Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

POS.tmp files on C and My Documents


  • Please log in to reply

#16
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello DannyJoe,

Please follow the steps below exactly in the order they are written:

Step #1

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

JavaCore

The next program is very likely the reason your system is infested with malware. Even when a program like this is not infected itself, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove this programs from your system:

µTorrent

If you decide not to remove it, please don't use it until we clean the computer.

Please note any other programs that you don't recognize in that list in your next response


Step #2

Open notepad and copy/paste the text in the codebox below into it:

Folder::
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Program Files\JavaCore

DirLook::
C:\Program Files\Mozilla Firefox
C:\break
C:\sex
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


Step #3


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click "Continue".
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

    Java 2 Runtime Environment, SE v1.4.2

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.


Step #4

1. Go to this website: www.virustotal.com
2. Upload this file by copy/pasting it in to the file box: C:\WINDOWS\SYSTEM32\instlsp.exe
3. Submit the file and copy/paste the results back into this thread.


Post back with combofix report, VirusTotal report and new Hijackthis log.

Regards,
  • 0

Advertisements


#17
DannyJoe

DannyJoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:51 PM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\program files\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link RangeBooster N DWA-140] C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Photo TurboBackup] C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe -s (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe

--
End of file - 8163 bytes








ComboFix 08-03-05.1 - a109 2008-03-10 15:27:25.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.454 [GMT -4:00]
Running from: C:\Documents and Settings\a109\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\a109\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio

.
((((((((((((((((((((((((( Files Created from 2008-02-10 to 2008-03-10 )))))))))))))))))))))))))))))))
.

2008-03-04 23:20 . 2008-03-04 23:21 <DIR> d-------- C:\sex
2008-03-04 12:27 . 2008-03-04 12:27 <DIR> d-------- C:\Deckard
2008-03-04 11:03 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-03-04 10:45 . 2008-03-04 12:11 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-03-04 10:45 . 2008-03-04 10:45 <DIR> d-------- C:\WINDOWS\LastGood
2008-03-04 10:45 . 2008-03-04 10:45 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-03-04 10:45 . 2008-03-04 10:45 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-03-04 10:45 . 2008-03-04 10:45 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-03-01 15:34 . 2008-03-01 15:34 98,304 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt.dll
2008-03-01 15:27 . 2008-03-01 15:27 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Atari
2008-03-01 15:25 . 2008-03-01 15:25 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2008-03-01 15:25 . 2008-03-01 15:25 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Leadertech
2008-03-01 15:25 . 2002-02-27 18:50 197,120 --a------ C:\WINDOWS\patchw32.dll
2008-03-01 15:21 . 2008-03-01 15:21 <DIR> d-------- C:\Program Files\Atari
2008-02-29 11:29 . 2008-02-29 11:29 331 --a------ C:\driveicons_back.reg
2008-02-28 00:23 . 2008-03-04 11:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-28 00:23 . 2008-02-28 00:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-28 00:23 . 2008-02-28 00:23 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Malwarebytes
2008-02-28 00:22 . 2008-02-28 00:22 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-24 22:58 . 2008-02-24 22:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-24 22:58 . 2008-02-24 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-23 00:37 . 2008-02-23 00:37 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-22 14:28 . 2008-03-04 11:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 14:28 . 2008-02-22 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 14:28 . 2008-02-22 14:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\SUPERAntiSpyware.com
2008-02-22 14:27 . 2008-02-22 14:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-22 14:13 . 2008-02-22 14:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-22 02:43 . 2008-02-22 02:44 <DIR> d-------- C:\Program Files\CCleaner
2008-02-22 01:20 . 2008-02-22 01:20 9,662 --a------ C:\WINDOWS\SYSTEM32\ZoneAlarmIconUS.ico
2008-02-22 00:03 . 2005-08-10 12:22 114,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\naiavf5x.sys
2008-02-22 00:00 . 2005-05-24 19:23 288,320 -ra------ C:\WINDOWS\SYSTEM32\mcgdmgr.dll
2008-02-21 23:59 . 2008-02-22 00:02 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-21 23:59 . 2005-10-18 12:08 349,760 --a------ C:\WINDOWS\SYSTEM32\mcinsctl.dll
2008-02-21 23:45 . 2008-02-21 23:45 1,219 --a------ C:\WINDOWS\mozver.dat
2008-02-21 00:57 . 2008-02-21 00:59 <DIR> d-------- C:\Documents and Settings\a109\Application Data\McAfee.com Personal Firewall
2008-02-21 00:55 . 2008-02-21 00:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-02-21 00:53 . 2008-02-21 23:52 41,280 --a------ C:\WINDOWS\SYSTEM32\Status.MPF
2008-02-21 00:49 . 2008-02-21 00:49 <DIR> d-------- C:\Program Files\McAfee
2008-02-21 00:49 . 2008-02-21 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-21 00:48 . 2006-03-01 12:34 131,072 --------- C:\WINDOWS\SYSTEM32\mclsp.dll
2008-02-21 00:48 . 2005-04-20 20:22 32,768 --a------ C:\WINDOWS\SYSTEM32\instlsp.exe
2008-02-21 00:48 . 2005-04-20 20:22 11,264 --a------ C:\WINDOWS\SYSTEM32\sporder.dll
2008-02-21 00:47 . 2008-02-21 12:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-02-21 00:43 . 2008-02-22 08:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-20 22:13 . 2008-02-20 22:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 22:13 . 2008-02-20 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-20 21:40 . 2008-02-20 21:40 <DIR> d-------- C:\WINDOWS\Search And Destroy
2008-02-20 13:45 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2008-02-20 13:45 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidserv.dll
2008-02-20 13:45 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys
2008-02-20 13:45 . 2004-08-03 23:58 14,848 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\kbdhid.sys
2008-02-20 13:44 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbccgp.sys
2008-02-20 13:44 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbccgp.sys
2008-02-20 01:26 . 2008-02-20 11:10 <DIR> d-------- C:\WINDOWS\$hf_mig$
2008-02-20 01:24 . 2008-03-05 06:29 3,284 --a------ C:\WINDOWS\SYSTEM32\ANIWZCS{1E5B91EF-9144-4245-90EA-D6648E5ED664}
2008-02-19 22:09 . 2008-02-20 13:38 <DIR> d-------- C:\WINDOWS\Wireless
2008-02-18 11:24 . 2008-02-23 11:50 <DIR> d-------- C:\Temp
2008-02-18 11:18 . 2008-02-18 11:18 <DIR> d-------- C:\WINDOWS\Sun
2008-02-14 12:05 . 2008-02-14 12:16 <DIR> d-------- C:\Program Files\VstPlugins
2008-02-14 12:05 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\SYSTEM32\vorbis.acm
2008-02-14 12:05 . 2006-06-20 04:56 225,280 --a------ C:\WINDOWS\SYSTEM32\rewire.dll
2008-02-14 12:03 . 2008-02-14 12:16 <DIR> d-------- C:\Program Files\Image-Line
2008-02-13 19:55 . 2008-02-13 19:55 628,419 --a------ C:\duet.mp3
2008-02-13 16:53 . 2008-02-13 19:55 652 --a------ C:\WINDOWS\netdet.ini
2008-02-13 11:38 . 2008-02-22 01:54 7 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME
2008-02-12 23:28 . 2008-02-12 23:28 <DIR> d-------- C:\Program Files\SlowBlast
2008-02-12 23:28 . 2008-02-13 18:16 <DIR> d-------- C:\Program Files\Drag and Drop Drummer Lite
2008-02-12 23:28 . 1998-06-09 01:00 137,216 --a------ C:\WINDOWS\SYSTEM32\Msderun.dll
2008-02-12 23:28 . 1998-06-18 01:00 102,912 --a------ C:\WINDOWS\SYSTEM32\Vb6stkit.dll
2008-02-12 23:27 . 2008-02-12 23:28 <DIR> d-------- C:\Program Files\Cakewalk
2008-02-12 19:40 . 2008-02-12 19:40 38,579 --a------ C:\pj.jpg
2008-02-12 17:58 . 2008-02-12 17:58 <DIR> d-------- C:\Program Files\Free Fire Screensaver
2008-02-12 17:57 . 2008-02-12 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Laconic Software
2008-02-12 17:54 . 2008-02-12 17:54 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Viewpoint
2008-02-12 17:53 . 2008-02-12 17:53 <DIR> d-------- C:\Documents and Settings\a109\Application Data\Aim
2008-02-12 17:52 . 2008-02-12 17:52 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-12 17:52 . 2008-02-22 03:18 <DIR> d-------- C:\Program Files\Common Files\AOL
2008-02-12 17:52 . 2008-02-12 17:52 <DIR> d-------- C:\Program Files\AOD
2008-02-12 17:52 . 2008-03-04 11:31 <DIR> d-------- C:\Program Files\AIM
2008-02-12 17:52 . 2008-02-12 17:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 17:44 . 2008-02-12 17:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-12 17:30 . 2008-02-12 17:30 <DIR> d-------- C:\Program Files\ANI
2008-02-12 17:29 . 2008-02-12 17:29 <DIR> d-------- C:\Program Files\D-Link
2008-02-12 17:29 . 2007-07-28 15:50 517,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rt2870.sys
2008-02-12 17:28 . 2008-02-12 17:28 <DIR> d-------- C:\Documents and Settings\a109\Application Data\InstallShield
2008-02-12 17:21 . 2008-02-12 17:21 5 --a------ C:\WINDOWS\SYSTEM32\ANIWZCSUSERNAME{D37154A2-858B-4C37-82C2-DE5ABD158B7E}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 15:57 --------- d-----w C:\Program Files\Winamp
2008-03-04 15:51 --------- d-----w C:\Program Files\iTunes
2008-03-01 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-01 19:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-01 18:40 --------- d-----w C:\Documents and Settings\a109\Application Data\U3
2008-01-27 01:54 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-25 19:28 --------- d-----w C:\Documents and Settings\a109\Application Data\Autodesk
2008-01-25 19:27 --------- d-----w C:\Documents and Settings\a109\Application Data\Ansys
2008-01-25 19:24 --------- d-----w C:\Program Files\Autodesk
2008-01-25 19:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-25 19:18 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-01-25 19:03 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-01-25 19:02 --------- d-----w C:\Program Files\Microsoft WSE
2008-01-25 18:35 --------- d-----w C:\Program Files\Roxio ----------
2007-12-27 18:32 7,680 --sha-w C:\Program Files\Thumbs.db
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\break ----

2008-03-03 12:58 1881450 --a------ C:\break\Untitled-2 copy.psd
2008-03-02 16:26 57344 --ahs---- C:\break\Thumbs.db
2008-03-02 16:25 29288 --a------ C:\break\l_97d2e34afe1eab9b41987c7931ada90e.jpg
2008-03-02 16:24 47331 --a------ C:\break\l_e4c99e81cf0faad243aa089ba9b6782e.jpg
2008-03-02 16:09 45456 --a------ C:\break\l_f3d7e4bb28e747775c0b86186cf90dd4.jpg
2008-03-02 16:08 42331 --a------ C:\break\l_27882ba2aa2a34c0e103c4911b6f7e89.jpg
2008-03-02 16:08 42190 --a------ C:\break\l_c19a79bbd2414ecb494559fe1c71a30e.jpg
2008-03-02 16:08 39372 --a------ C:\break\l_3afb1b1d566cfa5cfbc9422429ae3c58.jpg
2008-03-02 16:08 35021 --a------ C:\break\l_2bf0e752e462109bd8087e75d024756a.jpg
2008-03-02 16:08 33585 --a------ C:\break\l_6340c7e30803518aa2591b52ece3f812.jpg
2008-03-02 16:08 33404 --a------ C:\break\l_62d98346053e477d8f02150e384a549e.jpg
2008-03-02 16:07 36757 --a------ C:\break\l_d2db368b55112abe649ae6f9dbb58d9c.jpg
2008-03-02 16:07 33774 --a------ C:\break\l_c980679cf7109a247d7e61dedca268f2.jpg
2008-03-02 16:07 26497 --a------ C:\break\l_a0d4c77ec7eb086279ac96056140a42b.jpg
2008-03-02 16:07 22996 --a------ C:\break\l_d22459a6307d55551384d28a89aefa1a.jpg
2008-03-02 16:06 47142 --a------ C:\break\l_d6148d7ed02d862727ba57f0c6973331.jpg
2008-03-02 16:06 40002 --a------ C:\break\me.jpg
2008-03-02 12:10 25300 --a------ C:\break\TL.jpg
2008-03-02 12:10 21308 --a------ C:\break\RRandTL.jpg

---- Directory of C:\Program Files\Mozilla Firefox ----

2008-02-22 01:09 147015 --a------ C:\Program Files\Mozilla Firefox\components\compreg.dat
2008-02-21 23:45 25245 --a------ C:\Program Files\Mozilla Firefox\install.log
2008-02-21 23:45 0 --a------ C:\Program Files\Mozilla Firefox\.autoreg
2008-02-12 17:44 94328 --a------ C:\Program Files\Mozilla Firefox\components\xpti.dat
2008-02-12 17:44 7945 --a------ C:\Program Files\Mozilla Firefox\uninstall\uninstall.log
2008-02-12 17:44 2 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\InstallDisabled
2008-02-02 06:07 99840 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\BrandRes.dll
2008-02-02 06:07 7655024 --a------ C:\Program Files\Mozilla Firefox\firefox.exe
2008-02-02 06:07 73848 --a------ C:\Program Files\Mozilla Firefox\xpcom_compat.dll
2008-02-02 06:07 73336 --a------ C:\Program Files\Mozilla Firefox\xpicleanup.exe
2008-02-02 06:07 67696 --a------ C:\Program Files\Mozilla Firefox\components\jar50.dll
2008-02-02 06:07 54376 --a------ C:\Program Files\Mozilla Firefox\components\jsd3250.dll
2008-02-02 06:07 46720 --a------ C:\Program Files\Mozilla Firefox\components\spellchk.dll
2008-02-02 06:07 456808 --a------ C:\Program Files\Mozilla Firefox\js3250.dll
2008-02-02 06:07 450936 --a------ C:\Program Files\Mozilla Firefox\uninstall\helper.exe
2008-02-02 06:07 422000 --a------ C:\Program Files\Mozilla Firefox\xpcom_core.dll
2008-02-02 06:07 407040 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\talkback.exe
2008-02-02 06:07 378472 --a------ C:\Program Files\Mozilla Firefox\nss3.dll
2008-02-02 06:07 34952 --a------ C:\Program Files\Mozilla Firefox\components\myspell.dll
2008-02-02 06:07 34424 --a------ C:\Program Files\Mozilla Firefox\plc4.dll
2008-02-02 06:07 30320 --a------ C:\Program Files\Mozilla Firefox\plds4.dll
2008-02-02 06:07 271984 --a------ C:\Program Files\Mozilla Firefox\nssckbi.dll
2008-02-02 06:07 22664 --a------ C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
2008-02-02 06:07 172144 --a------ C:\Program Files\Mozilla Firefox\components\xpinstal.dll
2008-02-02 06:07 161392 --a------ C:\Program Files\Mozilla Firefox\nspr4.dll
2008-02-02 06:07 156544 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\fullsoft.dll
2008-02-02 06:07 14456 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.dll
2008-02-02 06:07 13952 --a------ C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll
2008-02-02 06:07 13416 --a------ C:\Program Files\Mozilla Firefox\xpcom.dll
2008-02-02 06:07 132712 --a------ C:\Program Files\Mozilla Firefox\ssl3.dll
2008-02-02 06:07 132232 --a------ C:\Program Files\Mozilla Firefox\updater.exe
2008-02-02 06:07 12400 --a------ C:\Program Files\Mozilla Firefox\xpistub.dll
2008-02-02 06:07 112232 --a------ C:\Program Files\Mozilla Firefox\smime3.dll
2008-02-02 02:06 9568 --a------ C:\Program Files\Mozilla Firefox\res\html.css
2008-02-02 02:06 9459 --a------ C:\Program Files\Mozilla Firefox\components\nsBrowserGlue.js
2008-02-02 02:06 93 --a------ C:\Program Files\Mozilla Firefox\res\cmessage.txt
2008-02-02 02:06 915 --a------ C:\Program Files\Mozilla Firefox\defaults\pref\firefox-branding.js
2008-02-02 02:06 894 --a------ C:\Program Files\Mozilla Firefox\chrome\en-US.manifest
2008-02-02 02:06 87 --a------ C:\Program Files\Mozilla Firefox\defaults\autoconfig\platform.js
2008-02-02 02:06 858 --a------ C:\Program Files\Mozilla Firefox\res\grabber.gif
2008-02-02 02:06 85 --a------ C:\Program Files\Mozilla Firefox\greprefs\xpinstall.js
2008-02-02 02:06 8427 --a------ C:\Program Files\Mozilla Firefox\res\dtd\xhtml11.dtd
2008-02-02 02:06 8420 --a------ C:\Program Files\Mozilla Firefox\res\charsetData.properties
2008-02-02 02:06 841 --a------ C:\Program Files\Mozilla Firefox\res\table-remove-row.gif
2008-02-02 02:06 841 --a------ C:\Program Files\Mozilla Firefox\res\table-remove-row-hover.gif
2008-02-02 02:06 841 --a------ C:\Program Files\Mozilla Firefox\res\table-remove-column.gif
2008-02-02 02:06 841 --a------ C:\Program Files\Mozilla Firefox\res\table-remove-column-hover.gif
2008-02-02 02:06 835 --a------ C:\Program Files\Mozilla Firefox\res\table-remove-row-active.gif
2008-02-02 02:06 835 --a------ C:\Program Files\Mozilla Firefox\res\table-remove-column-active.gif
2008-02-02 02:06 826 --a------ C:\Program Files\Mozilla Firefox\res\table-add-row-after.gif
2008-02-02 02:06 826 --a------ C:\Program Files\Mozilla Firefox\res\table-add-row-after-hover.gif
2008-02-02 02:06 826 --a------ C:\Program Files\Mozilla Firefox\res\table-add-column-after.gif
2008-02-02 02:06 826 --a------ C:\Program Files\Mozilla Firefox\res\table-add-column-after-hover.gif
2008-02-02 02:06 825 --a------ C:\Program Files\Mozilla Firefox\res\table-add-row-before.gif
2008-02-02 02:06 825 --a------ C:\Program Files\Mozilla Firefox\res\table-add-row-before-hover.gif
2008-02-02 02:06 825 --a------ C:\Program Files\Mozilla Firefox\res\table-add-column-before.gif
2008-02-02 02:06 825 --a------ C:\Program Files\Mozilla Firefox\res\table-add-column-before-hover.gif
2008-02-02 02:06 823 --a------ C:\Program Files\Mozilla Firefox\res\table-add-column-after-active.gif
2008-02-02 02:06 822 --a------ C:\Program Files\Mozilla Firefox\res\table-add-row-after-active.gif
2008-02-02 02:06 821 --a------ C:\Program Files\Mozilla Firefox\res\table-add-row-before-active.gif
2008-02-02 02:06 81649 --a------ C:\Program Files\Mozilla Firefox\components\nsMicrosummaryService.js
2008-02-02 02:06 792 --a------ C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
2008-02-02 02:06 7914 --a------ C:\Program Files\Mozilla Firefox\components\nsDefaultCLH.js
2008-02-02 02:06 767045 --a------ C:\Program Files\Mozilla Firefox\chrome\classic.jar
