|
|
|
combo-fix log info
|
|
|
leo1001
Newbie
|
9. October 2008 @ 06:33 |
Link to this message
|
hi, I followed the direction and got a log..
ComboFix 08-10-08.02 - sabio 2008-10-09 3:14:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.949.1.1042.18.573 [GMT -7:00]
Running from: D:\download\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\d.exe
C:\d1.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\sabio\Application Data\Adobe\crc.dat
C:\Documents and Settings\sabio\Application Data\Adobe\Manager.exe
C:\Documents and Settings\sabio\Application Data\Adobe\Player.exe
C:\WINDOWS\base64.tmp
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\ealf.exe
C:\WINDOWS\msacm32.drv
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\aejexb.dll
C:\WINDOWS\system32\blphc31wj0ec3t.scr
C:\WINDOWS\system32\nqBLlUvw.ini
C:\WINDOWS\system32\nqBLlUvw.ini2
C:\WINDOWS\system32\ssa.dll
C:\WINDOWS\system32\sss.exe
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\wuasirvy.dll
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp
C:\x
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://78.157.143.198
hxxp://hqsextube08.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_fci
-------\Legacy_icf
-------\Legacy_RESTORE
-------\Service_FCI
-------\Service_ICF
-------\Service_restore
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.
2008-10-08 19:08 . 2008-10-08 19:10 <DIR> d-------- C:\Program Files\SWiSH Max2
2008-10-08 16:55 . 2008-10-08 16:55 <DIR> d-------- C:\Program Files\DNA
2008-10-08 16:55 . 2008-10-08 16:55 <DIR> d-------- C:\Program Files\BitTorrent
2008-10-08 16:55 . 2008-10-09 03:18 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\DNA
2008-10-08 16:55 . 2008-10-09 03:03 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\BitTorrent
2008-10-08 15:12 . 2008-10-08 15:12 <DIR> d-------- C:\Program Files\CCleaner
2008-10-08 13:11 . 2008-10-08 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-08 13:06 . 2008-10-08 13:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-10-08 13:06 . 2008-10-08 13:06 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\SUPERAntiSpyware.com
2008-10-08 12:59 . 2008-10-08 12:59 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-08 12:37 . 2007-03-02 00:04 <DIR> d-------- C:\Documents and Settings\Administrator\?? ??
2008-10-08 12:37 . 2007-03-02 00:04 <DIR> d-------- C:\Documents and Settings\Administrator\?? ??
2008-10-08 12:37 . 2008-10-08 12:37 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-08 12:22 . 2008-10-08 12:31 1,034,449 ---hs---- C:\WINDOWS\system32\mwphmvkn.ini
2008-10-08 12:13 . 2008-10-08 15:18 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-08 11:20 . 2008-10-08 11:20 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\sp2
2008-10-08 11:18 . 2008-10-08 17:32 <DIR> d-------- C:\WINDOWS\system32\124909
2008-10-08 11:18 . 2008-10-08 11:18 <DIR> d-------- C:\Program Files\zayjybc
2008-10-08 11:18 . 2008-10-08 11:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\qnaxcfip
2008-10-08 11:17 . 2008-10-09 03:22 103,394 --a------ C:\WINDOWS\system32\drivers\3bf8a7d5.sys
2008-10-08 11:17 . 2008-10-08 11:17 40,960 --a------ C:\siggjefi.exe
2008-10-08 11:17 . 2008-10-08 11:17 2 --a------ C:\2015821312
2008-10-06 10:50 . 2008-10-06 10:50 22,952 --a------ C:\WINDOWS\system32\shinhancard_key.bmp
2008-10-03 17:41 . 2008-10-03 17:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-03 17:41 . 2008-10-03 17:41 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-28 11:15 . 2008-09-28 11:15 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-26 13:22 . 2008-09-26 13:22 <DIR> d-------- C:\Program Files\MSECache
2008-09-26 12:59 . 2008-09-26 12:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-25 21:34 . 2008-10-06 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SWiSHMax2WorkFolder
2008-09-25 20:34 . 2008-09-25 22:50 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\AdobeUM
2008-09-23 00:39 . 2008-09-23 00:39 <DIR> d-------- C:\Program Files\Common Files\SWiSHzone.com
2008-09-23 00:39 . 2004-03-29 16:23 90,112 --a------ C:\WINDOWS\unvise32.exe
2008-09-22 22:01 . 2008-09-22 22:01 39,424 --a------ C:\U9_Boys_2008_Season_Schedule.xls
2008-09-19 15:56 . 2008-08-26 13:20 311,296 --a------ C:\WINDOWS\system32\Bugsctrl.dll
2008-09-19 15:56 . 2008-08-26 16:25 167,936 --a------ C:\WINDOWS\system32\jukeon_e.exe
2008-09-19 15:56 . 2008-08-26 13:25 135,168 --a------ C:\WINDOWS\system32\Bugsedf1.dll
2008-09-17 13:19 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\system32\ko
2008-09-17 13:19 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-17 13:19 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-17 13:17 . 2008-09-17 13:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-16 15:48 . 2008-04-13 19:26 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2008-09-16 15:47 . 2008-04-13 19:26 870,784 --------- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-14 10:44 . 2008-09-14 10:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-13 14:57 . 2008-09-14 19:27 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\U3
2008-09-13 12:00 . 2008-09-13 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cyberlink
2008-09-13 11:57 . 2008-09-13 11:57 <DIR> d-------- C:\Program Files\Digital Photo Navigator 1.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 01:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-08 21:40 --------- d-----w C:\Program Files\Dell
2008-09-26 03:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-19 22:56 --------- d-----w C:\Program Files\Bugs
2008-09-13 19:42 --------- d-----w C:\Documents and Settings\sabio\Application Data\CyberLink
2008-09-13 19:04 --------- d-----w C:\Program Files\CyberLink
2008-09-13 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 06:58 --------- d-----w C:\Documents and Settings\sabio\Application Data\ESTsoft
2008-09-04 06:57 --------- d-----w C:\Program Files\ESTsoft
2008-08-19 11:03 --------- d-----w C:\Program Files\NATEON
2008-08-16 21:48 --------- d-----w C:\Program Files\TELUS
2008-08-16 21:48 --------- d-----w C:\Program Files\Common Files\Motive
2008-08-16 21:48 --------- d-----w C:\Documents and Settings\sabio\Application Data\Motive
2008-08-16 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-08-13 21:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-17 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-04 64512]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-27 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-27 602182]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-18 25440]
"MAAgent"="C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe" [2006-06-01 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 155648]
"Samsung Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\smstsb10.exe" [2004-11-28 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-26 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-30 122941]
"Vrmon"="C:\Program Files\HAURI\Common\Base\VRMONNT.EXE" [2007-05-08 212992]
"HEProtect"="C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe" [2007-01-03 221184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-21 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-21 348160]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-13 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"DfGtZDH10R"="C:\Documents and Settings\All Users\Application Data\qnaxcfip\ohyjctuf.exe" [2008-10-08 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AppUtilAdm"= {67C97BB7-3EC9-4823-D483-021FC03BF6C8} - C:\Program Files\zayjybc\AppUtilAdm.dll [2008-10-08 135168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aejexb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2ahxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4raxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\BugsSvr.exe"=
"C:\\Program Files\\UltraEdit\\UEDIT32.EXE"=
"C:\\Program Files\\OnNet\\Enppy3\\Enppy3Main.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"C:\\Program Files\\ESTsoft\\ALFTP\\ALFTP.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\jukeon_e.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-10 93016]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]
R2 npkcmsvc;npkcmsvc;C:\WINDOWS\system32\npkcmsvc.exe [2008-10-06 178664]
R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;C:\WINDOWS\system32\drivers\VRFWNTD5.sys [2005-08-25 80878]
S3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-12-20 19632]
S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [ ]
S3 FILESpy;FILESpy;C:\Program Files\HAURI\Common\Base\filespy.sys [2005-09-06 13665]
S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [2007-03-14 9216]
S3 JRSUKD24;JRSUKD24;C:\WINDOWS\system32\JRSUKD24.SYS [2007-03-14 6784]
S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2008-02-18 101296]
S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2008-05-20 121464]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-07-30 18316]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-07-30 164373]
S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e846364-93f6-11dc-9435-0019b9588bbb}]
\Shell\Auto\command - F:\fun.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7db9f6bd-81d2-11dd-946b-0019b9588bbb}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - VRADFIL
.
