Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:TratBHO, Win32:Rootkit-gen [RESOLVED]

Started by dDefinder , Apr 11 2008 08:34 AM

  • This topic is locked This topic is locked

#1
dDefinder
Posted 11 April 2008 - 08:34 AM

dDefinder

    New Member

  • Member
  • Pip
  • 8 posts
I have trouble with the rootkit-gen first which it appeared to have stopped after I ran SDfix but a day later DLL files that contain TralBHO kept appearing on avast every 10 mins, I moved them to Virus chest . Teatimer was reporting changes of files in the register with random names. I've ran combofix and I get runtime errors on start up and avsast doesn't show up in the tray anymore. Ran CCleaner to clear the tmp files of firefox, IE and windows but it didn't work.EDIT:(Cleaned the registry, DLL errors on start-up stopped.)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:46 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\IDT\3172008114938\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BM1fcfdcab] Rundll32.exe "C:\WINDOWS\system32\pcdxrytt.dll",s
O4 - HKLM\..\Run: [1cfcef37] rundll32.exe "C:\WINDOWS\system32\ncvsjpbx.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/savemedia.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - http://video.ufc.com...er_3_6_0_19.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205726081828
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMeebCV - qoMeebCV.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\3172008114938\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11184 bytes



2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
AIM 6
AIM MusicLink 2.1.0.5
AIMTunes
Avanquest update
avast! Antivirus
CASHFLOW® 202 THE E-GAME
CASHFLOW® THE E-GAME
CCleaner (remove only)
CEP - Color Enable Package
C-Media USB Sound
C-Media USB Sound Driver
CoffeeCup Flash Blogger
CoffeeCup Flash Form Builder
CoffeeCup Flash Password Wizard
CoffeeCup Flash Website Search
CoffeeCup HTML Editor 2006
CoffeeCup PixConverter
CoffeeCup Web Calendar
CoffeeCup Web Video Player - Registered
Colorizer 1.0.0.1
CuteFTP 8 Professional
Diskeeper 2008 Professional
DivX Codec
DivX Converter
DivX Web Player
Flash Website Design Trial 1.16(563 Templates/Unicode UTF8)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.9.1108
Francesco's optional new items/creatures 4.5
Fraps (remove only)
GreenBox 1.0
HijackThis 2.0.0
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
IDT Audio
InterVideo AVControlSDK
InterVideo DeviceService
Java™ 6 Update 4
Java™ 6 Update 5
K-Lite Codec Pack 3.8.0 Full
LWAway 1.0.0.1
Madden NFL 08
MetaProducts Flash and Media Capture 1.3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel 2007
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
OpenAL
Panda ActiveScan 2.0
PDF Settings
PeerGuardian 2.0
Pinnacle Mobile Media Converter
PixiePack Codec Pack
Podcast Studio
PunkBuster Services
Puzzle Quest
Python 2.5.1
QuickTime Alternative 2.4.0
RSS Wizard
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
Seagate DiscWizard
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Office 2007 (KB947801)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB923789)
Sid Meier's SimGolf
Sims2Pack Clean Installer
Skype™ 3.6
Sony DVD Architect Studio 4.5
Spybot - Search & Destroy
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Glamour Life Stuff
The Sims 2 Nightlife
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Bon Voyage
The Sims™ 2 Celebration! Stuff
The Sims™ 2 FreeTime
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
The Sims™ 2 Teen Style Stuff
Tiger Woods PGA TOUR 08
Trendyflash Intro Builder
Tunebite
TuneUp Utilities 2008
Ulead DVD MovieFactory 6
Uninstall Entriq MediaSphere
Uninstall UFC
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Update for Office 2007 (KB946691)
Viewpoint Media Player
Winamp
Windows Defender
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
Wondershare Flash SlideShow Builder (3.7.0) Trial Version
wxPython 2.8.7.1 (ansi) for Python 2.5
XnView 1.92
Yahoo! Messenger
Your Uninstaller! 2008 Version 6.0

Edited by dDefinder, 11 April 2008 - 01:34 PM.

  • 0

Advertisements

#2
greyknight17
Posted 14 April 2008 - 09:08 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...showtutorial=61 ). Make sure to close any internet browsers that may still be open.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

Kontiki

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: (no name) - {01A33D85-4706-452A-B71A-99510ADA8C0C} - (no file)
O4 - HKLM\..\Run: [BM1fcfdcab] Rundll32.exe "C:\WINDOWS\system32\pcdxrytt.dll",s
O4 - HKLM\..\Run: [1cfcef37] rundll32.exe "C:\WINDOWS\system32\ncvsjpbx.dll",b
O20 - Winlogon Notify: qoMeebCV - qoMeebCV.dll (file missing)

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\pcdxrytt.dll
C:\WINDOWS\system32\ncvsjpbx.dll

Restart and run a new HijackThis scan. Save the log file and post it here.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
dDefinder
Posted 17 April 2008 - 03:31 AM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks,
Only other file That I was able to remove was:
020-Winlogon Notify: qoMeebCV - qoMeebCV.dll (file missing)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:39:31 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IDT\3172008114938\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CDLPObj Object - {BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} - C:\WINDOWS\mpcodecplg.dll
O2 - BHO: Flash and Media Capture Helper - {E8803722-A7F5-45C5-B39A-A8B244486EC2} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Flash and Media Capture Bar - {650EB965-8A1D-41C9-A941-0578F5CFC569} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - Startup: DO NOT REMOVE ashDisp.lnk = C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save &image with Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/saveimg.htm
O8 - Extra context menu item: Save &media files with Flash and Media Capture - res://C:\Program Files\Common Files\MetaProducts\FMCapt.dll/savemedia.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Save Media files - {F6F76DF4-FD65-4DE7-942F-4BD5DE9B1C6B} - C:\Program Files\Common Files\MetaProducts\FMCapt.dll
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {5A9D4578-6649-4692-921B-ACA9ADAB007C} (UFC Class) - http://video.ufc.com...er_3_6_0_19.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205726081828
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemreq.../sysreqlab2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMeebCV - C:\WINDOWS\
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\3172008114938\STacSV.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11186 bytes






