Lost admin rights

covian · 2008/04/24

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:09 PM, on 4/24/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\Program Files\eAcceleration\Firewall\FWService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: AutoTBar.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: HP Organize.lnk = ? (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: AutoTBar.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: HP Organize.lnk = ? (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: HP Organize.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13432 bytes

noahdfear · 2008/04/25

"covian said: ↑

Is there any way i can email u this log it is to big
Click to expand...

Yes. Please send to me here. Put RE: smitRem in the subject line.

noahdfear · 2008/04/25

CF log received.

Just so you know, the files I bolded below are not rogue. They are just left behind by Smitfraud fix and I've included them for removal with ComboFix for ease of cleanup.

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
C:\WINDOWS\system32\mmaxsbuh.dll._eac_qt_
C:\WINDOWS\BM7be1867e.xml
C:\WINDOWS\system32\uslohbhj.dll._eac_qt_
C:\WINDOWS\system32\ghubmtqi.dll._eac_qt_
C:\WINDOWS\system32\L56B2.tmp
C:\WINDOWS\system32\L71FB.tmp
C:\WINDOWS\system32\L6345.tmp
C:\WINDOWS\system32\L58A6.tmp
C:\WINDOWS\system32\L576E.tmp
C:\WINDOWS\system32\[B]VCCLSID.exe[/B]
C:\WINDOWS\system32\[B]SrchSTS.exe[/B]
C:\WINDOWS\system32\[B]VACFix.exe[/B]
C:\WINDOWS\system32\[B]IEDFix.exe[/B]
C:\WINDOWS\system32\[B]dumphive.exe[/B]
C:\WINDOWS\system32\[B]WS2Fix.exe[/B]
C:\Program Files\setup.exe._eac_qt_
C:\WINDOWS\inf\gminib.bak1
C:\WINDOWS\inf\bdnur.bak2
C:\WINDOWS\{8A7CCB54-21B0-43E1-80FB-9A58C5524A5A}.dat
C:\WINDOWS\Driver Cache\ksatsm.bak2
C:\WINDOWS\Driver Cache\rcnib.bak2
C:\WINDOWS\inf\bdnur.bak2
C:\WINDOWS\inf\gminib.bak1
C:\WINDOWS\system\rvsvrs.bak2
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

covian · 2008/04/27

ComboFix 08-04-26.5 - Owner 2008-04-27 16:55:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.208 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\spoolsv.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-24 21:04 . 2008-04-24 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 21:04 . 2008-04-24 21:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\EPSONREG
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-04-24 18:30 . 2008-04-24 18:30 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-04-24 18:30 . 2008-04-24 18:30 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-24 18:30 . 2004-08-04 07:52 413,696 -ra------ C:\WINDOWS\system32\msvc3b43.rra
2008-04-24 18:30 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-24 18:30 . 2006-10-20 16:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-04-24 18:30 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-04-24 18:29 . 2008-04-24 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-04-24 18:29 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-24 18:29 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-24 18:28 . 2008-04-24 18:31 <DIR> d-------- C:\Program Files\epson
2008-04-24 18:27 . 2007-03-27 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2008-04-24 18:27 . 2008-04-24 18:34 79 --a------ C:\WINDOWS\EPSCX7400.ini
2008-04-22 11:33 . 2008-04-22 11:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-22 11:30 . 2008-04-22 11:30 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-22 11:30 . 2008-04-22 11:30 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-04-21 11:24 . 2008-04-21 11:24 <DIR> d-------- C:\Program Files\Belkin
2008-04-21 11:08 . 2008-04-21 11:08 <DIR> d-------- C:\Program Files\RegCure
2008-04-21 10:53 . 2008-04-21 10:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 12:38 . 2008-04-16 12:38 9,216 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-16 11:23 . 2008-04-16 11:23 <DIR> d-------- C:\Deckard
2008-04-14 12:58 . 2004-08-03 22:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-04-14 12:50 . 2002-08-29 08:00 4,186,256 --a------ C:\WINDOWS\system32\dllcache\luna.mst
2008-04-14 12:47 . 2002-08-29 08:00 2,049,999 --a------ C:\WINDOWS\system32\dllcache\nt5.cat
2008-04-14 11:40 . 2008-04-14 11:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 11:40 . 2008-04-14 11:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-14 11:40 . 2008-04-14 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 11:21 . 2005-04-16 13:44 91,392 --a------ C:\Documents and Settings\LogMeInRemoteUser\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 11:08 . 2003-08-23 10:34 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-04-14 11:08 . 2003-11-15 19:54 <DIR> d---s---- C:\Documents and Settings\LogMeInRemoteUser\UserData
2008-04-14 11:08 . 2004-10-16 22:40 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\You've Got Pictures Screensaver
2008-04-14 11:08 . 2004-10-03 15:27 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\WeatherBug
2008-04-14 11:08 . 2004-08-17 18:11 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Viewpoint
2008-04-14 11:08 . 2004-01-14 19:06 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Template
2008-04-14 11:08 . 2003-08-28 23:16 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Symantec
2008-04-14 11:08 . 2003-08-23 10:12 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Sonic
2008-04-14 11:08 . 2003-08-23 23:26 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\SampleView
2008-04-14 11:08 . 2005-03-30 12:30 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Musicmatch
2008-04-14 11:08 . 2003-11-13 21:13 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Motive
2008-04-14 11:08 . 2004-06-13 07:40 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Lycos
2008-04-14 11:08 . 2003-11-19 21:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Kontiki
2008-04-14 11:08 . 2005-01-06 20:35 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intuit
2008-04-14 11:08 . 2004-04-12 22:38 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InterVideo
2008-04-14 11:08 . 2003-08-28 23:19 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\interMute
2008-04-14 11:08 . 2004-08-23 19:52 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\HP
2008-04-14 11:08 . 2004-10-16 22:40 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data\GTek
2008-04-14 11:08 . 2003-11-14 08:04 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\ArcSoft
2008-04-14 11:08 . 2006-08-19 09:48 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\AOL
2008-04-14 11:08 . 2005-08-04 19:38 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Aim
2008-04-14 11:08 . 2005-02-20 10:58 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\AdobeUM
2008-04-14 11:08 . 2003-11-13 20:49 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\.jpi_cache
2008-04-14 11:08 . 2003-11-13 20:48 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\.java
2008-04-14 11:08 . 2008-04-27 11:16 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser
2008-04-14 11:08 . 2008-04-27 16:38 1,024 --ah----- C:\Documents and Settings\LogMeInRemoteUser\ntuser.dat.LOG
2008-04-14 06:41 . 2008-04-14 06:41 <DIR> d--hs---- C:\found.000
2008-04-13 22:13 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-04-13 22:13 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-04-13 22:13 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-04-13 22:12 . 2008-04-27 10:50 <DIR> d-------- C:\Program Files\LogMeIn
2008-04-13 22:12 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-04-13 22:12 . 2008-04-13 22:12 1,024 --a------ C:\.rnd
2008-04-13 17:45 . 2008-04-13 17:45 85,568 --a------ C:\WINDOWS\system32\mmaxsbuh.dll._eac_qt_
2008-04-13 17:40 . 2008-04-13 17:40 101,091 --a------ C:\WINDOWS\BM7be1867e.xml
2008-04-13 17:40 . 2008-04-13 17:40 95,296 --a------ C:\WINDOWS\system32\uslohbhj.dll._eac_qt_
2008-04-13 17:40 . 2008-04-13 17:40 3,648 --a------ C:\WINDOWS\system32\ghubmtqi.dll._eac_qt_
2008-04-13 17:34 . 2008-04-13 17:34 8,268 --a------ C:\WINDOWS\system32\L56B2.tmp
2008-04-13 17:34 . 2008-04-13 17:34 397 --a------ C:\WINDOWS\system32\L71FB.tmp
2008-04-13 17:34 . 2008-04-13 17:34 397 --a------ C:\WINDOWS\system32\L6345.tmp
2008-04-13 17:34 . 2008-04-13 17:34 397 --a------ C:\WINDOWS\system32\L58A6.tmp
2008-04-13 17:34 . 2008-04-13 17:34 397 --a------ C:\WINDOWS\system32\L576E.tmp
2008-03-30 12:50 . 2008-03-30 12:50 1,126 --a------ C:\WINDOWS\mozver.dat
2008-03-30 10:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-30 10:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-30 10:48 . 2008-03-29 00:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-30 10:48 . 2008-03-26 09:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-30 10:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-30 10:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-30 10:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-30 10:32 . 2008-03-30 10:32 812,344 --a------ C:\HJTInstall.exe
2008-03-30 10:17 . 2003-11-13 20:49 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP\.jpi_cache
2008-03-30 10:17 . 2003-11-13 20:48 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP\.java
2008-03-30 10:16 . 2003-08-23 10:34 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP\WINDOWS
2008-03-30 10:16 . 2008-03-30 10:17 <DIR> d---s---- C:\Documents and Settings\Administrator.DESKTOP\UserData
2008-03-30 10:16 . 2008-03-30 10:16 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP
2008-03-30 10:16 . 2008-04-27 16:55 1,024 --ah----- C:\Documents and Settings\Administrator.DESKTOP\ntuser.dat.LOG
2008-03-27 21:03 . 2008-03-27 21:03 <DIR> d-------- C:\Documents and Settings\Owner\My Doucments

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 20:08 71,488 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-26 11:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 11:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-04-24 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-04-24 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 22:31 --------- d-----w C:\Program Files\ArcSoft
2008-04-23 10:34 --------- d-----w C:\Program Files\America Online 8.0
2008-04-23 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-04-22 19:21 65,536 ----a-w C:\WINDOWS\DUMP7b0c.tmp
2008-04-21 14:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-04-16 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 16:20 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-14 16:15 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-13 22:32 3,836 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-10 16:31 --------- d-----w C:\Program Files\Google
2008-04-10 01:42 --------- d-----w C:\Program Files\Real
2008-03-30 14:32 --------- d-----w C:\Program Files\Trend Micro
2008-03-08 15:55 --------- d-----w C:\Program Files\AIM
2008-03-06 00:44 --------- d-----w C:\Program Files\AIM6
2008-03-06 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-28 21:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2008-02-28 20:59 --------- d-----w C:\Program Files\MySpace
2007-08-22 11:39 71,502 ----a-w C:\Program Files\setup.exe._eac_qt_
2005-12-19 21:49 785,122 -c--a-w C:\Documents and Settings\Owner\ht.com
2005-12-18 15:40 784,830 -c--a-w C:\Documents and Settings\Owner\sys0.com
2005-04-16 17:44 91,392 -c--a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2005-04-16 17:44 91,392 -c--a-w C:\Documents and Settings\Default User\Application Data\GDIPFONTCACHEV1.DAT
2004-11-21 17:15 553,782 -csha-w C:\WINDOWS\inf\gminib.bak1
2004-11-06 00:59 604,794 -csha-w C:\WINDOWS\inf\bdnur.bak2
2003-08-23 14:30 1,687 ----a-w C:\Program Files\HP Organize.lnk
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2004-10-27 20:13 32 -csha-w C:\WINDOWS\{8A7CCB54-21B0-43E1-80FB-9A58C5524A5A}.dat
2004-10-21 00:34 3,296,136 -csha-w C:\WINDOWS\Driver Cache\ksatsm.bak2
2004-10-12 12:44 527,707 -csha-w C:\WINDOWS\Driver Cache\rcnib.bak2
2004-11-06 00:59 604,794 -csha-w C:\WINDOWS\inf\bdnur.bak2
2004-11-21 17:15 553,782 -csha-w C:\WINDOWS\inf\gminib.bak1
2004-10-06 00:40 501,990 -csha-w C:\WINDOWS\system\rvsvrs.bak2
.

------- Sigcheck -------

2004-09-29 14:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 13:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 16:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 03:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
2004-09-29 14:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-03-10 04:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
2005-01-27 13:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2002-08-29 08:00 599040 f3587750a7481dccbea13d473a0700be C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((( snapshot_2008-04-24_11.48.03.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 14:53:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-26 05:02:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 1995-07-31 18:44:46 212,480 ----a-w C:\WINDOWS\PCDLIB32.DLL
+ 1995-08-01 08:44:46 212,480 ----a-w C:\WINDOWS\PCDLIB32.DLL
- 2008-04-23 14:53:52 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-26 05:02:42 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-23 14:53:52 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-26 05:02:42 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-23 14:53:52 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-26 05:02:42 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-04-19 06:00:00 62,976 ----a-w C:\WINDOWS\system32\E_FD4BCDA.DLL
+ 2006-12-08 06:04:00 76,800 ----a-w C:\WINDOWS\system32\E_FLBCDA.DLL
+ 2006-10-31 04:10:00 51,360 ----a-w C:\WINDOWS\system32\EpPicMgr.dll
+ 2004-03-03 10:10:00 29,114 ----a-w C:\WINDOWS\system32\EPPICPattern1.dat
+ 2004-03-03 10:10:00 27,417 ----a-w C:\WINDOWS\system32\EPPICPattern121.dat
+ 2004-03-03 10:10:00 31,053 ----a-w C:\WINDOWS\system32\EPPICPattern131.dat
+ 2004-03-03 10:10:00 13,280 ----a-w C:\WINDOWS\system32\EPPICPattern2.dat
+ 2004-03-03 10:10:00 21,021 ----a-w C:\WINDOWS\system32\EPPICPattern3.dat
+ 2004-03-03 10:10:00 10,673 ----a-w C:\WINDOWS\system32\EPPICPattern4.dat
+ 2004-03-03 10:10:00 15,670 ----a-w C:\WINDOWS\system32\EPPICPattern5.dat
+ 2004-03-03 10:10:00 4,943 ----a-w C:\WINDOWS\system32\EPPICPattern6.dat
+ 2004-03-03 10:10:00 73,220 ----a-w C:\WINDOWS\system32\EPPICPrinterDB.dat
+ 2006-10-31 04:10:00 51,360 ----a-w C:\WINDOWS\system32\EpPicPrt.dll
+ 2004-04-09 21:19:18 294,912 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ArtistTitle.dll
+ 2003-06-26 17:54:10 24,576 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ArtistTitleRes.dll
+ 2006-02-10 15:27:10 167,936 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\dtype32.dll
+ 2006-02-10 15:27:10 155,648 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\dtype32x.dll
+ 2005-12-19 20:09:00 819,200 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\EzDll.dll
+ 2004-12-14 16:00:00 430,080 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\fpxlib.dll
+ 2006-01-24 14:20:00 1,645,320 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\gdiplus.dll
+ 2006-09-18 14:51:00 73,835 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ImgCtrl.dll
+ 2006-05-30 14:46:44 245,760 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\kgl.dll
+ 2006-11-02 18:35:30 35,584 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagCore.dll
+ 2006-09-30 14:40:24 340,044 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magengin.dll
+ 2006-09-18 14:43:00 28,672 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magFileIO.dll
+ 2006-09-18 15:27:00 430,080 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magFpxio.dll
+ 2005-06-20 18:38:32 98,304 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\maghelpr.dll
+ 2006-11-02 18:34:40 56,064 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagicFrame.dll
+ 2006-11-02 18:28:42 60,160 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagPCMac.dll
+ 2006-09-29 18:55:16 118,784 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magPltfm.dll
+ 2006-09-18 14:51:00 233,472 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\magTools.dll
+ 2006-11-02 18:29:22 158,464 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagUIEngine.dll
+ 2006-11-02 18:34:54 150,272 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagUIImage.dll
+ 2006-11-02 18:30:26 88,832 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MagUIInter.dll
+ 2005-05-27 19:09:00 1,024,082 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MFC42LU.DLL
+ 2005-05-27 18:58:00 69,632 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MSLUIRT.dll
+ 2005-05-27 18:58:00 393,216 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MSLUP60.dll
+ 2005-05-27 18:58:00 249,856 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\MSLURT.dll
+ 2003-11-12 17:52:10 499,712 ----a-r C:\WINDOWS\system32\PhotoImpression Slideshow\msvcp71.dll
+ 2003-02-21 09:42:22 348,160 ----a-r C:\WINDOWS\system32\PhotoImpression Slideshow\msvcr71.dll
+ 2002-08-29 23:41:08 323,072 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\msvcrt.dll
+ 2006-07-12 13:49:16 614,481 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\RawEngine.dll
+ 2006-09-30 14:34:40 622,592 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\ToolsCtrl.dll
+ 2005-12-07 15:37:00 45,056 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uaswmf.dll
+ 2006-09-11 12:38:28 1,146,880 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uDXPubTool.dll
+ 2006-02-23 19:44:00 888,832 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uEzDll.dll
+ 2004-12-14 21:43:00 245,408 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\unicows.dll
+ 2006-10-20 14:01:44 36,864 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uScreenPlayer.dll
+ 2006-04-20 20:42:08 622,592 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uSlideShow.dll
+ 2006-08-22 20:56:12 1,785,856 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uVDibTool.dll
+ 2006-01-24 17:55:38 372,736 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uVideoLib.dll
+ 2005-03-30 19:25:00 155,648 ----a-w C:\WINDOWS\system32\PhotoImpression Slideshow\uWMVDLL.dll
+ 2006-10-20 04:10:00 108,704 ----a-w C:\WINDOWS\system32\PICEntry.dll
+ 2006-10-20 04:10:00 80,024 ----a-w C:\WINDOWS\system32\PICSDK.dll
+ 2006-10-20 04:10:00 501,912 ----a-w C:\WINDOWS\system32\PICSDK2.dll
+ 2007-02-02 22:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE
+ 2007-01-22 06:00:02 6,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA2E.DLL
+ 2007-02-26 10:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FABRCDA.DLL
+ 2007-02-15 10:00:00 3,914 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIFCDA.DAT
+ 2007-01-22 05:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIRCDA.DLL
+ 2007-03-09 09:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTCDA.EXE
+ 2007-03-12 10:00:00 673,792 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAPRCDA.DLL
+ 2007-03-12 09:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNCDA.EXE
+ 2006-11-13 09:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASKCDA.DLL
+ 2007-03-06 05:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASOCDA.DLL
+ 2007-03-26 10:00:00 65,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASRCDA.DLL
+ 2007-02-15 10:00:00 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICDA.EXE
+ 2006-11-13 05:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAUDCDA.DLL
+ 2007-02-21 10:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBA6CDA.DLL
+ 2006-11-30 09:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBAPCDA.DLL
+ 2006-11-16 05:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBCSCDA.EXE
+ 2007-01-30 10:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBL6CDA.DLL
+ 2006-11-13 08:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FCONCDA.DLL
+ 2007-04-10 09:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FDSPCDA.DLL
+ 2007-02-26 05:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGEPCDA.DLL
+ 2006-09-21 07:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGRCCDA.DLL
+ 2007-03-30 05:00:00 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHBRCDA.DLL
+ 2007-01-18 08:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHM0CDA.DLL
+ 2007-03-30 05:00:00 33,792 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHSRCDA.DLL
+ 2007-02-13 08:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHT0CDA.DLL
+ 2007-03-30 14:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCDA.DLL
+ 2007-03-30 14:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTCDA.EXE

covian · 2008/04/27

+ 2007-04-05 08:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FJBCCDA.DLL
+ 2007-01-22 09:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMAICDA.DLL
+ 2007-03-23 08:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMW0CDA.DLL
+ 2006-12-13 18:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FOKACDA.DLL
+ 2006-10-31 08:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRECDA.EXE
+ 2007-01-23 08:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRUCDA.DLL
+ 2007-03-30 08:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FSR0CDA.DLL
+ 2007-01-22 11:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUI1CDA.DLL
+ 2007-03-15 10:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUICCDA.DLL
+ 2007-01-22 10:01:00 7,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIPCDA.DLL
+ 2007-03-12 11:01:00 199,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIRCDA.DLL
+ 2007-01-11 08:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S40RP7.EXE
+ 2006-11-30 09:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBAPI4.DLL
+ 2007-01-30 10:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPBIDI.DLL
+ 2007-03-06 07:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPSET32.DLL
+ 2004-04-21 04:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.DAT
+ 2007-02-26 10:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDATE.EXE
+ 2007-02-02 22:57:42 202,912 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_DUPA20.EXE
+ 2007-01-22 06:00:02 6,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_DUPA2E.DLL
+ 2007-02-26 10:00:00 397,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FABRCDA.DLL
+ 2007-02-15 10:00:00 3,914 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FAIFCDA.DAT
+ 2007-01-22 05:02:00 138,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FAIRCDA.DLL
+ 2007-03-09 09:01:00 173,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FAMTCDA.EXE
+ 2007-03-12 10:00:00 673,792 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FAPRCDA.DLL
+ 2007-03-12 09:01:00 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FARNCDA.EXE
+ 2006-11-13 09:00:00 129,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FASKCDA.DLL
+ 2007-03-06 05:01:00 454,656 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FASOCDA.DLL
+ 2007-03-26 10:00:00 65,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FASRCDA.DLL
+ 2007-02-15 10:00:00 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FATICDA.EXE
+ 2006-11-13 05:00:00 23,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FAUDCDA.DLL
+ 2007-02-21 10:01:00 32,768 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FBA6CDA.DLL
+ 2006-11-30 09:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FBAPCDA.DLL
+ 2006-11-16 05:01:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FBCSCDA.EXE
+ 2007-01-30 10:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FBL6CDA.DLL
+ 2006-11-13 08:00:00 458,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FCONCDA.DLL
+ 2007-04-10 09:00:00 71,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FDSPCDA.DLL
+ 2007-02-26 05:01:00 9,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FGEPCDA.DLL
+ 2006-09-21 07:04:00 18,432 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FGRCCDA.DLL
+ 2007-03-30 05:00:00 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FHBRCDA.DLL
+ 2007-01-18 08:20:00 328,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FHM0CDA.DLL
+ 2007-03-30 05:00:00 33,792 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FHSRCDA.DLL
+ 2007-02-13 08:20:00 104,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FHT0CDA.DLL
+ 2007-03-30 14:06:00 218,624 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FHUTCDA.DLL
+ 2007-03-30 14:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FHUTCDA.EXE
+ 2007-04-05 08:00:00 561,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FJBCCDA.DLL
+ 2007-01-22 09:00:00 119,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FMAICDA.DLL
+ 2007-03-23 08:20:00 48,640 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FMW0CDA.DLL
+ 2006-12-13 18:55:34 536,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FOKACDA.DLL
+ 2006-10-31 08:00:00 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FPRECDA.EXE
+ 2007-01-23 08:00:00 626,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FPRUCDA.DLL
+ 2007-03-30 08:20:00 1,480,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FSR0CDA.DLL
+ 2007-01-22 11:01:00 740,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FUI1CDA.DLL
+ 2007-03-15 10:00:00 1,187,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FUICCDA.DLL
+ 2007-01-22 10:01:00 7,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FUIPCDA.DLL
+ 2007-03-12 11:01:00 199,168 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_FUIRCDA.DLL
+ 2007-01-11 08:02:00 113,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\E_S40RP7.EXE
+ 2006-11-30 09:12:00 172,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\EBAPI4.DLL
+ 2007-01-30 10:03:00 35,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\EBPBIDI.DLL
+ 2007-03-06 07:09:00 296,448 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\EPSET32.DLL
+ 2004-04-21 04:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\EPUPDATE.DAT
+ 2007-02-26 10:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx7400b17e\EPUPDATE.EXE
+ 2004-04-21 04:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.DAT
+ 2007-02-26 10:18:00 723,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
+ 2004-07-02 20:02:56 409,600 ----a-w C:\WINDOWS\twain_32\escndv\encm.dll
+ 2004-07-02 20:02:56 180,224 ----a-w C:\WINDOWS\twain_32\escndv\encmutil.dll
+ 2004-07-02 20:02:56 184,320 ----a-w C:\WINDOWS\twain_32\escndv\enll.dll
+ 2004-07-02 20:02:56 167,936 ----a-w C:\WINDOWS\twain_32\escndv\enludp.dll
+ 2006-10-27 04:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ade.dll
+ 2004-07-02 20:02:56 409,600 ----a-w C:\WINDOWS\twain_32\escndv\es007f\encm.dll
+ 2004-07-02 20:02:56 180,224 ----a-w C:\WINDOWS\twain_32\escndv\es007f\encmutil.dll
+ 2004-07-02 20:02:56 184,320 ----a-w C:\WINDOWS\twain_32\escndv\es007f\enll.dll
+ 2004-07-02 20:02:56 167,936 ----a-w C:\WINDOWS\twain_32\escndv\es007f\enludp.dll
+ 2007-03-08 04:00:00 3,518,464 ----a-w C:\WINDOWS\twain_32\escndv\es007f\escires.dll
+ 2006-11-02 04:00:00 90,112 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esddc.dll
+ 2007-03-30 04:00:00 188,416 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esdevcl.dll
+ 2007-03-08 04:00:00 131,072 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esdevif.dll
+ 2007-03-08 04:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esdscl.dll
+ 2006-12-12 04:00:00 425,984 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esdtr.dll
+ 2007-01-29 04:00:00 454,656 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esdtr2.dll
+ 2007-02-07 04:00:00 188,416 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esfit.dll
+ 2005-09-27 04:00:00 53,248 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esicm.dll
+ 2006-11-02 04:00:00 561,152 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esimfl.dll
+ 2007-03-08 04:00:00 229,376 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esimgctl.dll
+ 2006-08-01 04:00:00 1,658,880 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esimgdet.dll
+ 2007-03-30 04:00:00 348,287 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esmps.dll
+ 2007-03-08 04:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esmpsres.dll
+ 2005-04-25 04:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esnetbg.dll
+ 2007-03-08 04:00:00 139,264 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esres.dll
+ 2007-03-30 04:00:00 348,160 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esscncl.dll
+ 2007-03-08 04:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\es007f\estwm.exe
+ 2007-03-08 04:00:00 249,856 ----a-w C:\WINDOWS\twain_32\escndv\es007f\estwpmg.dll
+ 2007-03-30 04:00:00 1,028,096 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esui.dll
+ 2007-03-08 04:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\es007f\esutwb.dll
+ 2007-03-30 04:00:00 73,728 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\epbmp.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\epbmpres.dll
+ 2007-03-30 04:00:00 151,552 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\epjpg.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\epjpgres.dll
+ 2007-03-30 04:00:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\epmtf.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\epmtfres.dll
+ 2007-04-05 04:00:00 114,688 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eppdf.dll
+ 2007-03-08 04:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eppdfres.dll
+ 2007-03-30 04:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eppij.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eppijres.dll
+ 2007-03-30 04:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eppit.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eppitres.dll
+ 2007-03-30 04:00:00 102,400 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eptif.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\eptifres.dll
+ 2005-08-29 04:00:00 143,360 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\esexf.dll
+ 2005-08-29 04:00:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\espimtif.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\epbmpres.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\epjpgres.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\epmtfres.dll
+ 2007-03-08 04:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\eppdfres.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\eppijres.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\eppitres.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\local\eptifres.dll
+ 2007-03-20 04:00:00 520,192 ----a-w C:\WINDOWS\twain_32\escndv\es007f\ffmt\pdflib.dll
+ 2007-03-08 04:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es007f\local\esmpsres.dll
+ 2007-03-08 04:00:00 139,264 ----a-w C:\WINDOWS\twain_32\escndv\es007f\local\esres.dll
+ 2007-02-09 04:00:00 176,128 ----a-w C:\WINDOWS\twain_32\escndv\escfg.exe
+ 2007-03-08 04:00:00 118,784 ----a-w C:\WINDOWS\twain_32\escndv\escndv.exe
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\escndvrs.dll
+ 2005-04-25 04:00:00 126,976 ----a-w C:\WINDOWS\twain_32\escndv\esnetbg.dll
+ 2007-03-08 04:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\estwm.exe
+ 2007-03-08 04:00:00 77,824 ----a-w C:\WINDOWS\twain_32\escndv\local\escfgres.dll
+ 2007-03-08 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\local\escndvrs.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 00:25 24576]
"NVIEW "= "nview.dll" [2003-05-03 02:19 835654 C:\WINDOWS\system32\nview.dll]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 17:18 1670144]
"ctfmon.exe "= "C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:00 13312]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17 50736]
"Spyware Doctor "= "C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-08-20 08:47 2115728]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 20:30 68856]
"EPSON Stylus CX7400 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [2007-02-15 06:00 179200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51 118784]
"CamMonitor "= "c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 10:23 90112]
"HPHUPD05 "= "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 06:03 49152]
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55 483328]
"KBD "= "C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"StorageGuard "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 10:14 151597]
"AutoTKit "= "C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19 53248]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 02:19 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 02:19 323584 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k "= "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 12:27 139264]
"Reminder "= "C:\Windows\Creator\Remind_XP.exe" [2003-06-17 21:13 118784]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"MCUpdateExe "= "C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [ ]
"MCAgentExe "= "C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [ ]
"SoftwareStation "= "C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 20:12 136904]
"StopSignSsTsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-12-10 22:13 152976]
"webscan "= "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [2007-12-19 22:20 771504]
"StopSignSsFwMon "= "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll" [2006-08-09 14:56 136864]
"HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 00:53 49152]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"HPHmon06 "= "C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 00:42 659456]
"StopSignSsSsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-12-19 15:50 140696]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55 155648]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"OnAccess "= "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" [2008-01-17 22:14 214352]
"LogMeIn GUI "= "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv "= "grpconv -o" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-08-23 10:30:48 28672]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-08-23 10:30:48 28672]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1997-09-04 50688]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-08-23 10:30:48 28672]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2007-05-19 08:43:23 36940]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-05-19 08:45:57 221258]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 22:20:02 53248]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 23:34:35 16384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{42DD0873-5FA9-465D-90DE-0826020416A5} "= C:\Program Files\eAcceleration\OnAccess\onaccess_hk32.dll [2008-01-17 22:14 161104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

R0 fwcore;Fwcore Filter;C:\WINDOWS\System32\drivers\fwcore.sys [2007-02-28 22:26]
R2 eac_notifysvc;eAcceleration Notification Service; "C:\Program Files\eAcceleration\Framework\eac_svc.exe" [2008-03-24 19:46]
R2 eac_productsvc;eAcceleration Product Manager Service; "C:\Program Files\eAcceleration\Framework\eac_productsvc.exe" [2008-03-24 19:46]
R2 FWService;FWService;C:\Program Files\eAcceleration\Firewall\FWService.exe [2007-02-28 22:26]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 11:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 21:00:01 C:\WINDOWS\Tasks\RegCure Program Check.job "
- C:\Program Files\RegCure\RegCure.exe
"2008-04-24 10:19:27 C:\WINDOWS\Tasks\RegCure.job "
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 17:02:17
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath "= "\??\C:\WINDOWS\TEMP\mc21.tmp "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-04-27 17:12:28
ComboFix-quarantined-files.txt 2008-04-27 21:12:16
ComboFix2.txt 2008-04-24 15:48:40
ComboFix3.txt 2008-04-14 00:35:20

Pre-Run: 54,314,274,816 bytes free
Post-Run: 54,391,853,056 bytes free

508 --- E O F --- 2008-04-09 07:01:45

noahdfear · 2008/04/27

My apologies. I see that I missed a very important line in the CFScript instructions, and that run of ComboFix was pretty much ineffective, except for the 1 other infected file it found. Lets try again.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\WINDOWS\system32\mmaxsbuh.dll._eac_qt_
C:\WINDOWS\BM7be1867e.xml
C:\WINDOWS\system32\uslohbhj.dll._eac_qt_
C:\WINDOWS\system32\ghubmtqi.dll._eac_qt_
C:\WINDOWS\system32\L56B2.tmp
C:\WINDOWS\system32\L71FB.tmp
C:\WINDOWS\system32\L6345.tmp
C:\WINDOWS\system32\L58A6.tmp
C:\WINDOWS\system32\L576E.tmp
C:\WINDOWS\system32\[B]VCCLSID.exe[/B]
C:\WINDOWS\system32\[B]SrchSTS.exe[/B]
C:\WINDOWS\system32\[B]VACFix.exe[/B]
C:\WINDOWS\system32\[B]IEDFix.exe[/B]
C:\WINDOWS\system32\[B]dumphive.exe[/B]
C:\WINDOWS\system32\[B]WS2Fix.exe[/B]
C:\Program Files\setup.exe._eac_qt_
C:\WINDOWS\inf\gminib.bak1
C:\WINDOWS\inf\bdnur.bak2
C:\WINDOWS\{8A7CCB54-21B0-43E1-80FB-9A58C5524A5A}.dat
C:\WINDOWS\Driver Cache\ksatsm.bak2
C:\WINDOWS\Driver Cache\rcnib.bak2
C:\WINDOWS\inf\bdnur.bak2
C:\WINDOWS\inf\gminib.bak1
C:\WINDOWS\system\rvsvrs.bak2
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

covian · 2008/04/28

ComboFix 08-04-27.2 - Owner 2008-04-28 6:29:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.140 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Program Files\setup.exe._eac_qt_
C:\WINDOWS\{8A7CCB54-21B0-43E1-80FB-9A58C5524A5A}.dat
C:\WINDOWS\BM7be1867e.xml
C:\WINDOWS\Driver Cache\ksatsm.bak2
C:\WINDOWS\Driver Cache\rcnib.bak2
C:\WINDOWS\inf\bdnur.bak2
C:\WINDOWS\inf\gminib.bak1
C:\WINDOWS\system\rvsvrs.bak2
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\ghubmtqi.dll._eac_qt_
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\L56B2.tmp
C:\WINDOWS\system32\L576E.tmp
C:\WINDOWS\system32\L58A6.tmp
C:\WINDOWS\system32\L6345.tmp
C:\WINDOWS\system32\L71FB.tmp
C:\WINDOWS\system32\mmaxsbuh.dll._eac_qt_
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\uslohbhj.dll._eac_qt_
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\45103494.exe
C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\LogMeInRemoteUser\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\setup.exe._eac_qt_
C:\WINDOWS\{8A7CCB54-21B0-43E1-80FB-9A58C5524A5A}.dat
C:\WINDOWS\BM7be1867e.xml
C:\WINDOWS\Driver Cache\ksatsm.bak2
C:\WINDOWS\Driver Cache\rcnib.bak2
C:\WINDOWS\inf\bdnur.bak2
C:\WINDOWS\inf\gminib.bak1
C:\WINDOWS\system\rvsvrs.bak2
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Ssk.log
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\ghubmtqi.dll._eac_qt_
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\L56B2.tmp
C:\WINDOWS\system32\L576E.tmp
C:\WINDOWS\system32\L58A6.tmp
C:\WINDOWS\system32\L6345.tmp
C:\WINDOWS\system32\L71FB.tmp
C:\WINDOWS\system32\mmaxsbuh.dll._eac_qt_
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\uslohbhj.dll._eac_qt_
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

2008-04-24 21:04 . 2008-04-24 21:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-24 21:04 . 2008-04-24 21:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\EPSONREG
2008-04-24 18:34 . 2008-04-24 18:34 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2008-04-24 18:30 . 2008-04-24 18:30 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-04-24 18:30 . 2008-04-24 18:30 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-04-24 18:30 . 2004-08-04 07:52 413,696 -ra------ C:\WINDOWS\system32\msvc3b43.rra
2008-04-24 18:30 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-04-24 18:30 . 2006-10-20 16:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-04-24 18:30 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-04-24 18:29 . 2008-04-24 18:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-04-24 18:29 . 2002-08-29 01:48 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-04-24 18:29 . 2002-08-29 01:48 14,208 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-04-24 18:28 . 2008-04-24 18:31 <DIR> d-------- C:\Program Files\epson
2008-04-24 18:27 . 2007-03-27 00:00 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2008-04-24 18:27 . 2008-04-24 18:34 79 --a------ C:\WINDOWS\EPSCX7400.ini
2008-04-22 11:33 . 2008-04-22 11:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-22 11:30 . 2008-04-22 11:30 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-04-22 11:30 . 2008-04-22 11:30 <DIR> d-------- C:\Program Files\Adobe Media Player
2008-04-21 11:24 . 2008-04-21 11:24 <DIR> d-------- C:\Program Files\Belkin
2008-04-21 11:08 . 2008-04-21 11:08 <DIR> d-------- C:\Program Files\RegCure
2008-04-21 10:53 . 2008-04-21 10:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 12:38 . 2008-04-16 12:38 9,216 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-16 11:23 . 2008-04-16 11:23 <DIR> d-------- C:\Deckard
2008-04-14 12:58 . 2004-08-03 22:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-04-14 12:50 . 2002-08-29 08:00 4,186,256 --a------ C:\WINDOWS\system32\dllcache\luna.mst
2008-04-14 12:47 . 2002-08-29 08:00 2,049,999 --a------ C:\WINDOWS\system32\dllcache\nt5.cat
2008-04-14 11:40 . 2008-04-14 11:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-14 11:40 . 2008-04-14 11:40 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-04-14 11:40 . 2008-04-14 11:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-14 11:21 . 2005-04-16 13:44 91,392 --a------ C:\Documents and Settings\LogMeInRemoteUser\Application Data\GDIPFONTCACHEV1.DAT
2008-04-14 11:08 . 2003-08-23 10:34 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-04-14 11:08 . 2003-11-15 19:54 <DIR> d---s---- C:\Documents and Settings\LogMeInRemoteUser\UserData
2008-04-14 11:08 . 2004-10-16 22:40 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\You've Got Pictures Screensaver
2008-04-14 11:08 . 2004-10-03 15:27 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\WeatherBug
2008-04-14 11:08 . 2004-08-17 18:11 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Viewpoint
2008-04-14 11:08 . 2004-01-14 19:06 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Template
2008-04-14 11:08 . 2003-08-28 23:16 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Symantec
2008-04-14 11:08 . 2003-08-23 10:12 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Sonic
2008-04-14 11:08 . 2003-08-23 23:26 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\SampleView
2008-04-14 11:08 . 2005-03-30 12:30 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Musicmatch
2008-04-14 11:08 . 2003-11-13 21:13 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Motive
2008-04-14 11:08 . 2004-06-13 07:40 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Lycos
2008-04-14 11:08 . 2003-11-19 21:25 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Kontiki
2008-04-14 11:08 . 2005-01-06 20:35 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intuit
2008-04-14 11:08 . 2004-04-12 22:38 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InterVideo
2008-04-14 11:08 . 2003-08-28 23:19 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\interMute
2008-04-14 11:08 . 2004-08-23 19:52 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\HP
2008-04-14 11:08 . 2004-10-16 22:40 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data\GTek
2008-04-14 11:08 . 2003-11-14 08:04 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\ArcSoft
2008-04-14 11:08 . 2006-08-19 09:48 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\AOL
2008-04-14 11:08 . 2005-08-04 19:38 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Aim
2008-04-14 11:08 . 2005-02-20 10:58 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\AdobeUM
2008-04-14 11:08 . 2003-11-13 20:49 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\.jpi_cache
2008-04-14 11:08 . 2003-11-13 20:48 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\.java
2008-04-14 11:08 . 2008-04-27 17:15 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser
2008-04-14 11:08 . 2008-04-28 06:28 1,024 --ah----- C:\Documents and Settings\LogMeInRemoteUser\ntuser.dat.LOG
2008-04-14 06:41 . 2008-04-14 06:41 <DIR> d--hs---- C:\found.000
2008-04-13 22:13 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-04-13 22:13 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-04-13 22:13 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-04-13 22:12 . 2008-04-28 06:29 <DIR> d-------- C:\Program Files\LogMeIn
2008-04-13 22:12 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-04-13 22:12 . 2008-04-13 22:12 1,024 --a------ C:\.rnd
2008-03-30 12:50 . 2008-03-30 12:50 1,126 --a------ C:\WINDOWS\mozver.dat
2008-03-30 10:48 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-30 10:32 . 2008-03-30 10:32 812,344 --a------ C:\HJTInstall.exe
2008-03-30 10:17 . 2003-11-13 20:49 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP\.jpi_cache
2008-03-30 10:17 . 2003-11-13 20:48 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP\.java
2008-03-30 10:16 . 2003-08-23 10:34 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP\WINDOWS
2008-03-30 10:16 . 2008-03-30 10:17 <DIR> d---s---- C:\Documents and Settings\Administrator.DESKTOP\UserData
2008-03-30 10:16 . 2008-03-30 10:16 <DIR> d-------- C:\Documents and Settings\Administrator.DESKTOP
2008-03-30 10:16 . 2008-04-28 06:28 1,024 --ah----- C:\Documents and Settings\Administrator.DESKTOP\ntuser.dat.LOG

covian · 2008/04/28

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 20:08 71,488 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-04-26 11:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-26 11:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-04-24 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\ArcSoft
2008-04-24 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 22:31 --------- d-----w C:\Program Files\ArcSoft
2008-04-23 10:34 --------- d-----w C:\Program Files\America Online 8.0
2008-04-23 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\eAcceleration
2008-04-22 19:21 65,536 ----a-w C:\WINDOWS\DUMP7b0c.tmp
2008-04-21 14:29 --------- d-----w C:\Documents and Settings\Owner\Application Data\MSN6
2008-04-16 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-14 16:20 --------- d-----w C:\Program Files\Easy Internet signup
2008-04-14 16:15 --------- d-----w C:\Program Files\MUSICMATCH
2008-04-13 22:32 3,836 ----a-w C:\WINDOWS\viassary-hp.reg
2008-04-10 16:31 --------- d-----w C:\Program Files\Google
2008-04-10 01:42 --------- d-----w C:\Program Files\Real
2008-03-30 14:32 --------- d-----w C:\Program Files\Trend Micro
2008-03-08 15:55 --------- d-----w C:\Program Files\AIM
2008-03-06 00:44 --------- d-----w C:\Program Files\AIM6
2008-03-06 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-28 21:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2008-02-28 20:59 --------- d-----w C:\Program Files\MySpace
2005-12-19 21:49 785,122 -c--a-w C:\Documents and Settings\Owner\ht.com
2005-12-18 15:40 784,830 -c--a-w C:\Documents and Settings\Owner\sys0.com
2005-04-16 17:44 91,392 -c--a-w C:\WINDOWS\system32\config\systemprofile\Application Data\GDIPFONTCACHEV1.DAT
2005-04-16 17:44 91,392 -c--a-w C:\Documents and Settings\Default User\Application Data\GDIPFONTCACHEV1.DAT
2003-08-23 14:30 1,687 ----a-w C:\Program Files\HP Organize.lnk
2007-08-09 18:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 18:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.

------- Sigcheck -------

2004-09-29 14:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 13:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-05-02 16:57 658944 e1e18136f9dd3df1ad9c82193a5898a6 C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 03:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\$NtUninstallKB834707$\wininet.dll
2004-09-29 14:47 656896 cba65b573c66fe23f647ff96e3a10994 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-03-10 04:02 656896 6f018d6319be4f96426ea829b79e05d5 C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
2005-01-27 13:13 656896 b5e043e440b210014e021b24cf0a72e3 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2002-08-29 08:00 599040 f3587750a7481dccbea13d473a0700be C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2004-08-04 03:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify "= "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 00:25 24576]
"NVIEW "= "nview.dll" [2003-05-03 02:19 835654 C:\WINDOWS\system32\nview.dll]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 17:18 1670144]
"ctfmon.exe "= "C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:00 13312]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17 50736]
"Spyware Doctor "= "C:\Program Files\Spyware Doctor\swdoctor.exe" [2007-08-20 08:47 2115728]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-27 20:30 68856]
"EPSON Stylus CX7400 Series "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [2007-02-15 06:00 179200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv "= "c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds "= "C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 15:51 118784]
"CamMonitor "= "c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 10:23 90112]
"HPHUPD05 "= "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 06:03 49152]
"HPHmon05 "= "C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55 483328]
"KBD "= "C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"StorageGuard "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 11:01 155648]
"TkBellExe "= "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 10:14 151597]
"AutoTKit "= "C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19 53248]
"Recguard "= "C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42 212992]
"NvCplDaemon "= "C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 02:19 4640768]
"nwiz "= "nwiz.exe" [2003-05-03 02:19 323584 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k "= "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 12:27 139264]
"Reminder "= "C:\Windows\Creator\Remind_XP.exe" [2003-06-17 21:13 118784]
"PS2 "= "C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57 81920]
"MCUpdateExe "= "C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" [ ]
"MCAgentExe "= "C:\PROGRA~1\McAfee.com\Agent\McAgent.exe" [ ]
"SoftwareStation "= "C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 20:12 136904]
"StopSignSsTsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [2007-12-10 22:13 152976]
"webscan "= "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [2007-12-19 22:20 771504]
"StopSignSsFwMon "= "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll" [2006-08-09 14:56 136864]
"HPHUPD06 "= "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 00:53 49152]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 16:49 49152]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"HPHmon06 "= "C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 00:42 659456]
"StopSignSsSsMon "= "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [2007-12-19 15:50 140696]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"IgfxTray "= "C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 15:55 155648]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-19 21:16 286720]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"OnAccess "= "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" [2008-01-17 22:14 214352]
"LogMeIn GUI "= "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 16:32 8699904]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-08-23 10:30:48 28672]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-08-23 10:30:48 28672]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08 53248]
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2003-08-23 10:30:48 28672]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Greetings Workshop Reminders.lnk - C:\Program Files\Greetings Workshop\GWREMIND.EXE [1997-09-04 50688]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 8.0 Tray Icon.lnk - C:\Program Files\America Online 8.0\aoltray.exe [2007-05-19 08:43:23 36940]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-05-19 08:45:57 221258]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 22:20:02 53248]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 23:34:35 16384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{42DD0873-5FA9-465D-90DE-0826020416A5} "= C:\Program Files\eAcceleration\OnAccess\onaccess_hk32.dll [2008-01-17 22:14 161104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

R0 fwcore;Fwcore Filter;C:\WINDOWS\System32\drivers\fwcore.sys [2007-02-28 22:26]
R2 eac_notifysvc;eAcceleration Notification Service; "C:\Program Files\eAcceleration\Framework\eac_svc.exe" [2008-03-24 19:46]
R2 eac_productsvc;eAcceleration Product Manager Service; "C:\Program Files\eAcceleration\Framework\eac_productsvc.exe" [2008-03-24 19:46]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\System32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 FWService;FWService;C:\Program Files\eAcceleration\Firewall\FWService.exe [2007-02-28 22:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 11:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-27 21:00:01 C:\WINDOWS\Tasks\RegCure Program Check.job "
- C:\Program Files\RegCure\RegCure.exe
"2008-04-24 10:19:27 C:\WINDOWS\Tasks\RegCure.job "
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 06:34:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath "= "\??\C:\WINDOWS\TEMP\mc21.tmp "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-04-28 6:46:02
ComboFix-quarantined-files.txt 2008-04-28 10:45:57
ComboFix2.txt 2008-04-27 21:12:29
ComboFix3.txt 2008-04-24 15:48:40
ComboFix4.txt 2008-04-14 00:35:20

Pre-Run: 54,355,415,040 bytes free
Post-Run: 54,352,371,712 bytes free

311 --- E O F --- 2008-04-09 07:01:45

covian · 2008/04/28

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:45 AM, on 4/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\eAcceleration\Framework\eac_svc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eAcceleration\OnAccess\onaccess.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Greetings Workshop\GWREMIND.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe "
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsFwMon] Rundll32.exe "C:\Program Files\eAcceleration\Firewall\ssfwmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll ",VerifyStatus
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [OnAccess] "C:\Program Files\eAcceleration\OnAccess\onaccess.exe" -erk
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_SF0.tmp" /EF "HKCU "
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: AutoTBar.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: HP Organize.lnk = ? (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: AutoTBar.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: HP Organize.lnk = ? (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-21-4060356480-3532442688-3890861542-1008 User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'LogMeInRemoteUser')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: HP Organize.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: HP Organize.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - Startup: Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\Program Files\eAcceleration\Framework\eac_productsvc.exe
O23 - Service: FWService - eAcceleration Corp. - C:\Program Files\eAcceleration\Firewall\FWService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13677 bytes

noahdfear · 2008/04/28

Looks good. Lets see what an online scan reveals. Please do an online scan with Kaspersky WebScanner

Click Scan Now and Accept the agreement. You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log here.

covian · 2008/04/30

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 30, 2008 6:36:07 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/04/2008
Kaspersky Anti-Virus database records: 731075
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 287253
Number of viruses found: 79
Number of infected objects: 189
Number of suspicious objects: 1
Duration of the scan process: 04:24:42

Infected Object Name / Virus Name / Last Action
C:\302631656._eac_qt_ Infected: Trojan-Downloader.Win32.Diehard.by skipped
C:\Documents and Settings\All Users\Application Data\eAcceleration\Notifications\notify.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\flag ace stupid data\MANAGER KNOB.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1261ff88985c2d04c985b9ceae466633_b7220f16-f964-4294-ad3e-568c1c89eb89 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c80103a7f2f368e5629ae367d9bb9d0_126f0cd0-ea2d-4f69-9d63-bba8781f5ef4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7c80103a7f2f368e5629ae367d9bb9d0_a5c96460-cc00-42c9-9baf-eca0ebff0bed Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6607d6dacadbce5f15e059280ec8497_b7220f16-f964-4294-ad3e-568c1c89eb89 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea563f5ed0b8ea72081a19b9b561dd25_b7220f16-f964-4294-ad3e-568c1c89eb89 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\_qbothome\msadvapi32.dll Infected: Backdoor.Win32.Agent.gcj skipped
C:\Documents and Settings\All Users\_qbothome\_qbotinj.exe._eac_qt_ Infected: Backdoor.Win32.Agent.dxm skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\eRT.jar-173442f6-2b21cc24.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\eRT.jar-173442f6-2b21cc24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-53027825.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\jvmsecman.jar-69ee0e0e-53027825.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\ms03011.jar-1dce3e01-27ac9bbd.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\ms03011.jar-1dce3e01-27ac9bbd.zip/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\ms03011.jar-1dce3e01-27ac9bbd.zip/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\ms03011.jar-1dce3e01-27ac9bbd.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\nRT.jar-7f8c459b-324d0c62.zip/HiPointInstallShieldRT.class Infected: Trojan-Downloader.Java.OpenConnection.ap skipped
C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\nRT.jar-7f8c459b-324d0c62.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\InsideJoyBalm\tpujpfuz.exe Infected: Trojan.Win32.Obfuscated.en skipped
C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49660 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89128/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.89128 NSIS: infected - 1 skipped
C:\Documents and Settings\Owner\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR3.56923 Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Clean up\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\Clean up\update.exe Infected: Trojan-Downloader.Win32.Small.eih skipped
C:\Documents and Settings\Owner\ht.com/A0L.dll Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\Owner\ht.com/GunSystem.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Documents and Settings\Owner\ht.com/HeDs.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Owner\ht.com/orrl.exe Infected: not-a-virus:NetTool.Win32.Sniffer.c skipped
C:\Documents and Settings\Owner\ht.com/repcale.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Owner\ht.com CAB: infected - 5 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\nealy545\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\AOL OCP\AIM\Storage\data\northmeckgrly17\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.f314eb97.ini.inuse Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

covian · 2008/04/30

C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{079470BD-0D1E-4703-9CBB-F232AE85514B}\Microsoft\Outlook Express\cleanup.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{079470BD-0D1E-4703-9CBB-F232AE85514B}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{079470BD-0D1E-4703-9CBB-F232AE85514B}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{079470BD-0D1E-4703-9CBB-F232AE85514B}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{079470BD-0D1E-4703-9CBB-F232AE85514B}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\740odvbz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012008042920080430\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\sv1eh.tmp\sv1oc.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4A2D.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4A38.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF6DF7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF8D2F.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD2BB.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFDCD2.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\sys0.com/A0L.dll Infected: Backdoor.IRC.Zapchast skipped
C:\Documents and Settings\Owner\sys0.com/GunSystem.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Documents and Settings\Owner\sys0.com/HeDs.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Owner\sys0.com/orrl.exe Infected: not-a-virus:NetTool.Win32.Sniffer.c skipped
C:\Documents and Settings\Owner\sys0.com/repcale.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Documents and Settings\Owner\sys0.com CAB: infected - 5 skipped
C:\Program Files\ComPlus Applications\nipysado83122.dll Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1035.tmp/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1035.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1035.tmp/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1035.tmp NSIS: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1035.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1037.tmp/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1037.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1037.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1038.tmp/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1038.tmp/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1038.tmp/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1038.tmp/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1038.tmp WiseSFX: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1038.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1039.tmp/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1039.tmp/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1039.tmp/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1039.tmp/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1039.tmp WiseSFX: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1039.tmp CryptFF.b: infected - 4 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103A.tmp Infected: Trojan-Dropper.Win32.Agent.ol skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103B.tmp/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103B.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103B.tmp/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103B.tmp NSIS: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103B.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\108B.tmp Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\108D.tmp Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\108E.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\108F.tmp Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10A7.tmp Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10A8.tmp Infected: Trojan-Downloader.Win32.Small.eih skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10A9.tmp Infected: Email-Worm.Win32.Delf.i skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10AA.tmp Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10AB.tmp Infected: Trojan-Proxy.Win32.Small.bt skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10AC.tmp Infected: Backdoor.Win32.SdBot.aod skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10AD.tmp Infected: Trojan-Downloader.Win32.Small.eih skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\137903\Users\Default\Data\storydb.idx Object is locked skipped
C:\QooBox\Quarantine\C\45103494.exe.vir Infected: Trojan-Downloader.Win32.Tiny.fy skipped
C:\QooBox\Quarantine\C\Program Files\CROSOF~1\dexplore.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\QooBox\Quarantine\C\Program Files\setup.exe._eac_qt_.vir/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.can skipped
C:\QooBox\Quarantine\C\Program Files\setup.exe._eac_qt_.vir/stream Infected: Trojan-Downloader.Win32.Zlob.can skipped
C:\QooBox\Quarantine\C\Program Files\setup.exe._eac_qt_.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\webhdll.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whiehlpr.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whinstaller.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\Windows Media Player\viko.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\xpreload.ocx.vir Infected: Trojan-Downloader.Win32.VB.ayr skipped
C:\QooBox\Quarantine\C\WINDOWS\glypoxkj.dll.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\QooBox\Quarantine\C\WINDOWS\inet20004\killer.exe.bak.vir Infected: not-a-virus:RiskTool.Win32.PsKill.j skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.bqi skipped
C:\QooBox\Quarantine\C\WINDOWS\svchost.exe.vir Infected: Trojan-Clicker.Win32.Delf.mj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\B1\mwspasrt83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\B1\mwspasrt83122.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ghubmtqi.dll._eac_qt_.vir Infected: Trojan.Win32.KillAV.rf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\L56B2.tmp.vir Infected: Trojan-Downloader.Win32.Small.ujl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mmaxsbuh.dll._eac_qt_.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uslohbhj.dll._eac_qt_.vir Infected: Packed.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.bqi skipped
C:\QooBox\Quarantine\C\WINDOWS\TISKY009.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\A0030221.dll Infected: Backdoor.Win32.Agent.ecv skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\A0030222.dll Infected: Backdoor.Win32.Agent.ecr skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\A0030223.exe Infected: Backdoor.Win32.Agent.dxm skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP357\A0030224.exe Infected: IM-Worm.Win32.Agent.bx skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\A0030294.dll Infected: Backdoor.Win32.Agent.elv skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\A0030295.dll Infected: Backdoor.Win32.Agent.ebu skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP363\A0030296.exe Infected: Backdoor.Win32.Agent.dxm skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\A0030344.dll Infected: Backdoor.Win32.Agent.elv skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\A0030345.dll Infected: Backdoor.Win32.Agent.ebu skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP366\A0030346.exe Infected: Backdoor.Win32.Agent.dxm skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP375\A0030606.dll Infected: Backdoor.Win32.Agent.elv skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP375\A0030607.dll Infected: Backdoor.Win32.Agent.fkj skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP375\A0030608.exe Infected: Backdoor.Win32.Agent.dxm skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP376\A0030615.exe Infected: not-virus:Hoax.Win32.Renos.ayj skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP376\A0030618.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bo skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP376\A0030632.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0031074.dll Infected: Backdoor.Win32.Agent.fdt skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0031075.dll Infected: Backdoor.Win32.Agent.fcf skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0031076.exe Infected: Backdoor.Win32.Agent.dxm skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP397\A0031077.exe Infected: IM-Worm.Win32.Agent.bx skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0031918.old Infected: Trojan-Downloader.Win32.Agent.hlp skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP401\A0031960.exe Infected: not-virus:Hoax.Win32.Renos.ayj skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP415\A0038098.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039175.exe Infected: Trojan-Downloader.Win32.Agent.kwg skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039178.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039179.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039182.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039183.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039184.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039186.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039187.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039188.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039189.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039190.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.a skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039191.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039192.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039193.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039195.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039196.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039198.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039200.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039201.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.as skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039202.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039204.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039205.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039206.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039207.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039208.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039211.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039213.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039216.exe Infected: not-a-virus:AdWare.Win32.AdBand.w skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039217.exe Infected: not-a-virus:AdWare.Win32.AdBand.x skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039219.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039221.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039222.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039230.exe Infected: Trojan-Clicker.Win32.Delf.mj skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039232.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039236.exe Infected: not-virus:Hoax.Win32.Renos.bqi skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039237.exe Infected: not-virus:Hoax.Win32.Renos.bqi skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039249.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.c skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP417\A0039249.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP418\A0039612.dll Infected: not-a-virus:Monitor.Win32.KeyLogger.dj skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP418\A0039613.dll Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP418\A0039615.exe Infected: not-a-virus:Monitor.Win32.KeyLogger.dj skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP426\A0046856.exe Infected: Trojan-Downloader.Win32.Small.eih skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP433\A0063314.dll Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP441\A0064228.exe Infected: Trojan-Downloader.Win32.Tiny.fy skipped
C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP444\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\svchost_tmp.exe Infected: Trojan-Clicker.Win32.Delf.mj skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

noahdfear · 2008/04/30

Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\302631656._eac_qt_
C:\Documents and Settings\Owner\ht.com
C:\Documents and Settings\Owner\sys0.com
C:\Program Files\ComPlus Applications\nipysado83122.dll
C:\WINDOWS\svchost_tmp.exe
Folder::
C:\Documents and Settings\All Users\Application Data\flag ace stupid data
C:\Documents and Settings\All Users\_qbothome
C:\Documents and Settings\Owner\Application Data\InsideJoyBalm
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Log in or Sign up

Lost admin rights

covian Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

covian Inactive Thread Starter

covian Inactive Thread Starter

noahdfear Inactive

covian Inactive Thread Starter

covian Inactive Thread Starter

covian Inactive Thread Starter

noahdfear Inactive

covian Inactive Thread Starter

covian Inactive Thread Starter

noahdfear Inactive

Share This Page

Log in or Sign up

Lost admin rights

covian Inactive Thread Starter

noahdfear Inactive

noahdfear Inactive

covian Inactive Thread Starter

covian Inactive Thread Starter

noahdfear Inactive

covian Inactive Thread Starter

covian Inactive Thread Starter

covian Inactive Thread Starter

noahdfear Inactive

covian Inactive Thread Starter

covian Inactive Thread Starter

noahdfear Inactive

Share This Page

Useful Searches