Contents of the 'Scheduled Tasks' folder
2008-09-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-09 23:42]
2008-10-09 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-08 12:08]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file)
BHO-{44E1144B-28B8-4C3D-BE09-6593CBA45B6F} - (no file)
BHO-{e761dafe-535d-4137-8842-f72627ee838c} - C:\WINDOWS\system32\aejexb.dll
ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - (no file)
SSODL-qmafxprs-{4B197653-53CB-4B1A-A083-8183400C6360} - (no file)
SSODL-lfstbwvd-{DCA11969-1A88-420A-843C-7A8AD6AA8985} - (no file)
Notify-rqRIxVlj - rqRIxVlj.dll
Notify-winuxh32 - winuxh32.dll
MSConfigStartUp-inrhc71wj0ec3t - C:\WINDOWS\Temp\.ttC.tmp.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Microsoft Excel로 내보내기(&X) - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: 링크 대상을 Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: 링크 대상을 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: 선택 영역을 Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: 선택 영역을 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: 선택한 링크를 Adobe PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: 선택한 링크를 기존 PDF로 변환 - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
O16 -: {042D97DD-E197-411A-8298-6EE85F1C1421} - hxxp://ahnlabdownload.nefficient.co.kr/asp/cab/mkdsfw.cab
C:\WINDOWS\Downloaded Program Files\mkdsfw.inf
O16 -: {044123B5-35DF-4C4E-BAED-26B8ED964342} - hxxp://fx.hauri.net/HProduct/livesuite/shinhan/CLIENT/LiveSuite/web/HLiveRobotWeb.cab
C:\WINDOWS\Downloaded Program Files\HLiveRobotWeb.inf
C:\WINDOWS\system32\HKDown.exe
C:\WINDOWS\system32\vrpacker.dll
C:\WINDOWS\system32\HVrunzip.dll
C:\WINDOWS\system32\HKDown.dll
C:\WINDOWS\Downloaded Program Files\HLiveRobotWeb.ocx
O16 -: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} - hxxp://cyimg6.cyworld.nate.com/ImageUpload/CyImageUpload2.cab
C:\WINDOWS\Downloaded Program Files\CyImage2.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\CyImage2.dll
O16 -: {1A9365CC-319D-420D-99A6-D9FD1E92C966} - hxxp://speed.nia.or.kr/traceroute/TracertPing3.cab
C:\WINDOWS\Downloaded Program Files\TracertPing3.inf
C:\WINDOWS\Downloaded Program Files\tracertping3.ocx
O16 -: {1CDC3381-1B2C-4CD2-A1F0-4AC6942CCE2E} - hxxp://www.neoport.net/cmn/ocx/DzUpdaterX.cab
C:\WINDOWS\Downloaded Program Files\DzUpdaterX.inf
O16 -: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/xmpi2008.cab
C:\WINDOWS\Downloaded Program Files\xmpi2008.inf
C:\WINDOWS\Downloaded Program Files\xmpi2008.ocx
O16 -: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://plugin.inicis.com/banktown/initech/plugin/down/INIS60.cab
C:\WINDOWS\Downloaded Program Files\INIS60.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
O16 -: {39FC0CF9-86F3-4502-B773-D16706EDEC83} - hxxp://www.shinhancard.com/common/scsk4.cab
C:\WINDOWS\Downloaded Program Files\SCSK.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\SCSKAPPLINK.DLL
C:\WINDOWS\system32\UnSCSK.exe
C:\WINDOWS\system32\SCSK4.ocx
O16 -: {3B56E5F0-7B20-48BF-B439-A995BE5191EF} - hxxp://pib.wooribank.com/com/common/SessionControl.cab
C:\WINDOWS\Downloaded Program Files\SessionControl.inf
C:\WINDOWS\Downloaded Program Files\SessionControl.ocx
O16 -: {3EFC2239-B769-469F-A5E6-38693AE0B9DE} - hxxp://speed.nia.or.kr/login/sysinfo2.cab
C:\WINDOWS\Downloaded Program Files\sysinfo2.inf
C:\WINDOWS\Downloaded Program Files\sysinfo2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.inf
C:\WINDOWS\Downloaded Program Files\Manager.exe
C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4875D0C5-5FE1-4488-8BB8-5A7D0ECDF93B} - hxxp://download.empas.com/rel/EmpasFilebox/x1_1_1_1/EmpasFilebox.cab
C:\WINDOWS\Downloaded Program Files\EmpasFilebox.inf
C:\WINDOWS\FileboxDownloader.exe
C:\WINDOWS\Downloaded Program Files\EmpasFilebox.dll
O16 -: {53EED863-B547-40F8-B24A-2D6DE807CFE8} - hxxp://img.shinhan.com/rib/ko/print/Printmade.cab
C:\WINDOWS\Downloaded Program Files\Printmade.ocx
O16 -: {5D9446DB-E849-4B95-9872-D0C21343ABF0} - hxxp://www.csafer.net/ActiveX/MASetupWizard.cab
C:\WINDOWS\Downloaded Program Files\MASetupWizard.inf
C:\WINDOWS\system32\MAMACExtract.dll
C:\WINDOWS\system32\MASetupWizard.dll
O16 -: {5FC62385-06BC-48F4-9890-B373472645B1} - hxxp://www.myasset.com/myasset/login/install/IssacWebTY_nojava.cab
C:\WINDOWS\Downloaded Program Files\ISSACWebDY_no_java.inf
C:\WINDOWS\system32\ISSACWLibDY_no_java.dll
C:\WINDOWS\Downloaded Program Files\ISSACWebDY_no_java.dll
O16 -: {66413DC2-F891-40BC-822D-B7EEC8ADC281} - hxxp://img.shinhan.com/rib/common/ProWorksGrid.cab
C:\WINDOWS\Downloaded Program Files\ProWorksGrid.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\Downloaded Program Files\ProWorksDBGateway.ocx
C:\WINDOWS\Downloaded Program Files\ProWorksGrid.ocx
O16 -: {6CE20149-ABE3-462E-A1B4-5B549971AA38} - hxxp://ck.softforum.co.kr/keypro/2.2.0.46/CKKeyPro.cab
C:\WINDOWS\Downloaded Program Files\CKKeyPro.inf
C:\WINDOWS\system32\CKApp.dll
C:\WINDOWS\system32\CKSetup.exe
C:\WINDOWS\system32\Jrsoftcp.dll
C:\WINDOWS\system32\JRSKD98.VXD
C:\WINDOWS\system32\JRSKD24.sys
C:\WINDOWS\Downloaded Program Files\XecureCK.dll
C:\WINDOWS\system32\JRSUKD24.sys
O16 -: {6FE760D3-7851-4879-8838-62D9881D7177} - hxxp://www.bccard.com/service/individual/security/images/IniMasPlugin.cab
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\IniMasPlugin.dll
O16 -: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-rainforest-adventure/gamehouseplayer.cab
C:\WINDOWS\Downloaded Program Files\GHGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\ghgamesplayer.dll
O16 -: {789B70A5-14A1-49A0-A166-4DA45DB95662} - hxxp://www.myasset.com/myasset/login/install/PopUpBlocker_1006.cab
C:\WINDOWS\Downloaded Program Files\PopUpBlocker.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\PopUpBlocker.ocx
O16 -: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} - hxxp://download.softforum.co.kr/Published/XecureWeb/v7.2.1.2/xw_install.cab
C:\WINDOWS\Downloaded Program Files\xw_install.inf
O16 -: {858033B9-13BC-4DFE-B62A-78E1FAA0DFD7} - hxxp://www.csafer.net/activex/mabugsdownload.cab
C:\WINDOWS\Downloaded Program Files\MABugsDownload.inf
C:\WINDOWS\system32\MAMACExtract.dll
C:\WINDOWS\system32\MABugsDownload.ocx
O16 -: {971A5328-1926-4ED6-B899-6C01338D4B32} - hxxp://game.freechal.com/download/norazo2/Norazo2_40.cab
C:\WINDOWS\Downloaded Program Files\Norazo2.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\dbghelp.dll
C:\WINDOWS\system32\NorazoCtl.dll
C:\WINDOWS\system32\FGInstaller.exe
C:\WINDOWS\system32\ClientSystemInfo_FREECHAL.dll
C:\WINDOWS\Norazo2.exe
O16 -: {98FBBB0F-9736-4B91-B926-31F4A5EE443C} - hxxps://pg.banktown.com/wallet/plugin/ibtpgClientCM.cab
C:\WINDOWS\Downloaded Program Files\ibtpgClientCM.inf
C:\WINDOWS\system32\winscard.dll