ComboFix 08-04-16.5 - dDefinder 2008-04-17 16:56:35.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1626 [GMT 8:00]
Running from: C:\Documents and Settings\dDefinder\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\jbvcjcce.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-17 07:19 . 2008-04-17 07:19 <DIR> d-------- C:\Program Files\Ultra Flash Video FLV Converter
2008-04-17 07:19 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-17 07:19 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-17 07:19 . 2006-10-24 14:16 242,176 --a------ C:\WINDOWS\system32\fixflash.exe
2008-04-17 07:19 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-17 07:19 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-17 07:19 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-17 07:19 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-17 07:19 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-17 07:14 . 2008-04-17 07:14 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Thinstall
2008-04-17 07:03 . 2008-04-17 07:16 <DIR> d-------- C:\output video
2008-04-17 07:02 . 2008-04-17 07:02 67 --a------ C:\WINDOWS\My Video Converter.INI
2008-04-17 07:01 . 2008-04-17 07:02 <DIR> d-------- C:\Program Files\My Video Converter
2008-04-16 11:59 . 2008-04-16 11:59 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-15 11:44 . 2008-04-15 11:45 1,049,670 --a------ C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-15 11:42 . 2008-04-15 11:42 <DIR> d-------- C:\Program Files\ValuSoft
2008-04-15 11:42 . 2008-04-15 11:42 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-04-15 11:16 . 2008-04-15 11:25 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-04-15 09:21 . 2008-04-15 09:21 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\phpDesigner 2008
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Ubisoft
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-14 23:58 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\VstPlugins
2008-04-14 23:58 . 2002-07-08 06:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-14 23:58 . 2006-06-20 16:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-04-14 23:57 . 2008-04-14 23:57 <DIR> d-------- C:\Program Files\Outsim
2008-04-14 23:55 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\Image-Line
2008-04-13 15:43 . 2008-04-13 15:43 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-04-12 03:48 . 2008-04-12 03:49 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-12 03:46 . 2008-04-12 04:16 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-12 00:58 . 2008-04-12 01:03 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-04-12 00:58 . 2008-04-12 00:59 <DIR> d-------- C:\OLDgames
2008-04-12 00:52 . 2008-04-12 00:52 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-11 22:31 . 2008-04-11 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 22:02 . 2008-04-12 03:10 <DIR> d-------- C:\Program Files\Panda Security
2008-04-11 21:23 . 2008-04-11 21:23 <DIR> d-------- C:\Program Files\uTorrent
2008-04-11 21:23 . 2008-04-16 17:36 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\uTorrent
2008-04-11 19:45 . 2008-04-11 19:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-11 19:27 . 2008-04-11 19:38 294 --ahs---- C:\WINDOWS\system32\xbpjsvcn.ini
2008-04-11 18:13 . 2008-04-11 18:28 <DIR> d-------- C:\WS
2008-04-11 18:11 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\SiteThief
2008-04-10 22:03 . 2008-04-11 19:39 327 --a------ C:\WINDOWS\wininit.ini
2008-04-10 21:58 . 2008-04-15 22:54 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-10 19:33 . 2008-04-10 19:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 18:36 . 2008-04-10 18:36 6,656 --a------ C:\vhyp.exe
2008-04-08 20:29 . 2008-04-15 07:39 <DIR> d-------- C:\YouTubeVideos
2008-04-07 18:40 . 2008-04-07 18:40 <DIR> d-------- C:\Program Files\Avanquest update
2008-04-07 18:40 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-07 18:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-07 18:39 . 2008-04-07 18:40 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-04-07 18:39 . 2008-04-07 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-07 18:39 . 2008-04-07 18:39 24,192 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-04-07 18:39 . 2008-04-07 18:39 24,192 --a------ C:\Documents and Settings\dDefinder\usbsermptxp.sys
2008-04-07 18:39 . 2008-04-07 18:39 22,768 --a------ C:\Documents and Settings\dDefinder\usbsermpt.sys
2008-04-07 13:18 . 2008-04-07 13:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-07 13:18 . 2008-04-07 13:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-07 13:17 . 2008-04-07 13:17 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-07 13:17 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-07 13:17 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-07 13:09 . 2008-04-07 13:09 <DIR> d-------- C:\WINDOWS\Application Data
2008-04-07 13:09 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-04-07 13:09 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\mardpnp.sys
2008-04-07 13:09 . 2005-11-07 17:50 49,399 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-04-07 13:09 . 2005-08-18 11:44 24,789 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-04-07 13:09 . 2005-08-18 11:44 11,473 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-04-07 01:04 . 2008-04-07 01:05 <DIR> d-------- C:\Program Files\Sims2Pack Clean Installer
2008-04-06 23:16 . 2008-04-06 23:16 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-04-06 19:04 . 2008-04-17 07:20 257 --a------ C:\WINDOWS\system32\test.aok
2008-04-06 18:58 . 2008-04-06 18:58 188,997 --a------ C:\yt.htm
2008-04-06 18:49 . 2008-04-06 19:05 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-04-06 18:49 . 2008-04-06 19:02 <DIR> d-------- C:\Downloads
2008-04-06 18:49 . 2008-04-06 19:05 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Orbit
2008-04-05 19:17 . 2008-04-05 19:17 <DIR> d-------- C:\Documents and Settings\dDefinder\.sshterm
2008-04-05 19:17 . 2008-04-05 19:17 <DIR> d-------- C:\Documents and Settings\dDefinder\.ssh
2008-04-03 23:07 . 2008-04-03 23:07 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-03 23:03 . 2008-04-03 23:04 <DIR> d-------- C:\Program Files\house dead 2
2008-04-03 08:07 . 2008-04-03 08:22 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\CoreFTP
2008-04-02 11:58 . 2008-04-02 11:58 <DIR> d-------- C:\Program Files\Studio V5
2008-04-01 16:26 . 2008-04-01 16:26 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2008-04-01 16:25 . 2008-04-07 17:49 <DIR> d-------- C:\Program Files\Smart Mod Manager
2008-04-01 06:59 . 2008-03-30 02:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 06:59 . 2008-03-30 02:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 18:07 . 2008-03-31 18:08 <DIR> d-------- C:\Program Files\AddWeb8
2008-03-31 09:13 . 2008-03-31 17:48 <DIR> d-------- C:\Program Files\Web Gallery Builder
2008-03-31 09:13 . 2008-03-31 09:13 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Web Gallery Builder
2008-03-31 01:08 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-31 01:08 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-30 19:08 . 2008-04-07 09:00 <DIR> d-------- C:\Program Files\Podcast Studio
2008-03-29 10:43 . 2008-04-03 22:40 <DIR> d-------- C:\Program Files\Xpress Software
2008-03-29 09:21 . 2008-04-04 09:03 <DIR> d-------- C:\Program Files\Web Designers Toolkit with Menu Ex
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\WINDOWS\Ver
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\Program Files\Kontiki
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\Program Files\Entriq
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-28 19:59 . 2008-03-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Entriq
2008-03-27 17:43 . 2008-04-17 07:34 <DIR> d-------- C:\Program Files\Flash Website Design
2008-03-26 20:03 . 2008-03-31 20:38 <DIR> d-------- C:\Program Files\CASHFLOW 202
2008-03-26 19:47 . 2008-03-26 21:22 <DIR> d-------- C:\Program Files\CASHFLOW
2008-03-26 18:06 . 2008-03-26 18:06 554 --a------ C:\WINDOWS\eReg.dat
2008-03-26 13:37 . 2008-03-26 13:37 <DIR> d-------- C:\WINDOWS\Puzzle Quest
2008-03-26 13:37 . 2008-03-26 13:37 <DIR> d-------- C:\Program Files\Puzzle Quest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 13:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 12:50 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\Tunebite
2008-03-21 07:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 03:50 --------- d-----w C:\Program Files\IDT
2008-03-17 03:48 --------- d-----w C:\Program Files\Intel
2008-03-17 03:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-06 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-03-06 10:25 --------- d-----w C:\Program Files\RapidSolution
2008-02-25 04:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-11_21.46.45.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-17 09:01:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-18 02:57:04 206,128 ----a-w C:\WINDOWS\Downloaded Program Files\sysreqlab2.dll
+ 2007-06-05 23:07:34 2,000 ------w C:\WINDOWS\hpomdl14.dat
+ 2007-08-28 15:22:30 1,754,536 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACECORE.DLL
+ 2007-08-28 15:22:36 579,008 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEDAO.DLL
+ 2007-08-28 15:22:38 50,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEERR.DLL
+ 2007-08-28 15:22:40 193,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEES.DLL
+ 2007-08-23 19:46:10 341,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEEXCH.DLL
+ 2007-08-23 19:46:14 632,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEEXCL.DLL
+ 2007-08-23 19:46:16 210,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACELTS.DLL
+ 2007-08-23 19:46:18 281,992 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEODBC.DLL
+ 2007-08-23 19:46:20 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEODDBS.DLL
+ 2007-08-23 19:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEODEXL.DLL
+ 2007-08-23 19:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEODPDX.DLL
+ 2007-08-23 19:46:22 17,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEODTXT.DLL
+ 2007-08-28 15:22:44 390,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEOLEDB.DLL
+ 2007-08-23 19:46:28 394,688 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEPDE.DLL
+ 2007-08-23 19:46:30 263,616 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACER2X.DLL
+ 2007-08-23 19:46:32 292,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACER3X.DLL
+ 2007-08-23 19:46:34 58,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACERCLR.DLL
+ 2007-08-23 19:46:38 554,440 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEREP.DLL
+ 2007-08-23 19:46:40 226,744 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACETXT.DLL
+ 2007-08-23 19:46:44 374,200 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ACEXBE.DLL
+ 2007-08-28 16:53:12 402,784 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\CDLMSO.DLL
+ 2007-08-23 19:45:50 208,256 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\CLVIEW.EXE
+ 2007-08-23 19:36:26 192,400 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\CONTACTPICKER.DLL
+ 2007-08-23 19:18:14 442,208 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\DWDCW20.DLL
+ 2007-08-23 19:18:18 437,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\DWTRIG20.EXE
+ 2007-08-22 17:03:38 1,195,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\FM20.DLL
+ 2007-08-25 11:11:44 1,685,896 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\FPSRVUTL.DLL
+ 2007-08-28 15:45:00 985,496 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\FPWEC.DLL
+ 2007-10-02 11:45:34 2,530,864 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\GRAPH.EXE
+ 2007-08-23 19:36:58 175,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\IEAWSDC.DLL
+ 2007-10-05 12:31:06 5,287,984 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\IPEDITOR.DLL
+ 2007-08-28 16:45:54 831,856 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MEDCAT.DLL
+ 2007-08-28 16:52:02 120,704 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSCONV97.DLL
+ 2007-09-14 13:45:58 16,901,168 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSO.DLL
+ 2007-08-28 15:20:06 163,712 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSOCF.DLL
+ 2007-08-28 15:20:12 17,304 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSOCFU.DLL
+ 2007-09-06 09:55:08 431,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSODCW.DLL
+ 2007-08-23 21:50:10 29,576 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSOEURO.DLL
+ 2007-08-27 12:20:14 6,637,960 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSORES.DLL
+ 2007-08-28 16:18:20 439,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSORUN.DLL
+ 2007-08-23 19:40:16 674,664 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSQRY32.EXE
+ 2007-08-22 17:12:20 507,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSSOAP30.DLL
+ 2007-08-28 16:45:58 835,952 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSTORDB.EXE
+ 2007-08-28 16:46:06 542,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\MSTORES.DLL
+ 2007-08-23 19:37:50 68,464 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\NAME.DLL
+ 2007-10-05 12:44:24 14,168,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OART.DLL
+ 2007-09-01 17:55:16 235,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\ODEPLOY.EXE
+ 2007-08-28 16:37:40 7,039,888 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OFFOWC.DLL
+ 2007-08-28 16:19:24 1,654,648 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OGL.DLL
+ 2007-08-23 20:06:28 277,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OIS.EXE
+ 2007-08-23 20:06:32 1,000,848 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OISAPP.DLL
+ 2007-08-23 20:06:38 288,152 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OISGRAPH.DLL
+ 2007-09-01 17:55:54 6,540,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OSETUP.DLL
+ 2007-06-07 11:51:00 465,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\OUTLFLTR.DLL
+ 2007-09-06 09:50:34 485,232 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\PORTCONN.DLL
+ 2007-08-23 21:50:10 41,832 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\REFEDIT.DLL
+ 2007-09-06 09:55:22 505,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\SELFCERT.EXE
+ 2007-09-01 17:55:34 442,240 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\SETUP.EXE
+ 2007-08-28 15:28:26 2,330,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\STSLIST.DLL
+ 2007-06-27 12:58:12 2,585,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610000000000000000F01FEC\12.0.6215\VBE6.DLL
+ 2007-10-02 11:51:22 8,436,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810000000000000000F01FEC\12.0.6215\OARTCONV.DLL
+ 2007-08-28 15:06:16 467,840 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810000000000000000F01FEC\12.0.6215\POWERPNT.EXE
+ 2007-08-28 15:06:44 7,990,144 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810000000000000000F01FEC\12.0.6215\PPCORE.DLL
+ 2007-08-28 16:38:22 2,016,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810000000000000000F01FEC\12.0.6215\PPTVIEW.EXE
+ 2007-09-06 10:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-28 16:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109810000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
+ 2007-08-28 15:16:00 350,064 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10000000000000000F01FEC\12.0.6215\WINWORD.EXE
+ 2007-09-06 09:56:32 17,490,800 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10000000000000000F01FEC\12.0.6215\WWLIB.DLL
- 2008-04-09 07:47:52 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-15 23:10:29 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-09 07:47:52 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-15 23:10:29 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-09 07:47:52 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-15 23:10:29 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-09 07:47:52 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-15 23:10:29 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-09 07:47:52 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-04-15 23:10:29 1,172,240 ----a-r C:\WINDOWS\Installer\{90120000-0016-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-09 07:47:58 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-15 23:11:04 20,240 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-09 07:47:58 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-15 23:11:04 217,864 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-09 07:47:58 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-15 23:11:04 18,704 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-09 07:47:58 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-15 23:11:04 35,088 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-09 07:47:58 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-04-15 23:11:04 922,384 ----a-r C:\WINDOWS\Installer\{90120000-0018-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-09 07:48:03 20,240 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-04-15 23:11:36 20,240 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-09 07:48:04 217,864 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
+ 2008-04-15 23:11:37 217,864 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-09 07:48:03 18,704 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-04-15 23:11:36 18,704 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-09 07:48:04 35,088 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-04-15 23:11:37 35,088 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-09 07:48:03 888,080 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-04-15 23:11:36 888,080 ----a-r C:\WINDOWS\Installer\{90120000-001B-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-03-17 14:58:43 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-04-15 23:11:55 217,864 ----a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-04-13 13:10:01 295,606 ----a-r C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\SC_Reader.exe
+ 2007-10-11 01:55:14 2,560 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll
+ 2007-11-17 23:57:44 130,048 ----a-w C:\WINDOWS\mpcodecplg.dll
+ 2008-03-17 12:39:38 2,722 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2001-07-14 09:32:24 69,632 ----a-w C:\WINDOWS\setupupd\temp\wsdueng.dll
+ 2004-08-04 12:00:00 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2004-08-04 12:00:00 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV
+ 2004-08-04 12:00:00 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV
+ 2004-08-04 12:00:00 2,176 ----a-w C:\WINDOWS\system\VGA.DRV
+ 2004-08-04 12:00:00 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin
+ 2004-08-03 15:07:58 2,944 -c--a-w C:\WINDOWS\system32\dllcache\drmkaud.sys
+ 2004-08-04 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
+ 2004-08-04 12:00:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll
+ 2004-08-04 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2004-08-04 12:00:00 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys
+ 2004-08-04 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
+ 2004-08-04 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2004-08-04 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
+ 2004-08-04 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2004-08-03 15:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
+ 2004-08-04 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2008-04-09 23:08:48 1,475,280 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-04-16 03:08:16 1,474,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-08-04 12:00:00 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv
+ 2004-08-04 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2004-08-04 12:00:00 2,032 ----a-w C:\WINDOWS\system32\mouse.drv
+ 2004-08-04 12:00:00 2,656 ----a-w C:\WINDOWS\system32\netware.drv
+ 2004-08-04 12:00:00 1,744 ----a-w C:\WINDOWS\system32\sound.drv
+ 2005-04-27 23:15:45 2,560 ----a-w C:\WINDOWS\system32\usmt\iconlib.dll
+ 2004-08-04 12:00:00 2,176 ----a-w C:\WINDOWS\system32\vga.drv
+ 2004-08-04 12:00:00 2,864 ----a-w C:\WINDOWS\system32\winsock.dll
+ 2004-08-04 12:00:00 2,112 ----a-w C:\WINDOWS\system32\winspool.exe
+ 2004-08-04 12:00:00 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-04-17 09:01:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
2007-11-18 07:57 130048 --a------ C:\WINDOWS\mpcodecplg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-11-10 06:22 409600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-08 17:47 1169456]
"CmUsbSound"="cmcnfgu.cpl" []
"PWRISOVM.EXE"="C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE" [2007-08-07 08:05 200704]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\dDefinder\Start Menu\Programs\Startup\
DO NOT REMOVE ashDisp.lnk - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-03-17 12:25:19 79224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMeebCV]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qac26.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"<NO NAME>"=
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Puzzle Quest\\Puzzle Quest.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\dDefinder\\My Documents\\Downloads\\Stranglehold.PC-Rip.Full.Game.English.Skullptura\\Stranglehold.PC-Rip.Full.Game.English.Skullptura\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1267:UDP"= 1267:UDP:Windows Media Format SDK (iexplore.exe)
"1266:UDP"= 1266:UDP:Windows Media Format SDK (iexplore.exe)
"1268:UDP"= 1268:UDP:Windows Media Format SDK (iexplore.exe)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 02:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 02:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 05:38]
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-03-24 19:30]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-17 12:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5687795a-f3f3-11dc-bdf4-001e90c9d97d}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-17 09:04:19 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 17:01:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IDT\3172008114938\stacsv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-17 17:14:17 - machine was rebooted [dDefinder]
ComboFix-quarantined-files.txt 2008-04-17 09:13:36
ComboFix2.txt 2008-04-11 13:46:57

Pre-Run: 56,448,442,368 bytes free
Post-Run: 56,436,719,616 bytes free
.
2008-04-15 22:48:34 --- E O F ---

Edited by dDefinder, 17 April 2008 - 03:32 AM.

  • 0

#4
greyknight17
Posted 17 April 2008 - 07:53 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
If you didn't install Kontiki or Entriq, uninstall them via the Add/Remove Programs panel.

Check and fix this in HijackThis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

DirLook::
C:\WS

File::
C:\WINDOWS\system32\xbpjsvcn.ini
C:\vhyp.exe
C:\WINDOWS\system32\test.aok
C:\yt.htm
C:\WINDOWS\mpcodecplg.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMeebCV]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Edited by greyknight17, 17 April 2008 - 07:54 PM.

  • 0

#5
dDefinder
Posted 18 April 2008 - 12:55 AM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm unable to find Kontiki and Entriq with add/remove programs. I don't know what Kontiki and Entriq is.


ComboFix 08-04-16.5 - dDefinder 2008-04-18 14:28:34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1589 [GMT 8:00]
Running from: C:\Documents and Settings\dDefinder\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dDefinder\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\vhyp.exe
C:\WINDOWS\mpcodecplg.dll
C:\WINDOWS\system32\test.aok
C:\WINDOWS\system32\xbpjsvcn.ini
C:\yt.htm
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\vhyp.exe
C:\WINDOWS\mpcodecplg.dll
C:\WINDOWS\system32\test.aok
C:\WINDOWS\system32\xbpjsvcn.ini
C:\yt.htm

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 09:39 . 2008-04-18 09:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 09:39 . 2008-04-18 09:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 17:46 . 2008-04-17 17:46 <DIR> d-------- C:\Program Files\QT Lite
2008-04-17 17:46 . 2008-04-17 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 17:46 . 2008-03-28 21:07 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-04-17 17:46 . 2008-03-28 21:07 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-04-17 17:44 . 2008-04-17 17:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-17 07:19 . 2008-04-17 07:19 <DIR> d-------- C:\Program Files\Ultra Flash Video FLV Converter
2008-04-17 07:19 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-17 07:19 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-17 07:19 . 2006-10-24 14:16 242,176 --a------ C:\WINDOWS\system32\fixflash.exe
2008-04-17 07:19 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-17 07:19 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-17 07:19 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-17 07:19 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-17 07:19 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-17 07:14 . 2008-04-17 07:14 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Thinstall
2008-04-17 07:03 . 2008-04-17 07:16 <DIR> d-------- C:\output video
2008-04-17 07:02 . 2008-04-17 07:02 67 --a------ C:\WINDOWS\My Video Converter.INI
2008-04-17 07:01 . 2008-04-17 07:02 <DIR> d-------- C:\Program Files\My Video Converter
2008-04-16 11:59 . 2008-04-16 11:59 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-15 11:44 . 2008-04-15 11:45 1,049,670 --a------ C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-15 11:42 . 2008-04-15 11:42 <DIR> d-------- C:\Program Files\ValuSoft
2008-04-15 11:42 . 2008-04-15 11:42 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-04-15 09:21 . 2008-04-15 09:21 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\phpDesigner 2008
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Ubisoft
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-14 23:58 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\VstPlugins
2008-04-14 23:58 . 2002-07-08 06:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-14 23:58 . 2006-06-20 16:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-04-14 23:57 . 2008-04-14 23:57 <DIR> d-------- C:\Program Files\Outsim
2008-04-14 23:55 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\Image-Line
2008-04-13 15:43 . 2008-04-13 15:43 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-04-12 03:48 . 2008-04-12 03:49 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-12 03:46 . 2008-04-12 04:16 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-12 00:58 . 2008-04-12 01:03 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-04-12 00:58 . 2008-04-12 00:59 <DIR> d-------- C:\OLDgames
2008-04-12 00:52 . 2008-04-12 00:52 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-11 22:31 . 2008-04-11 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 22:02 . 2008-04-12 03:10 <DIR> d-------- C:\Program Files\Panda Security
2008-04-11 21:23 . 2008-04-11 21:23 <DIR> d-------- C:\Program Files\uTorrent
2008-04-11 21:23 . 2008-04-16 17:36 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\uTorrent
2008-04-11 19:45 . 2008-04-11 19:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-11 18:13 . 2008-04-11 18:28 <DIR> d-------- C:\WS
2008-04-11 18:11 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\SiteThief
2008-04-10 22:03 . 2008-04-11 19:39 327 --a------ C:\WINDOWS\wininit.ini
2008-04-10 21:58 . 2008-04-15 22:54 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-10 19:33 . 2008-04-10 19:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:29 . 2008-04-18 12:14 <DIR> d-------- C:\YouTubeVideos
2008-04-07 18:40 . 2008-04-07 18:40 <DIR> d-------- C:\Program Files\Avanquest update
2008-04-07 18:40 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-07 18:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-07 18:39 . 2008-04-07 18:40 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-04-07 18:39 . 2008-04-07 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-07 18:39 . 2008-04-07 18:39 24,192 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-04-07 18:39 . 2008-04-07 18:39 24,192 --a------ C:\Documents and Settings\dDefinder\usbsermptxp.sys
2008-04-07 18:39 . 2008-04-07 18:39 22,768 --a------ C:\Documents and Settings\dDefinder\usbsermpt.sys
2008-04-07 13:18 . 2008-04-07 13:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-07 13:18 . 2008-04-07 13:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-07 13:17 . 2008-04-07 13:17 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-07 13:17 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-07 13:17 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-07 13:09 . 2008-04-07 13:09 <DIR> d-------- C:\WINDOWS\Application Data
2008-04-07 13:09 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-04-07 13:09 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\mardpnp.sys
2008-04-07 13:09 . 2005-11-07 17:50 49,399 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-04-07 13:09 . 2005-08-18 11:44 24,789 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-04-07 13:09 . 2005-08-18 11:44 11,473 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-04-07 01:04 . 2008-04-07 01:05 <DIR> d-------- C:\Program Files\Sims2Pack Clean Installer
2008-04-06 23:16 . 2008-04-06 23:16 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-04-06 18:49 . 2008-04-06 19:05 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-04-06 18:49 . 2008-04-06 19:02 <DIR> d-------- C:\Downloads
2008-04-06 18:49 . 2008-04-06 19:05 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Orbit
2008-04-05 19:17 . 2008-04-05 19:17 <DIR> d-------- C:\Documents and Settings\dDefinder\.sshterm
2008-04-05 19:17 . 2008-04-05 19:17 <DIR> d-------- C:\Documents and Settings\dDefinder\.ssh
2008-04-03 23:07 . 2008-04-03 23:07 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-03 23:03 . 2008-04-03 23:04 <DIR> d-------- C:\Program Files\house dead 2
2008-04-03 08:07 . 2008-04-03 08:22 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\CoreFTP
2008-04-02 11:58 . 2008-04-02 11:58 <DIR> d-------- C:\Program Files\Studio V5
2008-04-01 16:26 . 2008-04-01 16:26 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2008-04-01 16:25 . 2008-04-07 17:49 <DIR> d-------- C:\Program Files\Smart Mod Manager
2008-04-01 06:59 . 2008-03-30 02:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 06:59 . 2008-03-30 02:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 18:07 . 2008-03-31 18:08 <DIR> d-------- C:\Program Files\AddWeb8
2008-03-31 09:13 . 2008-03-31 17:48 <DIR> d-------- C:\Program Files\Web Gallery Builder
2008-03-31 09:13 . 2008-03-31 09:13 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Web Gallery Builder
2008-03-31 01:08 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-31 01:08 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-30 19:08 . 2008-04-07 09:00 <DIR> d-------- C:\Program Files\Podcast Studio
2008-03-29 10:43 . 2008-04-03 22:40 <DIR> d-------- C:\Program Files\Xpress Software
2008-03-29 09:21 . 2008-04-04 09:03 <DIR> d-------- C:\Program Files\Web Designers Toolkit with Menu Ex
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\WINDOWS\Ver
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\Program Files\Kontiki
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\Program Files\Entriq
2008-03-28 19:59 . 2008-03-28 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-03-28 19:59 . 2008-03-28 20:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Entriq
2008-03-27 17:43 . 2008-04-17 07:34 <DIR> d-------- C:\Program Files\Flash Website Design
2008-03-26 20:03 . 2008-03-31 20:38 <DIR> d-------- C:\Program Files\CASHFLOW 202
2008-03-26 19:47 . 2008-03-26 21:22 <DIR> d-------- C:\Program Files\CASHFLOW
2008-03-26 18:06 . 2008-03-26 18:06 554 --a------ C:\WINDOWS\eReg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 09:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-16 13:38 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\Skype
2008-04-16 13:35 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\skypePM
2008-04-15 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 09:40 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\XnView
2008-04-13 13:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-13 13:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-04-13 12:50 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\Tunebite
2008-04-13 09:44 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-03-29 18:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 18:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 18:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 15:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-21 07:51 --------- d-----w C:\Program Files\Activision
2008-03-21 07:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-17 23:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-17 23:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-17 15:56 --------- d-----w C:\Program Files\C-Media USB Sound
2008-03-17 15:55 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\DAEMON Tools
2008-03-17 15:54 --------- d-----w C:\Program Files\Microsoft DirectX SDK (April 2007)
2008-03-17 15:28 22,328 ----a-w C:\Documents and Settings\dDefinder\Application Data\PnkBstrK.sys
2008-03-17 13:27 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-17 13:09 --------- d-----w C:\Documents and Settings\Administrator\Application Data\HPAppData
2008-03-17 12:15 --------- d-----w C:\Program Files\Common Files\aliaswavefront shared
2008-03-17 12:15 --------- d-----w C:\Program Files\Common Files\Alias Shared
2008-03-17 10:10 400,864 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-03-17 10:10 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-03-17 10:09 120,992 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-03-17 10:09 --------- d-----w C:\Program Files\Seagate
2008-03-17 10:09 --------- d-----w C:\Program Files\Common Files\Seagate
2008-03-17 10:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-17 10:03 --------- d-----w C:\Program Files\Skype
2008-03-17 10:03 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-17 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-03-17 09:36 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-17 09:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-17 08:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-03-17 08:26 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 08:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ALM
2008-03-17 08:05 --------- d-----w C:\Program Files\Bonjour
2008-03-17 08:01 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-03-17 07:25 --------- d-----w C:\Program Files\XnView
2008-03-17 06:42 --------- d-----w C:\Program Files\Your Uninstaller 2008
2008-03-17 06:37 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\URSoft
2008-03-17 06:31 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-17 06:31 --------- d-----w C:\Program Files\Microsoft Works
2008-03-17 06:18 --------- d-----w C:\Program Files\Stardock
2008-03-17 05:52 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\HP
2008-03-17 05:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-03-17 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-03-17 05:50 --------- d-----w C:\Program Files\HP
2008-03-17 05:50 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\HPAppData
2008-03-17 05:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-03-17 05:49 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-17 05:49 --------- d-----w C:\Program Files\Common Files\HP
2008-03-17 05:49 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-03-17 05:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-03-17 04:58 --------- d-----w C:\Documents and Settings\dDefinder\Application Data\TuneUp Software
2008-03-17 04:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-17 04:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-17 04:49 --------- d-----w C:\Program Files\MSBuild
2008-03-17 04:46 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-17 04:45 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-17 04:25 --------- d-----w C:\Program Files\Alwil Software
2008-03-17 03:50 --------- d-----w C:\Program Files\IDT
2008-03-17 03:48 --------- d-----w C:\Program Files\Intel
2008-03-17 03:41 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-06 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-03-06 10:25 --------- d-----w C:\Program Files\RapidSolution
2008-02-25 04:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WS ----



((((((((((((((((((((((((((((( snapshot_2008-04-17_17.13.27.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 09:01:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 06:32:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-31 21:25:46 682,496 ----a-w C:\WINDOWS\system32\divx.dll
- 2008-02-21 02:04:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2007-08-23 11:30:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
+ 2008-03-28 17:41:32 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
- 2008-02-21 02:05:44 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2008-03-21 20:30:08 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
- 2007-09-04 09:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2008-01-10 12:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
- 2004-01-25 09:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
- 2008-04-17 09:01:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
+ 2008-04-18 06:33:01 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-11-10 06:22 409600]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-08 17:47 1169456]
"CmUsbSound"="cmcnfgu.cpl" []
"PWRISOVM.EXE"="C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE" [2007-08-07 08:05 200704]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\dDefinder\Start Menu\Programs\Startup\
DO NOT REMOVE ashDisp.lnk - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-03-17 12:25:19 79224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qac26.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"<NO NAME>"=
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Puzzle Quest\\Puzzle Quest.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\dDefinder\\My Documents\\Downloads\\Stranglehold.PC-Rip.Full.Game.English.Skullptura\\Stranglehold.PC-Rip.Full.Game.English.Skullptura\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 02:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 02:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 05:38]
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-03-24 19:30]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-17 12:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5687795a-f3f3-11dc-bdf4-001e90c9d97d}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-18 06:36:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 14:33:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IDT\3172008114938\stacsv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-18 14:48:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 06:47:25
ComboFix2.txt 2008-04-17 09:14:17
ComboFix3.txt 2008-04-11 13:46:57

Pre-Run: 55,681,605,632 bytes free
Post-Run: 55,700,836,352 bytes free
.
2008-04-15 22:48:34 --- E O F ---
  • 0

#6
greyknight17
Posted 18 April 2008 - 06:09 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Folder::
C:\WINDOWS\Ver
C:\Program Files\Kontiki
C:\Program Files\Entriq
C:\Documents and Settings\All Users\Application Data\Kontiki
C:\Documents and Settings\All Users\Application Data\Entriq

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#7
dDefinder
Posted 19 April 2008 - 09:54 AM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
The avast virus warnings and the edits to register have stopped.

ComboFix 08-04-16.5 - dDefinder 2008-04-19 13:27:53.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1531 [GMT 8:00]
Running from: C:\Documents and Settings\dDefinder\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\dDefinder\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Entriq
C:\Documents and Settings\All Users\Application Data\Entriq\MS\History.xml
C:\Documents and Settings\All Users\Application Data\Entriq\MS\History.xml.001
C:\Documents and Settings\All Users\Application Data\Entriq\MS\Progress.xml
C:\Documents and Settings\All Users\Application Data\Entriq\MS\Progress.xml.001
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\3.8.0.24\EntriqVersionCheck.dll
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\3.8.0.24\npEntriqVersionCheckMozillaPlugin.dll
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\dmEULA.rtf
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\dmGrid.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\dmUI.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\main.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\monitorpage.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\monitorpage2.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\OLDUI.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\store.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\storedemo.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\css\vidPlayer.css
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\dmimages\fightsondemand.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\dmimages\logo.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\dmimages\menutop.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\dmimages\topbg.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\dmVideo.htm
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\downloadmanager.htm
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\alert.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\bg_bottom.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\bg_controlpanel.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\btnFullScreen.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\btnFullScreen2.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_button_pause_off.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_button_pause_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_button_play.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_button_resume_off.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_button_X_off.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_grid_column_separator.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_grid_column_sort_asc.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_grid_column_sort_des.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_grid_column_span.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dm_grid_progress.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\dmtitle.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\downloadProgress.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\fightsondemand.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\logo.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\menutop.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\mydownloads.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\panel_play.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\panel_play_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_17.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_fastforward.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_fastforward_disabled.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_fastforward_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_pause.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_pause_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_play.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_play_disabled.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_play_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progress.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progress_btn.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progress_btn2.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progress_btn3.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progress_yellow.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progressbar.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progressbar_bounds.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_progressbar_boundsbg.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_rewind.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_rewind_disabled.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_rewind_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_stop.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_stop_disabled.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\player_stop_on.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\playerTopRowBg.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\ProgBar.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\ProgBarContainer.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\progress_bar.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_G.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_NC17.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_NR.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_PG-13.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_PG.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_PG13.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\R_R.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\rating-r.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\right_player.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\right_shadow.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\right_vongostream.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\rightFrameHeaderBar_1px.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\rightFrameHeaderBar2_1px.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\search-header.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\search_top1.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\search_top4.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\search_top5.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\search_top6.jpg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\sort_crossbar.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\topbg.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\transparent_1pix.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\TV_14.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\TV_7.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\TV_G.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\TV_MA.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\TV_PG.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\TV_Y.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\vol_bg.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\images\volumeicon.gif
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\menu.htm
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\monitorpage.htm
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\Digitalstore\DigitalStore.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMArguments.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMColorRow.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMControl.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMDebugWindow.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\dmexpiration.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMExtendedDate.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMLogInfo.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMMetaData.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMPage.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMProgress.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMSlider.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMTooltip.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMUserDefinedMessages.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\DMVideoPlayer.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\scripts\ieplayerfix.js
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\Digitalstore\DMUserDefinedMessageSchema.xsd
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\Digitalstore\en.xml
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\Digitalstore\es.xml
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\Digitalstore\fr.xml
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMColDefs.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMGridMovieRow.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMGridMovieTable.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMGridMusicRow.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMGridMusicTable.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMGridPSPRow.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMGridPSPTable.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMImages.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMRollup.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMTemplates.xslt
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\DMUserDefinedMessageSchema.xsd
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\en.xml
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\es.xml
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\DMOFFLINE\xmlfiles\fr.xml
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\econfig.cfg
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\ProductVersion.dll
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\unins000.dat
C:\Documents and Settings\All Users\Application Data\Entriq\UFC\unins000.exe
C:\Documents and Settings\All Users\Application Data\Kontiki
C:\Documents and Settings\All Users\Application Data\Kontiki\zdata.db
C:\Program Files\Entriq
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqDeviceSync.exe
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqDRMPlugin.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqEnhApi.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqMediaControl.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqMediaServer.exe
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqMediaTray.exe
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqProxyServer.exe
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqVersionCheck.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\EntriqWMLicenseHandler.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\MediaCallbackIfc.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\msvcr71.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\npEntriqMediaMozillaPlugin.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\npEntriqVersionCheckMozillaPlugin.dll
C:\Program Files\Entriq\MediaSphere\3.8.0.24\ProductVersion.dll
C:\Program Files\Entriq\MediaSphere\empty.wav
C:\Program Files\Entriq\MediaSphere\EntriqMediaTray.exe
C:\Program Files\Entriq\MediaSphere\msvcr71.dll
C:\Program Files\Entriq\MediaSphere\sample.wmv
C:\Program Files\Entriq\MediaSphere\unins000.dat
C:\Program Files\Entriq\MediaSphere\unins000.exe
C:\Program Files\Kontiki
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\Ver

.
((((((((((((((((((((((((( Files Created from 2008-03-19 to 2008-04-19 )))))))))))))))))))))))))))))))
.

2008-04-19 12:14 . 2008-04-19 12:14 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2008-04-19 12:14 . 2008-04-19 12:14 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-04-19 12:14 . 2008-04-19 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-04-19 12:13 . 2008-04-19 12:13 278,728 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2008-04-19 12:13 . 2008-04-19 12:13 25,416 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2008-04-19 12:11 . 2008-04-19 12:11 <DIR> d-------- C:\Program Files\Focus
2008-04-19 12:11 . 2004-08-09 06:04 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-04-18 16:09 . 2008-04-18 16:09 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-04-18 16:08 . 2008-03-24 19:52 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-18 16:08 . 2008-04-19 13:32 175,436 --a------ C:\WINDOWS\system32\nvapps.xml
2008-04-18 16:08 . 2008-03-24 19:52 17,937 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-18 16:07 . 2008-04-18 16:07 <DIR> d-------- C:\NVIDIA
2008-04-18 16:07 . 2008-03-24 11:27 442,368 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-04-18 09:39 . 2008-04-19 11:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-18 09:39 . 2008-04-18 09:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 17:46 . 2008-04-17 17:46 <DIR> d-------- C:\Program Files\QT Lite
2008-04-17 17:46 . 2008-04-17 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-17 17:46 . 2008-03-28 21:07 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-04-17 17:46 . 2008-03-28 21:07 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-04-17 17:44 . 2008-04-17 17:44 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-04-17 07:19 . 2008-04-17 07:19 <DIR> d-------- C:\Program Files\Ultra Flash Video FLV Converter
2008-04-17 07:19 . 2002-10-05 07:04 921,600 --a------ C:\WINDOWS\system32\vorbisenc.dll
2008-04-17 07:19 . 2004-01-11 08:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-04-17 07:19 . 2006-10-24 14:16 242,176 --a------ C:\WINDOWS\system32\fixflash.exe
2008-04-17 07:19 . 2002-10-07 02:42 237,568 --a------ C:\WINDOWS\system32\OggDS.dll
2008-04-17 07:19 . 2002-10-05 07:04 188,416 --a------ C:\WINDOWS\system32\vorbis.dll
2008-04-17 07:19 . 2007-04-12 14:19 129,024 --a------ C:\WINDOWS\system32\AVERM.dll
2008-04-17 07:19 . 2002-10-05 07:04 45,056 --a------ C:\WINDOWS\system32\ogg.dll
2008-04-17 07:19 . 2006-09-26 13:57 28,672 --a------ C:\WINDOWS\system32\AVEQT.dll
2008-04-17 07:14 . 2008-04-17 07:14 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Thinstall
2008-04-17 07:03 . 2008-04-17 07:16 <DIR> d-------- C:\output video
2008-04-17 07:02 . 2008-04-17 07:02 67 --a------ C:\WINDOWS\My Video Converter.INI
2008-04-17 07:01 . 2008-04-17 07:02 <DIR> d-------- C:\Program Files\My Video Converter
2008-04-16 11:59 . 2008-04-16 11:59 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-04-15 11:44 . 2008-04-15 11:45 1,049,670 --a------ C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-15 11:42 . 2008-04-15 11:42 <DIR> d-------- C:\Program Files\ValuSoft
2008-04-15 11:42 . 2008-04-15 11:42 <DIR> d-------- C:\Program Files\Common Files\Thraex Software
2008-04-15 09:21 . 2008-04-15 09:21 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\phpDesigner 2008
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Ubisoft
2008-04-15 03:12 . 2008-04-15 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-14 23:58 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\VstPlugins
2008-04-14 23:58 . 2002-07-08 06:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-04-14 23:58 . 2006-06-20 16:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-04-14 23:57 . 2008-04-14 23:57 <DIR> d-------- C:\Program Files\Outsim
2008-04-14 23:55 . 2008-04-14 23:58 <DIR> d-------- C:\Program Files\Image-Line
2008-04-13 15:43 . 2008-04-13 15:43 5,120 --a------ C:\WINDOWS\system32\BReWErS.dll
2008-04-12 03:48 . 2008-04-12 03:49 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-12 03:46 . 2008-04-12 04:16 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-12 00:58 . 2008-04-12 01:03 <DIR> d-------- C:\Program Files\DOSBox-0.72
2008-04-12 00:58 . 2008-04-12 00:59 <DIR> d-------- C:\OLDgames
2008-04-12 00:52 . 2008-04-12 00:52 <DIR> d--h----- C:\WINDOWS\PIF
2008-04-11 22:31 . 2008-04-11 22:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-11 22:02 . 2008-04-12 03:10 <DIR> d-------- C:\Program Files\Panda Security
2008-04-11 21:23 . 2008-04-11 21:23 <DIR> d-------- C:\Program Files\uTorrent
2008-04-11 21:23 . 2008-04-16 17:36 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\uTorrent
2008-04-11 19:45 . 2008-04-11 19:45 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-11 18:13 . 2008-04-11 18:28 <DIR> d-------- C:\WS
2008-04-11 18:11 . 2008-04-11 19:08 <DIR> d-------- C:\Program Files\SiteThief
2008-04-10 22:03 . 2008-04-11 19:39 327 --a------ C:\WINDOWS\wininit.ini
2008-04-10 21:58 . 2008-04-15 22:54 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-04-10 19:33 . 2008-04-10 19:33 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:29 . 2008-04-18 12:14 <DIR> d-------- C:\YouTubeVideos
2008-04-07 18:40 . 2008-04-07 18:40 <DIR> d-------- C:\Program Files\Avanquest update
2008-04-07 18:40 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-04-07 18:40 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-04-07 18:39 . 2008-04-07 18:40 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-04-07 18:39 . 2008-04-07 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-04-07 18:39 . 2008-04-07 18:39 24,192 --a------ C:\WINDOWS\system32\drivers\usbsermptxp.sys
2008-04-07 18:39 . 2008-04-07 18:39 24,192 --a------ C:\Documents and Settings\dDefinder\usbsermptxp.sys
2008-04-07 18:39 . 2008-04-07 18:39 22,768 --a------ C:\Documents and Settings\dDefinder\usbsermpt.sys
2008-04-07 13:18 . 2008-04-07 13:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-07 13:18 . 2008-04-07 13:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-07 13:17 . 2008-04-07 13:17 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-07 13:17 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-04-07 13:17 . 2006-12-13 17:52 20,992 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-07 13:09 . 2008-04-07 13:09 <DIR> d-------- C:\WINDOWS\Application Data
2008-04-07 13:09 . 2005-08-18 11:44 49,867 --a------ C:\WINDOWS\system32\drivers\mardp2k.sys
2008-04-07 13:09 . 2005-08-18 11:44 49,484 --a------ C:\WINDOWS\system32\drivers\mardpnp.sys
2008-04-07 13:09 . 2005-11-07 17:50 49,399 --a------ C:\WINDOWS\system32\drivers\mamotou.sys
2008-04-07 13:09 . 2005-08-18 11:44 24,789 --a------ C:\WINDOWS\system32\drivers\MaVctrl.sys
2008-04-07 13:09 . 2005-08-18 11:44 11,473 --a------ C:\WINDOWS\system32\drivers\MaVc2K.sys
2008-04-07 01:04 . 2008-04-07 01:05 <DIR> d-------- C:\Program Files\Sims2Pack Clean Installer
2008-04-06 23:16 . 2008-04-06 23:16 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-04-06 18:49 . 2008-04-06 19:05 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-04-06 18:49 . 2008-04-06 19:02 <DIR> d-------- C:\Downloads
2008-04-06 18:49 . 2008-04-06 19:05 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Orbit
2008-04-05 19:17 . 2008-04-05 19:17 <DIR> d-------- C:\Documents and Settings\dDefinder\.sshterm
2008-04-05 19:17 . 2008-04-05 19:17 <DIR> d-------- C:\Documents and Settings\dDefinder\.ssh
2008-04-03 23:07 . 2008-04-03 23:07 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-03 23:03 . 2008-04-03 23:04 <DIR> d-------- C:\Program Files\house dead 2
2008-04-03 08:07 . 2008-04-03 08:22 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\CoreFTP
2008-04-02 11:58 . 2008-04-02 11:58 <DIR> d-------- C:\Program Files\Studio V5
2008-04-01 16:26 . 2008-04-01 16:26 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Smart S.T.A.L.K.E.R. Mod Manager
2008-04-01 16:25 . 2008-04-07 17:49 <DIR> d-------- C:\Program Files\Smart Mod Manager
2008-04-01 06:59 . 2008-03-30 02:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-01 06:59 . 2008-03-30 02:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-31 18:07 . 2008-03-31 18:08 <DIR> d-------- C:\Program Files\AddWeb8
2008-03-31 09:13 . 2008-03-31 17:48 <DIR> d-------- C:\Program Files\Web Gallery Builder
2008-03-31 09:13 . 2008-03-31 09:13 <DIR> d-------- C:\Documents and Settings\dDefinder\Application Data\Web Gallery Builder
2008-03-31 01:08 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( snapshot_2008-04-17_17.13.27.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 09:01:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-19 05:32:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2002-07-25 10:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll
+ 2002-07-25 10:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe
+ 2004-08-08 22:02:38 327,680 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelFrench.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelGerman.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelJapanese.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelKorean.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelPortugese.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelSpanish.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelSwedish.dll
+ 2006-11-22 03:37:08 45,056 ----a-w C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll
+ 2006-11-22 03:37:10 199,765 ----a-w C:\WINDOWS\system32\AGEIA\app.bin
+ 2006-11-22 03:37:10 122,249 ----a-w C:\WINDOWS\system32\AGEIA\diag.bin
+ 2008-03-31 21:25:46 682,496 ----a-w C:\WINDOWS\system32\divx.dll
- 2008-02-21 02:04:16 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2008-03-21 20:28:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
- 2007-12-04 17:41:00 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2008-03-24 11:52:00 6,547,872 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
+ 2006-11-09 03:29:12 110,336 -c--a-r C:\WINDOWS\system32\DRVSTORE\athena_6BDC51EC34901E554F7E8DCB20A16311375D6D33\athena.sys
- 2007-08-23 11:30:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
+ 2008-03-28 17:41:32 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
- 2007-12-04 17:41:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
+ 2008-03-24 11:52:00 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
- 2007-12-04 17:41:00 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
+ 2008-03-24 11:52:00 5,974,528 ----a-w C:\WINDOWS\system32\nv4_disp.dll
- 2007-12-04 17:41:00 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
+ 2008-03-24 11:52:00 413,696 ----a-w C:\WINDOWS\system32\nvapi.dll
- 2007-12-04 17:41:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
+ 2008-03-24 11:52:00 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
- 2007-12-04 17:41:00 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
+ 2008-03-24 11:52:00 35,840 ----a-w C:\WINDOWS\system32\nvcod.dll
- 2007-12-04 17:41:00 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
+ 2008-03-24 11:52:00 35,840 ----a-w C:\WINDOWS\system32\nvcodins.dll
- 2007-12-04 17:41:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
+ 2008-03-24 11:52:00 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
- 2007-12-04 17:41:00 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
+ 2008-03-24 11:52:00 13,524,992 ----a-w C:\WINDOWS\system32\nvcpl.dll
- 2007-12-04 17:41:00 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
+ 2008-03-24 11:52:00 764,448 ----a-w C:\WINDOWS\system32\nvcplui.exe
- 2007-12-04 17:41:00 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
+ 2008-03-24 11:52:00 1,126,400 ----a-w C:\WINDOWS\system32\nvcuda.dll
- 2007-12-04 17:41:00 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
+ 2008-03-24 11:52:00 6,582,272 ----a-w C:\WINDOWS\system32\nvdisps.dll
- 2007-12-04 17:41:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
+ 2008-03-24 11:52:00 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
- 2007-12-04 17:41:00 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
+ 2008-03-24 11:52:00 313,888 ----a-w C:\WINDOWS\system32\nvexpbar.dll
- 2007-12-04 17:41:00 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
+ 2008-03-24 11:52:00 3,469,312 ----a-w C:\WINDOWS\system32\nvgames.dll
- 2007-12-04 17:41:00 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
+ 2008-03-24 11:52:00 1,482,752 ----a-w C:\WINDOWS\system32\nview.dll
- 2007-12-04 17:41:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
+ 2008-03-24 11:52:00 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
- 2007-12-04 17:41:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
+ 2008-03-24 11:52:00 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
- 2007-12-04 17:41:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
+ 2008-03-24 11:52:00 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
- 2007-12-04 17:41:00 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
+ 2008-03-24 11:52:00 86,016 ----a-w C:\WINDOWS\system32\nvmctray.dll
- 2007-12-04 17:41:00 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
+ 2008-03-24 11:52:00 1,257,472 ----a-w C:\WINDOWS\system32\nvmobls.dll
- 2007-12-04 17:41:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
+ 2008-03-24 11:52:00 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
- 2007-12-04 17:41:00 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
+ 2008-03-24 11:52:00 8,634,368 ----a-w C:\WINDOWS\system32\nvoglnt.dll
- 2007-12-04 17:41:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
+ 2008-03-24 11:52:00 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
- 2007-12-04 17:41:00 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
+ 2008-03-24 11:52:00 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
- 2007-12-04 17:41:00 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
+ 2008-03-24 11:52:00 3,776,512 ----a-w C:\WINDOWS\system32\nvvitvs.dll
- 2007-12-04 17:41:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
+ 2008-03-24 11:52:00 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
- 2007-12-04 17:41:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
+ 2008-03-24 11:52:00 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
- 2007-12-04 17:41:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
+ 2008-03-24 11:52:00 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
- 2007-12-04 17:41:00 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
+ 2008-03-24 11:52:00 2,629,632 ----a-w C:\WINDOWS\system32\nvwss.dll
- 2007-12-04 17:41:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
+ 2008-03-24 11:52:00 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
+ 2006-12-01 10:34:16 53,248 ----a-w C:\WINDOWS\system32\PhysXLoader.dll
- 2008-02-21 02:05:44 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2008-03-21 20:30:08 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
- 2007-09-04 09:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2007-09-04 16:56:10 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
+ 2008-01-10 12:15:30 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
+ 2008-01-10 12:16:20 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
- 2004-01-25 09:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2004-01-25 16:18:44 217,088 ----a-w C:\WINDOWS\system32\yv12vfw.dll
+ 2008-04-19 05:32:46 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 03:18 437160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2007-11-10 06:22 409600]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2007-08-08 17:47 1169456]
"CmUsbSound"="cmcnfgu.cpl" []
"PWRISOVM.EXE"="C:\Documents and Settings\Default User\Local Settings\Temp\cxxxSy76ad\PWRISOVM.EXE" [2007-08-07 08:05 200704]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]

C:\Documents and Settings\dDefinder\Start Menu\Programs\Startup\
DO NOT REMOVE ashDisp.lnk - C:\Program Files\Alwil Software\Avast4\ashDisp.exe [2008-03-17 12:25:19 79224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qac26.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"nwiz"=nwiz.exe /install
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"<NO NAME>"=
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Puzzle Quest\\Puzzle Quest.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\dDefinder\\My Documents\\Downloads\\Stranglehold.PC-Rip.Full.Game.English.Skullptura\\Stranglehold.PC-Rip.Full.Game.English.Skullptura\\Stranglehold\\Binaries\\Retail-Stranglehold.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-30 02:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-30 02:35]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 20:00]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-05 05:38]
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-03-24 19:30]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-17 12:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5687795a-f3f3-11dc-bdf4-001e90c9d97d}]
\Shell\AutoRun\command - I:\ONSPCLCK.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 05:35:47 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-19 13:33:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\IDT\3172008114938\stacsv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-19 13:47:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-19 05:46:56
ComboFix2.txt 2008-04-18 06:48:10
ComboFix3.txt 2008-04-17 09:14:17
ComboFix4.txt 2008-04-11 13:46:57

Pre-Run: 50,860,093,440 bytes free
Post-Run: 50,840,338,432 bytes free
.
2008-04-18 09:57:58 --- E O F ---
  • 0

#8
greyknight17
Posted 19 April 2008 - 03:31 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you know what this file is for I:\ONSPCLCK.exe? If not, did you run the Flash Disinfector tool yet?

Are you having problems installing the recovery console? I see that it's still not installed yet. Go back to the site where you downloaded Combofix and follow the instructions (without the CD...download it) to install the recovery console.

For this file -> C:\WINDOWS\wininit.ini Open it up in Notepad and copy/paste the contents of that file here.
  • 0

#9
dDefinder
Posted 20 April 2008 - 10:52 AM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I think I:\ONSPCLCK.exe is part of my external hard drive. There will be a CD PART (I:) in the My Computer whenever I turn the hard drive on. I'm unable to run recovery console, It will give an error about a corrupt file and then resets. I am able to run the console when I boot with the CD.

[rename]
c:\tempjunk1315.tmp=C:\WINDOWS\system32\jkkJyXnk.dll_old
nul=c:\tempjunk9888.tmp
c:\tempjunk1734.tmp=C:\WINDOWS\system32\jkkJyXnk.dll_old
c:\tempjunk9820.tmp=C:\WINDOWS\system32\ncvsjpbx.dll_old
c:\tempjunk8278.tmp=C:\WINDOWS\system32\pcdxrytt.dll_old
c:\tempjunk9888.tmp=C:\WINDOWS\system32\vtUnnklL.dll_old
  • 0

#10
greyknight17
Posted 20 April 2008 - 11:25 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
For the C:\WINDOWS\wininit.ini file, open it up and erase everything inside. Then copy/paste the below into the file and save it:

[rename]
nul=

It gives you an error when you drag and drop the XP bootdisk file (that you downloaded from the Microsoft site) into Combofix?
  • 0

Advertisements

#11
dDefinder
Posted 21 April 2008 - 10:42 PM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It will show an error when I try to run Windows Recovery Console when I'm in the startup options. Although I'm able to run it if I boot from the Windows CD and use it's Recovery Console. The recovery console was installed with the CD
  • 0

#12
greyknight17
Posted 22 April 2008 - 04:39 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is everything running ok now? If so, go to Start->Run and type in combofix /u and hit OK to remove it. You should be almost set to go. We just need to fix this recovery console problem.

Right click on My Computer and go to Properties. Then go to the Advanced tab and click on the Settings button under Startup and Recovery. Click on the Edit button there. Copy and paste the entire contents of that file here.
  • 0

#13
dDefinder
Posted 27 April 2008 - 10:30 AM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything seems to be running normal, thanks. :)

I've rebuilt the boot.ini with the recovery console. I probably should reinstall it and see if it works.

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
  • 0

#14
greyknight17
Posted 27 April 2008 - 05:17 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yep, you may retry installing the recovery console. Just download the bootdisk file to your desktop. Then drag and drop it into the combofix tool to install it. No need to post the log here. Just remove combofix again using the /u parameter.

If there are no more issues, post back one more time and I will mark this topic as solved.
  • 0

#15
dDefinder
Posted 03 May 2008 - 10:28 PM

dDefinder

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I'm now able to run recover console without any problems, thank you :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP