Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Qoobox? [CLOSED]

Started by Famoustar , Mar 04 2008 10:12 PM

  • This topic is locked This topic is locked

#16
Famoustar
Posted 07 April 2008 - 09:27 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
post'd

Attached Files


  • 0

Advertisements

#17
sarahw
Posted 11 April 2008 - 03:39 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
Sory about the delay. Can you please run Dr Web Cure It again. This is so that we get anything left over from the first scan :)
  • 0

#18
Famoustar
Posted 14 April 2008 - 11:41 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Here you go

Attached Files


  • 0

#19
sarahw
Posted 21 April 2008 - 04:05 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Hi,
I'm very sorry I overlooked your thread.
Can you please rescan with Combofix.
  • 0

#20
Famoustar
Posted 23 April 2008 - 01:03 AM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Right here ^_^

Attached Files


  • 0

#21
sarahw
Posted 24 April 2008 - 05:14 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Can you please post the contents as text, dont upload it, its too hard to read.
  • 0

#22
Famoustar
Posted 24 April 2008 - 07:39 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Deckard's System Scanner v20071014.68
Run by Admin on 2008-04-24 18:31:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; unknown error code 0x00000002


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 504 MiB (512 MiB recommended).


-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:44 PM, on 04/24/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Wireless LAN\WlanUtil.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
D:\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [shell] C:\WINDOWS\system32\15b177.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Vidalia] "D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Kremlin Sentry.lnk = D:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\Wireless LAN\WlanUtil.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Privoxy.lnk = D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.aajtak.co...er/tdserver.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload....Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1185849481843
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185849458718
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 6804 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AFS2K - c:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 oreans32 - c:\windows\system32\drivers\oreans32.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 npkcrypt - d:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 AgereSoftModem (Agere Systems Soft Modem) - c:\windows\system32\drivers\agrsm.sys <Not Verified; Agere Systems; Agere SoftModem Driver>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 zntport (NTPort Library Driver) - c:\windows\system32\zntport.sys (file missing)
S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
S3 CEDRIVER52 - d:\program files\cheat engine\dbk32.sys
S3 DRIVER1111 - c:\documents and settings\admin\desktop\celite\dbk32.sys (file missing)
S3 Dual2 - c:\documents and settings\admin\desktop\blah\aim\bypass\dual2.sys (file missing)
S3 E1000 (Intel® PRO/1000 Adapter Driver) - c:\windows\system32\drivers\e1000325.sys <Not Verified; Intel Corporation; Intel® PRO/1000 Adapter>
S3 g0wkudr1ver - c:\documents and settings\admin\desktop\2\supersay3\g0wku.sys (file missing)
S3 geebers12 - c:\documents and settings\admin\desktop\blorbslayerengine\blorbslayerengine\nvid888.sys (file missing)
S3 GroundZero (GroundZero Driver) - c:\documents and settings\admin\desktop\rootk\groundzero.sys (file missing)
S3 keta1 - c:\documents and settings\admin\desktop\blah\teste\keta.sys (file missing)
S3 MzBot.sys - c:\windows\system32\mzbot.sys
S3 NOOB - c:\documents and settings\admin\desktop\2\nxpdriver.sys (file missing)
S3 NVDISP - c:\documents and settings\admin\desktop\blah\newrd.exe\nv7800gt.sys (file missing)
S3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
S3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>
S3 toBzM - c:\tobzm.sys (file missing)
S3 ZD1211U(WLAN) (IEEE 802.11g USB Wireless LAN Driver(WLAN)) - c:\windows\system32\drivers\zd1211u.sys <Not Verified; ZyDAS Technology Corporation; ZD1211 802.11b+g USB LAN Adapter>
S3 ZDBRGSYS (ZDBRGSYS NDIS Protocol Driver) - c:\windows\system32\zdbrgsys.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\4&3B90381F&0&68F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\4&3B90381F&0&68F0
Service: rtl8139

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\16D03A98004603
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\16D03A98004603
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Scheduled Tasks -------------------------------------------------------------

2008-04-11 16:49:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-12-04 20:21:39 352 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1188353953.job
2005-07-12 21:08:28 258 --a------ C:\WINDOWS\Tasks\Registration reminder 3.job
2005-07-12 21:08:28 258 --a------ C:\WINDOWS\Tasks\Registration reminder 2.job