C:\WINDOWS\system32\nsldap32v11.dll
C:\WINDOWS\system32\ws2_32.dll
C:\WINDOWS\system32\ws2help.dll
C:\WINDOWS\yessignCA.pub
C:\WINDOWS\cacrt_a1
C:\WINDOWS\system32\BtICCardCT.dll
C:\WINDOWS\Downloaded Program Files\ibtpgClientCM.dll
O16 -: {9B6D0E46-3F96-11D9-A711-004F4E099F85} - hxxp://www.vanchosun.com/WEBnewszine/WEBnewszine.CAB
C:\WINDOWS\Downloaded Program Files\Originality.INF
C:\WINDOWS\system32\URLMON.DLL
C:\WINDOWS\system32\WININET.DLL
C:\WINDOWS\system32\scrrun.dll
C:\WINDOWS\system32\MSVBVM60.DLL
C:\WINDOWS\system32\OLEAUT32.DLL
C:\WINDOWS\system32\OLEPRO32.DLL
C:\WINDOWS\system32\ASYCFILT.DLL
C:\WINDOWS\system32\STDOLE2.TLB
C:\WINDOWS\system32\COMCAT.DLL
C:\WINDOWS\system32\olelib2.tlb
C:\WINDOWS\system32\olelib.tlb
C:\WINDOWS\system32\IOBJSAFE.TLB
C:\WINDOWS\Downloaded Program Files\Originality.ocx
O16 -: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} - hxxp://download.signgate.com/download/ews/ewsinstaller.cab
C:\WINDOWS\Downloaded Program Files\ewsinstaller.inf
C:\WINDOWS\system32\securityloader.dll
C:\WINDOWS\system32\ewshandler.dll
C:\WINDOWS\system32\sg_cappatx.ocx
C:\WINDOWS\system32\sg_cutil.dll
C:\WINDOWS\system32\sg_gui.dll
C:\WINDOWS\system32\certshare.dll
C:\WINDOWS\system32\nsldap32v11.dll
C:\WINDOWS\system32\msxml4.dll
C:\WINDOWS\system32\msxml4r.dll
C:\WINDOWS\system32\msxml4a.dll
C:\WINDOWS\system32\sg_api.dll
C:\WINDOWS\system32\sg_dlg.dll
O16 -: {A5DE5263-214F-4BA2-90FC-C0E32349234D} - hxxp://ftp.entica.com/EnLaunch/ENPPY3/Install/NPWebLaunch.cab
C:\WINDOWS\Downloaded Program Files\NPWebLaunch.inf
C:\WINDOWS\Downloaded Program Files\NPWebLaunch.dll
O16 -: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} - hxxp://pgdownload.dacom.net/dacom/IssacWebProCMS_4_2_6_1.cab
C:\WINDOWS\Downloaded Program Files\IssacWebProCMS.inf
O16 -: {AD435D31-ED5C-4148-9DD8-92211F9DAC34} - hxxp://pointsok.okcashbag.com/skmpp/SKMPPClient2.cab
C:\WINDOWS\Downloaded Program Files\SKMPPClient2.inf
C:\WINDOWS\system32\libxus32.dll
C:\WINDOWS\system32\Xus.dll
C:\WINDOWS\Downloaded Program Files\LoginActiveX.dll
O16 -: {B3260660-93AC-48D8-8DDC-2C22192CA2AB} - hxxp://mail.naver.com/activex/NvBigFileUpload2_NT.cab
C:\WINDOWS\Downloaded Program Files\NvBigFileUpload2.inf
C:\WINDOWS\Downloaded Program Files\NvBigFileUpload2_1.0.2.16.dll
C:\WINDOWS\Downloaded Program Files\NvBigFileUpload2_1.0.2.18.dll
O16 -: {BCEF5CDE-BAD4-4532-A30B-9D16D502DE69} - hxxp://install.bugs.co.kr/install/BugsInstallerEx.cab
C:\WINDOWS\Downloaded Program Files\BugsInstallerEx.inf
C:\WINDOWS\system32\securityloader.dll
C:\WINDOWS\system32\ewshandler.dll
C:\WINDOWS\system32\sg_cappatx.ocx
C:\WINDOWS\system32\sg_cutil.dll
C:\WINDOWS\system32\sg_gui.dll
C:\WINDOWS\system32\certshare.dll
C:\WINDOWS\system32\nsldap32v11.dll
C:\WINDOWS\system32\msxml4.dll
C:\WINDOWS\system32\msxml4r.dll
C:\WINDOWS\system32\msxml4a.dll
C:\WINDOWS\system32\sg_api.dll
C:\WINDOWS\system32\sg_dlg.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\BugsInstallerEx.ocx
C:\WINDOWS\system32\bugs_install.gif
O16 -: {C193DE20-29F4-4B4F-963B-EB20CB3186C0} - hxxp://speed.nia.or.kr/speedtest/SpeedTest.cab
C:\WINDOWS\Downloaded Program Files\SpeedTest.inf
C:\WINDOWS\Downloaded Program Files\SpeedTest.ocx
O16 -: {C854C4D1-ED53-4B1F-AA45-783B3CF3315C} - hxxp://program.webhard.co.kr/Plus/active_upload2/DacomUpload.cab
C:\WINDOWS\Downloaded Program Files\DacomUpload.inf
C:\WINDOWS\system32\WebhardElevated.dll
C:\WINDOWS\system32\DacomUpload.ocx
O16 -: {CB5C683C-416A-4701-B018-0F1B21D64D6B} - hxxp://cyimg7.cyworld.com/cymusic/package/skcinst.cab
C:\WINDOWS\Downloaded Program Files\skcinst.inf
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\skcinst2.dll
C:\WINDOWS\skcinst1.dll
O16 -: {D923AE0C-190D-4EDF-B07A-76AC571FBFD4} - hxxp://img.shinhan.com/rib/common/keyStroke/SoftCamp/4092/scskex.cab
C:\WINDOWS\Downloaded Program Files\SCSKEX.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\system32\UNSCSKEX.EXE
C:\WINDOWS\system32\SCSPT.DLL
C:\WINDOWS\system32\SCSKCORE.dll
C:\WINDOWS\system32\SCSKEX.ocx
O16 -: {D95F5F60-5BB7-4655-BACE-FC5371EFC3E0} - hxxp://update.nprotect.net/nprotect/lgcard/npx2.cab
C:\WINDOWS\Downloaded Program Files\npx2.inf
C:\WINDOWS\system32\npdownv.exe
C:\WINDOWS\system32\npcopyv.exe
C:\WINDOWS\system32\npnv3uninst.exe
C:\WINDOWS\system32\npx2.gif
C:\WINDOWS\system32\np_chs.ini
C:\WINDOWS\system32\np_eng.ini
C:\WINDOWS\system32\np_jpn.ini
C:\WINDOWS\system32\np_kor.ini
C:\WINDOWS\system32\npx2.ocx
O16 -: {D96D2F74-0B74-47D2-964F-B67E9F69F1CD} - hxxp://www.congnamul.com/ActiveX/Release/ASP/CongnamulMap4Asp_V29.cab
C:\WINDOWS\Downloaded Program Files\CongnamulMap4Asp.inf
O16 -: {E2A96175-32D0-4651-B228-B474C2408346} - hxxp://program.webhard.co.kr/Plus/active_download2/DacomDownload.cab
C:\WINDOWS\Downloaded Program Files\DacomDownload.inf
C:\WINDOWS\system32\WebhardElevated.dll
C:\WINDOWS\Downloaded Program Files\DacomDownload.ocx
O16 -: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
C:\WINDOWS\Downloaded Program Files\IspVcd.inf
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\562174c6.0
C:\WINDOWS\system32\90307e75.0
C:\WINDOWS\system32\28caa510.0
C:\WINDOWS\system32\KvpVer.tbl
C:\WINDOWS\system32\KvpUpCom.dll
C:\WINDOWS\Downloaded Program Files\KvpIspCtlD.ocx
O16 -: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} - hxxp://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab
C:\WINDOWS\Downloaded Program Files\kdfense9.inf
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\Downloaded Program Files\kdfense9.ocx
O16 -: {EA0995BF-45DD-4DB0-ADD5-A39C37397841} - hxxp://img.shinhan.com/rib/common/TrustSite/20041202/ShbAutoTrustSiteX.cab
C:\WINDOWS\Downloaded Program Files\ShbAutoTrustSiteX.ocx
O16 -: {EC5D5118-9FDE-4A3E-84F3-C2B711740E70} - hxxp://www.myasset.com/myasset/login/install/SKCommAX_7203.cab
C:\WINDOWS\Downloaded Program Files\SKCommAX.inf
C:\WINDOWS\system32\nsldap32v11.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\yak3eng.txt
C:\WINDOWS\yakgwan3.txt
C:\WINDOWS\system32\skmagerapi.dll
C:\WINDOWS\system32\SKCommIC.dll
C:\WINDOWS\system32\SKCommEM.dll
C:\WINDOWS\system32\SKCommCM.dll
C:\WINDOWS\system32\SKCommSC.dll
C:\WINDOWS\system32\SKCommIF.dll
C:\WINDOWS\system32\SKCommTM.exe
C:\WINDOWS\system32\SKCommJV.dll
C:\WINDOWS\system32\SKCommWB.exe
C:\WINDOWS\SKCommAD.dll
C:\WINDOWS\system32\SKCommAX.ocx
O16 -: {F1F07506-6CB4-44AC-8615-66D1234EFD05} - hxxp://www.shinhancard.com/initech/plugin/down/INIS50.cab
C:\WINDOWS\Downloaded Program Files\INISafeWeb50.inf
C:\WINDOWS\system32\562174c6.0
C:\WINDOWS\system32\nsldap32v11.dll
C:\WINDOWS\kisa.der
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\mfc42.dll
C:\WINDOWS\system32\olepro32.dll
C:\WINDOWS\system32\INISafeWebTray.exe
C:\WINDOWS\system32\initech.gif
C:\WINDOWS\system32\certmanui.dll
C:\WINDOWS\system32\certstore.dll
C:\WINDOWS\system32\INIcrypto20.dll
C:\WINDOWS\system32\INIvcs.dll
C:\WINDOWS\system32\UnINISafeWeb.exe
C:\WINDOWS\system32\INISafeWeb50.dll
O16 -: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800_Vista/GWall.cab
C:\WINDOWS\Downloaded Program Files\GWall.dll
O16 -: {FE342FC7-4374-4EBE-86DB-D73AE861F779} - hxxp://mail1.naver.com/activex/NaverAXGuide.cab
C:\WINDOWS\Downloaded Program Files\NaverAXGuide.inf
C:\WINDOWS\system32\NaverAXGuide.exe
C:\WINDOWS\Downloaded Program Files\NaverAXGuide.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 03:21:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\3bf8a7d5]
"ImagePath"="\SystemRoot\System32\drivers\3bf8a7d5.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\HAURI\Common\hsvcmod.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HAURI\ViRobot Desktop 5.0\PCFirewall\vrfwsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\uwdf.exe
.
**************************************************************************
.
Completion time: 2008-10-09 3:27:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-09 10:27:44
Pre-Run: 25,274,540,032 bytes free
Post-Run: 25,265,479,680 bytes free
578 --- E O F --- 2008-09-28 17:44:12
|
|
Advertisement
|
 |
|
|
Senior Member
|
9. October 2008 @ 09:04 |
Link to this message
|
Hey leo1001
Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required.
Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop.
Configuring Malwarebytes
? Click on the tab Settings.
? Make sure only these boxes are checked:
Terminate Internet Explorer
Automatically save and display logfile after removal
Always scan memory objects
Always scan registry objects
Always scan filesystem
Always scan extra and heuristics objects
Updating Malwarebytes
? Click on the tab Update.
? Press the button Check for Updates
? Wait for Malwarebytes to be fully updated.
Scanning Time
? Click on the tab Scanner.
? Check Perform full scan and click on Scan
? Wait for the scan to complete, and then click on Show Results.
? Make sure all items are checked, then click on Remove Selected.
**If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately.
Post A Log
? A text box will pop up after the removal process is over. Post the contents of the text here.
? If no text box pops up, launch Malwarebytes, and click on the tab Logs.
? The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open.
? Post the log here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
leo1001
Newbie
|
15. October 2008 @ 01:02 |
Link to this message
|
here's log of malwarebytes
----------------------------------------
Malwarebytes' Anti-Malware 1.28
Database version: 1270
Windows 5.1.2600 Service Pack 3
2008-10-14 오후 9:53:53
mbam-log-2008-10-14 (21-53-53).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 205156
Time elapsed: 1 hour(s), 9 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{67C97BB7-3EC9-4823-D483-021FC03BF6C8} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\apputiladm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\comsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\dfgtzdh10r (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76489-OEM-0011903-00825) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\124909 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\dotshcbc.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\qnaxcfip\ohyjctuf.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\QooBox\Quarantine\C\d.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\d1.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\x.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Documents and Settings\sabio\Application Data\Adobe\Player.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\ealf.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\aejexb.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002011.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002018.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002019.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{46FB8C02-BE1C-4E1D-AEF9-BF3F55E643DB}\RP4\A0002025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\3bf8a7d5.sys (Rootkit.Agent) -> Delete on reboot.
------------------------------------
thanks alot
|
Senior Member
|
16. October 2008 @ 10:46 |
Link to this message
|
Hey leo1001
First of all, I want you to enable viewing of hidden files.
? Click Start.
? Open My Computer.
? Select the Tools menu and click Folder Options.
? Select the View Tab.
? Under the Hidden files and folders heading select Show hidden files and folders.
? Uncheck the Hide protected operating system files (recommended) option.
? Click Yes to confirm.
? Click OK.
Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.
Open Notepad and copy/paste the text in the code box below into it:
Folder::
C:\Program Files\zayjybc
C:\Documents and Settings\All Users\Application Data\qnaxcfip
File::
C:\siggjefi.exe
C:\WINDOWS\system32\mwphmvkn.ini
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e846364-93f6-11dc-9435-0019b9588bbb}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"DfGtZDH10R"=-
? Save this as CFScript.txt in the same folder as ComboFix.
? Then drag the CFScript.txt into Combo-Fix.exe.
? This will start ComboFix again. After reboot, (in case it asks to reboot), post the ComboFix log here. The log will be located at C:\ComboFix(.txt).
Do not click on the ComoboFix window, as it may cause it to stall.
Find C:\siggjefi.exe and upload it to Virustotal.com. Post the results here.
Find this folder: C:\2015821312 and tell me what is in it.
After that, post a new HijackThis log and tell me what problems you have left.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
leo1001
Newbie
|
9. November 2008 @ 13:10 |
Link to this message
|
hey, it took me long time to upload log file.
thanks always
----------------------------------------------------------------
ComboFix 08-10-08.02 - sabio 2008-11-09 9:58:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.949.1.1042.18.529 [GMT -8:00]
Running from: D:\download\Combo-Fix.exe
Command switches used :: D:\download\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
C:\siggjefi.exe
C:\WINDOWS\system32\mwphmvkn.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\qnaxcfip
C:\Program Files\zayjybc
C:\Program Files\zayjybc\AppUtilAdm.dll
C:\WINDOWS\system32\mwphmvkn.ini
.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.
2008-11-06 16:52 . 2008-11-06 16:52 180,224 --a------ C:\WINDOWS\system32\WRebw.dll
2008-11-06 16:52 . 2008-11-06 16:52 65,536 --a------ C:\WINDOWS\system32\cosa.dll
2008-10-29 12:30 . 2008-10-29 12:30 <DIR> d-------- C:\Documents and Settings\sabio\.
2008-10-23 18:58 . 2008-10-23 19:03 783 --a------ C:\WINDOWS\hpbvspst.his
2008-10-23 18:58 . 2008-10-23 19:03 442 --a------ C:\WINDOWS\hpbvspst.ini
2008-10-23 18:57 . 2008-10-23 18:57 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-10-23 18:27 . 2008-10-23 18:27 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-10-23 12:55 . 2008-10-15 08:35 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-21 22:42 . 2008-11-06 16:53 16,536 --a------ C:\WINDOWS\system32\JRSUKD25.SYS
2008-10-17 02:05 . 2008-10-17 02:08 1,393 --a------ C:\WINDOWS\imsins.BAK
2008-10-16 22:20 . 2008-09-08 02:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 22:19 . 2008-08-14 05:20 2,190,848 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 22:19 . 2008-08-14 05:19 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 22:19 . 2008-08-14 05:20 2,067,712 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 22:19 . 2008-08-14 05:19 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 22:19 . 2008-09-15 07:24 1,846,016 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-14 14:30 . 2008-11-09 07:30 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 14:30 . 2008-10-14 14:30 <DIR> d-------- C:\Documents and Settings\sabio\Application Data\Malwarebytes
2008-10-14 14:30 . 2008-10-14 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 14:30 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-14 14:30 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 17:57 --------- d-----w C:\Documents and Settings\sabio\Application Data\DNA
2008-11-09 15:28 --------- d-----w C:\Program Files\Common Files\Adobe
2008-11-07 00:53 11,136 ----a-w C:\WINDOWS\system32\JRSKD24.sys
2008-11-06 02:02 --------- d-----w C:\Program Files\Norton Security Scan
2008-10-24 02:42 --------- d-----w C:\Program Files\HP
2008-10-09 10:03 --------- d-----w C:\Documents and Settings\sabio\Application Data\BitTorrent
2008-10-09 02:10 --------- d-----w C:\Program Files\SWiSH Max2
2008-10-08 23:55 --------- d-----w C:\Program Files\DNA
2008-10-08 23:55 --------- d-----w C:\Program Files\BitTorrent
2008-10-08 22:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-08 22:12 --------- d-----w C:\Program Files\CCleaner
2008-10-08 21:40 --------- d-----w C:\Program Files\Dell
2008-10-08 20:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-08 20:06 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-10-08 20:06 --------- d-----w C:\Documents and Settings\sabio\Application Data\SUPERAntiSpyware.com
2008-10-08 19:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-08 19:37 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-10-08 18:20 --------- d-----w C:\Documents and Settings\sabio\Application Data\sp2
2008-10-06 17:51 178,664 ----a-w C:\WINDOWS\system32\npkcmsvc.exe
2008-10-06 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SWiSHMax2WorkFolder
2008-09-26 20:22 --------- d-----w C:\Program Files\MSECache
2008-09-26 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-09-26 05:50 --------- d-----w C:\Documents and Settings\sabio\Application Data\AdobeUM
2008-09-23 07:39 --------- d-----w C:\Program Files\Common Files\SWiSHzone.com
2008-09-19 22:56 --------- d-----w C:\Program Files\Bugs
2008-09-17 22:51 271,728 ----a-w C:\WINDOWS\system32\CKSetup32.exe
2008-09-15 15:24 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 02:27 --------- d-----w C:\Documents and Settings\sabio\Application Data\U3
2008-09-13 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Cyberlink
2008-09-13 19:42 --------- d-----w C:\Documents and Settings\sabio\Application Data\CyberLink
2008-09-13 19:04 --------- d-----w C:\Program Files\CyberLink
2008-09-13 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-13 18:57 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-08-26 23:25 167,936 ----a-w C:\WINDOWS\system32\jukeon_e.exe
2008-08-26 20:25 135,168 ----a-w C:\WINDOWS\system32\Bugsedf1.dll
2008-08-26 20:20 311,296 ----a-w C:\WINDOWS\system32\Bugsctrl.dll
2008-08-26 17:08 50,528 ----a-w C:\WINDOWS\system32\WebhardElevated.dll
2008-08-26 07:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-19 08:28 73,728 ----a-w C:\WINDOWS\system32\Jrsoftcp.dll
2008-08-14 13:19 2,146,816 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:19 2,025,472 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((( snapshot@2008-10-09_ 3.27.27.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 09:08:25 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\advpack.dll
+ 2008-08-26 09:08:25 347,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtmsft.dll
+ 2008-08-26 09:08:25 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\dxtrans.dll
+ 2008-08-26 09:08:25 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\extmgr.dll
+ 2008-08-26 09:08:25 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\icardie.dll
+ 2008-08-25 08:43:21 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ie4uinit.exe
+ 2008-08-26 09:08:25 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakeng.dll
+ 2008-08-26 09:08:25 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieaksie.dll
+ 2008-08-23 05:54:50 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieakui.dll
+ 2007-07-01 03:31:33 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dat
+ 2008-08-26 09:08:25 380,928 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieapfltr.dll
+ 2008-08-26 09:08:25 388,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iedkcs32.dll
+ 2008-10-03 16:21:29 6,068,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieframe.dll
+ 2008-08-26 09:08:26 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iernonce.dll
+ 2008-08-26 09:08:26 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iertutil.dll
+ 2008-08-25 08:43:21 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\ieudinit.exe
+ 2008-08-23 05:56:16 635,848 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe
+ 2008-08-26 09:08:26 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\jsproxy.dll
+ 2008-08-26 09:08:26 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeeds.dll
+ 2008-08-26 09:08:26 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msfeedsbs.dll
+ 2008-08-26 09:08:27 3,594,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll
+ 2008-08-26 09:08:27 477,696 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mshtmled.dll
+ 2008-08-26 09:08:27 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\msrating.dll
+ 2008-08-26 09:08:27 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\mstime.dll
+ 2008-08-26 09:08:27 102,912 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\occache.dll
+ 2008-08-26 09:08:27 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\pngfilt.dll
+ 2008-08-26 09:08:27 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\url.dll
+ 2008-08-26 09:08:27 1,162,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\urlmon.dll
+ 2008-08-26 09:08:27 233,472 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\webcheck.dll
+ 2008-08-26 09:08:28 827,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:54:57 13,024 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spmsg.dll
+ 2007-03-06 01:55:02 208,608 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\spuninst.exe
+ 2007-03-06 01:54:55 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\spcustom.dll
+ 2007-03-06 01:55:20 696,544 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe
+ 2007-03-06 01:56:12 341,216 ----a-w C:\WINDOWS\$hf_mig$\KB956390-IE7\update\updspapi.dll
- 2007-11-30 00:52:18 356,352 ----a-w C:\WINDOWS\Downloaded Program Files\XecureCK.dll
+ 2008-09-19 23:38:38 299,008 ----a-w C:\WINDOWS\Downloaded Program Files\XecureCK.dll
+ 2008-08-14 13:19:49 2,146,816 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 13:20:05 2,067,712 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 13:19:49 2,025,472 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 13:20:05 2,190,848 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 04:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-06-23 16:14:39 124,928 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\advpack.dll
+ 2008-06-23 16:14:39 347,136 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtmsft.dll
+ 2008-06-23 16:14:39 214,528 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\dxtrans.dll
+ 2008-06-23 16:14:39 133,120 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\extmgr.dll
+ 2008-06-23 16:14:39 63,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\icardie.dll
+ 2008-06-23 09:22:59 70,656 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ie4uinit.exe
+ 2008-06-23 16:14:39 153,088 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakeng.dll
+ 2008-06-23 16:14:39 230,400 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieakui.dll
+ 2008-06-23 16:14:40 383,488 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieapfltr.dll
+ 2008-06-23 16:14:40 384,512 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iedkcs32.dll
+ 2008-06-23 16:14:41 6,066,176 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieframe.dll
+ 2008-06-23 16:14:41 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iernonce.dll
+ 2008-06-23 16:14:41 267,776 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\ieudinit.exe
+ 2008-06-23 09:23:14 625,664 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe
+ 2008-06-23 16:14:41 27,648 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\jsproxy.dll
+ 2008-06-23 16:14:41 459,264 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeeds.dll
+ 2008-06-23 16:14:41 52,224 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msfeedsbs.dll
+ 2008-06-24 01:14:44 3,592,192 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtml.dll
+ 2008-06-23 16:14:43 477,696 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mshtmled.dll
+ 2008-06-23 16:14:43 193,024 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\msrating.dll
+ 2008-06-23 16:14:43 671,232 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\mstime.dll
+ 2008-06-23 16:14:43 102,912 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\occache.dll
+ 2008-06-23 16:14:43 44,544 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\pngfilt.dll
+ 2007-03-06 01:55:02 208,608 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:56:12 341,216 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:14:43 105,984 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\url.dll
+ 2008-06-23 16:14:44 1,159,680 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\urlmon.dll
+ 2008-06-23 16:14:44 233,472 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\webcheck.dll
+ 2008-06-23 16:14:44 826,368 -c----w C:\WINDOWS\ie7updates\KB956390-IE7\wininet.dll
- 2008-09-10 14:39:13 593,920 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-10-17 10:06:46 593,920 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-09-10 14:39:13 12,288 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-17 10:06:46 12,288 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-09-10 14:39:13 86,016 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-10-17 10:06:46 86,016 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-09-10 14:39:13 135,168 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-17 10:06:46 135,168 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-09-10 14:39:13 11,264 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-17 10:06:46 11,264 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-09-10 14:39:13 27,136 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-17 10:06:46 27,136 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-09-10 14:39:13 4,096 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-17 10:06:46 4,096 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-09-10 14:39:13 794,624 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-17 10:06:46 794,624 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-09-10 14:39:13 249,856 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-17 10:06:46 249,856 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-09-10 14:39:13 61,440 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-17 10:06:46 61,440 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-09-10 14:39:13 23,040 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-17 10:06:46 23,040 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-09-10 14:39:13 286,720 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-17 10:06:46 286,720 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-09-10 14:39:13 409,600 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-17 10:06:45 409,600 ----a-r C:\WINDOWS\Installer\{90110412-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-09-28 17:44:12 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-10-17 10:01:51 38,240 ----a-r C:\WINDOWS\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
+ 2000-08-31 16:00:00 28,672 ----a-w C:\WINDOWS\NIRCMD.exe
- 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
+ 2000-08-31 16:00:00 161,792 ----a-w C:\WINDOWS\SWREG.exe
- 2008-06-23 16:14:39 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-08-26 07:57:24 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-10-28 11:31:20 143,360 ----a-w C:\WINDOWS\system32\CKApp.dll
+ 2008-01-22 19:16:32 118,784 ----a-w C:\WINDOWS\system32\CKApp.dll
- 2008-06-23 16:14:39 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-08-26 07:57:24 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-06-20 11:40:08 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c----w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-06-23 16:14:39 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-08-26 07:57:24 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:14:39 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-08-26 07:57:24 214,528 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-06-23 16:14:39 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-08-26 07:57:24 133,120 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-06-23 16:14:39 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-08-26 07:57:24 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-06-23 09:22:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-08-25 08:40:59 70,656 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:14:39 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-08-26 07:57:24 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-06-23 16:14:39 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-08-26 07:57:24 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-08-23 05:54:51 161,792 -c----w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-06-23 16:14:40 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:57:24 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:14:40 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-08-26 07:57:25 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:14:41 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-10-03 16:58:16 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-06-23 16:14:41 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-08-26 07:57:26 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-06-23 16:14:41 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-08-26 07:57:26 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-06-23 09:23:14 625,664 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-08-23 05:56:15 635,848 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-06-23 16:14:41 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-08-26 07:57:26 27,648 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-06-23 16:14:41 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-08-26 07:57:27 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-06-23 16:14:41 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:57:27 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-06-24 01:14:44 3,592,192 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-27 08:57:28 3,593,216 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-23 16:14:43 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:57:28 477,696 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-06-23 16:14:43 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-08-26 07:57:28 193,024 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-06-23 16:14:43 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-08-26 07:57:28 671,232 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-06-23 16:14:43 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-08-26 07:57:28 102,912 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-06-23 16:14:43 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-08-26 07:57:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-06-23 16:14:43 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-08-26 07:57:28 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2008-06-23 16:14:44 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-26 07:57:28 1,159,680 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-06-23 16:14:44 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-08-26 07:57:28 233,472 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-06-23 16:14:44 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-26 07:57:28 826,368 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2006-04-04 21:20:37 9,344 ----a-w C:\WINDOWS\system32\drivers\hpfxbulk.sys
+ 2006-04-04 21:19:11 17,024 ----a-w C:\WINDOWS\system32\drivers\hpfxgen.sys
- 2008-04-13 19:15:11 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2008-09-08 10:41:42 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2007-02-22 03:53:48 12,608 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfx64bulk.sys
+ 2007-02-22 03:53:48 22,592 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfx64gen.sys
+ 2006-04-05 04:20:36 9,344 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfxbulk.sys
+ 2006-04-05 04:19:10 17,024 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hpfxgen.sys
+ 2007-02-02 05:07:20 188,416 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hppcew05.dll
+ 2007-02-02 05:07:20 234,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppaew05_3FE35DDC9939C4EF81CDEE178C1BF3921A5F4F51\hppdew05_x64.dll
+ 2007-02-02 05:07:20 450,560 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hppasc05.dll
+ 2007-03-02 07:10:48 584,704 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hpptsp01.dll
+ 2005-12-12 22:07:58 74,240 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hpst1017.dll
+ 2007-01-19 03:41:42 618,496 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppasc05_9DEB2F28D6EFCAE887509A648EB14380B608CF8D\hpxp1017.dll
+ 2007-02-01 10:48:32 327,680 -c--a-w C:\WINDOWS\system32\DRVSTORE\hppcp605_2E4D8C1B134AC9F38C3C0AF46F8D6BB299020A04\hppcpr05.dll
- 2008-06-23 16:14:39 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-08-26 07:57:24 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-06-23 16:14:39 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-08-26 07:57:24 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-06-23 16:14:39 133,120 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-08-26 07:57:24 133,120 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-09-29 18:24:58 369,680 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-11-09 15:26:11 370,280 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-02-02 05:07:20 188,416 ----a-w C:\WINDOWS\system32\hppcew05.dll
+ 2005-12-23 20:11:02 102,400 ----a-w C:\WINDOWS\system32\HPTcpMib.dll
+ 2005-12-23 20:12:22 155,648 ----a-w C:\WINDOWS\system32\HPTcpMon.dll
+ 2005-12-23 20:14:44 233,472 ----a-w C:\WINDOWS\system32\HPTcpMUI.dll
+ 2004-01-27 15:56:20 28,672 ----a-w C:\WINDOWS\system32\hpzjfw01.dll
+ 2006-01-26 22:06:52 139,264 ----a-w C:\WINDOWS\system32\hpzjrd01.dll
- 2008-06-23 16:14:39 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-08-26 07:57:24 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-06-23 09:22:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-08-25 08:40:59 70,656 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2008-06-23 16:14:39 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
+ 2008-08-26 07:57:24 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2008-06-23 16:14:39 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
+ 2008-08-26 07:57:24 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2008-08-23 05:54:51 161,792 ------w C:\WINDOWS\system32\ieakui.dll
- 2008-06-23 16:14:40 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-08-26 07:57:24 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-06-23 16:14:40 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-08-26 07:57:25 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
- 2008-06-23 16:14:41 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-10-03 16:58:16 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-06-23 16:14:41 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2008-08-26 07:57:26 44,544 ------w C:\WINDOWS\system32\iernonce.dll
- 2008-06-23 16:14:41 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-08-26 07:57:26 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-08-25 08:38:00 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2008-06-23 16:14:41 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
+ 2008-08-26 07:57:26 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2004-03-22 06:17:06 24,816 ----a-w C:\WINDOWS\system32\mdimon.dll
+ 2007-04-09 04:23:54 28,040 ----a-w C:\WINDOWS\system32\mdimon.dll
- 2008-08-26 20:28:12 16,208,504 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-10-07 19:19:40 16,721,856 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-06-23 16:14:41 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-08-26 07:57:27 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-06-23 16:14:41 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-08-26 07:57:27 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-06-24 01:14:44 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-27 08:57:28 3,593,216 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-06-23 16:14:43 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-08-26 07:57:28 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-06-23 16:14:43 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-08-26 07:57:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-06-23 16:14:43 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2008-08-26 07:57:28 671,232 ------w C:\WINDOWS\system32\mstime.dll
- 2008-04-14 02:26:50 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2008-10-15 16:35:02 337,408 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2008-06-23 16:14:43 102,912 ------w C:\WINDOWS\system32\occache.dll
+ 2008-08-26 07:57:28 102,912 ------w C:\WINDOWS\system32\occache.dll
- 2008-10-08 19:23:16 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-11-09 17:01:39 53,942 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-08 19:23:16 53,944 ----a-w C:\WINDOWS\system32\perfc012.dat
+ 2008-11-09 17:01:39 53,944 ----a-w C:\WINDOWS\system32\perfc012.dat
- 2008-10-08 19:23:16 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-09 17:01:39 383,588 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-10-08 19:23:16 204,488 ----a-w C:\WINDOWS\system32\perfh012.dat
+ 2008-11-09 17:01:39 204,488 ----a-w C:\WINDOWS\system32\perfh012.dat
- 2008-06-23 16:14:43 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-08-26 07:57:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-30 12:39:45 16,248 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:19:40 16,248 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-03-07 22:16:54 2,856,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpbcfgre.dll
+ 2006-11-30 00:26:42 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpcdmc32.dll
+ 2001-08-27 22:40:50 132,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPDJRES.DLL
+ 2005-02-21 08:58:20 177,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfie3xu.dll
+ 2005-09-19 21:17:06 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\HPFIE4wm.DLL
+ 2005-02-21 08:58:34 7,718,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfig3xu.dll
+ 2005-02-04 10:09:38 16,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpfrs3xu.dll
+ 2007-01-25 18:05:34 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3c4wm.dll
+ 2005-04-08 10:44:26 1,054,720 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz3r3xu.dll
+ 2007-02-16 17:08:16 1,468,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz6r4wm.dll
+ 2005-04-08 10:43:50 515,584 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev3xu.dll
+ 2007-01-25 20:24:20 435,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzev4wm.dll
+ 2005-04-08 10:44:00 4,879,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzla3xu.dll
+ 2005-04-08 10:43:34 659,968 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzle3xu.dll
+ 2007-01-25 20:24:38 1,588,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzls4wm.dll
+ 2007-01-25 20:24:22 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpe4wm.DLL
+ 2007-01-25 20:25:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi4wm.DLL
+ 2005-04-08 10:43:52 72,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpr3xu.dll
+ 2005-04-08 10:02:32 557,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss3xu.dll
+ 2007-01-25 18:57:06 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzss4wm.dll
+ 2005-04-08 09:12:16 2,954,752 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst3xu.dll
+ 2007-01-25 18:05:08 5,580,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzst4wm.dll
+ 2005-04-08 10:43:48 1,962,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui3xu.dll
+ 2007-01-25 20:24:16 3,269,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzui4wm.dll
+ 2007-01-25 18:05:32 3,459,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzur4wm.dll
- 2004-03-22 06:17:10 42,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2007-04-09 04:23:58 46,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2006-09-28 15:48:40 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\pclxl.dll
- 2007-05-15 08:08:53 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\unires.dll
+ 2007-05-15 08:08:54 761,344 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-12-07 19:11:50 1,740,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpbcfgre.dll
+ 2006-11-30 00:26:42 671,816 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpcdmc32.dll
+ 2005-12-23 00:40:22 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpfie43e.dll
+ 2005-09-19 21:17:06 274,944 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\HPFIE4wm.DLL
+ 2007-01-25 18:05:34 977,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpz3c4wm.dll
+ 2006-04-25 13:08:08 1,336,320 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpz6r43e.dll
+ 2007-02-16 17:08:16 1,468,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpz6r4wm.dll
+ 2006-04-25 13:07:30 408,576 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzev43e.dll
+ 2007-01-25 20:24:20 435,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzev4wm.dll
+ 2006-04-25 13:07:52 1,390,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzls43e.dll
+ 2007-01-25 20:24:38 1,588,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzls4wm.dll
+ 2007-01-25 20:24:22 179,200 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzpe4wm.DLL
+ 2007-01-25 20:25:12 117,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzpi4wm.DLL
+ 2006-04-25 13:07:24 69,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzpp43e.dll
+ 2006-04-25 10:39:54 562,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzss43e.dll
+ 2007-01-25 18:57:06 670,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzss4wm.dll
+ 2006-04-25 09:31:38 3,950,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzst43e.dll
+ 2007-01-25 18:05:08 5,580,288 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzst4wm.dll
+ 2006-04-25 13:07:40 2,461,696 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzui43e.dll
+ 2007-01-25 20:24:16 3,269,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzui4wm.dll
+ 2007-01-25 18:05:32 3,459,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\hpzur4wm.dll
+ 2004-07-10 10:56:00 169,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\pclxl.dll
+ 2006-09-28 15:48:44 269,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\UNIDRV.DLL
+ 2006-09-28 15:45:46 194,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\UNIDRVUI.DLL
+ 2006-09-28 15:45:48 618,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardhp_cob2b1\UNIRES.DLL
+ 2006-04-25 13:07:24 69,120 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43e.dll
+ 2007-01-25 20:24:04 286,208 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4wm.dll
- 2004-03-22 06:17:08 25,840 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2007-04-09 04:23:54 28,552 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
- 2008-06-23 16:14:43 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-08-26 07:57:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-06-23 16:14:44 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-26 07:57:28 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-06-23 16:14:44 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-08-26 07:57:28 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-17 5724184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-10-08 289088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-04 64512]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-27 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-27 602182]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-26 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-26 81920]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-18 25440]
"MAAgent"="C:\Program Files\MarkAny\ContentSAFER\MAAgent.exe" [2006-06-01 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 155648]
"Samsung Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\smstsb10.exe" [2004-11-28 61440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-26 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-31 257088]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-30 122941]
"Vrmon"="C:\Program Files\HAURI\Common\Base\VRMONNT.EXE" [2007-05-08 212992]
"HEProtect"="C:\Program Files\HAURI\ViRobot Desktop 5.0\AntiSpam\HSockPE.exe" [2007-01-03 221184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-09 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-21 188416]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-11-21 348160]
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 C:\WINDOWS\stsystra.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-13 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-22 192512]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2008-07-23 15:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=aejexb.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2ahxx.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati4raxx.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\BugsSvr.exe"=
"C:\\Program Files\\UltraEdit\\UEDIT32.EXE"=
"C:\\Program Files\\OnNet\\Enppy3\\Enppy3Main.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\skcbgm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"C:\\Program Files\\ESTsoft\\ALFTP\\ALFTP.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector Express\\PDX.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\jukeon_e.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=
R1 AMonTDnt;AMonTDnt;C:\WINDOWS\system32\Drivers\AMonTDnt.sys [2008-01-10 93016]
R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]
R2 npkcmsvc;npkcmsvc;C:\WINDOWS\system32\npkcmsvc.exe [2008-10-06 178664]
R3 VRFWNTD5;VRFWNTD5 Hauri Network Driver;C:\WINDOWS\system32\drivers\VRFWNTD5.sys [2005-08-25 80878]
S1 3bf8a7d5;3bf8a7d5;C:\WINDOWS\system32\drivers\3bf8a7d5.sys [ ]
S3 CdmDrvNt;CdmDrvNt;C:\WINDOWS\system32\Drivers\CdmDrvNt.sys [2007-12-20 19632]
S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys [ ]
S3 FILESpy;FILESpy;C:\Program Files\HAURI\Common\Base\filespy.sys [2005-09-06 13665]
S3 HPFXBULK;HPFXBULK;C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-04-04 9344]
S3 JRSKD24;JRSKD24;C:\WINDOWS\system32\JRSKD24.SYS [2008-11-06 11136]
S3 JRSUKD24;JRSUKD24;C:\WINDOWS\system32\JRSUKD24.SYS [2007-03-14 6784]
S3 MfFWEnt;MfFWEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [2008-02-18 101296]
S3 MfIPSEnt;MfIPSEnt;C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [2008-05-20 121464]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-09-26 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-09-26 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]
S3 scskusbf;USB SCSK Filter Driver Service;C:\WINDOWS\system32\drivers\scskusbf.sys [2007-07-30 18316]
S3 scskusbs;USB SCSK Driver Service;C:\WINDOWS\system32\drivers\scskusbs.sys [2007-07-30 164373]
S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{031b9792-0afe-11dd-944c-0019d24f14eb}]
\Shell\Auto\command - F:\RavMonE.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7db9f6bd-81d2-11dd-946b-0019b9588bbb}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - VRADFIL
.
Contents of the 'Scheduled Tasks' folder
2008-11-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-01-09 22:42]
2008-11-06 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-08 11:08]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-09 09:59:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-09 10:01:47
ComboFix-quarantined-files.txt 2008-11-09 18:01:30
ComboFix2.txt 2008-10-09 10:27:58
Pre-Run: 24,444,108,800 bytes free
Post-Run: 24,980,111,360 bytes free
544 --- E O F --- 2008-10-24 03:02:21
|
Senior Member
|
9. November 2008 @ 22:13 |
Link to this message
|
Hey leo1001
Since my last post, you have gotten more infected.
If you do not have an antivirus, please follow the instructions below:
Please download Avira AntiVir Personal and install it. Follow the prompts and reboot if required.
Launch Avira AntiVir Personal either by running C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe or right-click on the Antivir icon in your task bar (it looks like a white umbrella with a red background) and click on Start AntiVir.
Configuring AntiVir
? Click on Configuration.
? Make sure Expert mode is checked
? Expand +Scanner > +Scan.
? Click on Action for concerning files.
? Check Automatic, and set Primary Action: to quarantine.
? Click on Heuristic.
? Make sure Macrovirus heuristic, Win32 file heuristic, and Medium detection level are checked.
? Expand +General and click on Extended threat categories.
? Check everything off the list except Application (APPL).
? Click on the button OK at the bottom of the window.
Updating AntiVir
? At the main window, click on Start update.
? Wait for AntiVir to be fully updated.
Scanning Time
? Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode.
? Launch AntiVir.
? At the main window, click on Scan system now.
? Wait for the scan to complete, and then click on Report. A Notepad window will pop up. Save this onto your computer.
? Click on End, and reboot your computer.
Post A Log
? Post the contents of the report you saved.
If you didn't save the report,
? Launch AntiVir
? Under Overview, click on Reports.
? Choose the report listed at the top, and right-click on it.
? Click on Display report.
? Click on Report file.
? Copy and paste the contents of the log here in your next post.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
leo1001
Newbie
|
12. November 2008 @ 09:53 |
Link to this message
|
Avira AntiVir Personal
Report file date: 2008/11/10 Mon 22:08
Scanning for 1024586 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: sabio
Computer name: OK
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 2008-10-30 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 18:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 17:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 22:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 05:58:04
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 05:58:09
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 2008-11-09 05:58:10
ANTIVIR3.VDF : 7.1.0.65 52736 Bytes 2008-11-10 05:58:11
Engineversion : 8.2.0.29
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 20:05:56
AESCRIPT.DLL : 8.1.1.13 332156 Bytes 2008-11-11 05:58:39
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-11 05:58:36
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-11 05:58:35
AEPACK.DLL : 8.1.3.3 393591 Bytes 2008-11-11 05:58:31
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-11 05:58:28
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-11 05:58:26
AEHELP.DLL : 8.1.1.3 119157 Bytes 2008-11-11 05:58:18
AEGEN.DLL : 8.1.1.0 319859 Bytes 2008-11-11 05:58:17
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 20:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 2008-11-11 05:58:14
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 20:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 18:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 19:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-11 05:58:12
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 21:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 18:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 22:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 03:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 22:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 22:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 23:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 23:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: quarantine
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: -DIAL,+APPL,-BDC,-HIDDENEXT,-PHISH,
Start of the scan: 2008/11/10 Mon 22:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '72' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\sabio\My Documents\Downloads\swish\SWiSH Max v 2.0 Build 2008.01.31\SwishMax 2 Patch.exe
[0] Archive type: RSRC
--> Object
[1] Archive type: CAB (Microsoft)
--> is166234.exe
[DETECTION] Is the TR/Dldr.Injecter.aqc Trojan
--> SWISHM~1.EXE
[DETECTION] Is the TR/Agent.AHOE.5 Trojan
[NOTE] The file was moved to '4982250c.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\sabio\Application Data\Adobe\Manager.exe.vir
[DETECTION] Is the TR/Small.xta Trojan
[NOTE] The file was moved to '49872fa5.qua'!
C:\QooBox\Quarantine\C\Program Files\zayjybc\AppUtilAdm.dll.vir
[DETECTION] Is the TR/Obfuscated.GX.2466 Trojan
[NOTE] The file was moved to '49892fb5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\msacm32.drv.vir
[DETECTION] Is the TR/Small.xzz Trojan
[NOTE] The file was moved to '497a2fb8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\TDSSl.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '496c2f8a.qua'!
C:\WINDOWS\NIRCMD.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '496b303c.qua'!
C:\WINDOWS\system32\ALZZip.BIN
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.DRPE back-door program
[NOTE] The file was moved to '497336d7.qua'!
Begin scan in 'D:\'
D:\download\Combo-Fix.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\nircmd.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 32788R22FWJFW\NirCmdC.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
--> 32788R22FWJFW\psexec.cfexe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] The file was moved to '49863e78.qua'!
D:\download\Adobe.Flash.CS3.Keymaker.Only-ZWT\Adobe.Flash.CS3.Keymaker.Only-ZWT\Keygen.exe
[DETECTION] Is the TR/Proxy.Horst.aae.14 Trojan
[NOTE] The file was moved to '49923f05.qua'!
D:\download\cs3\68fc0e6ff300263e6f44382e4126423211e2a053216381d_dl.part3.rar
[0] Archive type: RAR
--> keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.578 back-door program
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26001
[WARNING] Failed!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The driver could not be initialized.
D:\past_works\Twainlee\Utilities\Programs\susetup.exe
[0] Archive type: ZIP SFX (self extracting)
--> CHECKUPDATE.DLL
[DETECTION] Contains recognition pattern of the APPL/Serv-U.6105.D application
--> SERVUTRAY.EXE
[DETECTION] Contains recognition pattern of the APPL/Servu.D application
[NOTE] The file was moved to '498c4efc.qua'!
End of the scan: 2008/11/11 Tue 01:38
Used time: 3:30:33 Hour(s)
The scan has been done completely.
13801 Scanning directories
822714 Files were scanned
16 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
10 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
822697 Files not concerned
7444 Archives were scanned
2 Warnings
11 Notes
|
Senior Member
|
12. November 2008 @ 22:35 |
Link to this message
|
Hey leo1001
Excellent! You're doing great.
Few more steps left. I need you to do some analysis.
? Click Start.
? Open My Computer.
? Select the Tools menu and click Folder Options.
? Select the View Tab.
? Under the Hidden files and folders heading select Show hidden files and folders.
? Uncheck the Hide protected operating system files (recommended) option.
? Click Yes to confirm.
? Click OK.
After that, locate these files and folders:
C:\WINDOWS\system32\WRebw.dll
C:\WINDOWS\system32\cosa.dll
c:\Windows\system32\aejexb.dll
C:\WINDOWS\system32\drivers\3bf8a7d5.sys
C:\Qoobox
Zip them all up, and upload it to http://www.uploadmalware.com/ .
After that, upload all these files to http://www.virustotal.com/ , except for C:\Qoobox.
Post the results from virustotal.com here.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
leo1001
Newbie
|
13. November 2008 @ 00:15 |
Link to this message
|
I couldn't find couple files.
----------------------------------------------
AhnLab-V3 2008.11.13.0 2008.11.13 -
AntiVir 7.9.0.31 2008.11.12 -
Authentium 5.1.0.4 2008.11.12 -
Avast 4.8.1248.0 2008.11.12 -
AVG 8.0.0.199 2008.11.12 -
BitDefender 7.2 2008.11.13 -
CAT-QuickHeal 9.50 2008.11.12 -
ClamAV 0.94.1 2008.11.13 -
DrWeb 4.44.0.09170 2008.11.13 -
eSafe 7.0.17.0 2008.11.12 -
eTrust-Vet 31.6.6204 2008.11.11 -
Ewido 4.0 2008.11.12 -
F-Prot 4.4.4.56 2008.11.12 -
F-Secure 8.0.14332.0 2008.11.13 -
Fortinet 3.117.0.0 2008.11.13 -
GData 19 2008.11.13 -
Ikarus T3.1.1.45.0 2008.11.13 -
K7AntiVirus 7.10.523 2008.11.12 -
Kaspersky 7.0.0.125 2008.11.13 -
McAfee 5432 2008.11.13 -
Microsoft 1.4104 2008.11.13 -
NOD32 3608 2008.11.13 -
Norman 5.80.02 2008.11.12 -
Panda 9.0.0.4 2008.11.12 -
PCTools 4.4.2.0 2008.11.13 -
Prevx1 V2 2008.11.13 -
Rising 21.03.22.00 2008.11.12 -
SecureWeb-Gateway 6.7.6 2008.11.12 -
Sophos 4.35.0 2008.11.13 -
Sunbelt 3.1.1783.2 2008.11.05 -
Symantec 10 2008.11.13 -
TheHacker 6.3.1.1.151 2008.11.13 -
TrendMicro 8.700.0.1004 2008.11.13 -
VBA32 3.12.8.9 2008.11.12 -
ViRobot 2008.11.12.1463 2008.11.12 -
VirusBuster 4.5.11.0 2008.11.12 -
File size: 116335 bytes
MD5...: f8c91cbf5135c029edee67b944719302
SHA1..: 6ae70d74bb07dbfdf4cc8de4f834a0058188cdf5
SHA256: fff4305864f761fc236f5f595d698fc0670a3e248cc82b2a5e656d4042c59a98
SHA512: d4885d6f269670603451fee3ee3868eb3781824c3e8f9d983c5d57f8f8e2260d
fe673f2ed84c6ff3e434722f78ac80cdf7dfe0ee6d457d61dc0d7f67840da89f
PEiD..: -
TrID..: File type identification
ZIP compressed archive (100.0%)
PEInfo: -
|
|
Advertisement
|
|
|
Senior Member
|
13. November 2008 @ 20:45 |
Link to this message
|
Wonderful, leo1001
You look clean. Any more problems? You can delete Combofix and uninstall all programs if you choose, even though I will recommend Antivir as an antivirus.
Best Regards :D
Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.
|
|
