLTRY.EXE   [1640]   C:\WINDOWS\System32\bcmwltry.exe
aawservice.exe   [1648]   "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
spoolsv.exe   [1876]   C:\WINDOWS\system32\spoolsv.exe
sched.exe   [1924]   "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
avguard.exe   [2004]   "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
AOLacsd.exe   [2016]   C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Mcdetect.exe   [168]   "c:\program files\mcafee.com\agent\mcdetect.exe"
McShield.exe   [176]   c:\PROGRA~1\mcafee.com\vso\mcshield.exe
McTskshd.exe   [344]   c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
oasclnt.exe   [496]   "c:\PROGRA~1\mcafee.com\vso\OasClnt.exe"
mdm.exe   [564]   "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
MpfService.exe   [672]   C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
MSKSrvr.exe   [768]   C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
mcvsshld.exe   [780]   "c:\program files\mcafee.com\vso\mcvsshld.exe" -Embedding
mcagent.exe   [792]   "c:\program files\mcafee.com\agent\mcagent.exe" /nosplash
McVSEscn.exe   [796]   "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
wdfmgr.exe   [1516]  
ViewpointService.exe   [1544]   "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
alg.exe   [2488]  
igfxsrvc.exe   [2876]   C:\WINDOWS\system32\igfxsrvc.exe -Embedding
hkcmd.exe   [2884]   "C:\WINDOWS\system32\hkcmd.exe"
igfxpers.exe   [2924]   "C:\WINDOWS\system32\igfxpers.exe"
SynTPEnh.exe   [3004]   "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
WLTRAY.EXE   [3048]   "C:\WINDOWS\system32\WLTRAY.exe"
DVDLauncher.exe   [3064]   "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
tfswctrl.exe   [3092]   "C:\WINDOWS\system32\dla\tfswctrl.exe"
issch.exe   [3120]   "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
DMXLauncher.exe   [3148]   "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
MSKAgent.exe   [3212]   "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe"
MpfTray.exe   [3308]   "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe"
aolsoftware.exe   [3320]   "C:\Program Files\Common Files\AOL\1150583545\ee\AOLSoftware.exe"
jusched.exe   [3360]   "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
realsched.exe   [3436]   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
avgnt.exe   [3464]   "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
msnmsgr.exe   [3480]   "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
GoogleToolbarNotifier.exe   [3492]   "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe   [3540]   "C:\WINDOWS\system32\ctfmon.exe"
MpfAgent.exe   [3556]   C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe -Embedding
DSAgnt.exe   [3572]   "C:\Program Files\DellSupport\DSAgnt.exe" /startup
ViewMgr.exe   [3788]   "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
acrotray.exe   [3812]   "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe"
mcvsftsn.exe   [996]   c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
msmsgs.exe   [3836]   "C:\Program Files\Messenger\msmsgs.exe" -Embedding
IEXPLORE.EXE   [740]   "c:\program files\internet explorer\iexplore.exe"
svchost.exe   [4036]   C:\WINDOWS\System32\svchost.exe -k HTTPFilter
WLLoginProxy.exe   [3336]   "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe" -Embedding
wuauclt.exe   [3164]   "C:\WINDOWS\system32\wuauclt.exe"
mbam.exe   [2216]   "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
notepad.exe   [2644]   "C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Sidrah\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-6-11-2008 (21-58-52).txt
wscript.exe   [808]   "C:\WINDOWS\System32\WScript.exe" "C:\Documents and Settings\Sidrah\Desktop\FileLister.vbe"
wmiprvse.exe   [3504]  
wmiprvse.exe   [1580]  

 

srizvi4

5 Posts

June 12th, 2008 04:00

=== Folders and Files from "%\" and "%\Windows" Created Last 30 Days ======

6/8/2008 6:55:34 PM    24    C:\$AVG8.VAULT$
6/11/2008 10:23:14 PM    0    32    C:\Files.txt
6/8/2008 9:42:53 PM    117376    32    C:\VolEdit.ini.log
5/13/2008 11:34:15 PM    8216101    C:\WINDOWS\$NtUninstallKB950749$
5/13/2008 11:34:15 PM    606732    C:\WINDOWS\$NtUninstallKB950749$\spuninst
6/10/2008 10:30:06 PM    12000068    C:\WINDOWS\$NtUninstallKB950759$
6/10/2008 10:30:06 PM    638276    C:\WINDOWS\$NtUninstallKB950759$\spuninst
6/10/2008 10:29:46 PM    716027    C:\WINDOWS\$NtUninstallKB950760$
6/10/2008 10:29:46 PM    625915    C:\WINDOWS\$NtUninstallKB950760$\spuninst
6/10/2008 10:30:32 PM    830060    C:\WINDOWS\$NtUninstallKB950762$
6/10/2008 10:30:32 PM    627820    C:\WINDOWS\$NtUninstallKB950762$\spuninst
6/10/2008 10:29:24 PM    627857    C:\WINDOWS\$NtUninstallKB951376$
6/10/2008 10:29:24 PM    627857    C:\WINDOWS\$NtUninstallKB951376$\spuninst
6/10/2008 10:30:45 PM    1915471    C:\WINDOWS\$NtUninstallKB951698$
6/10/2008 10:30:45 PM    627791    C:\WINDOWS\$NtUninstallKB951698$\spuninst
10/29/2008 4:53:31 PM    0    C:\WINDOWS\SxsCaPendDel
5/13/2008 5:57:30 PM    16128    32    C:\WINDOWS\KB950749.log
6/10/2008 9:42:04 PM    39996    32    C:\WINDOWS\KB950759.log
6/10/2008 10:29:45 PM    7683    32    C:\WINDOWS\KB950760.log
6/10/2008 10:30:30 PM    12313    32    C:\WINDOWS\KB950762.log
6/10/2008 10:28:52 PM    9117    32    C:\WINDOWS\KB951376.log
6/10/2008 9:42:50 PM    17642    32    C:\WINDOWS\KB951698.log
6/8/2008 7:35:09 PM    29    32    C:\WINDOWS\system32\DSR.LOG
5/16/2008 11:58:04 AM    12632    32    C:\WINDOWS\system32\lsdelete.exe
6/8/2008 6:11:28 PM    90838    32    C:\WINDOWS\system32\phc91oj0e30p.bmp

=== Files under "\Administrator\Startup" Last 30 Days======

6/8/2008 7:35:09 PM    29    32    C:\WINDOWS\system32\DSR.LOG
5/16/2008 11:58:04 AM    12632    32    C:\WINDOWS\system32\lsdelete.exe
6/8/2008 6:11:28 PM    90838    32    C:\WINDOWS\system32\phc91oj0e30p.bmp

=== Files under "\All Users\Startup" Last 30 Days======


=== Folders under "\Program Files" Last 30 Days======

6/8/2008 8:11:30 PM    59254389    C:\Program Files\Avira
6/8/2008 8:11:30 PM    59254389    C:\Program Files\Avira\AntiVir PersonalEdition Classic
6/8/2008 8:11:58 PM    22690316    C:\Program Files\Avira\AntiVir PersonalEdition Classic\FAILSAFE
6/9/2008 9:20:33 AM    19618003    C:\Program Files\Lavasoft
6/9/2008 9:20:33 AM    19618003    C:\Program Files\Lavasoft\Ad-Aware
6/9/2008 9:20:36 AM    2146934    C:\Program Files\Lavasoft\Ad-Aware\Help
6/9/2008 9:20:39 AM    709483    C:\Program Files\Lavasoft\Ad-Aware\Lang
6/9/2008 9:20:39 AM    3498834    C:\Program Files\Lavasoft\Ad-Aware\Skin
6/11/2008 9:46:27 PM    3338383    C:\Program Files\Malwarebytes' Anti-Malware
6/11/2008 9:46:28 PM    234212    C:\Program Files\Malwarebytes' Anti-Malware\Languages
10/29/2008 5:04:24 PM    33132543    C:\Program Files\Windows Live
10/29/2008 5:04:24 PM    2237634    C:\Program Files\Windows Live\installer
10/29/2008 5:05:40 PM    30894909    C:\Program Files\Windows Live\Messenger
10/29/2008 5:05:41 PM    3478161    C:\Program Files\Windows Live\Messenger\Device Manager
10/29/2008 5:05:41 PM    1417648    C:\Program Files\Windows Live\Messenger\Device Manager\Loc
10/29/2008 5:05:41 PM    75664    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\10
10/29/2008 5:05:41 PM    71568    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\1028
10/29/2008 5:05:41 PM    75664    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\1046
10/29/2008 5:05:41 PM    75152    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\11
10/29/2008 5:05:41 PM    75664    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\12
10/29/2008 5:05:41 PM    75152    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\16
10/29/2008 5:05:41 PM    72592    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\17
10/29/2008 5:05:41 PM    72592    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\18
10/29/2008 5:05:42 PM    75152    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\19
10/29/2008 5:05:41 PM    74640    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\20
10/29/2008 5:05:42 PM    75664    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\22
10/29/2008 5:05:41 PM    74640    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\25
10/29/2008 5:05:41 PM    75152    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\29
10/29/2008 5:05:42 PM    74640    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\31
10/29/2008 5:05:41 PM    71568    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\4
10/29/2008 5:05:41 PM    75152    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\6
10/29/2008 5:05:41 PM    75664    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\7
10/29/2008 5:05:41 PM    76688    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\8
10/29/2008 5:05:41 PM    74640    C:\Program Files\Windows Live\Messenger\Device Manager\Loc\9

=== Files under "\System32\Drivers" Last 30 Days======

6/8/2008 8:11:53 PM    41792    32    C:\WINDOWS\system32\drivers\avgntdd.sys
6/8/2008 8:11:53 PM    22336    32    C:\WINDOWS\system32\drivers\avgntmgr.sys
6/8/2008 8:11:47 PM    79424    32    C:\WINDOWS\system32\drivers\avipbb.sys
6/10/2008 9:41:29 PM    272128    0    C:\WINDOWS\system32\drivers\bthport.sys
6/11/2008 9:46:27 PM    15864    32    C:\WINDOWS\system32\drivers\mbam.sys
6/11/2008 9:46:28 PM    34296    32    C:\WINDOWS\system32\drivers\mbamcatchme.sys
6/8/2008 8:11:52 PM    28352    32    C:\WINDOWS\system32\drivers\ssmdrv.sys

=== Files under "\User\Local Settings\Temp" Last 30 Days======

6/8/2008 9:44:06 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt10.tmp
6/8/2008 8:02:50 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt101.tmp
6/8/2008 8:12:55 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt10B.tmp
6/8/2008 8:22:59 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt10D.tmp
6/8/2008 10:27:02 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt11.tmp
6/8/2008 8:33:10 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt113.tmp
6/8/2008 8:43:24 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt11A.tmp
6/9/2008 4:28:39 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt12.tmp
6/8/2008 8:53:29 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt126.tmp
6/9/2008 7:46:33 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt13.tmp
6/9/2008 11:49:24 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt14.tmp
6/8/2008 9:03:37 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt144.tmp
6/10/2008 3:10:53 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt15.tmp
6/8/2008 9:13:49 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt154.tmp
6/8/2008 9:46:37 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt16.tmp
6/8/2008 9:23:53 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt160.tmp
6/8/2008 9:33:58 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt162.tmp
6/10/2008 9:33:44 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt17.tmp
6/9/2008 9:15:35 AM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt18.tmp
6/8/2008 10:29:45 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt19.tmp
6/10/2008 11:49:25 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt1A.tmp
6/9/2008 9:52:29 AM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt1B.tmp
6/9/2008 4:29:45 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt1C.tmp
6/9/2008 3:19:41 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt1D.tmp
6/9/2008 7:48:08 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt21.tmp
6/9/2008 11:50:51 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt23.tmp
6/10/2008 3:12:27 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt25.tmp
6/10/2008 9:34:39 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt26.tmp
6/10/2008 11:50:21 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt28.tmp
6/8/2008 6:11:32 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt77.tmp
6/8/2008 6:22:25 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt82.tmp
6/8/2008 6:32:27 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt86.tmp
6/8/2008 6:42:28 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt8B.tmp
6/8/2008 6:52:30 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.tt9F.tmp
6/8/2008 7:02:33 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.ttAC.tmp
6/8/2008 7:12:37 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.ttB0.tmp
6/8/2008 7:22:39 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.ttB3.tmp
6/8/2008 7:32:43 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.ttC4.tmp
6/8/2008 7:42:45 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.ttFC.tmp
6/8/2008 7:52:48 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\.ttFE.tmp
10/28/2008 9:21:36 PM    45142    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\143e_appcompat.txt
6/8/2008 8:03:01 PM    34374    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\887e_appcompat.txt
5/13/2008 11:32:04 PM    41046    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\9903_appcompat.txt
6/7/2008 11:48:20 AM    3632    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr29.tmp
6/7/2008 11:48:20 AM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr2A.tmp
6/7/2008 11:48:29 AM    2048000    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr2B.tmp
6/7/2008 2:20:04 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr53.tmp
6/7/2008 2:20:16 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr54.tmp
6/7/2008 2:20:19 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr55.tmp
6/7/2008 2:20:21 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\Acr56.tmp
6/8/2008 6:52:46 PM    106307    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\avg8inst.log
5/15/2008 5:45:54 PM    4608    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\cda7_appcompat.txt
10/28/2008 9:21:39 PM    176470    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\F20AD.dmp
11/5/2008 11:15:55 PM    1994    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\IMT90.xml
11/5/2008 11:15:55 PM    426    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\IMT91.xml
11/5/2008 11:15:55 PM    707340    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\IMT92.xml
6/8/2008 7:35:53 PM    3534    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\LSInstall.log
6/9/2008 9:56:26 AM    166912    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\set43.tmp
5/29/2008 6:54:16 PM    14540    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\TFR29.tmp
5/22/2008 9:54:23 PM    14540    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\TFR6B.tmp
10/30/2008 7:33:35 PM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DF125.tmp
6/6/2008 12:59:04 PM    16384    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DFD210.tmp
6/6/2008 4:18:36 PM    16384    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DFD71D.tmp
5/23/2008 9:15:04 AM    0    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DFE.tmp
6/6/2008 3:33:31 PM    16384    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DFE071.tmp
6/6/2008 3:36:44 PM    16384    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DFF1D0.tmp
6/11/2008 10:06:29 PM    311296    32    C:\Documents and Settings\Sidrah\Local Settings\Temp\~DFF847.tmp

 

srizvi4

5 Posts

June 12th, 2008 04:00

=== Uninstall List From Registry ======

NetBeans IDE 5.0
OTOY
Adobe Flash Player ActiveX
Adobe Shockwave Player
AIM 6.0
Avira AntiVir Personal – Free Antivirus
AOL Connectivity Services
AOL Explorer
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL Coach Version 1.0(Build:20040229.1 en)
Dell Wireless WLAN Card
Conexant D480 MDC V.9x Modem
Dell Digital Jukebox Driver
Broadcom Management Programs
Texas Instruments PCIxx20 drivers.
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Security Update for Windows XP (KB890046)
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Security Update for Windows XP (KB893756)
Windows Installer 3.1 (KB893803)
Update for Windows XP (KB894391)
Hotfix for Windows XP (KB896256)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Step By Step Interactive Training (KB898458)
Update for Windows XP (KB898461)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Update for Windows XP (KB900485)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Hotfix for Windows XP (KB906569)
Security Update for Windows XP (KB908519)
Update for Windows XP (KB908531)
Hotfix for Windows XP (KB908673)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Update for Windows XP (KB912945)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Update for Windows XP (KB916595)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Update for Windows XP (KB920872)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Update for Windows XP (KB922582)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Update for Windows XP (KB927891)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Update for Windows XP (KB929338)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Update for Windows XP (KB930916)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Update for Windows XP (KB931836)
Security Update for CAPICOM (KB931906)
Security Update for Windows XP (KB932168)
Update for Windows XP (KB933360)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Update for Windows XP (KB936357)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Update for Windows XP (KB938828)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Update for Windows XP (KB946627)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
LimeWire 4.14.10
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
McAfee Uninstaller
Microsoft .NET Framework 1.1
MSN Toolbar
Picasa 2
QuickTime
RealPlayer
Adobe Flash Player 9 ActiveX
Synaptics Pointing Device Driver
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
Microsoft Expression Web
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Sonic RecordNow Data
Microsoft Plus! Photo Story 2 LE
Security Update for CAPICOM (KB931906)
Sonic DLA
Corel Paint Shop Pro X
Google Toolbar for Internet Explorer
Broadcom Management Programs
Sonic Update Manager
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 3
J2SE Development Kit 5.0 Update 7
Windows Media Player 10
WebFldrs XP
MSXML 4.0 SP2 (KB927978)
URL Assistant
NetWaiting
REALbasic 2006r3
ELIcon
Windows Live Messenger
Dell Driver Reset Tool
AOLIcon
PowerDVD 5.5
Digital Content Portal
Microsoft Plus! Digital Media Edition Installer
PCIxx20
Java 2 Runtime Environment, SE v1.4.2_03
EarthLink setup files
Microsoft Visual C++ 2005 Redistributable
Dell System Restore
Get High Speed Internet!
DellSupport
Modem Helper
Musicmatch® Jukebox
Rhapsody Player Engine
Intel(R) Extreme Graphics 2 Driver
Corel Photo Album 6
Microsoft Software Update for Web Folders  (English) 12
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Expression Web
Security Update for Office 2007 (KB934062)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Microsoft Office system 2007 (KB951808)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB932080)
Microsoft Expression Web MUI (English)
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Windows Live installer
Sonic RecordNow Audio
Dell Media Experience
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Professional
Adobe Reader 6.0.1
WordPerfect Office 12
Windows Live Sign-in Assistant
Sonic RecordNow Copy
TextPad 4.7
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
MCU
Ad-Aware
Search Assist
Internet Service Offers Launcher

bamajim

10.4K Posts

June 12th, 2008 12:00

servekidd

That's quite an infection you have there.

1. Open NotePad (not wordpad). Copy and paste the following into Notepad

File::
C:\WINDOWS\system32\blphcrc8j0e567.scr
C:\WINDOWS\system32\33C.tmp
C:\WINDOWS\system32\339.tmp
C:\WINDOWS\system32\151.tmp
C:\WINDOWS\system32\C3.tmp
C:\WINDOWS\system32\C0.tmp
C:\WINDOWS\system32\BC.tmp
C:\WINDOWS\system32\B9.tmp
C:\WINDOWS\system32\B6.tmp
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\B0.tmp
C:\WINDOWS\system32\AD.tmp
C:\WINDOWS\system32\AA.tmp
C:\WINDOWS\system32\A7.tmp
C:\WINDOWS\system32\A3.tmp
C:\WINDOWS\system32\A0.tmp
C:\WINDOWS\system32\9C.tmp
C:\WINDOWS\system32\99.tmp
C:\WINDOWS\system32\96.tmp
C:\WINDOWS\system32\93.tmp
C:\WINDOWS\system32\89.tmp
C:\WINDOWS\system32\86.tmp
C:\WINDOWS\system32\83.tmp
C:\WINDOWS\system32\80.tmp
C:\WINDOWS\system32\7D.tmp
C:\WINDOWS\system32\7A.tmp
C:\WINDOWS\system32\77.tmp
C:\WINDOWS\system32\74.tmp
C:\WINDOWS\system32\71.tmp
C:\WINDOWS\system32\6E.tmp
C:\WINDOWS\system32\6B.tmp
C:\WINDOWS\system32\68.tmp
C:\WINDOWS\system32\65.tmp
C:\WINDOWS\system32\62.tmp
C:\WINDOWS\system32\5F.tmp
C:\WINDOWS\system32\5C.tmp
C:\WINDOWS\system32\59.tmp
C:\WINDOWS\system32\56.tmp
C:\WINDOWS\system32\50.tmp
C:\WINDOWS\system32\4D.tmp
C:\WINDOWS\system32\4A.tmp
C:\WINDOWS\system32\47.tmp
C:\WINDOWS\system32\44.tmp
C:\WINDOWS\system32\41.tmp
C:\WINDOWS\system32\3E.tmp
C:\WINDOWS\system32\3B.tmp
C:\WINDOWS\system32\38.tmp
C:\WINDOWS\system32\35.tmp
C:\WINDOWS\system32\31.tmp
C:\WINDOWS\system32\2E.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\1C.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\292.tmp
C:\WINDOWS\system32\C8.tmp
C:\WINDOWS\system32\C5.tmp
C:\WINDOWS\system32\C2.tmp
C:\WINDOWS\system32\BF.tmp
C:\WINDOWS\system32\A8.tmp
C:\WINDOWS\system32\A5.tmp
C:\WINDOWS\system32\A2.tmp
C:\WINDOWS\system32\9F.tmp
C:\WINDOWS\system32\15D5.tmp
C:\WINDOWS\system32\15D2.tmp
C:\WINDOWS\system32\179.tmp
C:\WINDOWS\system32\176.tmp
C:\WINDOWS\system32\173.tmp
C:\WINDOWS\system32\16F.tmp
C:\WINDOWS\system32\161.tmp
C:\WINDOWS\system32\lphcrc8j0e567.exe
C:\WINDOWS\system32\phcrc8j0e567.bmp
C:\DOCUME~1\LISHAX~1\LOCALS~1\Temp\5S2O1WX

Folder::
C:\WINDOWS\system32\scripting
C:\WINDOWS\system32\en
C:\WINDOWS\system32\bits
C:\WINDOWS\l2schemas

Driver::
2242w39a

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2242w39a]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2242w39a]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

user posted image
  • You will be prompted to run Combofix again, Do so
    Following the same rules as indicated in my first post
    Then post the contents of the C:\ComboFix.txt log in your reply

2. Rerun Hijackthis and post a fresh Hijackthis log as well




Microsoft MVP Consumer-Security

 


"The world is what you make of it"

Was this post helpful?

View All

No Events found!

Top