-- Files created between 2008-03-24 and 2008-04-24 -----------------------------

2031-07-07 12:09:26 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32>
2031-07-07 12:09:26 1142784 --a----c- C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2031-07-07 12:09:26 208896 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module>
2031-07-05 17:38:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Ventrilo
2031-07-05 17:34:20 0 d--h----- C:\WINDOWS\PIF
2031-07-05 17:34:20 0 d-------- C:\Program Files\VentSrv
2031-07-05 17:33:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-18 20:40:28 0 d-------- C:\Documents and Settings\Admin\PARTYPokerDir <PARTYP~1>
2008-04-17 21:00:57 0 d-------- C:\Documents and Settings\Admin\dodian.com
2008-04-13 21:27:24 0 d------c- C:\ijji
2008-04-09 15:40:21 0 d-------- C:\Documents and Settings\Admin\Application Data\Hamachi
2008-04-06 23:16:57 0 d-------- C:\Documents and Settings\Paul\DoctorWeb <DOCTOR~1>
2008-04-06 23:14:59 18432 --a------ C:\WINDOWS\system32\2d3a00.exe
2008-04-06 22:52:14 18432 --a------ C:\WINDOWS\system32\186387.exe
2008-04-06 22:29:26 18432 --a------ C:\WINDOWS\system32\38415.exe
2008-04-05 17:35:51 18432 --a------ C:\WINDOWS\system32\bc4a06.exe
2008-04-05 17:13:06 18432 --a------ C:\WINDOWS\system32\a77860.exe
2008-04-05 16:50:22 18432 --a------ C:\WINDOWS\system32\92a69a.exe
2008-04-05 16:27:38 18432 --a------ C:\WINDOWS\system32\7dd438.exe
2008-04-05 16:04:53 18432 --a------ C:\WINDOWS\system32\6902b0.exe
2008-04-05 15:42:08 18432 --a------ C:\WINDOWS\system32\542e6a.exe
2008-04-05 15:19:22 18432 --a------ C:\WINDOWS\system32\3f57a3.exe
2008-04-05 14:56:35 18432 --a------ C:\WINDOWS\system32\2a7b1f.exe
2008-04-05 14:33:51 18432 --a------ C:\WINDOWS\system32\15a969.exe
2008-04-04 18:48:45 18432 --a------ C:\WINDOWS\system32\d21cc1.exe
2008-04-04 18:26:01 18432 --a------ C:\WINDOWS\system32\bd4b79.exe
2008-04-04 18:03:16 18432 --a------ C:\WINDOWS\system32\a87a20.exe
2008-04-04 17:40:32 18432 --a------ C:\WINDOWS\system32\93a6c4.exe
2008-04-04 17:17:46 18432 --a------ C:\WINDOWS\system32\7ed1c2.exe
2008-04-04 16:55:02 18432 --a------ C:\WINDOWS\system32\69ffbe.exe
2008-04-04 16:32:17 18432 --a------ C:\WINDOWS\system32\552ca0.exe
2008-04-04 16:09:33 18432 --a------ C:\WINDOWS\system32\405aab.exe
2008-04-04 15:46:47 18432 --a------ C:\WINDOWS\system32\2b8396.exe
2008-04-04 15:24:03 18432 --a------ C:\WINDOWS\system32\16b27c.exe
2008-04-04 15:01:18 18432 --a------ C:\WINDOWS\system32\1de93.exe
2008-04-03 23:11:12 18432 --a------ C:\WINDOWS\system32\19761db.exe
2008-04-03 22:48:27 18432 --a------ C:\WINDOWS\system32\1828e11.exe
2008-04-03 22:25:43 18432 --a------ C:\WINDOWS\system32\16dbc7a.exe
2008-04-03 22:02:59 18432 --a------ C:\WINDOWS\system32\158eb12.exe
2008-04-03 21:40:14 18432 --a------ C:\WINDOWS\system32\14419ba.exe
2008-04-03 21:17:30 18432 --a------ C:\WINDOWS\system32\12f47f4.exe
2008-04-03 20:54:45 18432 --a------ C:\WINDOWS\system32\11a7505.exe
2008-04-03 20:32:01 18432 --a------ C:\WINDOWS\system32\105a310.exe
2008-04-02 15:54:21 18432 --a------ C:\WINDOWS\system32\2a7daf.exe
2008-04-02 15:31:33 18432 --a------ C:\WINDOWS\system32\159cf5.exe
2008-04-01 22:12:28 18432 --a------ C:\WINDOWS\system32\18d1d8f.exe
2008-04-01 21:49:42 18432 --a------ C:\WINDOWS\system32\178490a.exe
2008-04-01 21:26:58 18432 --a------ C:\WINDOWS\system32\1637715.exe
2008-04-01 21:04:14 18432 --a------ C:\WINDOWS\system32\14ea58e.exe
2008-04-01 20:41:29 18432 --a------ C:\WINDOWS\system32\139d36a.exe
2008-04-01 20:18:44 18432 --a------ C:\WINDOWS\system32\124fdad.exe
2008-04-01 19:55:59 18432 --a------ C:\WINDOWS\system32\1102b1c.exe
2008-04-01 19:33:15 18432 --a------ C:\WINDOWS\system32\fb5994.exe
2008-04-01 19:10:30 18432 --a------ C:\WINDOWS\system32\e6880d.exe
2008-04-01 18:47:46 18432 --a------ C:\WINDOWS\system32\d1b5e9.exe
2008-04-01 18:35:24 0 d-------- C:\Documents and Settings\Admin\.thinkfree <THINKF~1>
2008-04-01 18:35:23 0 d-------- C:\Documents and Settings\Admin\.tfo3 <TFO3~1>
2008-04-01 18:25:00 18432 --a------ C:\WINDOWS\system32\bcdf70.exe
2008-04-01 18:02:15 18432 --a------ C:\WINDOWS\system32\a80c82.exe
2008-04-01 17:39:31 18432 --a------ C:\WINDOWS\system32\9339b2.exe
2008-04-01 17:16:46 18432 --a------ C:\WINDOWS\system32\7e685a.exe
2008-04-01 16:54:02 18432 --a------ C:\WINDOWS\system32\699617.exe
2008-04-01 16:31:17 18432 --a------ C:\WINDOWS\system32\54c441.exe
2008-04-01 16:08:33 18432 --a------ C:\WINDOWS\system32\3ff2c9.exe
2008-04-01 15:45:49 18432 --a------ C:\WINDOWS\system32\2b2113.exe
2008-04-01 15:23:04 18432 --a------ C:\WINDOWS\system32\164fca.exe
2008-04-01 15:00:20 18432 --a------ C:\WINDOWS\system32\17e53.exe
2008-04-01 00:39:05 18432 --a------ C:\WINDOWS\system32\21510f7.exe
2008-04-01 00:16:21 18432 --a------ C:\WINDOWS\system32\2003f8f.exe
2008-03-31 23:53:36 18432 --a------ C:\WINDOWS\system32\1eb6a3f.exe
2008-03-31 23:30:47 18432 --a------ C:\WINDOWS\system32\1d68a5f.exe
2008-03-31 23:08:03 18432 --a------ C:\WINDOWS\system32\1c1b8e8.exe
2008-03-31 22:45:19 18432 --a------ C:\WINDOWS\system32\1ace712.exe
2008-03-31 22:22:34 18432 --a------ C:\WINDOWS\system32\19814fe.exe
2008-03-31 21:59:50 18432 --a------ C:\WINDOWS\system32\183428c.exe
2008-03-31 21:37:05 18432 --a------ C:\WINDOWS\system32\16e7143.exe
2008-03-31 21:14:21 18432 --a------ C:\WINDOWS\system32\1599ed2.exe
2008-03-31 20:51:36 18432 --a------ C:\WINDOWS\system32\144cd0c.exe
2008-03-31 20:28:52 18432 --a------ C:\WINDOWS\system32\12ffbc3.exe
2008-03-31 20:06:08 18432 --a------ C:\WINDOWS\system32\11b29de.exe
2008-03-31 19:43:22 18432 --a------ C:\WINDOWS\system32\10653d2.exe
2008-03-31 19:20:38 18432 --a------ C:\WINDOWS\system32\f1821c.exe
2008-03-31 18:57:53 18432 --a------ C:\WINDOWS\system32\dcb075.exe
2008-03-31 18:35:08 18432 --a------ C:\WINDOWS\system32\c7dc9c.exe
2008-03-31 18:12:24 18432 --a------ C:\WINDOWS\system32\b30ab7.exe
2008-03-31 17:49:39 18432 --a------ C:\WINDOWS\system32\9e3920.exe
2008-03-31 17:26:55 18432 --a------ C:\WINDOWS\system32\8967a8.exe
2008-03-31 17:04:10 18432 --a------ C:\WINDOWS\system32\74941d.exe
2008-03-30 23:41:16 18432 --a------ C:\WINDOWS\system32\2d9b636.exe
2008-03-30 23:18:31 18432 --a------ C:\WINDOWS\system32\2c4e480.exe
2008-03-30 22:55:46 18432 --a------ C:\WINDOWS\system32\2b01162.exe
2008-03-30 22:33:02 18432 --a------ C:\WINDOWS\system32\29b3f10.exe
2008-03-30 22:10:17 18432 --a------ C:\WINDOWS\system32\2866c60.exe
2008-03-30 21:47:33 18432 --a------ C:\WINDOWS\system32\2719a6b.exe
2008-03-30 21:24:48 18432 --a------ C:\WINDOWS\system32\25cc828.exe
2008-03-30 21:02:04 18432 --a------ C:\WINDOWS\system32\247f652.exe
2008-03-30 20:39:19 18432 --a------ C:\WINDOWS\system32\23323c1.exe
2008-03-30 20:16:35 18432 --a------ C:\WINDOWS\system32\21e522a.exe
2008-03-30 19:53:50 18432 --a------ C:\WINDOWS\system32\20980c2.exe
2008-03-30 19:31:06 18432 --a------ C:\WINDOWS\system32\1f4af2b.exe
2008-03-30 19:08:20 18432 --a------ C:\WINDOWS\system32\1dfd920.exe
2008-03-30 18:45:36 18432 --a------ C:\WINDOWS\system32\1cb0631.exe
2008-03-30 18:22:50 18432 --a------ C:\WINDOWS\system32\1b63016.exe
2008-03-30 18:00:06 18432 --a------ C:\WINDOWS\system32\1a15e9e.exe
2008-03-30 17:37:22 18432 --a------ C:\WINDOWS\system32\18c8d26.exe
2008-03-30 17:14:37 18432 --a------ C:\WINDOWS\system32\177bac4.exe
2008-03-30 16:51:50 18432 --a------ C:\WINDOWS\system32\162dd94.exe
2008-03-30 16:29:05 18432 --a------ C:\WINDOWS\system32\14e0c0d.exe
2008-03-30 16:06:21 18432 --a------ C:\WINDOWS\system32\1393a47.exe
2008-03-30 15:43:36 18432 --a------ C:\WINDOWS\system32\1246787.exe
2008-03-30 15:20:52 18432 --a------ C:\WINDOWS\system32\10f95e1.exe
2008-03-30 14:58:07 18432 --a------ C:\WINDOWS\system32\fac3cd.exe
2008-03-30 14:35:22 18432 --a------ C:\WINDOWS\system32\e5ef48.exe
2008-03-30 14:12:36 18432 --a------ C:\WINDOWS\system32\d11803.exe
2008-03-30 13:49:52 18432 --a------ C:\WINDOWS\system32\bc4534.exe
2008-03-30 13:27:05 18432 --a------ C:\WINDOWS\system32\a76bae.exe
2008-03-30 13:04:18 18432 --a------ C:\WINDOWS\system32\928e3f.exe
2008-03-30 12:41:33 18432 --a------ C:\WINDOWS\system32\7dbb60.exe
2008-03-30 12:18:48 18432 --a------ C:\WINDOWS\system32\68e7b6.exe
2008-03-30 11:56:04 18432 --a------ C:\WINDOWS\system32\5415a2.exe
2008-03-30 11:33:19 18432 --a------ C:\WINDOWS\system32\3f440b.exe
2008-03-30 11:10:35 18432 --a------ C:\WINDOWS\system32\2a7293.exe
2008-03-30 10:47:50 18432 --a------ C:\WINDOWS\system32\15a07f.exe
2008-03-30 03:09:55 18432 --a------ C:\WINDOWS\system32\6bd48d.exe
2008-03-30 02:47:11 18432 --a------ C:\WINDOWS\system32\570325.exe
2008-03-30 02:24:25 18432 --a------ C:\WINDOWS\system32\422da6.exe
2008-03-30 02:01:39 18432 --a------ C:\WINDOWS\system32\2d5410.exe
2008-03-30 01:38:54 18432 --a------ C:\WINDOWS\system32\188279.exe
2008-03-30 01:16:10 18432 --a------ C:\WINDOWS\system32\3b0d3.exe
2008-03-29 23:47:33 18432 --a------ C:\WINDOWS\system32\5f83020.exe
2008-03-29 23:24:49 18432 --a------ C:\WINDOWS\system32\5e35e3b.exe
2008-03-29 23:02:05 18432 --a------ C:\WINDOWS\system32\5ce8c65.exe
2008-03-29 22:39:20 18432 --a------ C:\WINDOWS\system32\5b9b9e4.exe
2008-03-29 22:16:35 18432 --a------ C:\WINDOWS\system32\5a4e7b0.exe
2008-03-29 21:53:51 18432 --a------ C:\WINDOWS\system32\59014a2.exe
2008-03-29 21:31:06 18432 --a------ C:\WINDOWS\system32\57b42cd.exe
2008-03-29 21:08:22 18432 --a------ C:\WINDOWS\system32\56670d8.exe
2008-03-29 20:45:37 18432 --a------ C:\WINDOWS\system32\5519bf5.exe
2008-03-29 20:22:52 18432 --a------ C:\WINDOWS\system32\53cc9f1.exe
2008-03-29 20:00:08 18432 --a------ C:\WINDOWS\system32\527f8b8.exe
2008-03-29 19:37:23 18432 --a------ C:\WINDOWS\system32\51326d3.exe
2008-03-29 19:14:39 18432 --a------ C:\WINDOWS\system32\4fe554b.exe
2008-03-29 18:51:55 18432 --a------ C:\WINDOWS\system32\4e983f3.exe
2008-03-29 18:29:10 18432 --a------ C:\WINDOWS\system32\4d4afcc.exe
2008-03-29 18:06:24 18432 --a------ C:\WINDOWS\system32\4bfdaaa.exe
2008-03-29 17:43:38 18432 --a------ C:\WINDOWS\system32\4ab027c.exe
2008-03-29 17:20:53 18432 --a------ C:\WINDOWS\system32\4962e06.exe
2008-03-29 16:58:09 18432 --a------ C:\WINDOWS\system32\4815bf2.exe
2008-03-29 16:35:24 18432 --a------ C:\WINDOWS\system32\46c8a7b.exe
2008-03-29 16:12:40 18432 --a------ C:\WINDOWS\system32\457b847.exe
2008-03-29 15:49:55 18432 --a------ C:\WINDOWS\system32\442e5f5.exe
2008-03-29 15:27:11 18432 --a------ C:\WINDOWS\system32\42e147d.exe
2008-03-29 15:04:27 18432 --a------ C:\WINDOWS\system32\41942e6.exe
2008-03-29 14:41:42 18432 --a------ C:\WINDOWS\system32\404717e.exe
2008-03-29 14:18:58 18432 --a------ C:\WINDOWS\system32\3ef9fb8.exe
2008-03-29 13:56:13 18432 --a------ C:\WINDOWS\system32\3dace31.exe
2008-03-29 13:33:29 18432 --a------ C:\WINDOWS\system32\3c5fc8a.exe
2008-03-29 13:10:45 18432 --a------ C:\WINDOWS\system32\3b12a86.exe
2008-03-29 12:48:00 18432 --a------ C:\WINDOWS\system32\39c590e.exe
2008-03-29 12:25:16 18432 --a------ C:\WINDOWS\system32\3878787.exe
2008-03-29 12:02:31 18432 --a------ C:\WINDOWS\system32\372b515.exe
2008-03-29 11:39:46 18432 --a------ C:\WINDOWS\system32\35de051.exe
2008-03-29 11:17:02 18432 --a------ C:\WINDOWS\system32\3490e2e.exe
2008-03-29 10:54:17 18432 --a------ C:\WINDOWS\system32\3343c0a.exe
2008-03-29 10:31:32 18432 --a------ C:\WINDOWS\system32\31f6841.exe
2008-03-29 10:08:46 18432 --a------ C:\WINDOWS\system32\30a8fc4.exe
2008-03-29 09:45:59 18432 --a------ C:\WINDOWS\system32\2f5b4b7.exe
2008-03-29 09:23:13 18432 --a------ C:\WINDOWS\system32\2e0dab4.exe
2008-03-29 09:00:28 18432 --a------ C:\WINDOWS\system32\2cc08cf.exe
2008-03-29 08:37:44 18432 --a------ C:\WINDOWS\system32\2b7363e.exe
2008-03-29 07:51:50 18432 --a------ C:\WINDOWS\system32\28d3262.exe
2008-03-29 07:29:06 18432 --a------ C:\WINDOWS\system32\278608c.exe
2008-03-29 07:06:21 18432 --a------ C:\WINDOWS\system32\2638f34.exe
2008-03-29 06:43:37 18432 --a------ C:\WINDOWS\system32\24ebd8d.exe
2008-03-29 06:20:52 18432 --a------ C:\WINDOWS\system32\239ebd7.exe
2008-03-29 05:58:08 18432 --a------ C:\WINDOWS\system32\2251a7e.exe
2008-03-29 05:35:23 18432 --a------ C:\WINDOWS\system32\2104638.exe
2008-03-29 05:12:39 18432 --a------ C:\WINDOWS\system32\1fb7462.exe
2008-03-29 04:49:54 18432 --a------ C:\WINDOWS\system32\1e6a2eb.exe
2008-03-29 04:27:10 18432 --a------ C:\WINDOWS\system32\1d1d125.exe
2008-03-29 04:04:26 18432 --a------ C:\WINDOWS\system32\1bcffdc.exe
2008-03-29 03:41:41 18432 --a------ C:\WINDOWS\system32\1a82e06.exe
2008-03-29 03:18:57 18432 --a------ C:\WINDOWS\system32\1935c41.exe
2008-03-29 02:56:12 18432 --a------ C:\WINDOWS\system32\17e879c.exe
2008-03-29 02:48:28 18432 --a------ C:\WINDOWS\system32\177736a.exe
2008-03-29 02:25:43 18432 --a------ C:\WINDOWS\system32\162a1a5.exe
2008-03-29 02:02:58 18432 --a------ C:\WINDOWS\system32\14dce0a.exe
2008-03-29 01:40:14 18432 --a------ C:\WINDOWS\system32\138fba8.exe
2008-03-29 01:17:29 18432 --a------ C:\WINDOWS\system32\12429f2.exe
2008-03-29 00:54:45 18432 --a------ C:\WINDOWS\system32\10f58a9.exe
2008-03-29 00:32:01 18432 --a------ C:\WINDOWS\system32\fa8731.exe
2008-03-29 00:09:16 18432 --a------ C:\WINDOWS\system32\e5b5c9.exe
2008-03-28 23:46:32 18432 --a------ C:\WINDOWS\system32\d0e3f3.exe
2008-03-28 23:23:48 18432 --a------ C:\WINDOWS\system32\bc120e.exe
2008-03-28 23:01:03 18432 --a------ C:\WINDOWS\system32\a74019.exe
2008-03-28 22:38:19 18432 --a------ C:\WINDOWS\system32\926eb1.exe
2008-03-28 22:15:34 18432 --a------ C:\WINDOWS\system32\7d9cbd.exe
2008-03-28 21:52:50 18432 --a------ C:\WINDOWS\system32\68cb45.exe
2008-03-28 21:30:05 18432 --a------ C:\WINDOWS\system32\53f8d3.exe
2008-03-28 21:07:21 18432 --a------ C:\WINDOWS\system32\3f275b.exe
2008-03-28 20:44:36 18432 --a------ C:\WINDOWS\system32\2a52f6.exe
2008-03-28 20:21:51 18432 --a------ C:\WINDOWS\system32\157ff7.exe
2008-03-27 23:20:10 18432 --a------ C:\WINDOWS\system32\139756c.exe
2008-03-27 22:57:26 18432 --a------ C:\WINDOWS\system32\124a3c5.exe
2008-03-27 22:34:41 18432 --a------ C:\WINDOWS\system32\10fd1ff.exe
2008-03-27 22:11:57 18432 --a------ C:\WINDOWS\system32\fb0049.exe
2008-03-27 21:49:12 18432 --a------ C:\WINDOWS\system32\e62d3b.exe
2008-03-27 21:26:28 18432 --a------ C:\WINDOWS\system32\d15ba4.exe
2008-03-27 21:03:43 18432 --a------ C:\WINDOWS\system32\bc89fd.exe
2008-03-27 20:40:59 18432 --a------ C:\WINDOWS\system32\a7b818.exe
2008-03-27 20:18:14 18432 --a------ C:\WINDOWS\system32\92e6c0.exe
2008-03-27 19:55:30 18432 --a------ C:\WINDOWS\system32\7e14ea.exe
2008-03-27 19:32:46 18432 --a------ C:\WINDOWS\system32\694324.exe
2008-03-27 19:10:01 18432 --a------ C:\WINDOWS\system32\546fd8.exe
2008-03-27 18:47:15 18432 --a------ C:\WINDOWS\system32\3f99eb.exe
2008-03-27 18:24:31 18432 --a------ C:\WINDOWS\system32\2ac74b.exe
2008-03-27 18:01:46 18432 --a------ C:\WINDOWS\system32\15f5d3.exe
2008-03-27 17:39:01 18432 --a------ C:\WINDOWS\system32\12093.exe
2008-03-26 17:02:47 18432 --a------ C:\WINDOWS\system32\70c65c.exe
2008-03-25 16:57:38 18432 --a------ C:\WINDOWS\system32\bc57c2.exe
2008-03-25 16:34:54 18432 --a------ C:\WINDOWS\system32\a7865a.exe
2008-03-25 16:12:10 18432 --a------ C:\WINDOWS\system32\92b511.exe
2008-03-25 15:49:25 18432 --a------ C:\WINDOWS\system32\7de2ed.exe
2008-03-25 15:26:41 18432 --a------ C:\WINDOWS\system32\69105c.exe
2008-03-25 15:03:56 18432 --a------ C:\WINDOWS\system32\543e19.exe
2008-03-25 14:41:11 18432 --a------ C:\WINDOWS\system32\3f6a50.exe
2008-03-25 14:18:25 18432 --a------ C:\WINDOWS\system32\2a9398.exe
2008-03-25 13:55:40 18432 --a------ C:\WINDOWS\system32\15bea6.exe
2008-03-24 22:37:27 18432 --a------ C:\WINDOWS\system32\1a4df2a.exe
2008-03-24 22:14:43 18432 --a------ C:\WINDOWS\system32\1900d73.exe
2008-03-24 21:51:59 18432 --a------ C:\WINDOWS\system32\17b3bcd.exe
2008-03-24 21:29:12 18432 --a------ C:\WINDOWS\system32\1666302.exe
2008-03-24 21:06:28 18432 --a------ C:\WINDOWS\system32\15190fe.exe
2008-03-24 20:43:43 18432 --a------ C:\WINDOWS\system32\13cbf09.exe
2008-03-24 20:20:58 18432 --a------ C:\WINDOWS\system32\127ea65.exe
2008-03-24 19:58:13 18432 --a------ C:\WINDOWS\system32\11314b7.exe
2008-03-24 19:35:24 18432 --a------ C:\WINDOWS\system32\fe314d.exe
2008-03-24 19:12:39 18432 --a------ C:\WINDOWS\system32\e95eeb.exe
2008-03-24 18:49:55 18432 --a------ C:\WINDOWS\system32\d48bbe.exe
2008-03-24 18:27:10 18432 --a------ C:\WINDOWS\system32\bfb804.exe
2008-03-24 18:04:25 18432 --a------ C:\WINDOWS\system32\aae515.exe
2008-03-24 17:41:40 18432 --a------ C:\WINDOWS\system32\961265.exe
2008-03-24 17:18:55 18432 --a------ C:\WINDOWS\system32\813ca7.exe
2008-03-24 16:56:10 18432 --a------ C:\WINDOWS\system32\6c67c5.exe
2008-03-24 14:46:36 18432 --a------ C:\WINDOWS\system32\1c83c.exe
2008-03-24 08:23:13 18432 --a------ C:\WINDOWS\system32\52e1c.exe
2008-03-24 00:14:28 18432 --a------ C:\WINDOWS\system32\29b6e6d.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-24 16:57:12 0 d-------- C:\Documents and Settings\Admin\Application Data\Vidalia
2008-04-24 16:57:12 0 d-------- C:\Documents and Settings\Admin\Application Data\tor
2008-04-09 19:50:37 75970 --a------ C:\WINDOWS\War3Unin.dat
2008-04-07 17:46:45 0 d-------- C:\Program Files\Movie Maker
2008-03-23 23:51:43 18432 --a------ C:\WINDOWS\system32\2869ab3.exe
2008-03-23 23:28:59 18432 --a------ C:\WINDOWS\system32\271c747.exe
2008-03-23 23:06:13 18432 --a------ C:\WINDOWS\system32\25cf17a.exe
2008-03-23 22:43:28 18432 --a------ C:\WINDOWS\system32\2481f85.exe
2008-03-23 22:20:44 18432 --a------ C:\WINDOWS\system32\2334e2d.exe
2008-03-23 21:58:00 18432 --a------ C:\WINDOWS\system32\21e7c57.exe
2008-03-23 21:35:15 18432 --a------ C:\WINDOWS\system32\209a978.exe
2008-03-23 21:12:31 18432 --a------ C:\WINDOWS\system32\1f4d7c2.exe
2008-03-23 20:49:46 18432 --a------ C:\WINDOWS\system32\1e0059e.exe
2008-03-23 20:27:02 18432 --a------ C:\WINDOWS\system32\1cb33e8.exe
2008-03-23 20:04:16 18432 --a------ C:\WINDOWS\system32\1b65ed6.exe
2008-03-23 19:41:31 18432 --a------ C:\WINDOWS\system32\1a18aee.exe
2008-03-23 19:18:47 18432 --a------ C:\WINDOWS\system32\18cb8da.exe
2008-03-23 18:56:03 18432 --a------ C:\WINDOWS\system32\177e791.exe
2008-03-23 18:33:18 18432 --a------ C:\WINDOWS\system32\1631619.exe
2008-03-23 18:10:34 18432 --a------ C:\WINDOWS\system32\14e44b1.exe
2008-03-23 17:47:50 18432 --a------ C:\WINDOWS\system32\1397349.exe
2008-03-23 17:25:05 18432 --a------ C:\WINDOWS\system32\124a21f.exe
2008-03-23 17:02:21 18432 --a------ C:\WINDOWS\system32\10fd0e6.exe
2008-03-23 16:39:37 18432 --a------ C:\WINDOWS\system32\faff9d.exe
2008-03-23 16:16:52 18432 --a------ C:\WINDOWS\system32\e62e25.exe
2008-03-23 15:54:08 18432 --a------ C:\WINDOWS\system32\d15ccd.exe
2008-03-23 15:31:24 18432 --a------ C:\WINDOWS\system32\bc8b55.exe
2008-03-23 15:08:39 18432 --a------ C:\WINDOWS\system32\a7b9dd.exe
2008-03-23 14:45:55 18432 --a------ C:\WINDOWS\system32\92e866.exe
2008-03-23 14:23:11 18432 --a------ C:\WINDOWS\system32\7e170d.exe
2008-03-23 14:00:26 18432 --a------ C:\WINDOWS\system32\6944da.exe
2008-03-23 13:37:42 18432 --a------ C:\WINDOWS\system32\547343.exe
2008-03-23 13:14:57 18432 --a------ C:\WINDOWS\system32\3fa15e.exe
2008-03-23 12:52:13 18432 --a------ C:\WINDOWS\system32\2ad024.exe
2008-03-23 12:29:29 18432 --a------ C:\WINDOWS\system32\15fedc.exe
2008-03-23 12:06:45 18432 --a------ C:\WINDOWS\system32\12db2.exe
2008-03-23 00:20:02 18432 --a------ C:\WINDOWS\system32\25d085d.exe
2008-03-22 23:57:18 18432 --a------ C:\WINDOWS\system32\2483734.exe
2008-03-22 23:34:33 18432 --a------ C:\WINDOWS\system32\23365eb.exe
2008-03-22 23:11:49 18432 --a------ C:\WINDOWS\system32\21e9492.exe
2008-03-22 22:49:05 18432 --a------ C:\WINDOWS\system32\209c34a.exe
2008-03-22 22:26:20 18432 --a------ C:\WINDOWS\system32\1f4f1e1.exe
2008-03-22 22:03:36 18432 --a------ C:\WINDOWS\system32\1e02079.exe
2008-03-22 21:40:52 18432 --a------ C:\WINDOWS\system32\1cb4f30.exe
2008-03-22 21:18:07 18432 --a------ C:\WINDOWS\system32\1b67dd8.exe
2008-03-22 20:55:23 18432 --a------ C:\WINDOWS\system32\1a1ac8f.exe
2008-03-22 20:32:38 18432 --a------ C:\WINDOWS\system32\18cd933.exe
2008-03-22 20:09:54 18432 --a------ C:\WINDOWS\system32\17803b4.exe
2008-03-22 19:47:06 18432 --a------ C:\WINDOWS\system32\1632982.exe
2008-03-22 19:24:22 18432 --a------ C:\WINDOWS\system32\14e57cc.exe
2008-03-22 19:01:38 18432 --a------ C:\WINDOWS\system32\1398673.exe
2008-03-22 18:38:52 18432 --a------ C:\WINDOWS\system32\124b133.exe
2008-03-22 18:16:08 18432 --a------ C:\WINDOWS\system32\10fdfab.exe
2008-03-22 17:53:23 18432 --a------ C:\WINDOWS\system32\fb0dd6.exe
2008-03-22 17:30:39 18432 --a------ C:\WINDOWS\system32\e63ab8.exe
2008-03-22 17:07:50 18432 --a------ C:\WINDOWS\system32\d15952.exe
2008-03-22 16:45:06 18432 --a------ C:\WINDOWS\system32\bc878c.exe
2008-03-22 16:22:22 18432 --a------ C:\WINDOWS\system32\a7b634.exe
2008-03-22 15:59:37 18432 --a------ C:\WINDOWS\system32\92e4eb.exe
2008-03-22 15:36:53 18432 --a------ C:\WINDOWS\system32\7e1325.exe
2008-03-22 15:14:08 18432 --a------ C:\WINDOWS\system32\693ea0.exe
2008-03-22 14:51:21 18432 --a------ C:\WINDOWS\system32\546420.exe