2008-02-02 02:06 75171 --a------ C:\Program Files\Mozilla Firefox\components\nsSessionStore.js
2008-02-02 02:06 7296 --a------ C:\Program Files\Mozilla Firefox\defaults\autoconfig\prefcalls.js
2008-02-02 02:06 7138 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html
2008-02-02 02:06 709 --a------ C:\Program Files\Mozilla Firefox\updater.ini
2008-02-02 02:06 696138 --a------ C:\Program Files\Mozilla Firefox\dictionaries\en-US.dic
2008-02-02 02:06 69 --a------ C:\Program Files\Mozilla Firefox\chrome\pippki.manifest
2008-02-02 02:06 663 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\chrome\userContent-example.css
2008-02-02 02:06 65128 --a------ C:\Program Files\Mozilla Firefox\greprefs\all.js
2008-02-02 02:06 6512 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontMath4.properties
2008-02-02 02:06 64504 --a------ C:\Program Files\Mozilla Firefox\res\dtd\mathml.dtd
2008-02-02 02:06 6313 --a------ C:\Program Files\Mozilla Firefox\components\jsconsole-clhandler.js
2008-02-02 02:06 61221 --a------ C:\Program Files\Mozilla Firefox\components\FeedProcessor.js
2008-02-02 02:06 605317 --a------ C:\Program Files\Mozilla Firefox\chrome\en-US.jar
2008-02-02 02:06 6053 --a------ C:\Program Files\Mozilla Firefox\res\ua.css
2008-02-02 02:06 5951 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontCMEX10.properties
2008-02-02 02:06 5835 --a------ C:\Program Files\Mozilla Firefox\components\nsURLFormatter.js
2008-02-02 02:06 5619 --a------ C:\Program Files\Mozilla Firefox\res\langGroups.properties
2008-02-02 02:06 550 --a------ C:\Program Files\Mozilla Firefox\chrome\browser.manifest
2008-02-02 02:06 5472 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontMath2.properties
2008-02-02 02:06 5452 --a------ C:\Program Files\Mozilla Firefox\res\language.properties
2008-02-02 02:06 52 --a------ C:\Program Files\Mozilla Firefox\res\arrowd.gif
2008-02-02 02:06 5169 --a------ C:\Program Files\Mozilla Firefox\res\fonts\fontEncoding.properties
2008-02-02 02:06 5132 --a------ C:\Program Files\Mozilla Firefox\components\nsCloseAllWindows.js
2008-02-02 02:06 5054 --a------ C:\Program Files\Mozilla Firefox\components\nsSetDefaultBrowser.js
2008-02-02 02:06 50 --a------ C:\Program Files\Mozilla Firefox\res\table-add-column-before-active.gif
2008-02-02 02:06 49 --a------ C:\Program Files\Mozilla Firefox\res\arrow.gif
2008-02-02 02:06 4805 --a------ C:\Program Files\Mozilla Firefox\components\nsDictionary.js
2008-02-02 02:06 476 --a------ C:\Program Files\Mozilla Firefox\softokn3.chk
2008-02-02 02:06 476 --a------ C:\Program Files\Mozilla Firefox\freebl3.chk
2008-02-02 02:06 469 --a------ C:\Program Files\Mozilla Firefox\chrome\toolkit.manifest
2008-02-02 02:06 44541 --a------ C:\Program Files\Mozilla Firefox\chrome\reporter.jar
2008-02-02 02:06 4439 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontCMSY10.properties
2008-02-02 02:06 42412 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfont.properties
2008-02-02 02:06 41487 --a------ C:\Program Files\Mozilla Firefox\components\FeedWriter.js
2008-02-02 02:06 4090 --a------ C:\Program Files\Mozilla Firefox\res\entityTables\html40Symbols.properties
2008-02-02 02:06 4062 --a------ C:\Program Files\Mozilla Firefox\res\fonts\fontNameMap.properties
2008-02-02 02:06 39446 --a------ C:\Program Files\Mozilla Firefox\components\nsHelperAppDlg.js
2008-02-02 02:06 38698 --a------ C:\Program Files\Mozilla Firefox\components\nsUrlClassifierTable.js
2008-02-02 02:06 38499 --a------ C:\Program Files\Mozilla Firefox\res\entityTables\transliterate.properties
2008-02-02 02:06 3747 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontSymbol.properties
2008-02-02 02:06 3690 --a------ C:\Program Files\Mozilla Firefox\res\entityTables\html40Latin1.properties
2008-02-02 02:06 356 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\mimeTypes.rdf
2008-02-02 02:06 35263 --a------ C:\Program Files\Mozilla Firefox\components\nsXmlRpcClient.js
2008-02-02 02:06 347 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\prefs.js
2008-02-02 02:06 340 --a------ C:\Program Files\Mozilla Firefox\chrome\reporter.manifest
2008-02-02 02:06 3353 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontMath1.properties
2008-02-02 02:06 3323 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\master.ini
2008-02-02 02:06 32944 --a------ C:\Program Files\Mozilla Firefox\components\nsUrlClassifierListManager.js
2008-02-02 02:06 32928 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\talkback.hlp
2008-02-02 02:06 3287 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\search.rdf
2008-02-02 02:06 32783 --a------ C:\Program Files\Mozilla Firefox\components\nsBrowserContentHandler.js
2008-02-02 02:06 324193 --a------ C:\Program Files\Mozilla Firefox\components\nsExtensionManager.js
2008-02-02 02:06 322786 --a------ C:\Program Files\Mozilla Firefox\components\browser.xpt
2008-02-02 02:06 322 --a------ C:\Program Files\Mozilla Firefox\chrome\classic.manifest
2008-02-02 02:06 31967 --a------ C:\Program Files\Mozilla Firefox\chrome\comm.jar
2008-02-02 02:06 30869 --a------ C:\Program Files\Mozilla Firefox\LICENSE
2008-02-02 02:06 3042 --a------ C:\Program Files\Mozilla Firefox\res\viewsource.css
2008-02-02 02:06 304 --a------ C:\Program Files\Mozilla Firefox\defaults\pref\firefox-l10n.js
2008-02-02 02:06 3013 --a------ C:\Program Files\Mozilla Firefox\greprefs\security-prefs.js
2008-02-02 02:06 299987 --a------ C:\Program Files\Mozilla Firefox\chrome\pippki.jar
2008-02-02 02:06 29091 --a------ C:\Program Files\Mozilla Firefox\res\entityTables\mathml20.properties
2008-02-02 02:06 2731 --a------ C:\Program Files\Mozilla Firefox\dictionaries\en-US.aff
2008-02-02 02:06 27061 --a------ C:\Program Files\Mozilla Firefox\components\nsSearchSuggestions.js
2008-02-02 02:06 26774 --a------ C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js
2008-02-02 02:06 254060 --a------ C:\Program Files\Mozilla Firefox\softokn3.dll
2008-02-02 02:06 24340 --a------ C:\Program Files\Mozilla Firefox\components\WebContentConverter.js
2008-02-02 02:06 2396 --a------ C:\Program Files\Mozilla Firefox\res\entityTables\html40Special.properties
2008-02-02 02:06 2351 --a------ C:\Program Files\Mozilla Firefox\searchplugins\google.xml
2008-02-02 02:06 2348 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontMTExtra.properties
2008-02-02 02:06 232 --a------ C:\Program Files\Mozilla Firefox\browserconfig.properties
2008-02-02 02:06 2251 --a------ C:\Program Files\Mozilla Firefox\res\svg.css
2008-02-02 02:06 22017 --a------ C:\Program Files\Mozilla Firefox\components\nsPostUpdateWin.js
2008-02-02 02:06 2193 --a------ C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
2008-02-02 02:06 2080 --a------ C:\Program Files\Mozilla Firefox\res\wincharset.properties
2008-02-02 02:06 20770 --a------ C:\Program Files\Mozilla Firefox\components\FeedConverter.js
2008-02-02 02:06 206 --a------ C:\Program Files\Mozilla Firefox\defaults\pref\reporter.js
2008-02-02 02:06 200829 --a------ C:\Program Files\Mozilla Firefox\freebl3.dll
2008-02-02 02:06 1967 --a------ C:\Program Files\Mozilla Firefox\res\entityTables\htmlEntityVersions.properties
2008-02-02 02:06 189 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-telnet.gif
2008-02-02 02:06 188 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-image.gif
2008-02-02 02:06 1867135 --a------ C:\Program Files\Mozilla Firefox\chrome\toolkit.jar
2008-02-02 02:06 180 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-movie.gif
2008-02-02 02:06 178 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-find.gif
2008-02-02 02:06 177 --a------ C:\Program Files\Mozilla Firefox\README.txt
2008-02-02 02:06 1742 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\install.rdf
2008-02-02 02:06 166 --a------ C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
2008-02-02 02:06 165 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-binary.gif
2008-02-02 02:06 165 --a------ C:\Program Files\Mozilla Firefox\res\broken-image.gif
2008-02-02 02:06 163 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-sound.gif
2008-02-02 02:06 163 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-audio.gif
2008-02-02 02:06 16154 --a------ C:\Program Files\Mozilla Firefox\components\nsSessionStartup.js
2008-02-02 02:06 157 --a------ C:\Program Files\Mozilla Firefox\res\loading-image.gif
2008-02-02 02:06 15688 --a------ C:\Program Files\Mozilla Firefox\res\fonts\mathfontPUA.properties
2008-02-02 02:06 154 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-text.gif
2008-02-02 02:06 153 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\localstore.rdf
2008-02-02 02:06 1514 --a------ C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
2008-02-02 02:06 1509 --a------ C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf
2008-02-02 02:06 14948 --a------ C:\Program Files\Mozilla Firefox\components\nsSidebar.js
2008-02-02 02:06 14826 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\talkback-l10n.ini
2008-02-02 02:06 145845 --a------ C:\Program Files\Mozilla Firefox\components\nsSafebrowsingApplication.js
2008-02-02 02:06 144 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\qfaservices.xpt
2008-02-02 02:06 144 --a------ C:\Program Files\Mozilla Firefox\chrome\comm.manifest
2008-02-02 02:06 13895 --a------ C:\Program Files\Mozilla Firefox\components\nsBookmarkTransactionManager.js
2008-02-02 02:06 13743 --a------ C:\Program Files\Mozilla Firefox\res\mathml.css
2008-02-02 02:06 136062 --a------ C:\Program Files\Mozilla Firefox\components\nsUrlClassifierLib.js
2008-02-02 02:06 1355 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\components\talkback.cnt
2008-02-02 02:06 135 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-menu.gif
2008-02-02 02:06 13475 --a------ C:\Program Files\Mozilla Firefox\components\nsProxyAutoConfig.js
2008-02-02 02:06 13385 --a------ C:\Program Files\Mozilla Firefox\res\forms.css
2008-02-02 02:06 132 --a------ C:\Program Files\Mozilla Firefox\res\html\gopher-unknown.gif
2008-02-02 02:06 1285919 --a------ C:\Program Files\Mozilla Firefox\chrome\browser.jar
2008-02-02 02:06 11757 --a------ C:\Program Files\Mozilla Firefox\res\quirk.css
2008-02-02 02:06 117 --a------ C:\Program Files\Mozilla Firefox\res\hiddenWindow.html
2008-02-02 02:06 11324 --a------ C:\Program Files\Mozilla Firefox\res\charsetalias.properties
2008-02-02 02:06 112 --a------ C:\Program Files\Mozilla Firefox\old-homepage-default.properties
2008-02-02 02:06 1078 --a------ C:\Program Files\Mozilla Firefox\defaults\profile\chrome\userChrome-example.css
2008-02-02 02:06 107030 --a------ C:\Program Files\Mozilla Firefox\components\nsSearchService.js
2008-02-02 02:06 10566 --a------ C:\Program Files\Mozilla Firefox\res\EditorOverride.css
2008-02-02 02:06 105346 --a------ C:\Program Files\Mozilla Firefox\components\nsUpdateService.js
2008-02-02 02:06 1046 --a------ C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
2008-02-02 02:06 1038 --a------ C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
2008-02-02 02:06 0 --a------ C:\Program Files\Mozilla Firefox\extensions\[email protected]\chrome.manifest
2007-11-28 23:58 2394 --a------ C:\Program Files\Mozilla Firefox\components\nsIQTScriptablePlugin.xpt
2003-06-20 15:30 49152 --a------ C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL

---- Directory of C:\sex ----

2007-11-28 13:19 9973636 --a------ C:\sex\04 Living Dead Girl [Subliminal Seduction Mix].mp3
2007-11-28 13:19 9891160 --a------ C:\sex\08 What Lurks on Channel X- [XXX Mix].mp3
2007-11-28 13:19 9685492 --a------ C:\sex\03 How to Make a Monster [Kitty's Purrrrformance Mix].mp3
2007-11-28 13:19 9522628 --a------ C:\sex\02 Superbeast [[bleep] Holocaust Mix].mp3
2007-11-28 13:19 9164536 --a------ C:\sex\11 Superbeast [Girl on a Motorcycle Mix].mp3
2007-11-28 13:19 9035080 --a------ C:\sex\12 Meet the Creeper [Brute Man & Wonder Girl Mix].mp3
2007-11-28 13:19 8500552 --a------ C:\sex\10 Return of the Phantom Stranger [Tuesday Night at the Chop Shop Mix].mp3
2007-11-28 13:19 7563040 --a------ C:\sex\04 Never Gonna Stop (The Red, Red Kroovy).mp3
2007-11-28 13:19 5057787 --a------ C:\sex\07 - Hands Of Death (Burn Baby Burn).mp3
2007-11-28 13:19 4685803 --a------ C:\sex\08 - The Greatest American Nightmare (Feat. Howard Stern).mp3
2007-11-28 13:19 13528456 --a------ C:\sex\07 The Ballad of Resurrection Joe and Rosa [bleep] [Ilsa She-Wolf of Hollywood M.mp3
2007-11-28 13:19 11478040 --a------ C:\sex\09 Meet the Creeper [Pink Pussy Mix].mp3
2007-11-28 13:19 11111596 --a------ C:\sex\01 Dragula [Si Non Oscillas, Noli Tintnnare Mix].mp3
2007-11-28 13:19 11037472 --a------ C:\sex\06 Demonoid Phenomenon [Sin Lives Mix].mp3
2007-11-28 13:19 10999888 --a------ C:\sex\05 Spookshow Baby [Black Leather Cat Suit Mix].mp3


((((((((((((((((((((((((((((( [email protected]_14.03.22.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 12:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\SYSTEM32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 03:00 512000]
"AIM"="C:\Program Files\AIM\aim.exe" [2006-08-01 16:35 67112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:56 1667584]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 10:15 816368]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 15:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 03:01 135264]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-15 00:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 01:28 36352]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]
"D-Link D-Link RangeBooster N DWA-140"="C:\Program Files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 15:05 1671168]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 20:05 1117184]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 13:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 23:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Photo TurboBackup"="C:\PROGRA~1\FILEST~1\PHOTOT~1\pbksche.exe" [2005-09-15 03:00 512000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-26 21:54:53 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AIM\\aim.exe"=

R2 ASFAgent;ASF Agent;C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2003-02-10 06:52]
R2 AsfAlrt;AsfAlrt;C:\WINDOWS\System32\drivers\AsfAlrt.sys [2002-12-18 06:31]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT []
R2 PBKNTService;PBKNTService;C:\PROGRA~1\FILEST~1\PHOTOT~1\PBKNTService.exe [2005-09-15 03:00]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 15:50]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;"C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0102aa4c-40df-11da-b90f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aff8cde-4493-11d9-b8e4-000d56c5c1ec}]
\Shell\AutoRun\command - F:\SafeGuard\Windows\SafeGuard20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c5e072f-92b7-11da-b919-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure20.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d801b01-6828-11db-b93f-000d56c5c1ec}]
\Shell\AutoRun\command - F:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e976a0b0-b174-11db-b943-000d56c5c1ec}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
*Newly Created Service* - THOLRGTIPUGG
.
Contents of the 'Scheduled Tasks' folder
"2008-03-04 23:37:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 15:29:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-10 15:30:01
ComboFix2.txt 2008-03-05 19:03:51
ComboFix3.txt 2008-02-28 04:19:21








Antivirus Version Last Update Result
AhnLab-V3 2008.3.12.0 2008.03.11 -
AntiVir 7.6.0.73 2008.03.11 -
Authentium 4.93.8 2008.03.11 -
Avast 4.7.1098.0 2008.03.11 -
AVG 7.5.0.516 2008.03.11 -
BitDefender 7.2 2008.03.12 -
CAT-QuickHeal 9.50 2008.03.10 -
ClamAV None 2008.03.11 -
DrWeb 4.44.0.09170 2008.03.11 -
eSafe 7.0.15.0 2008.03.09 -
eTrust-Vet 31.3.5607 2008.03.11 -
Ewido 4.0 2008.03.11 -
FileAdvisor 1 2008.03.12 -
Fortinet 3.14.0.0 2008.03.12 -
F-Prot 4.4.2.54 2008.03.11 -
F-Secure 6.70.13260.0 2008.03.12 -
Ikarus T3.1.1.20 2008.03.12 -
Kaspersky 7.0.0.125 2008.03.12 -
McAfee 5249 2008.03.11 -
Microsoft 1.3301 2008.03.12 -
NOD32v2 2938 2008.03.11 -
Norman 5.80.02 2008.03.11 -
Panda 9.0.0.4 2008.03.12 -
Prevx1 V2 2008.03.12 -
Rising 20.35.12.00 2008.03.11 -
Sophos 4.27.0 2008.03.12 -
Sunbelt 3.0.930.0 2008.03.05 -
Symantec 10 2008.03.12 -
TheHacker 6.2.92.242 2008.03.12 -
VBA32 3.12.6.2 2008.03.05 -
VirusBuster 4.3.26:9 2008.03.11 -
Webwasher-Gateway 6.6.2 2008.03.11 -
Additional information
File size: 32768 bytes
MD5: 9b9e9f55163716a8545611c596ef4801
SHA1: 7ad892820e1c75c4f2f738ed005745cf715022e6
PEiD: Armadillo v1.71
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
Hi DannyJoe,

Snowhite asked me to have a look at your thread.
Can you let me know if you have any problems left or is your computer behaving normal?
There is one bit we need to take care off anyway.

Regards,
  • 0

#19
DannyJoe

DannyJoe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey, thanks for taking a look at my thread

As of now, things have been running smooth
no problems really

any suggestions would be helpful though

Thank you guys again for what you're doing!
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,960 posts
Ok. Here's the deal. The entry that worried Snowhite and why she asked me to look at it, is this one:

Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Autodesk\Data Management Server 5\Server\Web\Services\bin;Autodesk Shared;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Autodesk Shared

To find out what happened I'd like to know which version of Firefox you installed and where you downloaded it from.
Since normally it has no bussines there unless you installed a developer version.
I don't think it will cause any problems, but we can't be too careful. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP