Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Ice Bucket Challenge Used to Deliver Malware and Promote Scams

USA Today reports that scam artists started to send out emails with links claiming to lead to various celebrities completing the challenge, but pointing to malware downloads instead.
The publication also claims to have seen examples of another type of scam, which “involves phony charities set up by scammers to steal your charitable contributions.” Then they call the victims and solicit donations.

Ice Bucket Challenge Used to Deliver Malware and Promote Scams



Malware Log Analysis & Removal Help * OTL (OldTimer ListIt) Tutorials & Tools * Microsoft Security Info, Alerts & Download Centers * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: [RESOLVED] I am in need of some hijackthis analysis  (Read 2292 times)

0 Members and 1 Guest are viewing this topic.

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #19 on: July 23, 2008, 12:13:29 AM »
You are more than welcome.

Here's a few tips to help keep you safe in the future:
  • Make your Internet Explorer more secure -  This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
       
  • Change the Download unsigned ActiveX controls to Disable
       
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
       
  • Change the Installation of desktop items to Prompt
       
  • Change the Launching programs and files in an IFRAME to Prompt
       
  • Change the Navigate sub-frames across different domains to  Prompt
       
  • When all these settings have been made, click on the OK button.   
       
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.  This alone can save you a lot of trouble with malware in the future.  

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is succeptible to being hacked and taken over.  Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy. You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware,  & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.  

Glad I was able to help.

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #18 on: July 23, 2008, 12:06:26 AM »
Everything is great, the clock is normal. Thank you so much for everything. I know you  put a lot of time into this and thank you, it was much appreciated!

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #17 on: July 22, 2008, 09:25:21 PM »
Hi crazyboy8u

Just a little bit of final cleaning to finish off with.

Step 1[/color]
Optional[/color]
These lines are not bad, but they are not necessary to run at startup.
If you need them you can start them manually.
Ticking the following lines may save you valuable resources.

Run Hijackthis again, click scan, and Put a checkmark next to each of these items.
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
Software bundled with HP printers that checks for new updates for HP printer drivers and related software.

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
Hp Printer monitor that detects with flash cards are inserted into the printer and automatically starts HP Photosmart.

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
HP-specific program that reminds users to create System Recovery CDs

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
System Tray access to Apple's "Quick Time" viewer from version 5 onwards

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Checks with Sun's Java updates site to see if newer Java versions are available. Visit Sun's Java page or just run the Java Plug-In Control Panel

Then close all other windows, browsers etc--you should only see HijackThis on your Desktop--and click the Fix Checked button.

Reboot your computer to complete the process.

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
If you don't use Windows Messenger, this can be annoying. Available via Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"


Step 2[/color]
* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.

Step 3[/color]
Please uninstall ComboFix by
Clicking on Start ...then run ... and type in combofix /u (don't forget there's is a gap between x and /) Then press  Ok


If shown the disclaimer, Select "2"

This action will delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Reset System Restore.

Step 4[/color]
You still have files on your system relating to 'SmitfraudFix' we'll now get rid of those the easy... along with any other remnands of 'tools' used.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.

You should see a CleanUp! button, press that button, you may get prompted by your firewall that OTMoveIt wants to contact the internet, allow this, a cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.

To find out how you may have been infected....read this topic:
So how did i get infected?[/b][/color]

Now see if your clock settings have returned to normal.
(running 'smitfraudfix' could also have changed the clock settings)

Let me know.

Thanks.

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #16 on: July 22, 2008, 06:29:33 PM »
Things seem to be fine. Much much better. Thank you.

Here is the hihackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:28:27, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4928878609
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7535 bytes

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #15 on: July 22, 2008, 12:12:10 PM »
Hi crazyboy8u

Looks like you cracked it.  :thumbsup:

How are things running now?
Could you let me have another Hjt log?

Thanks.

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #14 on: July 22, 2008, 04:25:09 AM »
Thank you so much, I am sorry, it sounds like a pain.

Here it is:

ComboFix 08-07-18.1 - Owner 2008-07-21 20:15:52.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.612 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\Documents and Settings\Owner\Yugma\lib\DskHooks.dll
C:\Documents and Settings\Owner\Yugma\lib\YugmaPlugin.dll
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\100.tmp
C:\WINDOWS\system32\101.tmp
C:\WINDOWS\system32\102.tmp
C:\WINDOWS\system32\103.tmp
C:\WINDOWS\system32\104.tmp
C:\WINDOWS\system32\105.tmp
C:\WINDOWS\system32\106.tmp
C:\WINDOWS\system32\107.tmp
C:\WINDOWS\system32\108.tmp
C:\WINDOWS\system32\109.tmp
C:\WINDOWS\system32\10A.tmp
C:\WINDOWS\system32\10B.tmp
C:\WINDOWS\system32\10C.tmp
C:\WINDOWS\system32\10D.tmp
C:\WINDOWS\system32\10E.tmp
C:\WINDOWS\system32\10F.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\110.tmp
C:\WINDOWS\system32\111.tmp
C:\WINDOWS\system32\112.tmp
C:\WINDOWS\system32\113.tmp
C:\WINDOWS\system32\114.tmp
C:\WINDOWS\system32\115.tmp
C:\WINDOWS\system32\116.tmp
C:\WINDOWS\system32\117.tmp
C:\WINDOWS\system32\118.tmp
C:\WINDOWS\system32\119.tmp
C:\WINDOWS\system32\11A.tmp
C:\WINDOWS\system32\11B.tmp
C:\WINDOWS\system32\11C.tmp
C:\WINDOWS\system32\11D.tmp
C:\WINDOWS\system32\11E.tmp
C:\WINDOWS\system32\11F.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\120.tmp
C:\WINDOWS\system32\121.tmp
C:\WINDOWS\system32\122.tmp
C:\WINDOWS\system32\123.tmp
C:\WINDOWS\system32\124.tmp
C:\WINDOWS\system32\125.tmp
C:\WINDOWS\system32\126.tmp
C:\WINDOWS\system32\127.tmp
C:\WINDOWS\system32\128.tmp
C:\WINDOWS\system32\129.tmp
C:\WINDOWS\system32\12A.tmp
C:\WINDOWS\system32\12B.tmp
C:\WINDOWS\system32\12C.tmp
C:\WINDOWS\system32\12D.tmp
C:\WINDOWS\system32\12E.tmp
C:\WINDOWS\system32\12F.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\130.tmp
C:\WINDOWS\system32\131.tmp
C:\WINDOWS\system32\132.tmp
C:\WINDOWS\system32\133.tmp
C:\WINDOWS\system32\134.tmp
C:\WINDOWS\system32\135.tmp
C:\WINDOWS\system32\136.tmp
C:\WINDOWS\system32\137.tmp
C:\WINDOWS\system32\138.tmp
C:\WINDOWS\system32\139.tmp
C:\WINDOWS\system32\13A.tmp
C:\WINDOWS\system32\13B.tmp
C:\WINDOWS\system32\13C.tmp
C:\WINDOWS\system32\13D.tmp
C:\WINDOWS\system32\13E.tmp
C:\WINDOWS\system32\13F.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\140.tmp
C:\WINDOWS\system32\141.tmp
C:\WINDOWS\system32\142.tmp
C:\WINDOWS\system32\143.tmp
C:\WINDOWS\system32\144.tmp
C:\WINDOWS\system32\145.tmp
C:\WINDOWS\system32\146.tmp
C:\WINDOWS\system32\147.tmp
C:\WINDOWS\system32\148.tmp
C:\WINDOWS\system32\149.tmp
C:\WINDOWS\system32\14A.tmp
C:\WINDOWS\system32\14B.tmp
C:\WINDOWS\system32\14C.tmp
C:\WINDOWS\system32\14D.tmp
C:\WINDOWS\system32\14E.tmp
C:\WINDOWS\system32\14F.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\150.tmp
C:\WINDOWS\system32\151.tmp
C:\WINDOWS\system32\152.tmp
C:\WINDOWS\system32\153.tmp
C:\WINDOWS\system32\154.tmp
C:\WINDOWS\system32\155.tmp
C:\WINDOWS\system32\156.tmp
C:\WINDOWS\system32\157.tmp
C:\WINDOWS\system32\158.tmp
C:\WINDOWS\system32\159.tmp
C:\WINDOWS\system32\15A.tmp
C:\WINDOWS\system32\15B.tmp
C:\WINDOWS\system32\15C.tmp
C:\WINDOWS\system32\15D.tmp
C:\WINDOWS\system32\15E.tmp
C:\WINDOWS\system32\15F.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\160.tmp
C:\WINDOWS\system32\161.tmp
C:\WINDOWS\system32\162.tmp
C:\WINDOWS\system32\163.tmp
C:\WINDOWS\system32\164.tmp
C:\WINDOWS\system32\165.tmp
C:\WINDOWS\system32\166.tmp
C:\WINDOWS\system32\167.tmp
C:\WINDOWS\system32\168.tmp
C:\WINDOWS\system32\169.tmp
C:\WINDOWS\system32\16A.tmp
C:\WINDOWS\system32\16B.tmp
C:\WINDOWS\system32\16C.tmp
C:\WINDOWS\system32\16D.tmp
C:\WINDOWS\system32\16E.tmp
C:\WINDOWS\system32\16F.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\170.tmp
C:\WINDOWS\system32\171.tmp
C:\WINDOWS\system32\172.tmp
C:\WINDOWS\system32\173.tmp
C:\WINDOWS\system32\174.tmp
C:\WINDOWS\system32\175.tmp
C:\WINDOWS\system32\176.tmp
C:\WINDOWS\system32\177.tmp
C:\WINDOWS\system32\178.tmp
C:\WINDOWS\system32\179.tmp
C:\WINDOWS\system32\17A.tmp
C:\WINDOWS\system32\17B.tmp
C:\WINDOWS\system32\17C.tmp
C:\WINDOWS\system32\17D.tmp
C:\WINDOWS\system32\17E.tmp
C:\WINDOWS\system32\17F.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\180.tmp
C:\WINDOWS\system32\181.tmp
C:\WINDOWS\system32\182.tmp
C:\WINDOWS\system32\183.tmp
C:\WINDOWS\system32\184.tmp
C:\WINDOWS\system32\185.tmp
C:\WINDOWS\system32\186.tmp
C:\WINDOWS\system32\187.tmp
C:\WINDOWS\system32\188.tmp
C:\WINDOWS\system32\189.tmp
C:\WINDOWS\system32\18A.tmp
C:\WINDOWS\system32\18B.tmp
C:\WINDOWS\system32\18C.tmp
C:\WINDOWS\system32\18D.tmp
C:\WINDOWS\system32\18E.tmp
C:\WINDOWS\system32\18F.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\190.tmp
C:\WINDOWS\system32\191.tmp
C:\WINDOWS\system32\192.tmp
C:\WINDOWS\system32\193.tmp
C:\WINDOWS\system32\194.tmp
C:\WINDOWS\system32\195.tmp
C:\WINDOWS\system32\196.tmp
C:\WINDOWS\system32\197.tmp
C:\WINDOWS\system32\198.tmp
C:\WINDOWS\system32\199.tmp
C:\WINDOWS\system32\19A.tmp
C:\WINDOWS\system32\19B.tmp
C:\WINDOWS\system32\19C.tmp
C:\WINDOWS\system32\19D.tmp
C:\WINDOWS\system32\19E.tmp
C:\WINDOWS\system32\19F.tmp
C:\WINDOWS\system32\1A.tmp
C:\WINDOWS\system32\1A0.tmp
C:\WINDOWS\system32\1A1.tmp
C:\WINDOWS\system32\1A2.tmp
C:\WINDOWS\system32\1A3.tmp
C:\WINDOWS\system32\1A4.tmp
C:\WINDOWS\system32\1A5.tmp
C:\WINDOWS\system32\1A6.tmp
C:\WINDOWS\system32\1A7.tmp
C:\WINDOWS\system32\1A8.tmp
C:\WINDOWS\system32\1A9.tmp
C:\WINDOWS\system32\1AA.tmp
C:\WINDOWS\system32\1AB.tmp
C:\WINDOWS\system32\1AC.tmp
C:\WINDOWS\system32\1AD.tmp
C:\WINDOWS\system32\1AE.tmp
C:\WINDOWS\system32\1AF.tmp
C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\system32\1B0.tmp
C:\WINDOWS\system32\1B1.tmp
C:\WINDOWS\system32\1B2.tmp
C:\WINDOWS\system32\1B3.tmp
C:\WINDOWS\system32\1B4.tmp
C:\WINDOWS\system32\1B5.tmp
C:\WINDOWS\system32\1B6.tmp
C:\WINDOWS\system32\1B7.tmp
C:\WINDOWS\system32\1B8.tmp
C:\WINDOWS\system32\1B9.tmp
C:\WINDOWS\system32\1BA.tmp
C:\WINDOWS\system32\1BB.tmp
C:\WINDOWS\system32\1BC.tmp
C:\WINDOWS\system32\1BD.tmp
C:\WINDOWS\system32\1BE.tmp
C:\WINDOWS\system32\1BF.tmp
C:\WINDOWS\system32\1C0.tmp
C:\WINDOWS\system32\1C1.tmp
C:\WINDOWS\system32\1C2.tmp
C:\WINDOWS\system32\1C3.tmp
C:\WINDOWS\system32\1C4.tmp
C:\WINDOWS\system32\1C5.tmp
C:\WINDOWS\system32\1C6.tmp
C:\WINDOWS\system32\1C7.tmp
C:\WINDOWS\system32\1C8.tmp
C:\WINDOWS\system32\1C9.tmp
C:\WINDOWS\system32\1CA.tmp
C:\WINDOWS\system32\1CB.tmp
C:\WINDOWS\system32\1CC.tmp
C:\WINDOWS\system32\1CD.tmp
C:\WINDOWS\system32\1CE.tmp
C:\WINDOWS\system32\1CF.tmp
C:\WINDOWS\system32\1D.tmp
C:\WINDOWS\system32\1D0.tmp
C:\WINDOWS\system32\1D1.tmp
C:\WINDOWS\system32\1D2.tmp
C:\WINDOWS\system32\1D3.tmp
C:\WINDOWS\system32\1D4.tmp
C:\WINDOWS\system32\1D5.tmp
C:\WINDOWS\system32\1D6.tmp
C:\WINDOWS\system32\1D7.tmp
C:\WINDOWS\system32\1D8.tmp
C:\WINDOWS\system32\1D9.tmp
C:\WINDOWS\system32\1DA.tmp
C:\WINDOWS\system32\1DB.tmp
C:\WINDOWS\system32\1DC.tmp
C:\WINDOWS\system32\1DD.tmp
C:\WINDOWS\system32\1DE.tmp
C:\WINDOWS\system32\1DF.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\1E0.tmp
C:\WINDOWS\system32\1E1.tmp
C:\WINDOWS\system32\1E2.tmp
C:\WINDOWS\system32\1E3.tmp
C:\WINDOWS\system32\1E4.tmp
C:\WINDOWS\system32\1E5.tmp
C:\WINDOWS\system32\1E6.tmp
C:\WINDOWS\system32\1E7.tmp
C:\WINDOWS\system32\1E8.tmp
C:\WINDOWS\system32\1E9.tmp
C:\WINDOWS\system32\1EA.tmp
C:\WINDOWS\system32\1EB.tmp
C:\WINDOWS\system32\1EC.tmp
C:\WINDOWS\system32\1ED.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1EF.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\1F0.tmp
C:\WINDOWS\system32\1F1.tmp
C:\WINDOWS\system32\1F2.tmp
C:\WINDOWS\system32\1F3.tmp
C:\WINDOWS\system32\1F4.tmp
C:\WINDOWS\system32\1F5.tmp
C:\WINDOWS\system32\1F6.tmp
C:\WINDOWS\system32\1F7.tmp
C:\WINDOWS\system32\1F8.tmp
C:\WINDOWS\system32\1F9.tmp
C:\WINDOWS\system32\1FA.tmp
C:\WINDOWS\system32\1FB.tmp
C:\WINDOWS\system32\1FC.tmp
C:\WINDOWS\system32\1FD.tmp
C:\WINDOWS\system32\1FE.tmp
C:\WINDOWS\system32\1FF.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\200.tmp
C:\WINDOWS\system32\201.tmp
C:\WINDOWS\system32\202.tmp
C:\WINDOWS\system32\203.tmp
C:\WINDOWS\system32\204.tmp
C:\WINDOWS\system32\205.tmp
C:\WINDOWS\system32\206.tmp
C:\WINDOWS\system32\207.tmp
C:\WINDOWS\system32\208.tmp
C:\WINDOWS\system32\209.tmp
C:\WINDOWS\system32\20A.tmp
C:\WINDOWS\system32\20B.tmp
C:\WINDOWS\system32\20C.tmp
C:\WINDOWS\system32\20D.tmp
C:\WINDOWS\system32\20E.tmp
C:\WINDOWS\system32\20F.tmp
C:\WINDOWS\system32\21.tmp
C:\WINDOWS\system32\210.tmp
C:\WINDOWS\system32\211.tmp
C:\WINDOWS\system32\212.tmp
C:\WINDOWS\system32\213.tmp
C:\WINDOWS\system32\214.tmp
C:\WINDOWS\system32\215.tmp
C:\WINDOWS\system32\216.tmp
C:\WINDOWS\system32\217.tmp
C:\WINDOWS\system32\218.tmp
C:\WINDOWS\system32\219.tmp
C:\WINDOWS\system32\21A.tmp
C:\WINDOWS\system32\21B.tmp
C:\WINDOWS\system32\21C.tmp
C:\WINDOWS\system32\21D.tmp
C:\WINDOWS\system32\21E.tmp
C:\WINDOWS\system32\21F.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\220.tmp
C:\WINDOWS\system32\221.tmp
C:\WINDOWS\system32\222.tmp
C:\WINDOWS\system32\223.tmp
C:\WINDOWS\system32\224.tmp
C:\WINDOWS\system32\225.tmp
C:\WINDOWS\system32\226.tmp
C:\WINDOWS\system32\227.tmp
C:\WINDOWS\system32\228.tmp
C:\WINDOWS\system32\229.tmp
C:\WINDOWS\system32\22A.tmp
C:\WINDOWS\system32\22B.tmp
C:\WINDOWS\system32\22C.tmp
C:\WINDOWS\system32\22D.tmp
C:\WINDOWS\system32\22E.tmp
C:\WINDOWS\system32\22F.tmp
C:\WINDOWS\system32\23.tmp
C:\WINDOWS\system32\230.tmp
C:\WINDOWS\system32\231.tmp
C:\WINDOWS\system32\232.tmp
C:\WINDOWS\system32\233.tmp
C:\WINDOWS\system32\234.tmp
C:\WINDOWS\system32\235.tmp
C:\WINDOWS\system32\236.tmp
C:\WINDOWS\system32\237.tmp
C:\WINDOWS\system32\238.tmp
C:\WINDOWS\system32\239.tmp
C:\WINDOWS\system32\23A.tmp
C:\WINDOWS\system32\23B.tmp
C:\WINDOWS\system32\23C.tmp
C:\WINDOWS\system32\23D.tmp
C:\WINDOWS\system32\23E.tmp
C:\WINDOWS\system32\23F.tmp
C:\WINDOWS\system32\24.tmp
C:\WINDOWS\system32\240.tmp
C:\WINDOWS\system32\241.tmp
C:\WINDOWS\system32\242.tmp
C:\WINDOWS\system32\243.tmp
C:\WINDOWS\system32\244.tmp
C:\WINDOWS\system32\245.tmp
C:\WINDOWS\system32\246.tmp
C:\WINDOWS\system32\247.tmp
C:\WINDOWS\system32\248.tmp
C:\WINDOWS\system32\249.tmp
C:\WINDOWS\system32\24A.tmp
C:\WINDOWS\system32\24B.tmp
C:\WINDOWS\system32\24C.tmp
C:\WINDOWS\system32\24D.tmp
C:\WINDOWS\system32\24E.tmp
C:\WINDOWS\system32\24F.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\250.tmp
C:\WINDOWS\system32\251.tmp
C:\WINDOWS\system32\252.tmp
C:\WINDOWS\system32\253.tmp
C:\WINDOWS\system32\254.tmp
C:\WINDOWS\system32\255.tmp
C:\WINDOWS\system32\256.tmp
C:\WINDOWS\system32\257.tmp
C:\WINDOWS\system32\258.tmp
C:\WINDOWS\system32\259.tmp
C:\WINDOWS\system32\25A.tmp
C:\WINDOWS\system32\25B.tmp
C:\WINDOWS\system32\25C.tmp
C:\WINDOWS\system32\25D.tmp
C:\WINDOWS\system32\25E.tmp
C:\WINDOWS\system32\25F.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\260.tmp
C:\WINDOWS\system32\261.tmp
C:\WINDOWS\system32\262.tmp
C:\WINDOWS\system32\263.tmp
C:\WINDOWS\system32\264.tmp
C:\WINDOWS\system32\265.tmp
C:\WINDOWS\system32\266.tmp
C:\WINDOWS\system32\267.tmp
C:\WINDOWS\system32\268.tmp
C:\WINDOWS\system32\269.tmp
C:\WINDOWS\system32\26A.tmp
C:\WINDOWS\system32\26B.tmp
C:\WINDOWS\system32\26C.tmp
C:\WINDOWS\system32\26D.tmp
C:\WINDOWS\system32\26E.tmp
C:\WINDOWS\system32\26F.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\270.tmp
C:\WINDOWS\system32\271.tmp
C:\WINDOWS\system32\272.tmp
C:\WINDOWS\system32\273.tmp
C:\WINDOWS\system32\274.tmp
C:\WINDOWS\system32\275.tmp
C:\WINDOWS\system32\276.tmp
C:\WINDOWS\system32\277.tmp
C:\WINDOWS\system32\278.tmp
C:\WINDOWS\system32\279.tmp
C:\WINDOWS\system32\27A.tmp
C:\WINDOWS\system32\27B.tmp
C:\WINDOWS\system32\27C.tmp
C:\WINDOWS\system32\27D.tmp
C:\WINDOWS\system32\27E.tmp
C:\WINDOWS\system32\27F.tmp
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\280.tmp
C:\WINDOWS\system32\281.tmp
C:\WINDOWS\system32\282.tmp
C:\WINDOWS\system32\283.tmp
C:\WINDOWS\system32\284.tmp
C:\WINDOWS\system32\285.tmp
C:\WINDOWS\system32\286.tmp
C:\WINDOWS\system32\287.tmp
C:\WINDOWS\system32\288.tmp
C:\WINDOWS\system32\289.tmp
C:\WINDOWS\system32\28A.tmp
C:\WINDOWS\system32\28B.tmp
C:\WINDOWS\system32\28C.tmp
C:\WINDOWS\system32\28D.tmp
C:\WINDOWS\system32\28E.tmp
C:\WINDOWS\system32\28F.tmp
C:\WINDOWS\system32\29.tmp
C:\WINDOWS\system32\290.tmp
C:\WINDOWS\system32\291.tmp
C:\WINDOWS\system32\292.tmp
C:\WINDOWS\system32\293.tmp
C:\WINDOWS\system32\294.tmp
C:\WINDOWS\system32\295.tmp
C:\WINDOWS\system32\296.tmp
C:\WINDOWS\system32\297.tmp
C:\WINDOWS\system32\298.tmp
C:\WINDOWS\system32\299.tmp
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Yugma\lib\DskHooks.dll
C:\Documents and Settings\Owner\Yugma\lib\YugmaPlugin.dll
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll
C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe

.
(((((((((((((((((((((((((   Files Created from 2008-06-22 to 2008-07-22  )))))))))))))))))))))))))))))))
.

2008-07-20 19:46 . 2008-07-20 19:46   <DIR>   d--------   C:\fsaua.data
2008-07-20 15:47 . 2008-07-20 15:47   244   --ah-----   C:\sqmnoopt19.sqm
2008-07-20 15:47 . 2008-07-20 15:47   232   --ah-----   C:\sqmdata19.sqm
2008-07-20 12:25 . 2008-07-20 12:25   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 12:25 . 2008-07-20 12:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-20 12:25 . 2008-07-20 12:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 12:25 . 2008-07-18 20:15   36,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-20 12:25 . 2008-07-18 20:15   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 16:44 . 2008-06-10 03:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-19 16:40 . 2008-07-19 16:40   244   --ah-----   C:\sqmnoopt18.sqm
2008-07-19 16:40 . 2008-07-19 16:40   232   --ah-----   C:\sqmdata18.sqm
2008-07-19 12:09 . 2008-07-19 12:09   244   --ah-----   C:\sqmnoopt17.sqm
2008-07-19 12:09 . 2008-07-19 12:09   232   --ah-----   C:\sqmdata17.sqm
2008-07-18 21:33 . 2008-07-18 21:33   244   --ah-----   C:\sqmnoopt16.sqm
2008-07-18 21:33 . 2008-07-18 21:33   232   --ah-----   C:\sqmdata16.sqm
2008-07-17 14:42 . 2008-07-17 14:42   244   --ah-----   C:\sqmnoopt15.sqm
2008-07-17 14:42 . 2008-07-17 14:42   232   --ah-----   C:\sqmdata15.sqm
2008-07-17 13:13 . 2008-07-17 13:13   244   --ah-----   C:\sqmnoopt14.sqm
2008-07-17 13:13 . 2008-07-17 13:13   232   --ah-----   C:\sqmdata14.sqm
2008-07-17 13:03 . 2008-07-21 20:19   13,395,232   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 13:03 . 2008-07-21 20:09   179,804   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 12:59 . 2008-07-17 12:59   <DIR>   d--------   C:\Program Files\ZoneAlarmSB
2008-07-17 11:53 . 2008-07-17 11:53   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-07-17 11:53 . 2008-07-17 13:14   4,212   --ah-----   C:\WINDOWS\system32\zllictbl.dat
2008-07-17 10:42 . 2008-07-17 10:42   244   --ah-----   C:\sqmnoopt13.sqm
2008-07-17 10:42 . 2008-07-17 10:42   232   --ah-----   C:\sqmdata13.sqm
2008-07-17 00:02 . 2008-07-17 00:02   244   --ah-----   C:\sqmnoopt12.sqm
2008-07-17 00:02 . 2008-07-17 00:02   232   --ah-----   C:\sqmdata12.sqm
2008-07-16 23:36 . 2008-07-16 23:36   244   --ah-----   C:\sqmnoopt11.sqm
2008-07-16 23:36 . 2008-07-16 23:36   232   --ah-----   C:\sqmdata11.sqm
2008-07-16 23:01 . 2008-07-17 10:40   309   --a------   C:\WINDOWS\wininit.ini
2008-07-16 22:48 . 2008-07-16 23:47   4,018   --a------   C:\WINDOWS\system32\tmp.reg
2008-07-16 22:38 . 2008-05-29 10:35   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-16 22:38 . 2008-05-18 22:40   82,944   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-16 22:38 . 2008-07-02 14:33   82,432   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 22:38 . 2008-05-23 19:21   81,920   --a------   C:\WINDOWS\system32\404Fix.exe
2008-07-16 22:37 . 2007-09-06 01:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 22:37 . 2006-04-27 18:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 22:37 . 2003-06-05 22:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-07-16 22:37 . 2004-07-31 19:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-16 22:37 . 2007-10-04 01:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 22:17 . 2008-07-16 22:17   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-16 22:14 . 2008-07-16 22:14   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 22:09 . 2008-07-16 22:09   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-16 22:09 . 2008-07-16 22:21   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 22:04 . 2008-07-16 22:04   <DIR>   d--------   C:\Program Files\Trend Micro
2008-07-16 21:28 . 2008-07-16 21:28   244   --ah-----   C:\sqmnoopt10.sqm
2008-07-16 21:28 . 2008-07-16 21:28   232   --ah-----   C:\sqmdata10.sqm
2008-07-16 20:17 . 2008-07-16 20:17   244   --ah-----   C:\sqmnoopt09.sqm
2008-07-16 20:17 . 2008-07-16 20:17   232   --ah-----   C:\sqmdata09.sqm
2008-07-16 20:12 . 2008-07-16 20:12   244   --ah-----   C:\sqmnoopt08.sqm
2008-07-16 20:12 . 2008-07-16 20:12   232   --ah-----   C:\sqmdata08.sqm
2008-07-16 20:01 . 2008-07-21 20:12   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-16 20:01 . 2008-07-16 20:01   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-16 20:01 . 2008-07-16 20:01   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-16 20:01 . 2008-07-16 20:01   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 19:50 . 2008-07-17 00:01   594   --ahs----   C:\WINDOWS\system32\qmifsscp.ini
2008-07-13 10:31 . 2008-07-13 10:31   244   --ah-----   C:\sqmnoopt07.sqm
2008-07-13 10:31 . 2008-07-13 10:31   232   --ah-----   C:\sqmdata07.sqm
2008-07-12 00:51 . 2008-07-12 00:51   244   --ah-----   C:\sqmnoopt06.sqm
2008-07-12 00:51 . 2008-07-12 00:51   232   --ah-----   C:\sqmdata06.sqm
2008-07-11 10:56 . 2008-07-11 10:56   244   --ah-----   C:\sqmnoopt05.sqm
2008-07-11 10:56 . 2008-07-11 10:56   232   --ah-----   C:\sqmdata05.sqm
2008-07-10 17:05 . 2008-07-10 17:05   244   --ah-----   C:\sqmnoopt04.sqm
2008-07-10 17:05 . 2008-07-10 17:05   232   --ah-----   C:\sqmdata04.sqm
2008-07-10 13:26 . 2008-07-10 13:26   244   --ah-----   C:\sqmnoopt03.sqm
2008-07-10 13:26 . 2008-07-10 13:26   232   --ah-----   C:\sqmdata03.sqm
2008-07-05 20:43 . 2008-07-05 20:43   244   --ah-----   C:\sqmnoopt02.sqm
2008-07-05 20:43 . 2008-07-05 20:43   232   --ah-----   C:\sqmdata02.sqm
2008-07-04 09:12 . 2008-07-04 09:12   244   --ah-----   C:\sqmnoopt01.sqm
2008-07-04 09:12 . 2008-07-04 09:12   232   --ah-----   C:\sqmdata01.sqm
2008-07-03 17:20 . 2008-07-21 20:10   244   --ah-----   C:\sqmnoopt00.sqm
2008-07-03 17:20 . 2008-07-21 20:10   232   --ah-----   C:\sqmdata00.sqm
2008-07-03 16:45 . 2008-07-03 16:45   <DIR>   d--------   C:\Program Files\Musicnotes
2008-07-03 09:06 . 2008-04-22 22:16   6,066,176   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 09:06 . 2007-04-17 03:32   2,455,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 09:06 . 2007-03-07 23:10   991,232   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 09:06 . 2008-04-22 22:16   459,264   --a--c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 09:06 . 2008-04-22 22:16   383,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 09:06 . 2008-04-22 22:16   267,776   --a--c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 09:06 . 2008-04-22 22:16   63,488   --a--c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 09:06 . 2008-04-22 22:16   52,224   --a--c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 09:06 . 2008-04-22 01:39   13,824   --a--c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-02 23:48 . 2006-08-21 03:14   128,896   --a--c---   C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-07-02 23:48 . 2006-08-21 03:14   23,040   --a--c---   C:\WINDOWS\system32\dllcache\fltmc.exe
2008-07-02 23:48 . 2006-08-21 06:21   16,896   --a--c---   C:\WINDOWS\system32\dllcache\fltlib.dll
2008-07-02 17:57 . 2006-10-04 08:06   1,197,294   --a--c---   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-07-02 17:57 . 2006-10-04 08:06   764,868   --a--c---   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-07-02 17:57 . 2006-10-04 08:06   217,118   --a--c---   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-07-02 17:54 . 2008-07-04 11:15   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-07-02 17:54 . 2008-07-02 17:55   <DIR>   d--------   C:\e49d3fd325957d9bc62ee2002c
2008-07-02 10:00 . 2007-07-09 07:09   584,192   --a--c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-02 10:00 . 2008-06-13 07:10   272,128   --a--c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 17:50 . 2008-07-02 17:54   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-07-01 10:37 . 2004-08-04 00:56   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-07-01 10:18 . 2006-09-25 17:58   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 10:17 . 2008-07-01 10:17   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-01 10:16 . 2004-08-04 00:56   438,784   --a------   C:\WINDOWS\system32\xpob2res.dll
2008-07-01 10:16 . 2004-08-04 00:56   351,232   --a------   C:\WINDOWS\system32\winhttp.dll
2008-07-01 10:16 . 2004-08-04 00:56   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll
2008-07-01 10:16 . 2004-08-04 00:56   8,192   --a------   C:\WINDOWS\system32\bitsprx2.dll
2008-07-01 10:16 . 2004-08-04 00:56   7,168   --a------   C:\WINDOWS\system32\bitsprx3.dll
2008-07-01 10:15 . 2007-07-30 19:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-07-01 10:15 . 2007-07-30 19:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-07-01 10:15 . 2007-07-30 19:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-07-01 10:15 . 2007-07-30 19:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-07-01 10:15 . 2007-07-30 19:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-07-01 10:15 . 2007-07-30 19:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-07-01 10:15 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-01 10:15 . 2007-07-30 19:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-07-01 10:15 . 2007-07-30 19:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-01 10:11 . 2008-07-01 10:11   9,509   --a------   C:\WINDOWS\system32\QuickTime.qtp
2008-06-22 00:09 . 2008-06-22 00:09   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\HP
2008-06-22 00:03 . 2004-08-04 00:56   221,184   --a------   C:\WINDOWS\system32\wmpns.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 21:44   ---------   d-----w   C:\Program Files\Symantec
2008-07-20 21:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-20 18:22   ---------   d-----w   C:\Program Files\Easy Internet signup
2008-07-19 22:44   ---------   d-----w   C:\Program Files\Java
2008-07-19 21:58   ---------   d-----w   C:\Program Files\QuickTime
2008-07-19 21:58   ---------   d-----w   C:\Program Files\iTunes
2008-07-17 04:18   ---------   d-----w   C:\Program Files\Lavasoft
2008-07-17 01:59   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 16:05   75,248   ----a-w   C:\WINDOWS\zllsputility.exe
2008-07-09 16:05   1,086,952   ----a-w   C:\WINDOWS\system32\zpeng24.dll
2008-07-03 22:50   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Musicnotes
2008-07-03 04:45   ---------   d-----w   C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-07-01 16:11   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-06-28 16:40   28,256   ----a-w   C:\WINDOWS\system32\drivers\MxlW2k.sys
2008-06-22 05:43   ---------   d-----w   C:\Program Files\HP
2008-06-22 05:43   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-22 05:42   ---------   d-----w   C:\Program Files\Common Files\HP
2008-06-22 05:41   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\HP
2008-06-21 19:37   ---------   d-----w   C:\Program Files\Quicken
2008-06-20 17:41   245,248   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 16:53   4,001   ----a-w   C:\WINDOWS\viassary-hp.reg
2008-06-20 16:43   4,164   --sha-r   C:\WINDOWS\system32\drivers\HP_PC190A-ABA a556x_YW_Pavi_QMXQ419_E42NAheBLU4_4_I P4SD-LA _SASUSTeK Computer INC._VRev 1.xx_B3.24_T040414_WXH1_L409_M1024_J200_7Intel_8Pentium 4_93_1104C8023_N10EC8139_P_Z11C1044C_K_A808624D5_U808624D2_G10DE0322.MRK
2008-06-20 14:42   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB128.tmp
2008-06-20 14:41   90,112   ----a-w   C:\WINDOWS\DUMP66ba.tmp
2008-06-20 14:41   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB129.tmp
2008-06-20 14:40   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB126.tmp
2008-06-20 14:39   90,112   ----a-w   C:\WINDOWS\DUMP6820.tmp
2008-06-20 14:39   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB127.tmp
2008-06-20 14:38   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB124.tmp
2008-06-20 14:37   90,112   ----a-w   C:\WINDOWS\DUMP6707.tmp
2008-06-20 14:37   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB125.tmp
2008-06-20 14:36   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB122.tmp
2008-06-20 14:35   90,112   ----a-w   C:\WINDOWS\DUMP68be.tmp
2008-06-20 14:35   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB123.tmp
2008-06-20 14:34   17,920   ----a-w   C:\WINDOWS\Internet Logs\xDB120.tmp
2008-06-20 14:33   90,112   ----a-w   C:\WINDOWS\DUMP66e7.tmp
2008-06-20 14:33   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB121.tmp
2008-06-20 14:32   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB11E.tmp
2008-06-20 14:31   90,112   ----a-w   C:\WINDOWS\DUMP68bd.tmp
2008-06-20 14:31   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB11F.tmp
2008-06-20 14:30   17,408   ----a-w   C:\WINDOWS\Internet Logs\xDB11C.tmp
2008-06-20 14:29   90,112   ----a-w   C:\WINDOWS\DUMP6acf.tmp
2008-06-20 14:29   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB11D.tmp
2008-06-20 14:28   17,408   ----a-w   C:\WINDOWS\Internet Logs\xDB11A.tmp
2008-06-20 14:27   90,112   ----a-w   C:\WINDOWS\DUMP687e.tmp
2008-06-20 14:27   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB11B.tmp
2008-06-20 14:26   18,432   ----a-w   C:\WINDOWS\Internet Logs\xDB118.tmp
2008-06-20 14:25   90,112   ----a-w   C:\WINDOWS\DUMP6a72.tmp
2008-06-20 14:25   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB119.tmp
2008-06-20 14:24   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB116.tmp
2008-06-20 14:23   90,112   ----a-w   C:\WINDOWS\DUMP68bc.tmp
2008-06-20 14:23   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB117.tmp
2008-06-20 14:22   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB114.tmp
2008-06-20 14:21   90,112   ----a-w   C:\WINDOWS\DUMP6968.tmp
2008-06-20 14:21   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB115.tmp
2008-06-20 14:20   17,408   ----a-w   C:\WINDOWS\Internet Logs\xDB112.tmp
2008-06-20 14:19   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB113.tmp
2008-06-20 14:18   90,112   ----a-w   C:\WINDOWS\DUMP68fc.tmp
2008-06-20 14:18   17,920   ----a-w   C:\WINDOWS\Internet Logs\xDB110.tmp
2008-06-20 14:17   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB111.tmp
2008-06-20 14:16   90,112   ----a-w   C:\WINDOWS\DUMP68fb.tmp
2008-06-20 14:16   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB10E.tmp
2008-06-20 14:15   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB10F.tmp
2008-06-20 14:14   90,112   ----a-w   C:\WINDOWS\DUMP691a.tmp
2008-06-20 14:14   17,920   ----a-w   C:\WINDOWS\Internet Logs\xDB10C.tmp
2008-06-20 14:13   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB10D.tmp
2008-06-20 14:12   90,112   ----a-w   C:\WINDOWS\DUMP6785.tmp
2008-06-20 14:12   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB10A.tmp
2008-06-20 14:11   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB10B.tmp
2008-06-20 14:10   90,112   ----a-w   C:\WINDOWS\DUMP6b6c.tmp
2008-06-20 14:10   17,408   ----a-w   C:\WINDOWS\Internet Logs\xDB108.tmp
2008-06-20 14:09   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB109.tmp
2008-06-20 14:08   90,112   ----a-w   C:\WINDOWS\DUMP68ad.tmp
2008-06-20 14:08   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB106.tmp
2008-06-20 14:07   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB107.tmp
2008-06-20 14:06   90,112   ----a-w   C:\WINDOWS\DUMP6958.tmp
2008-06-20 14:05   17,920   ----a-w   C:\WINDOWS\Internet Logs\xDB104.tmp
2008-06-20 14:05   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB105.tmp
2008-06-20 14:04   90,112   ----a-w   C:\WINDOWS\DUMP6812.tmp
2008-06-20 14:03   17,920   ----a-w   C:\WINDOWS\Internet Logs\xDB102.tmp
2008-06-20 14:03   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB103.tmp
2008-06-20 14:02   90,112   ----a-w   C:\WINDOWS\DUMP664b.tmp
2008-06-20 14:01   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDB100.tmp
2008-06-20 14:01   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDB101.tmp
2008-06-20 14:00   90,112   ----a-w   C:\WINDOWS\DUMP663b.tmp
2008-06-20 13:59   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDBFE.tmp
2008-06-20 13:59   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDBFF.tmp
2008-06-20 13:58   90,112   ----a-w   C:\WINDOWS\DUMP6a34.tmp
2008-06-20 13:57   17,408   ----a-w   C:\WINDOWS\Internet Logs\xDBFC.tmp
2008-06-20 13:57   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDBFD.tmp
2008-06-20 13:56   90,112   ----a-w   C:\WINDOWS\DUMP6775.tmp
2008-06-20 13:55   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDBFA.tmp
2008-06-20 13:55   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDBFB.tmp
2008-06-20 13:54   90,112   ----a-w   C:\WINDOWS\DUMP688d.tmp
2008-06-20 13:53   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDBF8.tmp
2008-06-20 13:53   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDBF9.tmp
2008-06-20 13:52   90,112   ----a-w   C:\WINDOWS\DUMP5bcc.tmp
2008-06-20 13:51   16,896   ----a-w   C:\WINDOWS\Internet Logs\xDBF6.tmp
2008-06-20 13:51   1,321,472   ----a-w   C:\WINDOWS\Internet Logs\xDBF7.tmp
2008-06-20 13:50   90,112   ----a-w   C:\WINDOWS\DUMP5c49.tmp
2008-04-17 15:04   27,976   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-04-17 15:04   125,848   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2005-04-25 01:19   25,677   --sha-w   C:\WINDOWS\Registration\ksatrc.bak1
2005-05-03 15:34   496,232   --sha-w   C:\WINDOWS\Registration\ksatrc.bak2
.

(((((((((((((((((((((((((((((   snapshot@2008-07-19_11.01.49.95   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-27 22:59:28   290,816   ----a-w   C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 22:59:28   495,616   ----a-w   C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 23:00:12   262,144   ----a-w   C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 22:59:16   588,392   ----a-w   C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
- 2005-10-21 03:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 02:02:28   163,328   ----a-w   C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 15:00:00   28,672   ----a-w   C:\WINDOWS\Nircmd.exe
+ 2000-08-31 14:00:00   28,672   ----a-w   C:\WINDOWS\Nircmd.exe
- 2000-08-31 15:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
+ 2000-08-31 14:00:00   161,792   ----a-w   C:\WINDOWS\swreg.exe
- 2004-01-21 01:53:45   24,681   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2004-01-21 01:53:45   28,779   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 09:32:34   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
- 2008-07-03 14:59:12   54,280   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-07-21 17:14:11   54,280   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-07-03 14:59:12   384,596   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-07-21 17:14:11   384,596   ----a-w   C:\WINDOWS\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 05:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 08:11 185632]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 18:50 221184]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 21:50 3022848]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 11:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 01:31 118784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2005-12-11 16:48 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 09:43 274432]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-16 20:00 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 05:27 144784]
"LTMSG"="LTMSG.exe" [2003-07-14 19:52 40960 C:\WINDOWS\ltmsg.exe]
"nwiz"="nwiz.exe" [2003-12-05 21:50 753664 C:\WINDOWS\system32\nwiz.exe]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 20:44:40 32768]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\billmind.exe [2004-09-27 22:15:30 25600]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-03-17 18:50:26 299008]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 03:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-27 13:03:57 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe [2007-03-26 03:48:00 67128]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 06:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 21:59:55 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-16 20:01]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-16 20:00]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-16 20:00]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-16 20:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd446d44-4460-11dd-a848-001596fe0aae}]
\Shell\AutoRun\command - K:\LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 02:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-20 18:22:16 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-07-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 07:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-28 20:09:53 C:\WINDOWS\Tasks\SecureIE2007Upgrade.job"
- C:\Program Files\Winferno\Secure IE 2007 Upgrade\SecureIE2007Upgrade.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-07-19 22:53:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-10 22:53:14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 20:19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-21 20:21:48
ComboFix-quarantined-files.txt  2008-07-22 02:21:16
ComboFix2.txt  2008-07-20 23:59:00
ComboFix3.txt  2008-07-20 21:56:52
ComboFix4.txt  2008-07-19 22:02:21
ComboFix5.txt  2008-07-22 02:15:11

Pre-Run: 108,449,783,808 bytes free
Post-Run: 108,517,482,496 bytes free

803   --- E O F ---   2008-07-11 07:26:38

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #13 on: July 21, 2008, 09:29:47 PM »

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #12 on: July 21, 2008, 08:28:26 AM »
Oops forgot the new hijackthis log. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:36, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4928878609
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7697 bytes

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #11 on: July 21, 2008, 08:25:58 AM »
New Combofix:

ComboFix 08-07-18.1 - Owner 2008-07-20 16:52:52.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.715 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\system32\EBC.tmp
C:\WINDOWS\system32\EBD.tmp
C:\WINDOWS\system32\EBE.tmp
C:\WINDOWS\system32\EBF.tmp
C:\WINDOWS\system32\EC0.tmp
C:\WINDOWS\system32\EC1.tmp
C:\WINDOWS\system32\EC2.tmp
C:\WINDOWS\system32\EC3.tmp
C:\WINDOWS\system32\EC4.tmp
C:\WINDOWS\system32\EC5.tmp
C:\WINDOWS\system32\EC6.tmp
C:\WINDOWS\system32\EC7.tmp
C:\WINDOWS\system32\EC8.tmp
C:\WINDOWS\system32\EC9.tmp
C:\WINDOWS\system32\ECA.tmp
C:\WINDOWS\system32\ECB.tmp
C:\WINDOWS\system32\ECC.tmp
C:\WINDOWS\system32\ECD.tmp
C:\WINDOWS\system32\ECE.tmp
C:\WINDOWS\system32\ECF.tmp
C:\WINDOWS\system32\ED0.tmp
C:\WINDOWS\system32\ED2.tmp
C:\WINDOWS\system32\ED3.tmp
C:\WINDOWS\system32\ED4.tmp
C:\WINDOWS\system32\ED5.tmp
C:\WINDOWS\system32\ED7.tmp
C:\WINDOWS\system32\ED9.tmp
C:\WINDOWS\system32\EDB.tmp
C:\WINDOWS\system32\EDD.tmp
C:\WINDOWS\system32\EDF.tmp
C:\WINDOWS\system32\EE3.tmp
C:\WINDOWS\system32\EE5.tmp
C:\WINDOWS\system32\EE7.tmp
C:\WINDOWS\system32\EE9.tmp
C:\WINDOWS\system32\EEB.tmp
C:\WINDOWS\system32\EED.tmp
C:\WINDOWS\system32\EEF.tmp
C:\WINDOWS\system32\EF1.tmp
C:\WINDOWS\system32\EF3.tmp
C:\WINDOWS\system32\EF5.tmp
C:\WINDOWS\system32\EF7.tmp
C:\WINDOWS\system32\EF9.tmp
C:\WINDOWS\system32\EFB.tmp
C:\WINDOWS\system32\EFD.tmp
C:\WINDOWS\system32\EFF.tmp
C:\WINDOWS\system32\F00.tmp
C:\WINDOWS\system32\F02.tmp
C:\WINDOWS\system32\F04.tmp
C:\WINDOWS\system32\F06.tmp
C:\WINDOWS\system32\F08.tmp
C:\WINDOWS\system32\F0A.tmp
C:\WINDOWS\system32\F0C.tmp
C:\WINDOWS\system32\F0E.tmp
C:\WINDOWS\system32\F11.tmp
C:\WINDOWS\system32\F12.tmp
C:\WINDOWS\system32\F13.tmp
C:\WINDOWS\system32\F14.tmp
C:\WINDOWS\system32\F15.tmp
C:\WINDOWS\system32\F16.tmp
C:\WINDOWS\system32\F17.tmp
C:\WINDOWS\system32\F18.tmp
C:\WINDOWS\system32\F19.tmp
C:\WINDOWS\system32\F1A.tmp
C:\WINDOWS\system32\F1B.tmp
C:\WINDOWS\system32\F1C.tmp
C:\WINDOWS\system32\F1D.tmp
C:\WINDOWS\system32\F1E.tmp
C:\WINDOWS\system32\F1F.tmp
C:\WINDOWS\system32\F20.tmp
C:\WINDOWS\system32\F21.tmp
C:\WINDOWS\system32\F22.tmp
C:\WINDOWS\system32\F23.tmp
C:\WINDOWS\system32\F24.tmp
C:\WINDOWS\system32\F25.tmp
C:\WINDOWS\system32\F26.tmp
C:\WINDOWS\system32\F27.tmp
C:\WINDOWS\system32\F28.tmp
C:\WINDOWS\system32\F29.tmp
C:\WINDOWS\system32\F2A.tmp
C:\WINDOWS\system32\F2B.tmp
C:\WINDOWS\system32\F2C.tmp
C:\WINDOWS\system32\F2D.tmp
C:\WINDOWS\system32\F2E.tmp
C:\WINDOWS\system32\F2F.tmp
C:\WINDOWS\system32\F30.tmp
C:\WINDOWS\system32\F31.tmp
C:\WINDOWS\system32\F32.tmp
C:\WINDOWS\system32\F33.tmp
C:\WINDOWS\system32\F34.tmp
C:\WINDOWS\system32\F35.tmp
C:\WINDOWS\system32\F36.tmp
C:\WINDOWS\system32\F37.tmp
C:\WINDOWS\system32\F38.tmp
C:\WINDOWS\system32\F3A.tmp
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\EBC.tmp
C:\WINDOWS\system32\EBD.tmp
C:\WINDOWS\system32\EBE.tmp
C:\WINDOWS\system32\EBF.tmp
C:\WINDOWS\system32\EC0.tmp
C:\WINDOWS\system32\EC1.tmp
C:\WINDOWS\system32\EC2.tmp
C:\WINDOWS\system32\EC3.tmp
C:\WINDOWS\system32\EC4.tmp
C:\WINDOWS\system32\EC5.tmp
C:\WINDOWS\system32\EC6.tmp
C:\WINDOWS\system32\EC7.tmp
C:\WINDOWS\system32\EC8.tmp
C:\WINDOWS\system32\EC9.tmp
C:\WINDOWS\system32\ECA.tmp
C:\WINDOWS\system32\ECB.tmp
C:\WINDOWS\system32\ECC.tmp
C:\WINDOWS\system32\ECD.tmp
C:\WINDOWS\system32\ECE.tmp
C:\WINDOWS\system32\ECF.tmp
C:\WINDOWS\system32\ED0.tmp
C:\WINDOWS\system32\ED2.tmp
C:\WINDOWS\system32\ED3.tmp
C:\WINDOWS\system32\ED4.tmp
C:\WINDOWS\system32\ED5.tmp
C:\WINDOWS\system32\ED7.tmp
C:\WINDOWS\system32\ED9.tmp
C:\WINDOWS\system32\EDB.tmp
C:\WINDOWS\system32\EDD.tmp
C:\WINDOWS\system32\EDF.tmp
C:\WINDOWS\system32\EE3.tmp
C:\WINDOWS\system32\EE5.tmp
C:\WINDOWS\system32\EE7.tmp
C:\WINDOWS\system32\EE9.tmp
C:\WINDOWS\system32\EEB.tmp
C:\WINDOWS\system32\EED.tmp
C:\WINDOWS\system32\EEF.tmp
C:\WINDOWS\system32\EF1.tmp
C:\WINDOWS\system32\EF3.tmp
C:\WINDOWS\system32\EF5.tmp
C:\WINDOWS\system32\EF7.tmp
C:\WINDOWS\system32\EF9.tmp
C:\WINDOWS\system32\EFB.tmp
C:\WINDOWS\system32\EFD.tmp
C:\WINDOWS\system32\EFF.tmp
C:\WINDOWS\system32\F00.tmp
C:\WINDOWS\system32\F02.tmp
C:\WINDOWS\system32\F04.tmp
C:\WINDOWS\system32\F06.tmp
C:\WINDOWS\system32\F08.tmp
C:\WINDOWS\system32\F0A.tmp
C:\WINDOWS\system32\F0C.tmp
C:\WINDOWS\system32\F0E.tmp
C:\WINDOWS\system32\F11.tmp
C:\WINDOWS\system32\F12.tmp
C:\WINDOWS\system32\F13.tmp
C:\WINDOWS\system32\F14.tmp
C:\WINDOWS\system32\F15.tmp
C:\WINDOWS\system32\F16.tmp
C:\WINDOWS\system32\F17.tmp
C:\WINDOWS\system32\F18.tmp
C:\WINDOWS\system32\F19.tmp
C:\WINDOWS\system32\F1A.tmp
C:\WINDOWS\system32\F1B.tmp
C:\WINDOWS\system32\F1C.tmp
C:\WINDOWS\system32\F1D.tmp
C:\WINDOWS\system32\F1E.tmp
C:\WINDOWS\system32\F1F.tmp
C:\WINDOWS\system32\F20.tmp
C:\WINDOWS\system32\F21.tmp
C:\WINDOWS\system32\F22.tmp
C:\WINDOWS\system32\F23.tmp
C:\WINDOWS\system32\F24.tmp
C:\WINDOWS\system32\F25.tmp
C:\WINDOWS\system32\F26.tmp
C:\WINDOWS\system32\F27.tmp
C:\WINDOWS\system32\F28.tmp
C:\WINDOWS\system32\F29.tmp
C:\WINDOWS\system32\F2A.tmp
C:\WINDOWS\system32\F2B.tmp
C:\WINDOWS\system32\F2C.tmp
C:\WINDOWS\system32\F2D.tmp
C:\WINDOWS\system32\F2E.tmp
C:\WINDOWS\system32\F2F.tmp
C:\WINDOWS\system32\F30.tmp
C:\WINDOWS\system32\F31.tmp
C:\WINDOWS\system32\F32.tmp
C:\WINDOWS\system32\F33.tmp
C:\WINDOWS\system32\F34.tmp
C:\WINDOWS\system32\F35.tmp
C:\WINDOWS\system32\F36.tmp
C:\WINDOWS\system32\F37.tmp
C:\WINDOWS\system32\F38.tmp
C:\WINDOWS\system32\F3A.tmp

.
(((((((((((((((((((((((((   Files Created from 2008-06-20 to 2008-07-20  )))))))))))))))))))))))))))))))
.

2008-07-20 14:47 . 2008-07-20 14:47   244   --ah-----   C:\sqmnoopt19.sqm
2008-07-20 14:47 . 2008-07-20 14:47   232   --ah-----   C:\sqmdata19.sqm
2008-07-20 11:25 . 2008-07-20 11:25   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 11:25 . 2008-07-20 11:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-20 11:25 . 2008-07-20 11:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 11:25 . 2008-07-18 19:15   36,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-20 11:25 . 2008-07-18 19:15   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 15:44 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-19 15:40 . 2008-07-19 15:40   244   --ah-----   C:\sqmnoopt18.sqm
2008-07-19 15:40 . 2008-07-19 15:40   232   --ah-----   C:\sqmdata18.sqm
2008-07-19 11:09 . 2008-07-19 11:09   244   --ah-----   C:\sqmnoopt17.sqm
2008-07-19 11:09 . 2008-07-19 11:09   232   --ah-----   C:\sqmdata17.sqm
2008-07-18 20:33 . 2008-07-18 20:33   244   --ah-----   C:\sqmnoopt16.sqm
2008-07-18 20:33 . 2008-07-18 20:33   232   --ah-----   C:\sqmdata16.sqm
2008-07-17 13:42 . 2008-07-17 13:42   244   --ah-----   C:\sqmnoopt15.sqm
2008-07-17 13:42 . 2008-07-17 13:42   232   --ah-----   C:\sqmdata15.sqm
2008-07-17 12:13 . 2008-07-17 12:13   244   --ah-----   C:\sqmnoopt14.sqm
2008-07-17 12:13 . 2008-07-17 12:13   232   --ah-----   C:\sqmdata14.sqm
2008-07-17 12:03 . 2008-07-20 14:46   11,405,344   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 12:03 . 2008-07-20 14:46   142,772   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 11:59 . 2008-07-17 11:59   <DIR>   d--------   C:\Program Files\ZoneAlarmSB
2008-07-17 10:53 . 2008-07-17 10:53   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-07-17 10:53 . 2008-07-17 12:14   4,212   --ah-----   C:\WINDOWS\system32\zllictbl.dat
2008-07-17 09:42 . 2008-07-17 09:42   244   --ah-----   C:\sqmnoopt13.sqm
2008-07-17 09:42 . 2008-07-17 09:42   232   --ah-----   C:\sqmdata13.sqm
2008-07-16 23:02 . 2008-07-16 23:02   244   --ah-----   C:\sqmnoopt12.sqm
2008-07-16 23:02 . 2008-07-16 23:02   232   --ah-----   C:\sqmdata12.sqm
2008-07-16 22:36 . 2008-07-16 22:36   244   --ah-----   C:\sqmnoopt11.sqm
2008-07-16 22:36 . 2008-07-16 22:36   232   --ah-----   C:\sqmdata11.sqm
2008-07-16 22:01 . 2008-07-17 09:40   309   --a------   C:\WINDOWS\wininit.ini
2008-07-16 21:48 . 2008-07-16 22:47   4,018   --a------   C:\WINDOWS\system32\tmp.reg
2008-07-16 21:38 . 2008-05-29 09:35   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-16 21:38 . 2008-05-18 21:40   82,944   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-16 21:38 . 2008-07-02 13:33   82,432   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 21:38 . 2008-05-23 18:21   81,920   --a------   C:\WINDOWS\system32\404Fix.exe
2008-07-16 21:37 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 21:37 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 21:37 . 2003-06-05 21:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-07-16 21:37 . 2004-07-31 18:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-16 21:37 . 2007-10-04 00:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 21:17 . 2008-07-16 21:17   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-16 21:14 . 2008-07-16 21:14   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 21:09 . 2008-07-16 21:09   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-16 21:09 . 2008-07-16 21:21   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 21:04 . 2008-07-16 21:04   <DIR>   d--------   C:\Program Files\Trend Micro
2008-07-16 20:28 . 2008-07-16 20:28   244   --ah-----   C:\sqmnoopt10.sqm
2008-07-16 20:28 . 2008-07-16 20:28   232   --ah-----   C:\sqmdata10.sqm
2008-07-16 19:17 . 2008-07-16 19:17   244   --ah-----   C:\sqmnoopt09.sqm
2008-07-16 19:17 . 2008-07-16 19:17   232   --ah-----   C:\sqmdata09.sqm
2008-07-16 19:12 . 2008-07-16 19:12   244   --ah-----   C:\sqmnoopt08.sqm
2008-07-16 19:12 . 2008-07-16 19:12   232   --ah-----   C:\sqmdata08.sqm
2008-07-16 19:01 . 2008-07-20 09:12   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-16 19:01 . 2008-07-16 19:01   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-16 19:01 . 2008-07-16 19:01   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-16 19:01 . 2008-07-16 19:01   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 18:50 . 2008-07-16 23:01   594   --ahs----   C:\WINDOWS\system32\qmifsscp.ini
2008-07-13 09:31 . 2008-07-13 09:31   244   --ah-----   C:\sqmnoopt07.sqm
2008-07-13 09:31 . 2008-07-13 09:31   232   --ah-----   C:\sqmdata07.sqm
2008-07-11 23:51 . 2008-07-11 23:51   244   --ah-----   C:\sqmnoopt06.sqm
2008-07-11 23:51 . 2008-07-11 23:51   232   --ah-----   C:\sqmdata06.sqm
2008-07-11 09:56 . 2008-07-11 09:56   244   --ah-----   C:\sqmnoopt05.sqm
2008-07-11 09:56 . 2008-07-11 09:56   232   --ah-----   C:\sqmdata05.sqm
2008-07-10 16:05 . 2008-07-10 16:05   244   --ah-----   C:\sqmnoopt04.sqm
2008-07-10 16:05 . 2008-07-10 16:05   232   --ah-----   C:\sqmdata04.sqm
2008-07-10 12:26 . 2008-07-10 12:26   244   --ah-----   C:\sqmnoopt03.sqm
2008-07-10 12:26 . 2008-07-10 12:26   232   --ah-----   C:\sqmdata03.sqm
2008-07-05 19:43 . 2008-07-05 19:43   244   --ah-----   C:\sqmnoopt02.sqm
2008-07-05 19:43 . 2008-07-05 19:43   232   --ah-----   C:\sqmdata02.sqm
2008-07-04 08:12 . 2008-07-04 08:12   244   --ah-----   C:\sqmnoopt01.sqm
2008-07-04 08:12 . 2008-07-04 08:12   232   --ah-----   C:\sqmdata01.sqm
2008-07-03 16:20 . 2008-07-03 16:20   244   --ah-----   C:\sqmnoopt00.sqm
2008-07-03 16:20 . 2008-07-03 16:20   232   --ah-----   C:\sqmdata00.sqm
2008-07-03 15:45 . 2008-07-03 15:45   <DIR>   d--------   C:\Program Files\Musicnotes
2008-07-03 08:06 . 2008-04-22 21:16   6,066,176   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 08:06 . 2007-04-17 02:32   2,455,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 08:06 . 2007-03-07 22:10   991,232   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 08:06 . 2008-04-22 21:16   459,264   --a--c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 08:06 . 2008-04-22 21:16   383,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 08:06 . 2008-04-22 21:16   267,776   --a--c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 08:06 . 2008-04-22 21:16   63,488   --a--c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 08:06 . 2008-04-22 21:16   52,224   --a--c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 08:06 . 2008-04-22 00:39   13,824   --a--c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-02 22:48 . 2006-08-21 02:14   128,896   --a--c---   C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-07-02 22:48 . 2006-08-21 02:14   23,040   --a--c---   C:\WINDOWS\system32\dllcache\fltmc.exe
2008-07-02 22:48 . 2006-08-21 05:21   16,896   --a--c---   C:\WINDOWS\system32\dllcache\fltlib.dll
2008-07-02 16:57 . 2006-10-04 07:06   1,197,294   --a--c---   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-07-02 16:57 . 2006-10-04 07:06   764,868   --a--c---   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-07-02 16:57 . 2006-10-04 07:06   217,118   --a--c---   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-07-02 16:54 . 2008-07-04 10:15   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-07-02 16:54 . 2008-07-02 16:55   <DIR>   d--------   C:\e49d3fd325957d9bc62ee2002c
2008-07-02 09:00 . 2007-07-09 06:09   584,192   --a--c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-02 09:00 . 2008-06-13 06:10   272,128   --a--c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 16:50 . 2008-07-02 16:54   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-07-01 09:37 . 2004-08-03 23:56   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-07-01 09:18 . 2006-09-25 16:58   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 09:17 . 2008-07-01 09:17   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-01 09:16 . 2004-08-03 23:56   438,784   --a------   C:\WINDOWS\system32\xpob2res.dll
2008-07-01 09:16 . 2004-08-03 23:56   351,232   --a------   C:\WINDOWS\system32\winhttp.dll
2008-07-01 09:16 . 2004-08-03 23:56   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll
2008-07-01 09:16 . 2004-08-03 23:56   8,192   --a------   C:\WINDOWS\system32\bitsprx2.dll
2008-07-01 09:16 . 2004-08-03 23:56   7,168   --a------   C:\WINDOWS\system32\bitsprx3.dll
2008-07-01 09:15 . 2007-07-30 18:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-07-01 09:15 . 2007-07-30 18:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-07-01 09:15 . 2007-07-30 18:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-07-01 09:15 . 2007-07-30 18:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-07-01 09:15 . 2007-07-30 18:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-07-01 09:15 . 2007-07-30 18:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-07-01 09:15 . 2007-07-30 18:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-01 09:15 . 2007-07-30 18:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-07-01 09:15 . 2007-07-30 18:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-01 09:11 . 2008-07-01 09:11   9,509   --a------   C:\WINDOWS\system32\QuickTime.qtp
2008-06-21 23:09 . 2008-06-21 23:09   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\HP
2008-06-21 23:03 . 2004-08-03 23:56   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-06-21 22:43 . 2008-06-21 22:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-21 22:40 . 2008-06-21 22:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HP
2008-06-21 22:38 . 2006-12-03 14:45   49,920   -ra------   C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-21 22:38 . 2006-12-03 14:45   16,496   -ra------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-21 22:37 . 2007-01-12 02:44   892,928   -ra------   C:\WINDOWS\system32\hpwtiop2.dll
2008-06-21 22:37 . 2007-01-12 02:44   675,840   -ra------   C:\WINDOWS\system32\hpwwiax2.dll
2008-06-21 22:37 . 2006-12-03 14:45   364,544   -ra------   C:\WINDOWS\system32\hppldcoi.dll
2008-06-21 22:37 . 2006-12-03 14:44   309,760   -ra------   C:\WINDOWS\system32\difxapi.dll
2008-06-21 22:37 . 2006-12-27 07:24   294,912   -ra------   C:\WINDOWS\system32\hpovst11.dll
2008-06-21 22:37 . 2007-01-31 11:08   258,048   -ra------   C:\WINDOWS\system32\hpzids01.dll
2008-06-21 22:37 . 2006-12-29 08:57   117,760   --a------   C:\WINDOWS\system32\hpz3l4v2.dll
2008-06-21 22:37 . 2006-12-03 14:46   21,568   -ra------   C:\WINDOWS\system32\drivers\HPZius12.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 21:44   ---------   d-----w   C:\Program Files\Symantec
2008-07-20 21:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-20 18:22   ---------   d-----w   C:\Program Files\Easy Internet signup
2008-07-19 22:44   ---------   d-----w   C:\Program Files\Java
2008-07-19 21:58   ---------   d-----w   C:\Program Files\QuickTime
2008-07-19 21:58   ---------   d-----w   C:\Program Files\iTunes
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBB.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBA.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB9.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB8.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB7.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB6.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB5.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB4.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB3.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EB2.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EB1.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EB0.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EAF.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EAE.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EAD.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EAC.tmp
2008-07-19 03:39   94,208   ----a-w   C:\WINDOWS\system32\EAB.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\EA6.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\E9D.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\E9B.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\E9A.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\E99.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\E98.tmp
2008-07-19 03:38   94,208   ----a-w   C:\WINDOWS\system32\E97.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E96.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E95.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E94.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E92.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E91.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E8F.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E8E.tmp
2008-07-19 03:37   94,208   ----a-w   C:\WINDOWS\system32\E8D.tmp
2008-07-19 03:36   94,208   ----a-w   C:\WINDOWS\system32\E8B.tmp
2008-07-19 03:36   94,208   ----a-w   C:\WINDOWS\system32\E8A.tmp
2008-07-19 03:36   94,208   ----a-w   C:\WINDOWS\system32\E89.tmp
2008-07-19 03:36   94,208   ----a-w   C:\WINDOWS\system32\E88.tmp
2008-07-19 03:36   94,208   ----a-w   C:\WINDOWS\system32\E87.tmp
2008-07-19 03:36   94,208   ----a-w   C:\WINDOWS\system32\E86.tmp
2008-07-19 03:35   94,208   ----a-w   C:\WINDOWS\system32\E84.tmp
2008-07-19 03:35   94,208   ----a-w   C:\WINDOWS\system32\E82.tmp
2008-07-19 03:35   94,208   ----a-w   C:\WINDOWS\system32\E81.tmp
2008-07-19 03:35   94,208   ----a-w   C:\WINDOWS\system32\E80.tmp
2008-07-19 03:35   94,208   ----a-w   C:\WINDOWS\system32\E79.tmp
2008-07-19 03:35   94,208   ----a-w   C:\WINDOWS\system32\E77.tmp
2008-07-19 03:34   94,208   ----a-w   C:\WINDOWS\system32\E73.tmp
2008-07-19 03:34   94,208   ----a-w   C:\WINDOWS\system32\CB.tmp
2008-07-19 03:34   94,208   ----a-w   C:\WINDOWS\system32\C9.tmp
2008-07-19 03:34   94,208   ----a-w   C:\WINDOWS\system32\C6.tmp
2008-07-19 03:34   94,208   ----a-w   C:\WINDOWS\system32\112.tmp
2008-07-19 03:33   94,208   ----a-w   C:\WINDOWS\system32\C1.tmp
2008-07-19 03:33   94,208   ----a-w   C:\WINDOWS\system32\BC.tmp
2008-07-18 03:26   94,208   ----a-w   C:\WINDOWS\system32\21.tmp
2008-07-18 03:25   94,208   ----a-w   C:\WINDOWS\system32\E7F.tmp
2008-07-18 03:25   94,208   ----a-w   C:\WINDOWS\system32\E7E.tmp
2008-07-18 03:25   94,208   ----a-w   C:\WINDOWS\system32\E7D.tmp
2008-07-18 03:25   94,208   ----a-w   C:\WINDOWS\system32\E7C.tmp
2008-07-18 03:25   94,208   ----a-w   C:\WINDOWS\system32\E7B.tmp
2008-07-18 03:25   94,208   ----a-w   C:\WINDOWS\system32\E7A.tmp
2008-07-18 03:24   94,208   ----a-w   C:\WINDOWS\system32\E78.tmp
2008-07-18 03:24   94,208   ----a-w   C:\WINDOWS\system32\E76.tmp
2008-07-18 03:24   94,208   ----a-w   C:\WINDOWS\system32\E75.tmp
2008-07-18 03:22   94,208   ----a-w   C:\WINDOWS\system32\E74.tmp
2008-07-18 03:22   94,208   ----a-w   C:\WINDOWS\system32\E72.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E71.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E70.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E6F.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E6E.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E6D.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E6C.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E6B.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E6A.tmp
2008-07-18 03:21   94,208   ----a-w   C:\WINDOWS\system32\E69.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E68.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E67.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E66.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E65.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E64.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E63.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E62.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E61.tmp
2008-07-18 03:20   94,208   ----a-w   C:\WINDOWS\system32\E60.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E5F.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E5E.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E5D.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E5C.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E5B.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E5A.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E59.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E58.tmp
2008-07-18 03:19   94,208   ----a-w   C:\WINDOWS\system32\E57.tmp
2008-07-18 03:18   94,208   ----a-w   C:\WINDOWS\system32\E56.tmp
2008-07-18 03:18   94,208   ----a-w   C:\WINDOWS\system32\E55.tmp
2008-07-18 03:18   94,208   ----a-w   C:\WINDOWS\system32\E54.tmp
2008-07-18 03:18   94,208   ----a-w   C:\WINDOWS\system32\E53.tmp
2008-04-17 15:04   27,976   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-04-17 15:04   125,848   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2005-04-25 01:19   25,677   --sha-w   C:\WINDOWS\Registration\ksatrc.bak1
2005-05-03 15:34   496,232   --sha-w   C:\WINDOWS\Registration\ksatrc.bak2
.

(((((((((((((((((((((((((((((   snapshot@2008-07-19_11.01.49.95   )))))))))))))))))))))))))))))))))))))))))
.
- 2004-01-21 01:53:45   24,681   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2004-01-21 01:53:45   28,779   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 09:32:34   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 07:11 185632]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50 221184]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50 3022848]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31 118784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2005-12-11 15:48 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43 274432]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-16 19:00 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"nwiz"="nwiz.exe" [2003-12-05 20:50 753664 C:\WINDOWS\system32\nwiz.exe]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\billmind.exe [2004-09-27 21:15:30 25600]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-03-17 17:50:26 299008]
PowerReg Scheduler V3.exe [2005-06-20 09:54:37 225280]
PowerReg Scheduler.exe [2006-07-07 15:32:30 256000]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 02:38:16 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-27 12:03:57 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe [2007-03-26 02:48:00 67128]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 20:59:55 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-16 19:01]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-16 19:00]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-16 19:00]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-16 19:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd446d44-4460-11dd-a848-001596fe0aae}]
\Shell\AutoRun\command - K:\LinksysConnectPC.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 02:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-20 18:22:16 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-07-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 07:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-28 20:09:53 C:\WINDOWS\Tasks\SecureIE2007Upgrade.job"
- C:\Program Files\Winferno\Secure IE 2007 Upgrade\SecureIE2007Upgrade.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-07-19 22:53:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-10 22:53:14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 16:56:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-20 16:58:59
ComboFix-quarantined-files.txt  2008-07-20 23:58:31
ComboFix2.txt  2008-07-20 21:56:52
ComboFix3.txt  2008-07-19 22:02:21
ComboFix4.txt  2008-07-19 18:03:07

Pre-Run: 108,371,759,104 bytes free
Post-Run: 108,358,676,480 bytes free

547   --- E O F ---   2008-07-11 07:26:38


F-Secure Report:

Scanning Report
Sunday, July 20, 2008 18:48:17 - 23:17:44

Computer name: BISCHOFF
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\
Result: 3 malware found
RiskTool.Win32.Reboot (spyware)

    * System

Tracking Cookie (spyware)

    * System

Trojan:W32/Renos.DC (virus)

    * System

Statistics
Scanned:

    * Files: 96227
    * System: 8908
    * Not scanned: 9

Actions:

    * Disinfected: 0
    * Renamed: 0
    * Deleted: 0
    * None: 3
    * Submitted: 0

Files not scanned:

    * C:\HIBERFIL.SYS
    * C:\PAGEFILE.SYS
    * C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * C:\WINDOWS\SYSTEM32\CONFIG\SAM
    * C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    * C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    * C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    * C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{092E7625-36EE-4108-B1ED-7517F4F78A39}.BIN
    * C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\213BAB1CBD496A1AF7A901789E82EB1A_4303047A-7BFA-4EA8-AEBC-1FDD9688EFAF

Options
Scanning engines:

    * F-Secure USS: 2.30.0
    * F-Secure Blacklight: 1.0.68
    * F-Secure Hydra: 2.8.8110, 2008-07-20
    * F-Secure Pegasus: 1.20.0, 2008-04-14
    * F-Secure AVP: 7.0.171, 2008-07-20

Scanning options:

    * Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
    * Use Advanced heuristics

Things are running much better and it seems to be pretty much back to normal. The clock is still in military time and there still might be an occasional virus alert pop-up thing but i think that after the MBAM scan those have pretty much been gone. Far as I can tell things are much better. Thanks again.

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #10 on: July 21, 2008, 12:41:50 AM »
Hi crazyboy8u

Thanks for doing that.

Step 1[/color]
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
Code: [Select]
File::
C:\WINDOWS\system32\F3A.tmp
C:\WINDOWS\system32\F38.tmp
C:\WINDOWS\system32\F37.tmp
C:\WINDOWS\system32\F36.tmp
C:\WINDOWS\system32\F35.tmp
C:\WINDOWS\system32\F34.tmp
C:\WINDOWS\system32\F33.tmp
C:\WINDOWS\system32\F32.tmp
C:\WINDOWS\system32\F31.tmp
C:\WINDOWS\system32\F30.tmp
C:\WINDOWS\system32\F2F.tmp
C:\WINDOWS\system32\F2E.tmp
C:\WINDOWS\system32\F2D.tmp
C:\WINDOWS\system32\F2C.tmp
C:\WINDOWS\system32\F2B.tmp
C:\WINDOWS\system32\F2A.tmp
C:\WINDOWS\system32\F29.tmp
C:\WINDOWS\system32\F28.tmp
C:\WINDOWS\system32\F27.tmp
C:\WINDOWS\system32\F26.tmp
C:\WINDOWS\system32\F25.tmp
C:\WINDOWS\system32\F24.tmp
C:\WINDOWS\system32\F23.tmp
C:\WINDOWS\system32\F22.tmp
C:\WINDOWS\system32\F21.tmp
C:\WINDOWS\system32\F20.tmp
C:\WINDOWS\system32\F1F.tmp
C:\WINDOWS\system32\F1E.tmp
C:\WINDOWS\system32\F1D.tmp
C:\WINDOWS\system32\F1C.tmp
C:\WINDOWS\system32\F1B.tmp
C:\WINDOWS\system32\F1A.tmp
C:\WINDOWS\system32\F19.tmp
C:\WINDOWS\system32\F18.tmp
C:\WINDOWS\system32\F17.tmp
C:\WINDOWS\system32\F16.tmp
C:\WINDOWS\system32\F15.tmp
C:\WINDOWS\system32\F14.tmp
C:\WINDOWS\system32\F13.tmp
C:\WINDOWS\system32\F12.tmp
C:\WINDOWS\system32\F11.tmp
C:\WINDOWS\system32\F0E.tmp
C:\WINDOWS\system32\F0C.tmp
C:\WINDOWS\system32\F0A.tmp
C:\WINDOWS\system32\F08.tmp
C:\WINDOWS\system32\F06.tmp
C:\WINDOWS\system32\F04.tmp
C:\WINDOWS\system32\F02.tmp
C:\WINDOWS\system32\F00.tmp
C:\WINDOWS\system32\EFF.tmp
C:\WINDOWS\system32\EFD.tmp
C:\WINDOWS\system32\EFB.tmp
C:\WINDOWS\system32\EF9.tmp
C:\WINDOWS\system32\EF7.tmp
C:\WINDOWS\system32\EF5.tmp
C:\WINDOWS\system32\EF3.tmp
C:\WINDOWS\system32\EF1.tmp
C:\WINDOWS\system32\EEF.tmp
C:\WINDOWS\system32\EED.tmp
C:\WINDOWS\system32\EEB.tmp
C:\WINDOWS\system32\EE9.tmp
C:\WINDOWS\system32\EE7.tmp
C:\WINDOWS\system32\EE5.tmp
C:\WINDOWS\system32\EE3.tmp
C:\WINDOWS\system32\EDF.tmp
C:\WINDOWS\system32\EDD.tmp
C:\WINDOWS\system32\EDB.tmp
C:\WINDOWS\system32\ED9.tmp
C:\WINDOWS\system32\ED7.tmp
C:\WINDOWS\system32\ED5.tmp
C:\WINDOWS\system32\ED4.tmp
C:\WINDOWS\system32\ED3.tmp
C:\WINDOWS\system32\ED2.tmp
C:\WINDOWS\system32\ED0.tmp
C:\WINDOWS\system32\ECF.tmp
C:\WINDOWS\system32\ECE.tmp
C:\WINDOWS\system32\ECD.tmp
C:\WINDOWS\system32\ECC.tmp
C:\WINDOWS\system32\ECB.tmp
C:\WINDOWS\system32\ECA.tmp
C:\WINDOWS\system32\EC9.tmp
C:\WINDOWS\system32\EC8.tmp
C:\WINDOWS\system32\EC7.tmp
C:\WINDOWS\system32\EC6.tmp
C:\WINDOWS\system32\EC5.tmp
C:\WINDOWS\system32\EC4.tmp
C:\WINDOWS\system32\EC3.tmp
C:\WINDOWS\system32\EC2.tmp
C:\WINDOWS\system32\EC1.tmp
C:\WINDOWS\system32\EC0.tmp
C:\WINDOWS\system32\EBF.tmp
C:\WINDOWS\system32\EBE.tmp
C:\WINDOWS\system32\EBD.tmp
C:\WINDOWS\system32\EBC.tmp
Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.


Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

Step 2[/color]
Please run the F-Secure Online Scanner

Note: This Scanner is for use with Internet Explorer Only!

Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs, Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.

Click the Show Report button and Copy & Paste the entire report in your next reply.

In your next reply, please submit:
New ComboFix.txt
F-Secure scan report
A new Hjt log

and could you let me know how things are running now.

Thanks

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #9 on: July 20, 2008, 11:59:42 PM »
New Combo fix log:

ComboFix 08-07-18.1 - Owner 2008-07-20 14:50:47.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.593 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-06-20 to 2008-07-20  )))))))))))))))))))))))))))))))
.

2008-07-20 14:47 . 2008-07-20 14:47   244   --ah-----   C:\sqmnoopt19.sqm
2008-07-20 14:47 . 2008-07-20 14:47   232   --ah-----   C:\sqmdata19.sqm
2008-07-20 11:25 . 2008-07-20 11:25   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 11:25 . 2008-07-20 11:25   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-20 11:25 . 2008-07-20 11:25   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 11:25 . 2008-07-18 19:15   36,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-20 11:25 . 2008-07-18 19:15   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-19 15:44 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-07-19 15:40 . 2008-07-19 15:40   244   --ah-----   C:\sqmnoopt18.sqm
2008-07-19 15:40 . 2008-07-19 15:40   232   --ah-----   C:\sqmdata18.sqm
2008-07-19 11:09 . 2008-07-19 11:09   244   --ah-----   C:\sqmnoopt17.sqm
2008-07-19 11:09 . 2008-07-19 11:09   232   --ah-----   C:\sqmdata17.sqm
2008-07-18 20:33 . 2008-07-18 20:33   244   --ah-----   C:\sqmnoopt16.sqm
2008-07-18 20:33 . 2008-07-18 20:33   232   --ah-----   C:\sqmdata16.sqm
2008-07-17 13:42 . 2008-07-17 13:42   244   --ah-----   C:\sqmnoopt15.sqm
2008-07-17 13:42 . 2008-07-17 13:42   232   --ah-----   C:\sqmdata15.sqm
2008-07-17 12:13 . 2008-07-17 12:13   244   --ah-----   C:\sqmnoopt14.sqm
2008-07-17 12:13 . 2008-07-17 12:13   232   --ah-----   C:\sqmdata14.sqm
2008-07-17 12:03 . 2008-07-20 14:46   11,405,344   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 12:03 . 2008-07-20 14:46   142,772   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 11:59 . 2008-07-17 11:59   <DIR>   d--------   C:\Program Files\ZoneAlarmSB
2008-07-17 10:53 . 2008-07-17 10:53   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-07-17 10:53 . 2008-07-17 12:14   4,212   --ah-----   C:\WINDOWS\system32\zllictbl.dat
2008-07-17 09:42 . 2008-07-17 09:42   244   --ah-----   C:\sqmnoopt13.sqm
2008-07-17 09:42 . 2008-07-17 09:42   232   --ah-----   C:\sqmdata13.sqm
2008-07-16 23:02 . 2008-07-16 23:02   244   --ah-----   C:\sqmnoopt12.sqm
2008-07-16 23:02 . 2008-07-16 23:02   232   --ah-----   C:\sqmdata12.sqm
2008-07-16 22:36 . 2008-07-16 22:36   244   --ah-----   C:\sqmnoopt11.sqm
2008-07-16 22:36 . 2008-07-16 22:36   232   --ah-----   C:\sqmdata11.sqm
2008-07-16 22:01 . 2008-07-17 09:40   309   --a------   C:\WINDOWS\wininit.ini
2008-07-16 21:48 . 2008-07-16 22:47   4,018   --a------   C:\WINDOWS\system32\tmp.reg
2008-07-16 21:38 . 2008-05-29 09:35   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-16 21:38 . 2008-05-18 21:40   82,944   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-16 21:38 . 2008-07-02 13:33   82,432   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 21:38 . 2008-05-23 18:21   81,920   --a------   C:\WINDOWS\system32\404Fix.exe
2008-07-16 21:37 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 21:37 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 21:37 . 2003-06-05 21:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-07-16 21:37 . 2004-07-31 18:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-16 21:37 . 2007-10-04 00:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 21:17 . 2008-07-16 21:17   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-16 21:14 . 2008-07-16 21:14   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 21:09 . 2008-07-16 21:09   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-16 21:09 . 2008-07-16 21:21   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 21:04 . 2008-07-16 21:04   <DIR>   d--------   C:\Program Files\Trend Micro
2008-07-16 20:28 . 2008-07-16 20:28   244   --ah-----   C:\sqmnoopt10.sqm
2008-07-16 20:28 . 2008-07-16 20:28   232   --ah-----   C:\sqmdata10.sqm
2008-07-16 19:17 . 2008-07-16 19:17   244   --ah-----   C:\sqmnoopt09.sqm
2008-07-16 19:17 . 2008-07-16 19:17   232   --ah-----   C:\sqmdata09.sqm
2008-07-16 19:12 . 2008-07-16 19:12   244   --ah-----   C:\sqmnoopt08.sqm
2008-07-16 19:12 . 2008-07-16 19:12   232   --ah-----   C:\sqmdata08.sqm
2008-07-16 19:01 . 2008-07-20 09:12   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-16 19:01 . 2008-07-16 19:01   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-16 19:01 . 2008-07-16 19:01   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-16 19:01 . 2008-07-16 19:01   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 18:50 . 2008-07-16 23:01   594   --ahs----   C:\WINDOWS\system32\qmifsscp.ini
2008-07-13 09:31 . 2008-07-13 09:31   244   --ah-----   C:\sqmnoopt07.sqm
2008-07-13 09:31 . 2008-07-13 09:31   232   --ah-----   C:\sqmdata07.sqm
2008-07-11 23:51 . 2008-07-11 23:51   244   --ah-----   C:\sqmnoopt06.sqm
2008-07-11 23:51 . 2008-07-11 23:51   232   --ah-----   C:\sqmdata06.sqm
2008-07-11 09:56 . 2008-07-11 09:56   244   --ah-----   C:\sqmnoopt05.sqm
2008-07-11 09:56 . 2008-07-11 09:56   232   --ah-----   C:\sqmdata05.sqm
2008-07-10 16:05 . 2008-07-10 16:05   244   --ah-----   C:\sqmnoopt04.sqm
2008-07-10 16:05 . 2008-07-10 16:05   232   --ah-----   C:\sqmdata04.sqm
2008-07-10 12:26 . 2008-07-10 12:26   244   --ah-----   C:\sqmnoopt03.sqm
2008-07-10 12:26 . 2008-07-10 12:26   232   --ah-----   C:\sqmdata03.sqm
2008-07-05 19:43 . 2008-07-05 19:43   244   --ah-----   C:\sqmnoopt02.sqm
2008-07-05 19:43 . 2008-07-05 19:43   232   --ah-----   C:\sqmdata02.sqm
2008-07-04 08:12 . 2008-07-04 08:12   244   --ah-----   C:\sqmnoopt01.sqm
2008-07-04 08:12 . 2008-07-04 08:12   232   --ah-----   C:\sqmdata01.sqm
2008-07-03 16:20 . 2008-07-03 16:20   244   --ah-----   C:\sqmnoopt00.sqm
2008-07-03 16:20 . 2008-07-03 16:20   232   --ah-----   C:\sqmdata00.sqm
2008-07-03 15:45 . 2008-07-03 15:45   <DIR>   d--------   C:\Program Files\Musicnotes
2008-07-03 08:06 . 2008-04-22 21:16   6,066,176   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 08:06 . 2007-04-17 02:32   2,455,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 08:06 . 2007-03-07 22:10   991,232   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 08:06 . 2008-04-22 21:16   459,264   --a--c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 08:06 . 2008-04-22 21:16   383,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 08:06 . 2008-04-22 21:16   267,776   --a--c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 08:06 . 2008-04-22 21:16   63,488   --a--c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 08:06 . 2008-04-22 21:16   52,224   --a--c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 08:06 . 2008-04-22 00:39   13,824   --a--c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-02 22:48 . 2006-08-21 02:14   128,896   --a--c---   C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-07-02 22:48 . 2006-08-21 02:14   23,040   --a--c---   C:\WINDOWS\system32\dllcache\fltmc.exe
2008-07-02 22:48 . 2006-08-21 05:21   16,896   --a--c---   C:\WINDOWS\system32\dllcache\fltlib.dll
2008-07-02 16:57 . 2006-10-04 07:06   1,197,294   --a--c---   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-07-02 16:57 . 2006-10-04 07:06   764,868   --a--c---   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-07-02 16:57 . 2006-10-04 07:06   217,118   --a--c---   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-07-02 16:54 . 2008-07-04 10:15   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-07-02 16:54 . 2008-07-02 16:55   <DIR>   d--------   C:\e49d3fd325957d9bc62ee2002c
2008-07-02 09:00 . 2007-07-09 06:09   584,192   --a--c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-02 09:00 . 2008-06-13 06:10   272,128   --a--c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 16:50 . 2008-07-02 16:54   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-07-01 09:37 . 2004-08-03 23:56   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-07-01 09:18 . 2006-09-25 16:58   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 09:17 . 2008-07-01 09:17   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-01 09:16 . 2004-08-03 23:56   438,784   --a------   C:\WINDOWS\system32\xpob2res.dll
2008-07-01 09:16 . 2004-08-03 23:56   351,232   --a------   C:\WINDOWS\system32\winhttp.dll
2008-07-01 09:16 . 2004-08-03 23:56   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll
2008-07-01 09:16 . 2004-08-03 23:56   8,192   --a------   C:\WINDOWS\system32\bitsprx2.dll
2008-07-01 09:16 . 2004-08-03 23:56   7,168   --a------   C:\WINDOWS\system32\bitsprx3.dll
2008-07-01 09:15 . 2007-07-30 18:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-07-01 09:15 . 2007-07-30 18:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-07-01 09:15 . 2007-07-30 18:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-07-01 09:15 . 2007-07-30 18:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-07-01 09:15 . 2007-07-30 18:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-07-01 09:15 . 2007-07-30 18:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-07-01 09:15 . 2007-07-30 18:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-01 09:15 . 2007-07-30 18:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-07-01 09:15 . 2007-07-30 18:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-01 09:11 . 2008-07-01 09:11   9,509   --a------   C:\WINDOWS\system32\QuickTime.qtp
2008-06-21 23:09 . 2008-06-21 23:09   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\HP
2008-06-21 23:03 . 2004-08-03 23:56   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-06-21 22:43 . 2008-06-21 22:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-21 22:40 . 2008-06-21 22:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HP
2008-06-21 22:38 . 2006-12-03 14:45   49,920   -ra------   C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-21 22:38 . 2006-12-03 14:45   16,496   -ra------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-21 22:37 . 2007-01-12 02:44   892,928   -ra------   C:\WINDOWS\system32\hpwtiop2.dll
2008-06-21 22:37 . 2007-01-12 02:44   675,840   -ra------   C:\WINDOWS\system32\hpwwiax2.dll
2008-06-21 22:37 . 2006-12-03 14:45   364,544   -ra------   C:\WINDOWS\system32\hppldcoi.dll
2008-06-21 22:37 . 2006-12-03 14:44   309,760   -ra------   C:\WINDOWS\system32\difxapi.dll
2008-06-21 22:37 . 2006-12-27 07:24   294,912   -ra------   C:\WINDOWS\system32\hpovst11.dll
2008-06-21 22:37 . 2007-01-31 11:08   258,048   -ra------   C:\WINDOWS\system32\hpzids01.dll
2008-06-21 22:37 . 2006-12-29 08:57   117,760   --a------   C:\WINDOWS\system32\hpz3l4v2.dll
2008-06-21 22:37 . 2006-12-03 14:46   21,568   -ra------   C:\WINDOWS\system32\drivers\HPZius12.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 21:44   ---------   d-----w   C:\Program Files\Symantec
2008-07-20 21:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Symantec
2008-07-20 18:22   ---------   d-----w   C:\Program Files\Easy Internet signup
2008-07-19 22:44   ---------   d-----w   C:\Program Files\Java
2008-07-19 21:58   ---------   d-----w   C:\Program Files\QuickTime
2008-07-19 21:58   ---------   d-----w   C:\Program Files\iTunes
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F3A.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F38.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F37.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F36.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F35.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F34.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F33.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F32.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F31.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F30.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2F.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2E.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2D.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2C.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2B.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2A.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F29.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F28.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F27.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F26.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F25.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F24.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F23.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F22.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F21.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F20.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1F.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1E.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1D.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1C.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1B.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1A.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F19.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F18.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F17.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F16.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F15.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F14.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F13.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F12.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F11.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F0E.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F0C.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F0A.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F08.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F06.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F04.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F02.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\F00.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EFF.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EFD.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EFB.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF9.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF7.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF5.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF3.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EF1.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EEF.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EED.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EEB.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE9.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE7.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE5.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE3.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\EDF.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\EDD.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\EDB.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED9.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED7.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED5.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED4.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED3.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED2.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ED0.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECF.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECE.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECD.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECC.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECB.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECA.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\EC9.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC8.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC7.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC6.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC5.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC4.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC3.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC2.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC1.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC0.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBF.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBE.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBD.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBC.tmp
2008-04-17 15:04   27,976   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-04-17 15:04   125,848   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2005-04-25 01:19   25,677   --sha-w   C:\WINDOWS\Registration\ksatrc.bak1
2005-05-03 15:34   496,232   --sha-w   C:\WINDOWS\Registration\ksatrc.bak2
.

(((((((((((((((((((((((((((((   snapshot@2008-07-19_11.01.49.95   )))))))))))))))))))))))))))))))))))))))))
.
- 2004-01-21 01:53:45   24,681   ----a-w   C:\WINDOWS\system32\java.exe
+ 2008-06-10 08:21:01   135,168   ----a-w   C:\WINDOWS\system32\java.exe
- 2004-01-21 01:53:45   28,779   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 08:21:04   135,168   ----a-w   C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 09:32:34   139,264   ----a-w   C:\WINDOWS\system32\javaws.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 07:11 185632]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50 221184]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50 3022848]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31 118784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2005-12-11 15:48 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43 274432]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-16 19:00 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"nwiz"="nwiz.exe" [2003-12-05 20:50 753664 C:\WINDOWS\system32\nwiz.exe]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\billmind.exe [2004-09-27 21:15:30 25600]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-03-17 17:50:26 299008]
PowerReg Scheduler V3.exe [2005-06-20 09:54:37 225280]
PowerReg Scheduler.exe [2006-07-07 15:32:30 256000]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 02:38:16 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-27 12:03:57 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe [2007-03-26 02:48:00 67128]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 20:59:55 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-16 19:01]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-16 19:00]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-16 19:00]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-16 19:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd446d44-4460-11dd-a848-001596fe0aae}]
\Shell\AutoRun\command - K:\LinksysConnectPC.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 02:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-20 18:22:16 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-07-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 07:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-28 20:09:53 C:\WINDOWS\Tasks\SecureIE2007Upgrade.job"
- C:\Program Files\Winferno\Secure IE 2007 Upgrade\SecureIE2007Upgrade.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-07-19 22:53:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-10 22:53:14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 14:54:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-20 14:56:50
ComboFix-quarantined-files.txt  2008-07-20 21:56:26
ComboFix2.txt  2008-07-19 22:02:21
ComboFix3.txt  2008-07-19 18:03:07

Pre-Run: 108,378,607,616 bytes free
Post-Run: 108,408,213,504 bytes free

352   --- E O F ---   2008-07-11 07:26:38

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:14, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4928878609
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7556 bytes

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #8 on: July 20, 2008, 11:06:05 PM »
Hi crazyboy8u

The reason i had you run the MBAM program, was because i could see that the temp files kept coming back..... so there was no point in getting rid of anymore until the cause had been dealt with.
Looks like MBAM has done a good job.

The reason for the uninstall list was that a couple of things confused me with your Hjt log and i wanted to double check before continuing.
But all is clear now.

Step 1[/color]
It is not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either AVG8 or Norton AntiVirus 2004 (Symantec Corporation).... (if removing Norton, please remove all entries)
The choice is up to you.

Reboot when finished.

Step 2[/color]
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Please run another scan for me.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash

In your next reply, please submit:
New ComboFix.txt
and a new Hjt log

Thanks.

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #7 on: July 20, 2008, 10:32:13 PM »
MBAM scan report:

Malwarebytes' Anti-Malware 1.21
Database version: 971
Windows 5.1.2600 Service Pack 2

1:26:05 PM 7/20/2008
mbam-log-7-20-2008 (13-26-05).txt

Scan type: Quick Scan
Objects scanned: 46308
Time elapsed: 11 minute(s), 29 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 3
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 28

Memory Processes Infected:
C:\Program Files\USS\USS.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll (Trojan.FakeAlert) -> Unloaded module successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\GSCRPlugin.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{abcd4567-d8e8-4df1-a3ea-d0aa72f42622} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvo7j0ea2e (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvo7j0ea2e (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.bqad (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qndsfmao.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\USLst (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USS_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{826f15bf-1a4c-4290-bfd1-794af7a2cb8f}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{d1957ff4-ea22-4b4a-81a1-c62068479ded}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uss_{ec572088-91c7-4293-93f9-93d40b0e0b36}_is1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uss (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\USS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#agents (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\#monitors (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\kernel.dll (Rogue.WinPCDoctor) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\wasffNT.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\USS.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\GESPlugin.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AMPlugin.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\AsAgents.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcp71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\msvcr71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{D1957FF4-EA22-4b4a-81A1-C62068479DED}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\GSCRPlugin.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\USS\{EC572088-91C7-4293-93F9-93D40B0E0B36}\unins000.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Uninstall list:

32 Bit HP CIO Components Installer
Ad-Aware
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
Apple Mobile Device Support
Apple Software Update
AVG Free 8.0
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bonjour
Bounce Symphony from Hewlett-Packard Desktops (remove only)
CC_ccStart
ccCommon
Easy Internet Sign-up
Excavation from Hewlett-Packard Desktops (remove only)
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 8.0
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Imaging Device Functions 8.0
HP Instant Support
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP Photosmart Essential
HP PSC & OfficeJet 3.0
HP Solution Center 8.0
HP Update
HPIZ350
HPSSupply
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java(TM) 6 Update 7
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Access 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (2.0.0.16)
MSRedist
MSXML 4.0 SP2 (KB936181)
Multimedia Card Reader
MUSICMATCH® Jukebox
Musicnotes Player V1.23.1
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
NVIDIA Display Driver
NVIDIA GART Driver
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealOne Player
RecordNow!
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
SpamSubtract
Spybot - Search & Destroy
SymNet
Toolkit View(HP)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Updates from HP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Zone Deluxe Games
ZoneAlarm
ZoneAlarm Spy Blocker

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:31:29, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\gcdtmp56\GoogleDesktopSetupHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Billminder.lnk = C:\QUICKENW\billmind.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4928878609
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8731 bytes

Thank you again for the help!

Starbuck

  • CEO
  • Site Management
  • *
  • Offline Offline
  • location: Midlands. UK
  • Posts: 3354
  • .: Leader Malware Analysis & Removal Team
  • -: Site Help Desk - Support Department
    • WWW
Re: I am in need of some hijackthis analysis
« Reply #6 on: July 20, 2008, 07:34:52 PM »
Hi crazyboy8u

We've still got some work to do.

Step 1[/color]
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2[/color]
Open HijackThis... click on Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save..... copy and paste the results in your next post.
More information with a screenshot, can be found here.

In your next reply, please submit:
MBAM scan report
Uninstall list
and a new Hjt log.

Thanks.

crazyboy8uTopic starter

  • Full Member
  • **
  • Offline Offline
  • Posts: 10
Re: I am in need of some hijackthis analysis
« Reply #5 on: July 20, 2008, 06:24:37 PM »
Jotti Report:

File: qmifsscp.ini
Status: OK
MD5: 56943c36112911a655a77bcce2f0a6a5

Scanner results
Scan taken on 19 Jul 2008 21:38:09 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

New Combofix:
ComboFix 08-07-18.1 - Owner 2008-07-19 14:51:29.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.376 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\WINDOWS\agpqlrfm.exe
C:\WINDOWS\DUMP668a.tmp
C:\WINDOWS\DUMP6699.tmp
C:\WINDOWS\DUMP669a.tmp
C:\WINDOWS\DUMP66bb.tmp
C:\WINDOWS\DUMP66bc.tmp
C:\WINDOWS\DUMP6757.tmp
C:\WINDOWS\DUMP6776.tmp
C:\WINDOWS\DUMP6813.tmp
C:\WINDOWS\DUMP6814.tmp
C:\WINDOWS\DUMP688e.tmp
C:\WINDOWS\DUMP689d.tmp
C:\WINDOWS\DUMP689e.tmp
C:\WINDOWS\DUMP689f.tmp
C:\WINDOWS\DUMP68cc.tmp
C:\WINDOWS\DUMP68dc.tmp
C:\WINDOWS\DUMP68fd.tmp
C:\WINDOWS\DUMP690a.tmp
C:\WINDOWS\DUMP691b.tmp
C:\WINDOWS\DUMP6969.tmp
C:\WINDOWS\DUMP69d5.tmp
C:\WINDOWS\DUMP6a52.tmp
C:\WINDOWS\DUMP6a91.tmp
C:\WINDOWS\DUMP6ad0.tmp
C:\WINDOWS\DUMP6af0.tmp
C:\WINDOWS\DUMP6baa.tmp
C:\WINDOWS\DUMP6bf8.tmp
C:\WINDOWS\DUMP6d50.tmp
C:\WINDOWS\DUMP7501.tmp
C:\WINDOWS\DUMP7714.tmp
C:\WINDOWS\DUMP7cf0.tmp
C:\WINDOWS\Internet Logs\xDB12A.tmp
C:\WINDOWS\Internet Logs\xDB12B.tmp
C:\WINDOWS\Internet Logs\xDB12C.tmp
C:\WINDOWS\Internet Logs\xDB12D.tmp
C:\WINDOWS\Internet Logs\xDB12E.tmp
C:\WINDOWS\Internet Logs\xDB12F.tmp
C:\WINDOWS\Internet Logs\xDB130.tmp
C:\WINDOWS\Internet Logs\xDB131.tmp
C:\WINDOWS\Internet Logs\xDB132.tmp
C:\WINDOWS\Internet Logs\xDB133.tmp
C:\WINDOWS\Internet Logs\xDB134.tmp
C:\WINDOWS\Internet Logs\xDB135.tmp
C:\WINDOWS\Internet Logs\xDB136.tmp
C:\WINDOWS\Internet Logs\xDB137.tmp
C:\WINDOWS\Internet Logs\xDB138.tmp
C:\WINDOWS\Internet Logs\xDB139.tmp
C:\WINDOWS\Internet Logs\xDB13A.tmp
C:\WINDOWS\Internet Logs\xDB13B.tmp
C:\WINDOWS\Internet Logs\xDB13C.tmp
C:\WINDOWS\Internet Logs\xDB13D.tmp
C:\WINDOWS\Internet Logs\xDB13E.tmp
C:\WINDOWS\Internet Logs\xDB13F.tmp
C:\WINDOWS\Internet Logs\xDB140.tmp
C:\WINDOWS\Internet Logs\xDB141.tmp
C:\WINDOWS\Internet Logs\xDB142.tmp
C:\WINDOWS\Internet Logs\xDB143.tmp
C:\WINDOWS\Internet Logs\xDB144.tmp
C:\WINDOWS\Internet Logs\xDB145.tmp
C:\WINDOWS\Internet Logs\xDB146.tmp
C:\WINDOWS\Internet Logs\xDB147.tmp
C:\WINDOWS\Internet Logs\xDB148.tmp
C:\WINDOWS\Internet Logs\xDB149.tmp
C:\WINDOWS\Internet Logs\xDB14A.tmp
C:\WINDOWS\Internet Logs\xDB14B.tmp
C:\WINDOWS\Internet Logs\xDB14C.tmp
C:\WINDOWS\Internet Logs\xDB14D.tmp
C:\WINDOWS\Internet Logs\xDB14E.tmp
C:\WINDOWS\Internet Logs\xDB14F.tmp
C:\WINDOWS\Internet Logs\xDB150.tmp
C:\WINDOWS\Internet Logs\xDB151.tmp
C:\WINDOWS\Internet Logs\xDB152.tmp
C:\WINDOWS\Internet Logs\xDB153.tmp
C:\WINDOWS\Internet Logs\xDB154.tmp
C:\WINDOWS\Internet Logs\xDB155.tmp
C:\WINDOWS\Internet Logs\xDB156.tmp
C:\WINDOWS\Internet Logs\xDB157.tmp
C:\WINDOWS\Internet Logs\xDB158.tmp
C:\WINDOWS\Internet Logs\xDB159.tmp
C:\WINDOWS\Internet Logs\xDB15A.tmp
C:\WINDOWS\Internet Logs\xDB15B.tmp
C:\WINDOWS\Internet Logs\xDB15C.tmp
C:\WINDOWS\Internet Logs\xDB15D.tmp
C:\WINDOWS\Internet Logs\xDB15E.tmp
C:\WINDOWS\Internet Logs\xDB15F.tmp
C:\WINDOWS\Internet Logs\xDB160.tmp
C:\WINDOWS\Internet Logs\xDB161.tmp
C:\WINDOWS\Internet Logs\xDB162.tmp
C:\WINDOWS\Internet Logs\xDB163.tmp
C:\WINDOWS\system32\32.tmp
C:\WINDOWS\system32\52.tmp
C:\WINDOWS\system32\5C.tmp
C:\WINDOWS\system32\5D.tmp
C:\WINDOWS\system32\64.tmp
C:\WINDOWS\system32\73.tmp
C:\WINDOWS\system32\74.tmp
C:\WINDOWS\system32\79.tmp
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Desktop\Vista Antivirus 2008.lnk
C:\WINDOWS\agpqlrfm.exe
C:\WINDOWS\DUMP668a.tmp
C:\WINDOWS\DUMP6699.tmp
C:\WINDOWS\DUMP669a.tmp
C:\WINDOWS\DUMP66bb.tmp
C:\WINDOWS\DUMP66bc.tmp
C:\WINDOWS\DUMP6757.tmp
C:\WINDOWS\DUMP6776.tmp
C:\WINDOWS\DUMP6813.tmp
C:\WINDOWS\DUMP6814.tmp
C:\WINDOWS\DUMP688e.tmp
C:\WINDOWS\DUMP689d.tmp
C:\WINDOWS\DUMP689e.tmp
C:\WINDOWS\DUMP689f.tmp
C:\WINDOWS\DUMP68cc.tmp
C:\WINDOWS\DUMP68dc.tmp
C:\WINDOWS\DUMP68fd.tmp
C:\WINDOWS\DUMP690a.tmp
C:\WINDOWS\DUMP691b.tmp
C:\WINDOWS\DUMP6969.tmp
C:\WINDOWS\DUMP69d5.tmp
C:\WINDOWS\DUMP6a52.tmp
C:\WINDOWS\DUMP6a91.tmp
C:\WINDOWS\DUMP6ad0.tmp
C:\WINDOWS\DUMP6af0.tmp
C:\WINDOWS\DUMP6baa.tmp
C:\WINDOWS\DUMP6bf8.tmp
C:\WINDOWS\DUMP6d50.tmp
C:\WINDOWS\DUMP7501.tmp
C:\WINDOWS\DUMP7714.tmp
C:\WINDOWS\DUMP7cf0.tmp
C:\WINDOWS\Internet Logs\xDB12A.tmp
C:\WINDOWS\Internet Logs\xDB12B.tmp
C:\WINDOWS\Internet Logs\xDB12C.tmp
C:\WINDOWS\Internet Logs\xDB12D.tmp
C:\WINDOWS\Internet Logs\xDB12E.tmp
C:\WINDOWS\Internet Logs\xDB12F.tmp
C:\WINDOWS\Internet Logs\xDB130.tmp
C:\WINDOWS\Internet Logs\xDB131.tmp
C:\WINDOWS\Internet Logs\xDB132.tmp
C:\WINDOWS\Internet Logs\xDB133.tmp
C:\WINDOWS\Internet Logs\xDB134.tmp
C:\WINDOWS\Internet Logs\xDB135.tmp
C:\WINDOWS\Internet Logs\xDB136.tmp
C:\WINDOWS\Internet Logs\xDB137.tmp
C:\WINDOWS\Internet Logs\xDB138.tmp
C:\WINDOWS\Internet Logs\xDB139.tmp
C:\WINDOWS\Internet Logs\xDB13A.tmp
C:\WINDOWS\Internet Logs\xDB13B.tmp
C:\WINDOWS\Internet Logs\xDB13C.tmp
C:\WINDOWS\Internet Logs\xDB13D.tmp
C:\WINDOWS\Internet Logs\xDB13E.tmp
C:\WINDOWS\Internet Logs\xDB13F.tmp
C:\WINDOWS\Internet Logs\xDB140.tmp
C:\WINDOWS\Internet Logs\xDB141.tmp
C:\WINDOWS\Internet Logs\xDB142.tmp
C:\WINDOWS\Internet Logs\xDB143.tmp
C:\WINDOWS\Internet Logs\xDB144.tmp
C:\WINDOWS\Internet Logs\xDB145.tmp
C:\WINDOWS\Internet Logs\xDB146.tmp
C:\WINDOWS\Internet Logs\xDB147.tmp
C:\WINDOWS\Internet Logs\xDB148.tmp
C:\WINDOWS\Internet Logs\xDB149.tmp
C:\WINDOWS\Internet Logs\xDB14A.tmp
C:\WINDOWS\Internet Logs\xDB14B.tmp
C:\WINDOWS\Internet Logs\xDB14C.tmp
C:\WINDOWS\Internet Logs\xDB14D.tmp
C:\WINDOWS\Internet Logs\xDB14E.tmp
C:\WINDOWS\Internet Logs\xDB14F.tmp
C:\WINDOWS\Internet Logs\xDB150.tmp
C:\WINDOWS\Internet Logs\xDB151.tmp
C:\WINDOWS\Internet Logs\xDB152.tmp
C:\WINDOWS\Internet Logs\xDB153.tmp
C:\WINDOWS\Internet Logs\xDB154.tmp
C:\WINDOWS\Internet Logs\xDB155.tmp
C:\WINDOWS\Internet Logs\xDB156.tmp
C:\WINDOWS\Internet Logs\xDB157.tmp
C:\WINDOWS\Internet Logs\xDB158.tmp
C:\WINDOWS\Internet Logs\xDB159.tmp
C:\WINDOWS\Internet Logs\xDB15A.tmp
C:\WINDOWS\Internet Logs\xDB15B.tmp
C:\WINDOWS\Internet Logs\xDB15C.tmp
C:\WINDOWS\Internet Logs\xDB15D.tmp
C:\WINDOWS\Internet Logs\xDB15E.tmp
C:\WINDOWS\Internet Logs\xDB15F.tmp
C:\WINDOWS\Internet Logs\xDB160.tmp
C:\WINDOWS\Internet Logs\xDB161.tmp
C:\WINDOWS\Internet Logs\xDB162.tmp
C:\WINDOWS\Internet Logs\xDB163.tmp
C:\WINDOWS\system32\32.tmp
C:\WINDOWS\system32\52.tmp
C:\WINDOWS\system32\5C.tmp
C:\WINDOWS\system32\5D.tmp
C:\WINDOWS\system32\64.tmp
C:\WINDOWS\system32\73.tmp
C:\WINDOWS\system32\74.tmp
C:\WINDOWS\system32\79.tmp

.
(((((((((((((((((((((((((   Files Created from 2008-06-19 to 2008-07-19  )))))))))))))))))))))))))))))))
.

2008-07-19 11:09 . 2008-07-19 11:09   244   --ah-----   C:\sqmnoopt17.sqm
2008-07-19 11:09 . 2008-07-19 11:09   232   --ah-----   C:\sqmdata17.sqm
2008-07-18 20:33 . 2008-07-18 20:33   244   --ah-----   C:\sqmnoopt16.sqm
2008-07-18 20:33 . 2008-07-18 20:33   232   --ah-----   C:\sqmdata16.sqm
2008-07-17 13:42 . 2008-07-17 13:42   244   --ah-----   C:\sqmnoopt15.sqm
2008-07-17 13:42 . 2008-07-17 13:42   232   --ah-----   C:\sqmdata15.sqm
2008-07-17 12:13 . 2008-07-17 12:13   244   --ah-----   C:\sqmnoopt14.sqm
2008-07-17 12:13 . 2008-07-17 12:13   232   --ah-----   C:\sqmdata14.sqm
2008-07-17 12:03 . 2008-07-19 14:59   10,352,672   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 12:03 . 2008-07-19 10:51   97,940   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 11:59 . 2008-07-17 11:59   <DIR>   d--------   C:\Program Files\ZoneAlarmSB
2008-07-17 10:53 . 2008-07-17 10:53   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\MailFrontier
2008-07-17 10:53 . 2008-07-17 12:14   4,212   --ah-----   C:\WINDOWS\system32\zllictbl.dat
2008-07-17 09:42 . 2008-07-17 09:42   244   --ah-----   C:\sqmnoopt13.sqm
2008-07-17 09:42 . 2008-07-17 09:42   232   --ah-----   C:\sqmdata13.sqm
2008-07-16 23:02 . 2008-07-16 23:02   244   --ah-----   C:\sqmnoopt12.sqm
2008-07-16 23:02 . 2008-07-16 23:02   232   --ah-----   C:\sqmdata12.sqm
2008-07-16 22:36 . 2008-07-16 22:36   244   --ah-----   C:\sqmnoopt11.sqm
2008-07-16 22:36 . 2008-07-16 22:36   232   --ah-----   C:\sqmdata11.sqm
2008-07-16 22:01 . 2008-07-17 09:40   309   --a------   C:\WINDOWS\wininit.ini
2008-07-16 21:48 . 2008-07-16 22:47   4,018   --a------   C:\WINDOWS\system32\tmp.reg
2008-07-16 21:38 . 2008-05-29 09:35   86,528   --a------   C:\WINDOWS\system32\VACFix.exe
2008-07-16 21:38 . 2008-05-18 21:40   82,944   --a------   C:\WINDOWS\system32\IEDFix.exe
2008-07-16 21:38 . 2008-07-02 13:33   82,432   --a------   C:\WINDOWS\system32\IEDFix.C.exe
2008-07-16 21:38 . 2008-05-23 18:21   81,920   --a------   C:\WINDOWS\system32\404Fix.exe
2008-07-16 21:37 . 2007-09-06 00:22   289,144   --a------   C:\WINDOWS\system32\VCCLSID.exe
2008-07-16 21:37 . 2006-04-27 17:49   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2008-07-16 21:37 . 2003-06-05 21:13   53,248   --a------   C:\WINDOWS\system32\Process.exe
2008-07-16 21:37 . 2004-07-31 18:50   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2008-07-16 21:37 . 2007-10-04 00:36   25,600   --a------   C:\WINDOWS\system32\WS2Fix.exe
2008-07-16 21:17 . 2008-07-16 21:17   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-16 21:14 . 2008-07-16 21:14   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-16 21:09 . 2008-07-16 21:09   <DIR>   d--------   C:\Program Files\Spybot - Search & Destroy
2008-07-16 21:09 . 2008-07-16 21:21   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 21:04 . 2008-07-16 21:04   <DIR>   d--------   C:\Program Files\Trend Micro
2008-07-16 20:28 . 2008-07-16 20:28   244   --ah-----   C:\sqmnoopt10.sqm
2008-07-16 20:28 . 2008-07-16 20:28   232   --ah-----   C:\sqmdata10.sqm
2008-07-16 19:17 . 2008-07-16 19:17   244   --ah-----   C:\sqmnoopt09.sqm
2008-07-16 19:17 . 2008-07-16 19:17   232   --ah-----   C:\sqmdata09.sqm
2008-07-16 19:12 . 2008-07-16 19:12   244   --ah-----   C:\sqmnoopt08.sqm
2008-07-16 19:12 . 2008-07-16 19:12   232   --ah-----   C:\sqmdata08.sqm
2008-07-16 19:01 . 2008-07-19 10:56   <DIR>   d--------   C:\WINDOWS\system32\drivers\Avg
2008-07-16 19:01 . 2008-07-16 19:01   96,520   --a------   C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-16 19:01 . 2008-07-16 19:01   76,040   --a------   C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-16 19:01 . 2008-07-16 19:01   10,520   --a------   C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 18:50 . 2008-07-16 23:01   594   --ahs----   C:\WINDOWS\system32\qmifsscp.ini
2008-07-16 18:44 . 2008-07-16 18:45   <DIR>   d--------   C:\Program Files\USS
2008-07-16 18:44 . 2008-07-16 18:44   0   --a------   C:\END
2008-07-13 09:31 . 2008-07-13 09:31   244   --ah-----   C:\sqmnoopt07.sqm
2008-07-13 09:31 . 2008-07-13 09:31   232   --ah-----   C:\sqmdata07.sqm
2008-07-11 23:51 . 2008-07-11 23:51   244   --ah-----   C:\sqmnoopt06.sqm
2008-07-11 23:51 . 2008-07-11 23:51   232   --ah-----   C:\sqmdata06.sqm
2008-07-11 09:56 . 2008-07-11 09:56   244   --ah-----   C:\sqmnoopt05.sqm
2008-07-11 09:56 . 2008-07-11 09:56   232   --ah-----   C:\sqmdata05.sqm
2008-07-10 16:05 . 2008-07-10 16:05   244   --ah-----   C:\sqmnoopt04.sqm
2008-07-10 16:05 . 2008-07-10 16:05   232   --ah-----   C:\sqmdata04.sqm
2008-07-10 12:26 . 2008-07-10 12:26   244   --ah-----   C:\sqmnoopt03.sqm
2008-07-10 12:26 . 2008-07-10 12:26   232   --ah-----   C:\sqmdata03.sqm
2008-07-05 19:43 . 2008-07-05 19:43   244   --ah-----   C:\sqmnoopt02.sqm
2008-07-05 19:43 . 2008-07-05 19:43   232   --ah-----   C:\sqmdata02.sqm
2008-07-04 08:12 . 2008-07-04 08:12   244   --ah-----   C:\sqmnoopt01.sqm
2008-07-04 08:12 . 2008-07-04 08:12   232   --ah-----   C:\sqmdata01.sqm
2008-07-03 16:20 . 2008-07-03 16:20   244   --ah-----   C:\sqmnoopt00.sqm
2008-07-03 16:20 . 2008-07-03 16:20   232   --ah-----   C:\sqmdata00.sqm
2008-07-03 15:45 . 2008-07-03 15:45   <DIR>   d--------   C:\Program Files\Musicnotes
2008-07-03 08:06 . 2008-04-22 21:16   6,066,176   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-03 08:06 . 2007-04-17 02:32   2,455,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-03 08:06 . 2007-03-07 22:10   991,232   --a--c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-03 08:06 . 2008-04-22 21:16   459,264   --a--c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-03 08:06 . 2008-04-22 21:16   383,488   --a--c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-03 08:06 . 2008-04-22 21:16   267,776   --a--c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-03 08:06 . 2008-04-22 21:16   63,488   --a--c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-03 08:06 . 2008-04-22 21:16   52,224   --a--c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-03 08:06 . 2008-04-22 00:39   13,824   --a--c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-02 22:48 . 2006-08-21 02:14   128,896   --a--c---   C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-07-02 22:48 . 2006-08-21 02:14   23,040   --a--c---   C:\WINDOWS\system32\dllcache\fltmc.exe
2008-07-02 22:48 . 2006-08-21 05:21   16,896   --a--c---   C:\WINDOWS\system32\dllcache\fltlib.dll
2008-07-02 16:57 . 2006-10-04 07:06   1,197,294   --a--c---   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-07-02 16:57 . 2006-10-04 07:06   764,868   --a--c---   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-07-02 16:57 . 2006-10-04 07:06   217,118   --a--c---   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-07-02 16:54 . 2008-07-04 10:15   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-07-02 16:54 . 2008-07-02 16:55   <DIR>   d--------   C:\e49d3fd325957d9bc62ee2002c
2008-07-02 09:00 . 2007-07-09 06:09   584,192   --a--c---   C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-02 09:00 . 2008-06-13 06:10   272,128   --a--c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 16:50 . 2008-07-02 16:54   <DIR>   d--------   C:\WINDOWS\system32\LogFiles
2008-07-01 09:37 . 2004-08-03 23:56   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll
2008-07-01 09:18 . 2006-09-25 16:58   23,856   --a------   C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 09:17 . 2008-07-01 09:17   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-01 09:16 . 2004-08-03 23:56   438,784   --a------   C:\WINDOWS\system32\xpob2res.dll
2008-07-01 09:16 . 2004-08-03 23:56   351,232   --a------   C:\WINDOWS\system32\winhttp.dll
2008-07-01 09:16 . 2004-08-03 23:56   18,944   --a------   C:\WINDOWS\system32\qmgrprxy.dll
2008-07-01 09:16 . 2004-08-03 23:56   8,192   --a------   C:\WINDOWS\system32\bitsprx2.dll
2008-07-01 09:16 . 2004-08-03 23:56   7,168   --a------   C:\WINDOWS\system32\bitsprx3.dll
2008-07-01 09:15 . 2007-07-30 18:19   549,720   --a------   C:\WINDOWS\system32\wuapi.dll
2008-07-01 09:15 . 2007-07-30 18:19   325,976   --a------   C:\WINDOWS\system32\wucltui.dll
2008-07-01 09:15 . 2007-07-30 18:19   216,408   --a------   C:\WINDOWS\system32\wuaucpl.cpl
2008-07-01 09:15 . 2007-07-30 18:19   43,352   --a------   C:\WINDOWS\system32\wups2.dll
2008-07-01 09:15 . 2007-07-30 18:18   34,136   --a------   C:\WINDOWS\system32\wucltui.dll.mui
2008-07-01 09:15 . 2007-07-30 18:18   33,624   --a------   C:\WINDOWS\system32\wups.dll
2008-07-01 09:15 . 2007-07-30 18:19   25,944   --a------   C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-07-01 09:15 . 2007-07-30 18:19   25,944   --a------   C:\WINDOWS\system32\wuapi.dll.mui
2008-07-01 09:15 . 2007-07-30 18:18   20,312   --a------   C:\WINDOWS\system32\wuaueng.dll.mui
2008-07-01 09:11 . 2008-07-01 09:11   9,509   --a------   C:\WINDOWS\system32\QuickTime.qtp
2008-06-21 23:09 . 2008-06-21 23:09   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\HP
2008-06-21 23:03 . 2004-08-03 23:56   221,184   --a------   C:\WINDOWS\system32\wmpns.dll
2008-06-21 22:43 . 2008-06-21 22:43   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-06-21 22:40 . 2008-06-21 22:41   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HP
2008-06-21 22:38 . 2006-12-03 14:45   49,920   -ra------   C:\WINDOWS\system32\drivers\HPZid412.sys
2008-06-21 22:38 . 2006-12-03 14:45   16,496   -ra------   C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-06-21 22:37 . 2007-01-12 02:44   892,928   -ra------   C:\WINDOWS\system32\hpwtiop2.dll
2008-06-21 22:37 . 2007-01-12 02:44   675,840   -ra------   C:\WINDOWS\system32\hpwwiax2.dll
2008-06-21 22:37 . 2006-12-03 14:45   364,544   -ra------   C:\WINDOWS\system32\hppldcoi.dll
2008-06-21 22:37 . 2006-12-03 14:44   309,760   -ra------   C:\WINDOWS\system32\difxapi.dll
2008-06-21 22:37 . 2006-12-27 07:24   294,912   -ra------   C:\WINDOWS\system32\hpovst11.dll
2008-06-21 22:37 . 2007-01-31 11:08   258,048   -ra------   C:\WINDOWS\system32\hpzids01.dll
2008-06-21 22:37 . 2006-12-29 08:57   117,760   --a------   C:\WINDOWS\system32\hpz3l4v2.dll
2008-06-21 22:37 . 2006-12-03 14:46   21,568   -ra------   C:\WINDOWS\system32\drivers\HPZius12.sys
2008-06-21 22:37 . 2004-08-03 21:58   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-21 22:36 . 2008-07-01 10:08   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2008-06-21 22:36 . 2008-06-21 22:36   <DIR>   d--------   C:\WINDOWS\marco
2008-06-21 22:31 . 2008-06-21 23:10   135,162   --a------   C:\WINDOWS\hpwins10.dat
2008-06-21 16:55 . 2008-06-21 16:55   3,684   --a------   C:\WINDOWS\system32\OEMINFO.PNF
2008-06-20 11:32 . 2004-08-03 22:10   61,056   --a------   C:\WINDOWS\system32\drivers\ohci1394.sys
2008-06-20 11:32 . 2004-08-03 22:15   60,800   --a------   C:\WINDOWS\system32\drivers\sysaudio.sys
2008-06-20 11:32 . 2001-08-17 14:00   54,272   --a------   C:\WINDOWS\system32\drivers\swmidi.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 21:58   ---------   d-----w   C:\Program Files\QuickTime
2008-07-19 21:58   ---------   d-----w   C:\Program Files\iTunes
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F3A.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F38.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F37.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F36.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F35.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F34.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F33.tmp
2008-07-19 03:52   94,208   ----a-w   C:\WINDOWS\system32\F32.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F31.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F30.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2F.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2E.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2D.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2C.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2B.tmp
2008-07-19 03:51   94,208   ----a-w   C:\WINDOWS\system32\F2A.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F29.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F28.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F27.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F26.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F25.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F24.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F23.tmp
2008-07-19 03:50   94,208   ----a-w   C:\WINDOWS\system32\F22.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F21.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F20.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1F.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1E.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1D.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1C.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1B.tmp
2008-07-19 03:49   94,208   ----a-w   C:\WINDOWS\system32\F1A.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F19.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F18.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F17.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F16.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F15.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F14.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F13.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F12.tmp
2008-07-19 03:48   94,208   ----a-w   C:\WINDOWS\system32\F11.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F0E.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F0C.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F0A.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F08.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F06.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F04.tmp
2008-07-19 03:47   94,208   ----a-w   C:\WINDOWS\system32\F02.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\F00.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EFF.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EFD.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EFB.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF9.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF7.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF5.tmp
2008-07-19 03:46   94,208   ----a-w   C:\WINDOWS\system32\EF3.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EF1.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EEF.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EED.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EEB.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE9.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE7.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE5.tmp
2008-07-19 03:45   94,208   ----a-w   C:\WINDOWS\system32\EE3.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\EDF.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\EDD.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\EDB.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED9.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED7.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED5.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED4.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED3.tmp
2008-07-19 03:44   94,208   ----a-w   C:\WINDOWS\system32\ED2.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ED0.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECF.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECE.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECD.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECC.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECB.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\ECA.tmp
2008-07-19 03:43   94,208   ----a-w   C:\WINDOWS\system32\EC9.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC8.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC7.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC6.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC5.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC4.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC3.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC2.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC1.tmp
2008-07-19 03:42   94,208   ----a-w   C:\WINDOWS\system32\EC0.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBF.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBE.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBD.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBC.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBB.tmp
2008-07-19 03:41   94,208   ----a-w   C:\WINDOWS\system32\EBA.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB9.tmp
2008-07-19 03:40   94,208   ----a-w   C:\WINDOWS\system32\EB8.tmp
2008-04-17 15:04   27,976   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2008-04-17 15:04   125,848   ----a-w   C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2005-04-25 01:19   25,677   --sha-w   C:\WINDOWS\Registration\ksatrc.bak1
2005-05-03 15:34   496,232   --sha-w   C:\WINDOWS\Registration\ksatrc.bak2
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-20 18:53 32881]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:15 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 09:01 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-29 07:11 185632]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2003-11-03 17:50 221184]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 01:59 70816]
"NAV CfgWiz"="c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 19:24 124096]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 20:50 3022848]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-10-29 10:17 135168]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-12-18 00:31 118784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2005-12-11 15:48 155648]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 08:43 274432]
"USS"="C:\Program Files\USS\USS.exe" [2008-07-15 20:35 167936]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-16 19:00 1232152]
"LTMSG"="LTMSG.exe" [2003-07-14 18:52 40960 C:\WINDOWS\ltmsg.exe]
"nwiz"="nwiz.exe" [2003-12-05 20:50 753664 C:\WINDOWS\system32\nwiz.exe]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-11-14 19:44:40 32768]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Billminder.lnk - C:\QUICKENW\billmind.exe [2004-09-27 21:15:30 25600]
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2003-03-17 17:50:26 299008]
PowerReg Scheduler V3.exe [2005-06-20 09:54:37 225280]
PowerReg Scheduler.exe [2006-07-07 15:32:30 256000]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe [2004-01-21 02:52:52 557056]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 02:38:16 29696]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2006-12-27 12:03:57 125624]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe [2007-03-26 02:48:00 67128]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-30 05:49:48 57344]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-01-20 20:59:55 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-16 19:01]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-16 19:00]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-16 19:00]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-16 19:01]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd446d44-4460-11dd-a848-001596fe0aae}]
\Shell\AutoRun\command - K:\LinksysConnectPC.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-19 02:26:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-20 16:52:57 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-07-15 08:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-07-01 07:00:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2007-09-28 20:09:53 C:\WINDOWS\Tasks\SecureIE2007Upgrade.job"
- C:\Program Files\Winferno\Secure IE 2007 Upgrade\SecureIE2007Upgrade.exe
"2004-01-21 09:49:59 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-06-29 21:53:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-10 22:53:14 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-19 14:58:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-07-19 15:02:17
ComboFix-quarantined-files.txt  2008-07-19 22:01:01
ComboFix2.txt  2008-07-19 18:03:07

Pre-Run: 108,518,232,064 bytes free
Post-Run: 108,498,423,808 bytes free

544   --- E O F ---   2008-07-11 07:26:38

Kaspersky Scan Report:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
 Sunday, July 20, 2008
 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
 Kaspersky Online Scanner 7 version: 7.0.25.0
 Program database last update: Saturday, July 19, 2008 21:38:15
 Records in database: 974923
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\
   F:\
   G:\
   H:\
   I:\
   J:\

Scan statistics:
   Files scanned: 162234
   Threat name: 14
   Infected objects: 3856
   Suspicious objects: 0
   Duration of the scan: 03:03:48


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\Documents and Settings\Owner\Desktop\SmitfraudFix.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\Documents and Settings\Owner\Yugma\lib\DskHooks.dll   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370   1
C:\Documents and Settings\Owner\Yugma\lib\YugmaPlugin.dll   Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360   1
C:\Program Files\Common Files\Real\Toolbar\RealBar.dll   Infected: not-a-virus:AdWare.Win32.MegaSearch.s   1
C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe   Infected: not-a-virus:AdWare.Win32.AdMoke.agg   1
C:\Program Files\Moyea\FLV to Video Pro\FLVDownloader_Install.exe   Infected: Backdoor.Win32.Sheldor.aw   1
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe   Infected: not-a-virus:RiskTool.Win32.Reboot.f   1
C:\Program Files\USS\{826F15BF-1A4C-4290-BFD1-794AF7A2CB8F}\kernel.dll   Infected: not-a-virus:FraudTool.Win32.ErrClean.a   1
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\0.exe.vir   Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ac   1
C:\QooBox\Quarantine\C\Program Files\PCHealthCenter\3.exe.vir   Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x   1
C:\QooBox\Quarantine\C\Program Files\VAV\vav.cpl.vir   Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.s   1
C:\QooBox\Quarantine\C\WINDOWS\agpqlrfm.exe.vir   Infected: Trojan.Win32.Vapsup.ilz   1
C:\QooBox\Quarantine\C\WINDOWS\Sys1FA.exe.vir   Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.x   1
C:\QooBox\Quarantine\C\WINDOWS\system32\2.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\3.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\4.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\5.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\6.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\7.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\8.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\9.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\A.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\B.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\C.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\D.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\E.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\F.tmp.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\fbluogtf.dll.vir   Infected: Trojan.Win32.Monder.ama   1
C:\QooBox\Quarantine\C\WINDOWS\system32\geBqPFYR.dll.vir   Infected: not-a-virus:AdWare.Win32.Virtumonde.aati   1
C:\QooBox\Quarantine\C\WINDOWS\system32\pphcro7j0ea2e.exe.vir   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\QooBox\Quarantine\C\WINDOWS\system32\vav.cpl.vir   Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.s   1
C:\WINDOWS\system32\10.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\100.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\101.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\102.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\103.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\104.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\105.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\106.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\107.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\108.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\109.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\10A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\10B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\10C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\10D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\10E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\10F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\110.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\111.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\112.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\113.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\114.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\115.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\116.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\117.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\118.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\119.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\11F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\120.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\121.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\122.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\123.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\124.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\125.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\126.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\127.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\128.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\129.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\12F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\130.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\131.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\132.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\133.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\134.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\135.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\136.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\137.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\138.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\139.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\13F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\140.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\141.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\142.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\143.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\144.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\145.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\146.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\147.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\148.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\149.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\14F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\150.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\151.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\152.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\153.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\154.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\155.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\156.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\157.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\158.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\159.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\15F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\160.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\161.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\162.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\163.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\164.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\165.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\166.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\167.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\168.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\169.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\16F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\170.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\171.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\172.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\173.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\174.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\175.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\176.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\177.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\178.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\179.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\17F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\180.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\181.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\182.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\183.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\184.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\185.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\186.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\187.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\188.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\189.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\18F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\190.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\191.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\192.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\193.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\194.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\195.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\196.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\197.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\198.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\199.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\19F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A0.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A1.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A2.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A3.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A4.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A5.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A6.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A7.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A8.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1A9.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1AA.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1AB.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1AC.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1AD.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1AE.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1AF.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B0.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B1.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B2.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B3.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B4.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B5.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B6.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B7.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B8.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1B9.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1BA.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1BB.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1BC.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1BD.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1BE.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1BF.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C0.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C1.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C2.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C3.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C4.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C5.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C6.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C7.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C8.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1C9.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1CA.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1CB.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1CC.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1CD.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1CE.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1CF.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D0.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D1.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D2.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D3.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D4.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D5.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D6.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D7.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D8.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1D9.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1DA.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1DB.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1DC.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1DD.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1DE.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1DF.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E0.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E1.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E2.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E3.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E4.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E5.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E6.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E7.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E8.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1E9.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1EA.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1EB.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1EC.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1ED.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1EE.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1EF.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F0.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F1.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F2.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F3.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F4.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F5.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F6.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F7.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F8.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1F9.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1FA.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1FB.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1FC.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1FD.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1FE.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\1FF.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\200.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\201.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\202.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\203.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\204.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\205.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\206.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\207.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\208.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\209.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\20F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\210.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\211.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\212.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\213.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\214.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\215.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\216.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\217.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\218.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\219.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\21F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\220.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\221.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\222.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\223.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\224.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\225.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\226.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\227.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\228.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\229.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22E.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\22F.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\23.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\230.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\231.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\232.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\233.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\234.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\235.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\236.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\237.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\238.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\239.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\23A.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\23B.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\23C.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\23D.tmp   Infected: not-a-virus:FraudTool.Win32.MalwareProtector.d   1
C:\WINDOWS\system32\23E.tmp   Infected
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2014 Smokey Services™ -- All rights reserved
This site do not store non-essential cookies on client computers and is fully compliant with the EU ePrivacy Directive
Design board graphics, banners and images by Meg&Millie - Emma aka Tinker

    

  

Smokey's provide free fully qualified OTL (OldTimer ListIt) and FRST (Farbar Recovery Scan Tool) Log / Malware Analysis & Removal Help and System Health Checks
rifle
rifle
rifle
rifle