2008-03-22 14:28:37 18432 --a------ C:\WINDOWS\system32\3f92f6.exe
2008-03-22 14:05:52 18432 --a------ C:\WINDOWS\system32\2ac111.exe
2008-03-22 13:43:08 18432 --a------ C:\WINDOWS\system32\15ef6a.exe
2008-03-22 13:20:23 18432 --a------ C:\WINDOWS\system32\118b3.exe
2008-03-21 22:31:57 18432 --a------ C:\WINDOWS\system32\1777ce0.exe
2008-03-21 22:09:13 18432 --a------ C:\WINDOWS\system32\162abb7.exe
2008-03-21 21:46:29 18432 --a------ C:\WINDOWS\system32\14dda6e.exe
2008-03-21 21:23:44 18432 --a------ C:\WINDOWS\system32\1390944.exe
2008-03-21 21:01:00 18432 --a------ C:\WINDOWS\system32\12437ec.exe
2008-03-21 20:38:16 18432 --a------ C:\WINDOWS\system32\10f6693.exe
2008-03-21 20:15:32 18432 --a------ C:\WINDOWS\system32\fa9579.exe
2008-03-21 19:52:47 18432 --a------ C:\WINDOWS\system32\e5c411.exe
2008-03-21 19:30:03 18432 --a------ C:\WINDOWS\system32\d0f2e7.exe
2008-03-21 19:07:19 18432 --a------ C:\WINDOWS\system32\bc21ae.exe
2008-03-21 18:44:34 18432 --a------ C:\WINDOWS\system32\a75075.exe
2008-03-21 18:21:50 18432 --a------ C:\WINDOWS\system32\927f2c.exe
2008-03-21 17:59:06 18432 --a------ C:\WINDOWS\system32\7dadd4.exe
2008-03-21 17:36:22 18432 --a------ C:\WINDOWS\system32\68dc9a.exe
2008-03-21 17:13:35 18432 --a------ C:\WINDOWS\system32\540249.exe
2008-03-21 16:50:49 18432 --a------ C:\WINDOWS\system32\3f2920.exe
2008-03-21 16:28:04 18432 --a------ C:\WINDOWS\system32\2a573b.exe
2008-03-21 16:05:20 18432 --a------ C:\WINDOWS\system32\1585f2.exe
2008-03-21 15:14:52 18432 --a------ C:\WINDOWS\system32\e9b4.exe
2008-03-20 23:58:02 18432 --a------ C:\WINDOWS\system32\2353099.exe
2008-03-20 23:35:17 18432 --a------ C:\WINDOWS\system32\220585b.exe
2008-03-20 23:12:29 18432 --a------ C:\WINDOWS\system32\20b7d9c.exe
2008-03-20 22:49:44 18432 --a------ C:\WINDOWS\system32\1f6aa21.exe
2008-03-20 22:26:59 18432 --a------ C:\WINDOWS\system32\1e1d482.exe
2008-03-20 22:04:14 18432 --a------ C:\WINDOWS\system32\1cd02bc.exe
2008-03-20 21:41:29 18432 --a------ C:\WINDOWS\system32\1b82e37.exe
2008-03-20 21:18:45 18432 --a------ C:\WINDOWS\system32\1a35ccf.exe
2008-03-20 20:56:00 18432 --a------ C:\WINDOWS\system32\18e8b67.exe
2008-03-20 20:33:16 18432 --a------ C:\WINDOWS\system32\179b9ef.exe
2008-03-20 20:10:32 18432 --a------ C:\WINDOWS\system32\164e878.exe
2008-03-20 19:47:47 18432 --a------ C:\WINDOWS\system32\15016f0.exe
2008-03-20 19:25:03 18432 --a------ C:\WINDOWS\system32\13b45a7.exe
2008-03-20 19:02:16 18432 --a------ C:\WINDOWS\system32\1266943.exe
2008-03-20 18:39:32 18432 --a------ C:\WINDOWS\system32\11197db.exe
2008-03-20 18:16:47 18432 --a------ C:\WINDOWS\system32\fcc5e6.exe
2008-03-20 17:54:03 18432 --a------ C:\WINDOWS\system32\e7f44f.exe
2008-03-20 17:31:18 18432 --a------ C:\WINDOWS\system32\d32316.exe
2008-03-20 17:08:37 18432 --a------ C:\WINDOWS\system32\be51cd.exe
2008-03-20 16:45:53 18432 --a------ C:\WINDOWS\system32\a98055.exe
2008-03-20 16:23:08 18432 --a------ C:\WINDOWS\system32\94aece.exe
2008-03-20 16:00:23 18432 --a------ C:\WINDOWS\system32\7fd7f7.exe
2008-03-20 15:37:38 18432 --a------ C:\WINDOWS\system32\6b069e.exe
2008-03-20 15:14:54 18432 --a------ C:\WINDOWS\system32\563527.exe
2008-03-20 14:52:10 18432 --a------ C:\WINDOWS\system32\41613e.exe
2008-03-20 14:29:25 18432 --a------ C:\WINDOWS\system32\2c8f68.exe
2008-03-20 14:06:40 18432 --a------ C:\WINDOWS\system32\17bda3.exe
2008-03-20 13:43:55 18432 --a------ C:\WINDOWS\system32\2e9f8.exe
2008-03-19 22:55:09 18432 --a------ C:\WINDOWS\system32\1a1f6d7.exe
2008-03-19 22:32:25 18432 --a------ C:\WINDOWS\system32\18d2520.exe
2008-03-19 22:09:40 18432 --a------ C:\WINDOWS\system32\178536a.exe
2008-03-19 21:46:56 18432 --a------ C:\WINDOWS\system32\1637f24.exe
2008-03-19 21:24:10 18432 --a------ C:\WINDOWS\system32\14ea688.exe
2008-03-19 21:01:23 18432 --a------ C:\WINDOWS\system32\139c810.exe
2008-03-19 20:38:35 18432 --a------ C:\WINDOWS\system32\124f020.exe
2008-03-19 20:15:51 18432 --a------ C:\WINDOWS\system32\1101e99.exe
2008-03-19 19:53:07 18432 --a------ C:\WINDOWS\system32\fb4d21.exe
2008-03-19 19:30:22 18432 --a------ C:\WINDOWS\system32\e67ade.exe
2008-03-19 19:07:38 18432 --a------ C:\WINDOWS\system32\d1a918.exe
2008-03-19 18:44:53 18432 --a------ C:\WINDOWS\system32\bcd771.exe
2008-03-19 18:22:09 18432 --a------ C:\WINDOWS\system32\a80619.exe
2008-03-19 17:59:25 18432 --a------ C:\WINDOWS\system32\9334d0.exe
2008-03-19 17:36:40 18432 --a------ C:\WINDOWS\system32\7e6387.exe
2008-03-19 17:13:56 18432 --a------ C:\WINDOWS\system32\69922f.exe
2008-03-19 16:51:12 18432 --a------ C:\WINDOWS\system32\54c0f5.exe
2008-03-19 16:28:27 18432 --a------ C:\WINDOWS\system32\3fefad.exe
2008-03-19 16:05:43 18432 --a------ C:\WINDOWS\system32\2b1e83.exe
2008-03-19 15:42:59 18432 --a------ C:\WINDOWS\system32\164cec.exe
2008-03-19 15:20:14 18432 --a------ C:\WINDOWS\system32\17aa9.exe
2008-03-18 22:39:40 18432 --a------ C:\WINDOWS\system32\bed296.exe
2008-03-18 22:16:56 18432 --a------ C:\WINDOWS\system32\aa015c.exe
2008-03-18 21:54:11 18432 --a------ C:\WINDOWS\system32\952f77.exe
2008-03-18 21:31:27 18432 --a------ C:\WINDOWS\system32\805aa4.exe
2008-03-18 21:08:40 18432 --a------ C:\WINDOWS\system32\6b81ca.exe
2008-03-17 21:52:27 18432 --a------ C:\WINDOWS\system32\26011a6.exe
2008-03-17 21:29:42 18432 --a------ C:\WINDOWS\system32\24b3f63.exe
2008-03-17 21:06:58 18432 --a------ C:\WINDOWS\system32\2366957.exe
2008-03-17 20:44:12 18432 --a------ C:\WINDOWS\system32\2219743.exe
2008-03-17 20:21:28 18432 --a------ C:\WINDOWS\system32\20cc5db.exe
2008-03-17 19:58:43 18432 --a------ C:\WINDOWS\system32\1f7f3a8.exe
2008-03-17 19:35:59 18432 --a------ C:\WINDOWS\system32\1e32230.exe
2008-03-17 19:13:15 18432 --a------ C:\WINDOWS\system32\1ce50c8.exe
2008-03-17 18:50:30 18432 --a------ C:\WINDOWS\system32\1b97f50.exe
2008-03-17 18:27:46 18432 --a------ C:\WINDOWS\system32\1a4ae27.exe
2008-03-17 18:05:02 18432 --a------ C:\WINDOWS\system32\18fdb67.exe
2008-03-17 17:42:14 18432 --a------ C:\WINDOWS\system32\17afc62.exe
2008-03-17 17:19:29 18432 --a------ C:\WINDOWS\system32\1662afa.exe
2008-03-17 16:56:45 18432 --a------ C:\WINDOWS\system32\15159b1.exe
2008-03-17 16:34:01 18432 --a------ C:\WINDOWS\system32\13c883a.exe
2008-03-17 16:11:16 18432 --a------ C:\WINDOWS\system32\127b6e1.exe
2008-03-17 15:48:32 18432 --a------ C:\WINDOWS\system32\112e598.exe
2008-03-17 15:25:48 18432 --a------ C:\WINDOWS\system32\fe13d2.exe
2008-03-17 15:03:03 18432 --a------ C:\WINDOWS\system32\e93ff9.exe
2008-03-17 14:40:18 18432 --a------ C:\WINDOWS\system32\d46e91.exe
2008-03-17 14:17:34 18432 --a------ C:\WINDOWS\system32\bf9d39.exe
2008-03-17 13:54:50 18432 --a------ C:\WINDOWS\system32\aacbe0.exe
2008-03-17 13:32:05 18432 --a------ C:\WINDOWS\system32\95fa78.exe
2008-03-17 13:09:21 18432 --a------ C:\WINDOWS\system32\81291f.exe
2008-03-17 12:46:37 18432 --a------ C:\WINDOWS\system32\6c57b7.exe
2008-03-17 12:23:52 18432 --a------ C:\WINDOWS\system32\578517.exe
2008-03-16 22:19:45 18432 --a------ C:\WINDOWS\system32\2253fe9.exe
2008-03-16 21:57:01 18432 --a------ C:\WINDOWS\system32\2106c00.exe
2008-03-16 21:34:15 18432 --a------ C:\WINDOWS\system32\1fb9587.exe
2008-03-16 21:11:29 18432 --a------ C:\WINDOWS\system32\1e6bf6c.exe
2008-03-16 20:48:45 18432 --a------ C:\WINDOWS\system32\1d1ee03.exe
2008-03-16 20:26:00 18432 --a------ C:\WINDOWS\system32\1bd18d3.exe
2008-03-16 14:15:02 18432 --a------ C:\WINDOWS\system32\697b7a.exe
2008-03-16 13:52:18 18432 --a------ C:\WINDOWS\system32\54aa12.exe
2008-03-16 13:29:34 18432 --a------ C:\WINDOWS\system32\3fd8ba.exe
2008-03-16 13:06:49 18432 --a------ C:\WINDOWS\system32\2b0657.exe
2008-03-16 12:44:05 18432 --a------ C:\WINDOWS\system32\163378.exe
2008-03-16 12:21:19 18432 --a------ C:\WINDOWS\system32\15ea5.exe
2008-03-15 23:49:37 18432 --a------ C:\WINDOWS\system32\29b376f.exe
2008-03-15 23:26:50 18432 --a------ C:\WINDOWS\system32\2866088.exe
2008-03-15 23:04:06 18432 --a------ C:\WINDOWS\system32\2718f3f.exe
2008-03-15 22:41:21 18432 --a------ C:\WINDOWS\system32\25cba6c.exe
2008-03-15 22:18:36 18432 --a------ C:\WINDOWS\system32\247e7db.exe
2008-03-15 21:55:52 18432 --a------ C:\WINDOWS\system32\2331683.exe
2008-03-15 21:33:08 18432 --a------ C:\WINDOWS\system32\21e44ec.exe
2008-03-15 21:10:23 18432 --a------ C:\WINDOWS\system32\20973b3.exe
2008-03-15 20:47:39 18432 --a------ C:\WINDOWS\system32\1f4a26a.exe
2008-03-15 20:24:55 18432 --a------ C:\WINDOWS\system32\1dfd111.exe
2008-03-15 20:02:10 18432 --a------ C:\WINDOWS\system32\1caffb9.exe
2008-03-15 19:39:26 18432 --a------ C:\WINDOWS\system32\1b62d08.exe
2008-03-15 19:16:41 18432 --a------ C:\WINDOWS\system32\1a15b52.exe
2008-03-15 18:53:57 18432 --a------ C:\WINDOWS\system32\18c89cb.exe
2008-03-15 18:31:12 18432 --a------ C:\WINDOWS\system32\177b769.exe
2008-03-15 18:08:28 18432 --a------ C:\WINDOWS\system32\162e380.exe
2008-03-15 17:45:42 18432 --a------ C:\WINDOWS\system32\14e0e20.exe
2008-03-15 17:22:57 18432 --a------ C:\WINDOWS\system32\1393b51.exe
2008-03-15 17:00:13 18432 --a------ C:\WINDOWS\system32\1246823.exe
2008-03-15 16:37:28 18432 --a------ C:\WINDOWS\system32\10f9218.exe
2008-03-15 16:14:42 18432 --a------ C:\WINDOWS\system32\fabd64.exe
2008-03-15 15:51:57 18432 --a------ C:\WINDOWS\system32\e5eb6f.exe
2008-03-15 15:29:13 18432 --a------ C:\WINDOWS\system32\d1198a.exe
2008-03-15 15:06:29 18432 --a------ C:\WINDOWS\system32\bc4803.exe
2008-03-15 14:43:43 18432 --a------ C:\WINDOWS\system32\a773ad.exe
2008-03-15 13:58:14 18432 --a------ C:\WINDOWS\system32\7dcf85.exe
2008-03-15 13:35:30 18432 --a------ C:\WINDOWS\system32\68fca5.exe
2008-03-15 13:12:44 18432 --a------ C:\WINDOWS\system32\5425fe.exe
2008-03-15 12:50:00 18432 --a------ C:\WINDOWS\system32\3f5428.exe
2008-03-15 12:27:15 18432 --a------ C:\WINDOWS\system32\2a82df.exe
2008-03-15 12:04:32 47104 --a------ C:\WINDOWS\system32\15b177.exe
2008-03-12 06:46:56 306 --a------ C:\WINDOWS\system32\367f659.exe
2008-03-09 01:46:26 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-03-06 22:50:07 0 d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-03-06 22:50:06 0 d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-04 23:23:49 306 --a------ C:\WINDOWS\system32\8c362a.exe
2008-03-04 21:26:58 306 --a------ C:\WINDOWS\system32\2139ad.exe
2008-03-04 21:10:05 0 d-------- C:\Program Files\Trend Micro
2008-03-03 23:29:47 20992 --a------ C:\WINDOWS\system32\6c9975d.exe
2008-02-27 22:25:20 0 d-------- C:\Program Files\Common Files
2008-02-27 22:25:20 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-02-27 22:20:28 0 d-------- C:\Program Files\Xentare


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shell"="C:\WINDOWS\system32\15b177.exe" [03/15/08 12:04 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [10/24/05 04:53 PM]
"Vidalia"="D:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [11/22/07 02:49 PM]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Kremlin Sentry.lnk - D:\Program Files\Mach5 Software\Kremlin\Kremlin Sentry.exe [11/19/07 7:08:39 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [09/23/05 11:05:26 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [04/06/03 1:06:58 AM]
IEEE 802.11g USB Wireless LAN Utility.lnk - C:\Program Files\Wireless LAN\WlanUtil.exe [07/12/05 9:24:33 PM]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [04/06/03 12:37:38 AM]
Privoxy.lnk - D:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [11/20/06 7:30:54 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe "

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"D:\Program Files\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.1]
"C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemro
  • 0

#23
sarahw
Posted 24 April 2008 - 08:24 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread
  • Browse for these filenames:
    C:\WINDOWS\system32\bc4a06.exe
    C:\WINDOWS\system32\1d68a5f.exe
    C:\WINDOWS\system32\1cb0631.exe
    C:\WINDOWS\system32\13cbf09.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

After you have done that, rescan with combofix and paste the log in a reply.

:)
  • 0

#24
Famoustar
Posted 26 April 2008 - 07:39 PM

Famoustar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Admin - 08-04-26 18:11:33.68 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\Admin\Desktop\Spyware Stuff

((((((((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))))))


2008-04-06 23:14 18,432 --a------ C:\WINDOWS\system32\2d3a00.exe
2008-04-06 22:52 18,432 --a------ C:\WINDOWS\system32\186387.exe
2008-04-06 22:29 18,432 --a------ C:\WINDOWS\system32\38415.exe
2008-04-05 17:35 18,432 --a------ C:\WINDOWS\system32\bc4a06.exe
2008-04-05 17:13 18,432 --a------ C:\WINDOWS\system32\a77860.exe
2008-04-05 16:50 18,432 --a------ C:\WINDOWS\system32\92a69a.exe
2008-04-05 16:27 18,432 --a------ C:\WINDOWS\system32\7dd438.exe
2008-04-05 16:04 18,432 --a------ C:\WINDOWS\system32\6902b0.exe
2008-04-05 15:42 18,432 --a------ C:\WINDOWS\system32\542e6a.exe
2008-04-05 15:19 18,432 --a------ C:\WINDOWS\system32\3f57a3.exe
2008-04-05 14:56 18,432 --a------ C:\WINDOWS\system32\2a7b1f.exe
2008-04-05 14:33 18,432 --a------ C:\WINDOWS\system32\15a969.exe
2008-04-04 18:48 18,432 --a------ C:\WINDOWS\system32\d21cc1.exe
2008-04-04 18:26 18,432 --a------ C:\WINDOWS\system32\bd4b79.exe
2008-04-04 18:03 18,432 --a------ C:\WINDOWS\system32\a87a20.exe
2008-04-04 17:40 18,432 --a------ C:\WINDOWS\system32\93a6c4.exe
2008-04-04 17:17 18,432 --a------ C:\WINDOWS\system32\7ed1c2.exe
2008-04-04 16:55 18,432 --a------ C:\WINDOWS\system32\69ffbe.exe
2008-04-04 16:32 18,432 --a------ C:\WINDOWS\system32\552ca0.exe
2008-04-04 16:09 18,432 --a------ C:\WINDOWS\system32\405aab.exe
2008-04-04 15:46 18,432 --a------ C:\WINDOWS\system32\2b8396.exe
2008-04-04 15:24 18,432 --a------ C:\WINDOWS\system32\16b27c.exe
2008-04-04 15:01 18,432 --a------ C:\WINDOWS\system32\1de93.exe
2008-04-03 23:11 18,432 --a------ C:\WINDOWS\system32\19761db.exe
2008-04-03 22:48 18,432 --a------ C:\WINDOWS\system32\1828e11.exe
2008-04-03 22:25 18,432 --a------ C:\WINDOWS\system32\16dbc7a.exe
2008-04-03 22:02 18,432 --a------ C:\WINDOWS\system32\158eb12.exe
2008-04-03 21:40 18,432 --a------ C:\WINDOWS\system32\14419ba.exe
2008-04-03 21:17 18,432 --a------ C:\WINDOWS\system32\12f47f4.exe
2008-04-03 20:54 18,432 --a------ C:\WINDOWS\system32\11a7505.exe
2008-04-03 20:32 18,432 --a------ C:\WINDOWS\system32\105a310.exe
2008-04-02 15:54 18,432 --a------ C:\WINDOWS\system32\2a7daf.exe
2008-04-02 15:31 18,432 --a------ C:\WINDOWS\system32\159cf5.exe
2008-04-01 22:12 18,432 --a------ C:\WINDOWS\system32\18d1d8f.exe
2008-04-01 21:49 18,432 --a------ C:\WINDOWS\system32\178490a.exe
2008-04-01 21:26 18,432 --a------ C:\WINDOWS\system32\1637715.exe
2008-04-01 21:04 18,432 --a------ C:\WINDOWS\system32\14ea58e.exe
2008-04-01 20:41 18,432 --a------ C:\WINDOWS\system32\139d36a.exe
2008-04-01 20:18 18,432 --a------ C:\WINDOWS\system32\124fdad.exe
2008-04-01 19:55 18,432 --a------ C:\WINDOWS\system32\1102b1c.exe
2008-04-01 19:33 18,432 --a------ C:\WINDOWS\system32\fb5994.exe
2008-04-01 19:10 18,432 --a------ C:\WINDOWS\system32\e6880d.exe
2008-04-01 18:47 18,432 --a------ C:\WINDOWS\system32\d1b5e9.exe
2008-04-01 18:25 18,432 --a------ C:\WINDOWS\system32\bcdf70.exe
2008-04-01 18:02 18,432 --a------ C:\WINDOWS\system32\a80c82.exe
2008-04-01 17:39 18,432 --a------ C:\WINDOWS\system32\9339b2.exe
2008-04-01 17:16 18,432 --a------ C:\WINDOWS\system32\7e685a.exe
2008-04-01 16:54 18,432 --a------ C:\WINDOWS\system32\699617.exe
2008-04-01 16:31 18,432 --a------ C:\WINDOWS\system32\54c441.exe
2008-04-01 16:08 18,432 --a------ C:\WINDOWS\system32\3ff2c9.exe
2008-04-01 15:45 18,432 --a------ C:\WINDOWS\system32\2b2113.exe
2008-04-01 15:23 18,432 --a------ C:\WINDOWS\system32\164fca.exe
2008-04-01 15:00 18,432 --a------ C:\WINDOWS\system32\17e53.exe
2008-04-01 00:39 18,432 --a------ C:\WINDOWS\system32\21510f7.exe
2008-04-01 00:16 18,432 --a------ C:\WINDOWS\system32\2003f8f.exe
2008-03-31 23:53 18,432 --a------ C:\WINDOWS\system32\1eb6a3f.exe
2008-03-31 23:30 18,432 --a------ C:\WINDOWS\system32\1d68a5f.exe
2008-03-31 23:08 18,432 --a------ C:\WINDOWS\system32\1c1b8e8.exe
2008-03-31 22:45 18,432 --a------ C:\WINDOWS\system32\1ace712.exe
2008-03-31 22:22 18,432 --a------ C:\WINDOWS\system32\19814fe.exe
2008-03-31 21:59 18,432 --a------ C:\WINDOWS\system32\183428c.exe
2008-03-31 21:37 18,432 --a------ C:\WINDOWS\system32\16e7143.exe
2008-03-31 21:14 18,432 --a------ C:\WINDOWS\system32\1599ed2.exe
2008-03-31 20:51 18,432 --a------ C:\WINDOWS\system32\144cd0c.exe
2008-03-31 20:28 18,432 --a------ C:\WINDOWS\system32\12ffbc3.exe
2008-03-31 20:06 18,432 --a------ C:\WINDOWS\system32\11b29de.exe
2008-03-31 19:43 18,432 --a------ C:\WINDOWS\system32\10653d2.exe
2008-03-31 19:20 18,432 --a------ C:\WINDOWS\system32\f1821c.exe
2008-03-31 18:57 18,432 --a------ C:\WINDOWS\system32\dcb075.exe
2008-03-31 18:35 18,432 --a------ C:\WINDOWS\system32\c7dc9c.exe
2008-03-31 18:12 18,432 --a------ C:\WINDOWS\system32\b30ab7.exe
2008-03-31 17:49 18,432 --a------ C:\WINDOWS\system32\9e3920.exe
2008-03-31 17:26 18,432 --a------ C:\WINDOWS\system32\8967a8.exe
2008-03-31 17:04 18,432 --a------ C:\WINDOWS\system32\74941d.exe
2008-03-30 23:41 18,432 --a------ C:\WINDOWS\system32\2d9b636.exe
2008-03-30 23:18 18,432 --a------ C:\WINDOWS\system32\2c4e480.exe
2008-03-30 22:55 18,432 --a------ C:\WINDOWS\system32\2b01162.exe
2008-03-30 22:33 18,432 --a------ C:\WINDOWS\system32\29b3f10.exe
2008-03-30 22:10 18,432 --a------ C:\WINDOWS\system32\2866c60.exe
2008-03-30 21:47 18,432 --a------ C:\WINDOWS\system32\2719a6b.exe
2008-03-30 21:24 18,432 --a------ C:\WINDOWS\system32\25cc828.exe
2008-03-30 21:02 18,432 --a------ C:\WINDOWS\system32\247f652.exe
2008-03-30 20:39 18,432 --a------ C:\WINDOWS\system32\23323c1.exe
2008-03-30 20:16 18,432 --a------ C:\WINDOWS\system32\21e522a.exe
2008-03-30 19:53 18,432 --a------ C:\WINDOWS\system32\20980c2.exe
2008-03-30 19:31 18,432 --a------ C:\WINDOWS\system32\1f4af2b.exe
2008-03-30 19:08 18,432 --a------ C:\WINDOWS\system32\1dfd920.exe
2008-03-30 18:45 18,432 --a------ C:\WINDOWS\system32\1cb0631.exe
2008-03-30 18:22 18,432 --a------ C:\WINDOWS\system32\1b63016.exe
2008-03-30 18:00 18,432 --a------ C:\WINDOWS\system32\1a15e9e.exe
2008-03-30 17:37 18,432 --a------ C:\WINDOWS\system32\18c8d26.exe
2008-03-30 17:14 18,432 --a------ C:\WINDOWS\system32\177bac4.exe
2008-03-30 16:51 18,432 --a------ C:\WINDOWS\system32\162dd94.exe
2008-03-30 16:29 18,432 --a------ C:\WINDOWS\system32\14e0c0d.exe
2008-03-30 16:06 18,432 --a------ C:\WINDOWS\system32\1393a47.exe
2008-03-30 15:43 18,432 --a------ C:\WINDOWS\system32\1246787.exe
2008-03-30 15:20 18,432 --a------ C:\WINDOWS\system32\10f95e1.exe
2008-03-30 14:58 18,432 --a------ C:\WINDOWS\system32\fac3cd.exe
2008-03-30 14:35 18,432 --a------ C:\WINDOWS\system32\e5ef48.exe
2008-03-30 14:12 18,432 --a------ C:\WINDOWS\system32\d11803.exe
2008-03-30 13:49 18,432 --a------ C:\WINDOWS\system32\bc4534.exe
2008-03-30 13:27 18,432 --a------ C:\WINDOWS\system32\a76bae.exe
2008-03-30 13:04 18,432 --a------ C:\WINDOWS\system32\928e3f.exe
2008-03-30 12:41 18,432 --a------ C:\WINDOWS\system32\7dbb60.exe
2008-03-30 12:18 18,432 --a------ C:\WINDOWS\system32\68e7b6.exe
2008-03-30 11:56 18,432 --a------ C:\WINDOWS\system32\5415a2.exe
2008-03-30 11:33 18,432 --a------ C:\WINDOWS\system32\3f440b.exe
2008-03-30 11:10 18,432 --a------ C:\WINDOWS\system32\2a7293.exe
2008-03-30 10:47 18,432 --a------ C:\WINDOWS\system32\15a07f.exe
2008-03-30 03:09 18,432 --a------ C:\WINDOWS\system32\6bd48d.exe
2008-03-30 02:47 18,432 --a------ C:\WINDOWS\system32\570325.exe
2008-03-30 02:24 18,432 --a------ C:\WINDOWS\system32\422da6.exe
2008-03-30 02:01 18,432 --a------ C:\WINDOWS\system32\2d5410.exe
2008-03-30 01:38 18,432 --a------ C:\WINDOWS\system32\188279.exe
2008-03-30 01:16 18,432 --a------ C:\WINDOWS\system32\3b0d3.exe
2008-03-29 23:47 18,432 --a------ C:\WINDOWS\system32\5f83020.exe
2008-03-29 23:24 18,432 --a------ C:\WINDOWS\system32\5e35e3b.exe
2008-03-29 23:02 18,432 --a------ C:\WINDOWS\system32\5ce8c65.exe
2008-03-29 22:39 18,432 --a------ C:\WINDOWS\system32\5b9b9e4.exe
2008-03-29 22:16 18,432 --a------ C:\WINDOWS\system32\5a4e7b0.exe
2008-03-29 21:53 18,432 --a------ C:\WINDOWS\system32\59014a2.exe
2008-03-29 21:31 18,432 --a------ C:\WINDOWS\system32\57b42cd.exe
2008-03-29 21:08 18,432 --a------ C:\WINDOWS\system32\56670d8.exe
2008-03-29 20:45 18,432 --a------ C:\WINDOWS\system32\5519bf5.exe
2008-03-29 20:22 18,432 --a------ C:\WINDOWS\system32\53cc9f1.exe
2008-03-29 20:00 18,432 --a------ C:\WINDOWS\system32\527f8b8.exe
2008-03-29 19:37 18,432 --a------ C:\WINDOWS\system32\51326d3.exe
2008-03-29 19:14 18,432 --a------ C:\WINDOWS\system32\4fe554b.exe
2008-03-29 18:51 18,432 --a------ C:\WINDOWS\system32\4e983f3.exe
2008-03-29 18:29 18,432 --a------ C:\WINDOWS\system32\4d4afcc.exe
2008-03-29 18:06 18,432 --a------ C:\WINDOWS\system32\4bfdaaa.exe
2008-03-29 17:43 18,432 --a------ C:\WINDOWS\system32\4ab027c.exe
2008-03-29 17:20 18,432 --a------ C:\WINDOWS\system32\4962e06.exe
2008-03-29 16:58 18,432 --a------ C:\WINDOWS\system32\4815bf2.exe
2008-03-29 16:35 18,432 --a------ C:\WINDOWS\system32\46c8a7b.exe
2008-03-29 16:12 18,432 --a------ C:\WINDOWS\system32\457b847.exe
2008-03-29 15:49 18,432 --a------ C:\WINDOWS\system32\442e5f5.exe
2008-03-29 15:27 18,432 --a------ C:\WINDOWS\system32\42e147d.exe
2008-03-29 15:04 18,432 --a------ C:\WINDOWS\system32\41942e6.exe
2008-03-29 14:41 18,432 --a------ C:\WINDOWS\system32\404717e.exe
2008-03-29 14:18 18,432 --a------ C:\WINDOWS\system32\3ef9fb8.exe
2008-03-29 13:56 18,432 --a------ C:\WINDOWS\system32\3dace31.exe
2008-03-29 13:33 18,432 --a------ C:\WINDOWS\system32\3c5fc8a.exe
2008-03-29 13:10 18,432 --a------ C:\WINDOWS\system32\3b12a86.exe
2008-03-29 12:48 18,432 --a------ C:\WINDOWS\system32\39c590e.exe
2008-03-29 12:25 18,432 --a------ C:\WINDOWS\system32\3878787.exe
2008-03-29 12:02 18,432 --a------ C:\WINDOWS\system32\372b515.exe
2008-03-29 11:39 18,432 --a------ C:\WINDOWS\system32\35de051.exe
2008-03-29 11:17 18,432 --a------ C:\WINDOWS\system32\3490e2e.exe
2008-03-29 10:54 18,432 --a------ C:\WINDOWS\system32\3343c0a.exe
2008-03-29 10:31 18,432 --a------ C:\WINDOWS\system32\31f6841.exe
2008-03-29 10:08 18,432 --a------ C:\WINDOWS\system32\30a8fc4.exe
2008-03-29 09:45 18,432 --a------ C:\WINDOWS\system32\2f5b4b7.exe
2008-03-29 09:23 18,432 --a------ C:\WINDOWS\system32\2e0dab4.exe
2008-03-29 09:00 18,432 --a------ C:\WINDOWS\system32\2cc08cf.exe
2008-03-29 08:37 18,432 --a------ C:\WINDOWS\system32\2b7363e.exe
2008-03-29 07:51 18,432 --a------ C:\WINDOWS\system32\28d3262.exe
2008-03-29 07:29 18,432 --a------ C:\WINDOWS\system32\278608c.exe
2008-03-29 07:06 18,432 --a------ C:\WINDOWS\system32\2638f34.exe
2008-03-29 06:43 18,432 --a------ C:\WINDOWS\system32\24ebd8d.exe
2008-03-29 06:20 18,432 --a------ C:\WINDOWS\system32\239ebd7.exe
2008-03-29 05:58 18,432 --a------ C:\WINDOWS\system32\2251a7e.exe
2008-03-29 05:35 18,432 --a------ C:\WINDOWS\system32\2104638.exe
2008-03-29 05:12 18,432 --a------ C:\WINDOWS\system32\1fb7462.exe
2008-03-29 04:49 18,432 --a------ C:\WINDOWS\system32\1e6a2eb.exe
2008-03-29 04:27 18,432 --a------ C:\WINDOWS\system32\1d1d125.exe
2008-03-29 04:04 18,432 --a------ C:\WINDOWS\system32\1bcffdc.exe
2008-03-29 03:41 18,432 --a------ C:\WINDOWS\system32\1a82e06.exe
2008-03-29 03:18 18,432 --a------ C:\WINDOWS\system32\1935c41.exe
2008-03-29 02:56 18,432 --a------ C:\WINDOWS\system32\17e879c.exe
2008-03-29 02:48 18,432 --a------ C:\WINDOWS\system32\177736a.exe
2008-03-29 02:25 18,432 --a------ C:\WINDOWS\system32\162a1a5.exe
2008-03-29 02:02 18,432 --a------ C:\WINDOWS\system32\14dce0a.exe
2008-03-29 01:40 18,432 --a------ C:\WINDOWS\system32\138fba8.exe
2008-03-29 01:17 18,432 --a------ C:\WINDOWS\system32\12429f2.exe
2008-03-29 00:54 18,432 --a------ C:\WINDOWS\system32\10f58a9.exe
2008-03-29 00:32 18,432 --a------ C:\WINDOWS\system32\fa8731.exe
2008-03-29 00:09 18,432 --a------ C:\WINDOWS\system32\e5b5c9.exe
2008-03-28 23:46 18,432 --a------ C:\WINDOWS\system32\d0e3f3.exe
2008-03-28 23:23 18,432 --a------ C:\WINDOWS\system32\bc120e.exe
2008-03-28 23:01 18,432 --a------ C:\WINDOWS\system32\a74019.exe
2008-03-28 22:38 18,432 --a------ C:\WINDOWS\system32\926eb1.exe
2008-03-28 22:15 18,432 --a------ C:\WINDOWS\system32\7d9cbd.exe
2008-03-28 21:52 18,432 --a------ C:\WINDOWS\system32\68cb45.exe
2008-03-28 21:30 18,432 --a------ C:\WINDOWS\system32\53f8d3.exe
2008-03-28 21:07 18,432 --a------ C:\WINDOWS\system32\3f275b.exe
2008-03-28 20:44 18,432 --a------ C:\WINDOWS\system32\2a52f6.exe
2008-03-28 20:21 18,432 --a------ C:\WINDOWS\system32\157ff7.exe
2008-03-27 23:20 18,432 --a------ C:\WINDOWS\system32\139756c.exe
2008-03-27 22:57 18,432 --a------ C:\WINDOWS\system32\124a3c5.exe
2008-03-27 22:34 18,432 --a------ C:\WINDOWS\system32\10fd1ff.exe
2008-03-27 22:11 18,432 --a------ C:\WINDOWS\system32\fb0049.exe
2008-03-27 21:49 18,432 --a------ C:\WINDOWS\system32\e62d3b.exe
2008-03-27 21:26 18,432 --a------ C:\WINDOWS\system32\d15ba4.exe
2008-03-27 21:03 18,432 --a------ C:\WINDOWS\system32\bc89fd.exe
2008-03-27 20:40 18,432 --a------ C:\WINDOWS\system32\a7b818.exe
2008-03-27 20:18 18,432 --a------ C:\WINDOWS\system32\92e6c0.exe
2008-03-27 19:55 18,432 --a------ C:\WINDOWS\system32\7e14ea.exe
2008-03-27 19:32 18,432 --a------ C:\WINDOWS\system32\694324.exe
2008-03-27 19:10 18,432 --a------ C:\WINDOWS\system32\546fd8.exe
2008-03-27 18:47 18,432 --a------ C:\WINDOWS\system32\3f99eb.exe
2008-03-27 18:24 18,432 --a------ C:\WINDOWS\system32\2ac74b.exe
2008-03-27 18:01 18,432 --a------ C:\WINDOWS\system32\15f5d3.exe
2008-03-27 17:39 18,432 --a------ C:\WINDOWS\system32\12093.exe
2008-03-26 17:02 18,432 --a------ C:\WINDOWS\system32\70c65c.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2008-04-26 13:18 -------- d-------- C:\Program Files\Mozilla Firefox
2008-04-26 13:18 -------- d-------- C:\Documents and Settings\Admin\Application Data\Vidalia
2008-04-26 13:18 -------- d-------- C:\Documents and Settings\Admin\Application Data\tor
2008-04-25 23:02 -------- d-------- C:\Documents and Settings\Admin\Application Data\Hamachi
2008-04-09 15:39 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-09 13:17 -------- d-------- C:\Program Files\NetMeeting
2008-04-07 18:15 -------- d-------- C:\Program Files\Windows Media Player
2008-04-07 17:46 -------- d-------- C:\Program Files\Movie Maker
2008-04-07 17:35 -------- d-------- C:\Program Files\Internet Explorer
2008-04-06 23:21 -------- d-------- C:\Program Files\Outlook Express
2008-03-25 16:57 18432 --a------ C:\WINDOWS\system32\bc57c2.exe
2008-03-25 16:34 18432 --a------ C:\WINDOWS\system32\a7865a.exe
2008-03-25 16:12 18432 --a------ C:\WINDOWS\system32\92b511.exe
2008-03-25 15:49 18432 --a------ C:\WINDOWS\system32\7de2ed.exe
2008-03-25 15:26 18432 --a------ C:\WINDOWS\system32\69105c.exe
2008-03-25 15:03 18432 --a------ C:\WINDOWS\system32\543e19.exe
2008-03-25 14:41 18432 --a------ C:\WINDOWS\system32\3f6a50.exe
2008-03-25 14:18 18432 --a------ C:\WINDOWS\system32\2a9398.exe
2008-03-25 13:55 18432 --a------ C:\WINDOWS\system32\15bea6.exe
2008-03-24 22:37 18432 --a------ C:\WINDOWS\system32\1a4df2a.exe
2008-03-24 22:14 18432 --a------ C:\WINDOWS\system32\1900d73.exe
2008-03-24 21:51 18432 --a------ C:\WINDOWS\system32\17b3bcd.exe
2008-03-24 21:29 18432 --a------ C:\WINDOWS\system32\1666302.exe
2008-03-24 21:06 18432 --a------ C:\WINDOWS\system32\15190fe.exe
2008-03-24 20:43 18432 --a------ C:\WINDOWS\system32\13cbf09.exe
2008-03-24 20:20 18432 --a------ C:\WINDOWS\system32\127ea65.exe
2008-03-24 19:58 18432 --a------ C:\WINDOWS\system32\11314b7.exe
2008-03-24 19:35 18432 --a------ C:\WINDOWS\system32\fe314d.exe
2008-03-24 19:12 18432 --a------ C:\WINDOWS\system32\e95eeb.exe
2008-03-24 18:49 18432 --a------ C:\WINDOWS\system32\d48bbe.exe
2008-03-24 18:27 18432 --a------ C:\WINDOWS\system32\bfb804.exe
2008-03-24 18:04 18432 --a------ C:\WINDOWS\system32\aae515.exe
2008-03-24 17:41 18432 --a------ C:\WINDOWS\system32\961265.exe
2008-03-24 17:18 18432 --a------ C:\WINDOWS\system32\813ca7.exe
2008-03-24 16:56 18432 --a------ C:\WINDOWS\system32\6c67c5.exe
2008-03-24 14:46 18432 --a------ C:\WINDOWS\system32\1c83c.exe
2008-03-24 08:23 18432 --a------ C:\WINDOWS\system32\52e1c.exe
2008-03-24 00:14 18432 --a------ C:\WINDOWS\system32\29b6e6d.exe
2008-03-23 23:51 18432 --a------ C:\WINDOWS\system32\2869ab3.exe
2008-03-23 23:28 18432 --a------ C:\WINDOWS\system32\271c747.exe
2008-03-23 23:06 18432 --a------ C:\WINDOWS\system32\25cf17a.exe
2008-03-23 22:43 18432 --a------ C:\WINDOWS\system32\2481f85.exe
2008-03-23 22:20 18432 --a------ C:\WINDOWS\system32\2334e2d.exe
2008-03-23 21:58 18432 --a------ C:\WINDOWS\system32\21e7c57.exe
2008-03-23 21:35 18432 --a------ C:\WINDOWS\system32\209a978.exe
2008-03-23 21:12 18432 --a------ C:\WINDOWS\system32\1f4d7c2.exe
2008-03-23 20:49 18432 --a------ C:\WINDOWS\system32\1e0059e.exe
2008-03-23 20:27 18432 --a------ C:\WINDOWS\system32\1cb33e8.exe
2008-03-23 20:04 18432 --a------ C:\WINDOWS\system32\1b65ed6.exe
2008-03-23 19:41 18432 --a------ C:\WINDOWS\system32\1a18aee.exe
2008-03-23 19:18 18432 --a------ C:\WINDOWS\system32\18cb8da.exe
2008-03-23 18:56 18432 --a------ C:\WINDOWS\system32\177e791.exe
2008-03-23 18:33 18432 --a------ C:\WINDOWS\system32\1631619.exe
2008-03-23 18:10 18432 --a------ C:\WINDOWS\system32\14e44b1.exe
2008-03-23 17:47 18432 --a------ C:\WINDOWS\system32\1397349.exe
2008-03-23 17:25 18432 --a------ C:\WINDOWS\system32\124a21f.exe
2008-03-23 17:02 18432 --a------ C:\WINDOWS\system32\10fd0e6.exe
2008-03-23 16:39 18432 --a------ C:\WINDOWS\system32\faff9d.exe
2008-03-23 16:16 18432 --a------ C:\WINDOWS\system32\e62e25.exe
2008-03-23 15:54 18432 --a------ C:\WINDOWS\system32\d15ccd.exe
2008-03-23 15:31 18432 --a------ C:\WINDOWS\system32\bc8b55.exe
2008-03-23 15:08 18432 --a------ C:\WINDOWS\system32\a7b9dd.exe
2008-03-23 14:45 18432 --a------ C:\WINDOWS\system32\92e866.exe
2008-03-23 14:23 18432 --a------ C:\WINDOWS\system32\7e170d.exe
2008-03-23 14:05 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 14:03 -------- d-------- C:\Program Files\VentSrv
2008-03-23 14:00 18432 --a------ C:\WINDOWS\system32\6944da.exe
2008-03-23 13:37 18432 --a------ C:\WINDOWS\system32\547343.exe
2008-03-23 13:14 18432 --a------ C:\WINDOWS\system32\3fa15e.exe
2008-03-23 12:52 18432 --a------ C:\WINDOWS\system32\2ad024.exe
2008-03-23 12:29 18432 --a------ C:\WINDOWS\system32\15fedc.exe
2008-03-23 12:06 18432 --a------ C:\WINDOWS\system32\12db2.exe
2008-03-23 00:20 18432 --a------ C:\WINDOWS\system32\25d085d.exe
2008-03-22 23:57 18432 --a------ C:\WINDOWS\system32\2483734.exe
2008-03-22 23:34 18432 --a------ C:\WINDOWS\system32\23365eb.exe
2008-03-22 23:11 18432 --a------ C:\WINDOWS\system32\21e9492.exe
2008-03-22 22:49 18432 --a------ C:\WINDOWS\system32\209c34a.exe
2008-03-22 22:26 18432 --a------ C:\WINDOWS\system32\1f4f1e1.exe
2008-03-22 22:03 18432 --a------ C:\WINDOWS\system32\1e02079.exe
2008-03-22 21:40 18432 --a------ C:\WINDOWS\system32\1cb4f30.exe
2008-03-22 21:18 18432 --a------ C:\WINDOWS\system32\1b67dd8.exe
2008-03-22 20:55 18432 --a------ C:\WINDOWS\system32\1a1ac8f.exe
2008-03-22 20:32 18432 --a------ C:\WINDOWS\system32\18cd933.exe
2008-03-22 20:09 18432 --a------ C:\WINDOWS\system32\17803b4.exe
2008-03-22 19:47 18432 --a------ C:\WINDOWS\system32\1632982.exe
2008-03-22 19:24 18432 --a------ C:\WINDOWS\system32\14e57cc.exe
2008-03-22 19:01 18432 --a------ C:\WINDOWS\system32\1398673.exe
2008-03-22 18:38 18432 --a------ C:\WINDOWS\system32\124b133.exe
2008-03-22 18:16 18432 --a------ C:\WINDOWS\system32\10fdfab.exe
2008-03-22 17:53 18432 --a------ C:\WINDOWS\system32\fb0dd6.exe
2008-03-22 17:30 18432 --a------ C:\WINDOWS\system32\e63ab8.exe
2008-03-22 17:07 18432 --a------ C:\WINDOWS\system32\d15952.exe
2008-03-22 16:45 18432 --a------ C:\WINDOWS\system32\bc878c.exe
2008-03-22 16:22 18432 --a------ C:\WINDOWS\system32\a7b634.exe
2008-03-22 15:59 18432 --a------ C:\WINDOWS\system32\92e4eb.exe
2008-03-22 15:36 18432 --a------ C:\WINDOWS\system32\7e1325.exe
2008-03-22 15:14 18432 --a------ C:\WINDOWS\system32\693ea0.exe
2008-03-22 14:51 18432 --a------ C:\WINDOWS\system32\546420.exe
2008-03-22 14:28 18432 --a------ C:\WINDOWS\system32\3f92f6.exe
2008-03-22 14:05 18432 --a------ C:\WINDOWS\system32\2ac111.exe
2008-03-22 13:43 18432 --a------ C:\WINDOWS\system32\15ef6a.exe
2008-03-22 13:20 18432 --a------ C:\WINDOWS\system32\118b3.exe
2008-03-21 22:31 18432 --a------ C:\WINDOWS\system32\1777ce0.exe
2008-03-21 22:09 18432 --a------ C:\WINDOWS\system32\162abb7.exe
2008-03-21 21:46 18432 --a------ C:\WINDOWS\system32\14dda6e.exe
2008-03-21 21:23 18432 --a------ C:\WINDOWS\system32\1390944.exe
2008-03-21 21:01 18432 --a------ C:\WINDOWS\system32\12437ec.exe
2008-03-21 20:38 18432 --a------ C:\WINDOWS\system32\10f6693.exe
2008-03-21 20:15 18432 --a------ C:\WINDOWS\system32\fa9579.exe
2008-03-21 19:52 18432 --a------ C:\WINDOWS\system32\e5c411.exe
2008-03-21 19:30 18432 --a------ C:\WINDOWS\system32\d0f2e7.exe
2008-03-21 19:07 18432 --a------ C:\WINDOWS\system32\bc21ae.exe
2008-03-21 18:44 18432 --a------ C:\WINDOWS\system32\a75075.exe
2008-03-21 18:21 18432 --a------ C:\WINDOWS\system32\927f2c.exe
2008-03-21 17:59 18432 --a------ C:\WINDOWS\system32\7dadd4.exe
2008-03-21 17:36 18432 --a------ C:\WINDOWS\system32\68dc9a.exe
2008-03-21 17:13 18432 --a------ C:\WINDOWS\system32\540249.exe
2008-03-21 16:50 18432 --a------ C:\WINDOWS\system32\3f2920.exe
2008-03-21 16:28 18432 --a------ C:\WINDOWS\system32\2a573b.exe
2008-03-21 16:05 18432 --a------ C:\WINDOWS\system32\1585f2.exe
2008-03-21 15:14 18432 --a------ C:\WINDOWS\system32\e9b4.exe
2008-03-20 23:58 18432 --a------ C:\WINDOWS\system32\2353099.exe
2008-03-20 23:35 18432 --a------ C:\WINDOWS\system32\220585b.exe
2008-03-20 23:12 18432 --a------ C:\WINDOWS\system32\20b7d9c.exe
2008-03-20 22:49 18432 --a------ C:\WINDOWS\system32\1f6aa21.exe
2008-03-20 22:26 18432 --a------ C:\WINDOWS\system32\1e1d482.exe
2008-03-20 22:04 18432 --a------ C:\WINDOWS\system32\1cd02bc.exe
2008-03-20 21:41 18432 --a------ C:\WINDOWS\system32\1b82e37.exe
2008-03-20 21:18 18432 --a------ C:\WINDOWS\system32\1a35ccf.exe
2008-03-20 20:56 18432 --a------ C:\WINDOWS\system32\18e8b67.exe
2008-03-20 20:33 18432 --a------ C:\WINDOWS\system32\179b9ef.exe
2008-03-20 20:10 18432 --a------ C:\WINDOWS\system32\164e878.exe
2008-03-20 19:47 18432 --a------ C:\WINDOWS\system32\15016f0.exe
2008-03-20 19:25 18432 --a------ C:\WINDOWS\system32\13b45a7.exe
2008-03-20 19:02 18432 --a------ C:\WINDOWS\system32\1266943.exe
2008-03-20 18:39 18432 --a------ C:\WINDOWS\system32\11197db.exe
2008-03-20 18:16 18432 --a------ C:\WINDOWS\system32\fcc5e6.exe
2008-03-20 17:54 18432 --a------ C:\WINDOWS\system32\e7f44f.exe
2008-03-20 17:31 18432 --a------ C:\WINDOWS\system32\d32316.exe
2008-03-20 17:08 18432 --a------ C:\WINDOWS\system32\be51cd.exe
2008-03-20 16:45 18432 --a------ C:\WINDOWS\system32\a98055.exe
2008-03-20 16:23 18432 --a------ C:\WINDOWS\system32\94aece.exe
2008-03-20 16:00 18432 --a------ C:\WINDOWS\system32\7fd7f7.exe
2008-03-20 15:37 18432 --a------ C:\WINDOWS\system32\6b069e.exe
2008-03-20 15:14 18432 --a------ C:\WINDOWS\system32\563527.exe
2008-03-20 14:52 18432 --a------ C:\WINDOWS\system32\41613e.exe
2008-03-20 14:29 18432 --a------ C:\WINDOWS\system32\2c8f68.exe
2008-03-20 14:06 18432 --a------ C:\WINDOWS\system32\17bda3.exe
2008-03-20 13:43 18432 --a------ C:\WINDOWS\system32\2e9f8.exe
2008-03-19 22:55 18432 --a------ C:\WINDOWS\system32\1a1f6d7.exe
2008-03-19 22:32 18432 --a------ C:\WINDOWS\system32\18d2520.exe
2008-03-19 22:09 18432 --a------ C:\WINDOWS\system32\178536a.exe
2008-03-19 21:46 18432 --a------ C:\WINDOWS\system32\1637f24.exe
2008-03-19 21:24 18432 --a------ C:\WINDOWS\system32\14ea688.exe
2008-03-19 21:01 18432 --a------ C:\WINDOWS\system32\139c810.exe
2008-03-19 20:38 18432 --a------ C:\WINDOWS\system32\124f020.exe
2008-03-19 20:15 18432 --a------ C:\WINDOWS\system32\1101e99.exe
2008-03-19 19:53 18432 --a------ C:\WINDOWS\system32\fb4d21.exe
2008-03-19 19:30 18432 --a------ C:\WINDOWS\system32\e67ade.exe
2008-03-19 19:07 18432 --a------ C:\WINDOWS\system32\d1a918.exe
2008-03-19 18:44 18432 --a------ C:\WINDOWS\system32\bcd771.exe
2008-03-19 18:22 18432 --a------ C:\WINDOWS\system32\a80619.exe
2008-03-19 17:59 18432 --a------ C:\WINDOWS\system32\9334d0.exe
2008-03-19 17:36 18432 --a------ C:\WINDOWS\system32\7e6387.exe
2008-03-19 17:13 18432 --a------ C:\WINDOWS\system32\69922f.exe
2008-03-19 16:51 18432 --a------ C:\WINDOWS\system32\54c0f5.exe
2008-03-19 16:28 18432 --a------ C:\WINDOWS\system32\3fefad.exe
2008-03-19 16:05 18432 --a------ C:\WINDOWS\system32\2b1e83.exe
2008-03-19 15:42 18432 --a------ C:\WINDOWS\system32\164cec.exe
2008-03-19 15:20 18432 --a------ C:\WINDOWS\system32\17aa9.exe
2008-03-18 22:39 18432 --a------ C:\WINDOWS\system32\bed296.exe
2008-03-18 22:16 18432 --a------ C:\WINDOWS\system32\aa015c.exe
2008-03-18 21:54 18432 --a------ C:\WINDOWS\system32\952f77.exe
2008-03-18 21:31 18432 --a------ C:\WINDOWS\system32\805aa4.exe
2008-03-18 21:08 18432 --a------ C:\WINDOWS\system32\6b81ca.exe
2008-03-17 21:52 18432 --a------ C:\WINDOWS\system32\26011a6.exe
2008-03-17 21:29 18432 --a------ C:\WINDOWS\system32\24b3f63.exe
2008-03-17 21:06 18432 --a------ C:\WINDOWS\system32\2366957.exe
2008-03-17 20:44 18432 --a------ C:\WINDOWS\system32\2219743.exe
2008-03-17 20:21 18432 --a------ C:\WINDOWS\system32\20cc5db.exe
2008-03-17 19:58 18432 --a------ C:\WINDOWS\system32\1f7f3a8.exe
2008-03-17 19:35 18432 --a------ C:\WINDOWS\system32\1e32230.exe
2008-03-17 19:13 18432 --a------ C:\WINDOWS\system32\1ce50c8.exe
2008-03-17 18:50 18432 --a------ C:\WINDOWS\system32\1b97f50.exe
2008-03-17 18:27 18432 --a------ C:\WINDOWS\system32\1a4ae27.exe
2008-03-17 18:05 18432 --a------ C:\WINDOWS\system32\18fdb67.exe
2008-03-17 17:42 18432 --a------ C:\WINDOWS\system32\17afc62.exe
2008-03-17 17:19 18432 --a------ C:\WINDOWS\system32\1662afa.exe
2008-03-17 16:56 18432 --a------ C:\WINDOWS\system32\15159b1.exe
2008-03-17 16:34 18432 --a------ C:\WINDOWS\system32\13c883a.exe
2008-03-17 16:11 18432 --a------ C:\WINDOWS\system32\127b6e1.exe
2008-03-17 15:48 18432 --a------ C:\WINDOWS\system32\112e598.exe
2008-03-17 15:25 18432 --a------ C:\WINDOWS\system32\fe13d2.exe
2008-03-17 15:03 18432 --a------ C:\WINDOWS\system32\e93ff9.exe
2008-03-17 14:40 18432 --a------ C:\WINDOWS\system32\d46e91.exe
2008-03-17 14:17 18432 --a------ C:\WINDOWS\system32\bf9d39.exe
2008-03-17 13:54 18432 --a------ C:\WINDOWS\system32\aacbe0.exe
2008-03-17 13:32 18432 --a------ C:\WINDOWS\system32\95fa78.exe
2008-03-17 13:09 18432 --a------ C:\WINDOWS\system32\81291f.exe
2008-03-17 12:46 18432 --a------ C:\WINDOWS\system32\6c57b7.exe
2008-03-17 12:23 18432 --a------ C:\WINDOWS\system32\578517.exe
2008-03-16 22:19 18432 --a------ C:\WINDOWS\system32\2253fe9.exe
2008-03-16 21:57 18432 --a------ C:\WINDOWS\system32\2106c00.exe
2008-03-16 21:34 18432 --a------ C:\WINDOWS\system32\1fb9587.exe
2008-03-16 21:11 18432 --a------ C:\WINDOWS\system32\1e6bf6c.exe
2008-03-16 20:48 18432 --a------ C:\WINDOWS\system32\1d1ee03.exe
2008-03-16 20:26 18432 --a------ C:\WINDOWS\system32\1bd18d3.exe
2008-03-16 14:15 18432 --a------ C:\WINDOWS\system32\697b7a.exe
2008-03-16 13:52 18432 --a------ C:\WINDOWS\system32\54aa12.exe
2008-03-16 13:29 18432 --a------ C:\WINDOWS\system32\3fd8ba.exe
2008-03-16 13:06 18432 --a------ C:\WINDOWS\system32\2b0657.exe
2008-03-16 12:44 18432 --a------ C:\WINDOWS\system32\163378.exe
2008-03-16 12:21 18432 --a------ C:\WINDOWS\system32\15ea5.exe
2008-03-15 23:49 18432 --a------ C:\WINDOWS\system32\29b376f.exe
2008-03-15 23:26 18432 --a------ C:\WINDOWS\system32\2866088.exe
2008-03-15 23:04 18432 --a------ C:\WINDOWS\system32\2718f3f.exe
2008-03-15 22:41 18432 --a------ C:\WINDOWS\system32\25cba6c.exe
2008-03-15 22:18 18432 --a------ C:\WINDOWS\system32\247e7db.exe
2008-03-15 21:55 18432 --a------ C:\WINDOWS\system32\2331683.exe
2008-03-15 21:33 18432 --a------ C:\WINDOWS\system32\21e44ec.exe
2008-03-15 21:10 18432 --a------ C:\WINDOWS\system32\20973b3.exe
2008-03-15 20:47 18432 --a------ C:\WINDOWS\system32\1f4a26a.exe
2008-03-15 20:24 18432 --a------ C:\WINDOWS\system32\1dfd111.exe
2008-03-15 20:02 18432 --a------ C:\WINDOWS\system32\1caffb9.exe
2008-03-15 19:39 18432 --a------ C:\WINDOWS\system32\1b62d08.exe
2008-03-15 19:16 18432 --a------ C:\WINDOWS\system32\1a15b52.exe
2008-03-15 18:53 18432 --a------ C:\WINDOWS\system32\18c89cb.exe
2008-03-15 18:31 18432 --a------ C:\WINDOWS\system32\177b769.exe
2008-03-15 18:08 18432 --a------ C:\WINDOWS\system32\162e380.exe
2008-03-15 17:45 18432 --a------ C:\WINDOWS\system32\14e0e20.exe
2008-03-15 17:22 18432 --a------ C:\WINDOWS\system32\1393b51.exe
2008-03-15 17:00 18432 --a------ C:\WINDOWS\system32\1246823.exe
2008-03-15 16:37 18432 --a------ C:\WINDOWS\system32\10f9218.exe
2008-03-15 16:14 18432 --a------ C:\WINDOWS\system32\fabd64.exe
2008-03-15 15:51 18432 --a------ C:\WINDOWS\system32\e5eb6f.exe
2008-03-15 15:29 18432 --a------ C:\WINDOWS\system32\d1198a.exe
2008-03-15 15:06 18432 --a------ C:\WINDOWS\system32\bc4803.exe
2008-03-15 14:43 18432 --a------ C:\WINDOWS\system32\a773ad.exe
2008-03-15 13:58 18432 --a------ C:\WINDOWS\system32\7dcf85.exe
2008-03-15 13:35 18432 --a------ C:\WINDOWS\system32\68fca5.exe
2008-03-15 13:12 18432 --a------ C:\WINDOWS\system32\5425fe.exe
2008-03-15 12:50 18432 --a------ C:\WINDOWS\system32\3f5428.exe
2008-03-15 12:27 18432 --a------ C:\WINDOWS\system32\2a82df.exe
2008-03-15 12:04 47104 --a------ C:\WINDOWS\system32\15b177.exe
2008-03-12 06:46 306 --a------ C:\WINDOWS\system32\367f659.exe
2008-03-09 01:46 -------- d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-03-06 22:50 -------- d-------- C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-03-06 22:50 -------- d-------- C:\Documents and Settings\Admin\Application Data\Adobe
2008-03-04 23:23 306 --a------ C:\WINDOWS\system32\8c362a.exe
2008-03-04 21:26 306 --a------ C:\WINDOWS\system32\2139ad.exe
2008-03-04 21:10 -------- d-------- C:\Program Files\Trend Micro
2008-03-03 23:29 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-03-03 23:29 20992 --a------ C:\WINDOWS\system32\6c9975d.exe
2008-02-27 22:25 -------- d-------- C:\Program Files\Common Files\INCA Shared
2008-02-27 22:25 -------- d-------- C:\Program Files\Common Files
2008-02-27 22:20 -------- d-------- C:\Program Files\Xentare


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"Vidalia"="\"D:\\Program Files\\Vidalia Bundle\\Vidalia\\vidalia.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"shell"="C:\\WINDOWS\\system32\\15b177.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,e0,02,00,00,91,00,00,00,c5,00,00,00,7f,00,00,00,fe,\
ff,ff,3f,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,e0,02,00,00,91,00,00,00,c5,00,00,00,7f,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,af,01,a8,9a,83,7c,40,9a,80,7c,ff,ff,ff,ff,36,9a,\
80,7c,36,9a,80,7c

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000
"AllowLegacyWebView"=dword:00000001
"AllowUnhashedWebView"=dword:00000001
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Adobe Photo Downloader"="\"D:\\Program Files\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\eFax 4.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="J2GDllCmd"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eFax Messenger 4.1\\J2GDllCmd.exe\" /R"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1188353953.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

Completion time: 04/26/08 18:12:55.03
ComboFix.txt
ComboFix2.txt
ComboFix3.txt

Thanks
  • 0

#25
sarahw
Posted 26 April 2008 - 09:43 PM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
1. Download this file: CFScript.txt (Right click and choose Save As or Save Target As).

2. Save it to your desktop.

3. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


4. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by sarahw, 26 April 2008 - 11:11 PM.

  • 0

Advertisements

#26
sarahw
Posted 04 May 2008 - 01:00 AM

sarahw

    Malware Staff

  • Member
  • PipPipPipPipPip
  • 2,781 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP