Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is running slow after malware removal [RESOLVED]


  • This topic is locked This topic is locked

#16
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Lets try deleting and re-installing Combofix….


ComboFix Removal
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

===============================================

Download ComboFix from one of the locations below, and save it to your Desktop.
Link 1
Link 2
Link 3

===============================================

Combofix Script.txt

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\6709BCCFE0.sys 
C:\Program Files\AlbumArtSmall.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg
C:\Program Files\Folder.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg
C:\Program Files\Phil Collins - Take Me Home (long version).mp3
C:\Program Files\Maroon five - Rag Doll.mp3
C:\Program Files\Journey - Don't Stop Beleiving.MP3
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Large.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Small.jpg
C:\Program Files\Pharell Williams, P Diddy, Lenny Kravitz - Show Me Your Soul.mp3
C:\Program Files\Nickelback - Photogragh.mp3
C:\Program Files\Sade - King Of Sorrow.mp3
C:\Program Files\Phil Collins - You'll Be In My Heart.mp3
C:\Program Files\Musiq Soulchild - Dont Change.mp3
C:\Program Files\Nsync - Selfish.mp3
C:\Program Files\Dixie Chicks - Landslide.mp3
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Small.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Small.jpg
C:\Program Files\Nsync - I thought she knew.mp3
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Large.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Large.jpg
C:\Program Files\Nsync - Something Like You.mp3
C:\Program Files\Harvey Birdman Attorney at Law - 103 - Death By Chocolate.mpg
C:\Program Files\Harvey Birdman Attorney at Law - 109 - Blackwatch Plaid.mpg
C:\Program Files\Fall Out Boy - Get Busy Living Or Get Busy Dying.mp3
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Small.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Small.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Large.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Large.jpg
C:\Program Files\Maroon 5 - Shiver.mp3
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Small.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Large.jpg
C:\Program Files\Aretha Franklin (feat. Lauryn Hill) - A Rose Is Still A Rose.mp3
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Small.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Large.jpg
C:\Program Files\Elisa - Dancing.mp3
C:\Program Files\Journey - When The Lights Go Down In The City.mp3
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Large.jpg
C:\Program Files\Switchfoot - I Dare You To Move (A Walk To Remember Soundtrack)(1).mp3
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Small.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Large.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Small.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg
C:\Program Files\Maroon 5 - Harder To Breathe.mp3
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Large.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Small.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Large.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Small.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Small.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Large.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Large.jpg
C:\Program Files\Maroon 5 - Simple Kind of Lovely.mp3
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Small.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Large.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Small.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Small.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Large.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Large.jpg
C:\Program Files\Madonna Feat Justin Timberlake & Timbaland-4 Minutes.mp3
Folder::
C:\Program Files\FrostWire
C:\Documents and Settings\Jessica\Application Data\FrostWire
DirLook::
C:\Documents and Settings\Pimpin Ken\Application Data\Help
C:\Documents and Settings\Pimpin Ken\Application Data\Corel


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

===============================================



ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
===============================================

Needed in your next reply:

ComboFix Log

Kaspersky WebScanner Results

And let me know how things are running

*NOTE* You may need to post the requested logs in more then one reply due to how long they are. Please check to make sure all of the logs are posted.
  • 0

Advertisements


#17
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
The same thing happens when I try to remove ComboFix, and it remains on my desktop.
  • 0

#18
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello again,

Please disable all of Spyware Doctor and try again, sometime antivirus and real time protection interfere with ComboFix.


Click the Spyware Doctor icon in the System Tray.
Click Settings.
Click Startup Settings under Pick a Category.
Uncheck "Run at Windows startup".
Click Apply and Exit Spyware Doctor.
From within Spyware Doctor, click the "OnGuard" button on the left side.
Uncheck "Activate OnGuard".

(When we are done, you can reenable Spyware Doctor)
  • 0

#19
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my ComboFix log. Sorry, but for someone reason it posted twice.

ComboFix 08-06-20.4 - Jessica 2008-06-26 12:32:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.893 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Large.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Small.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Large.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Small.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Small.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Large.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Small.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Large.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Small.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Large.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Small.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Large.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Small.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Large.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Small.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Large.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Small.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Large.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Small.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Large.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Small.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Large.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Small.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Large.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Small.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Large.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Small.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Large.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Small.jpg
C:\Program Files\AlbumArtSmall.jpg
C:\Program Files\Aretha Franklin (feat. Lauryn Hill) - A Rose Is Still A Rose.mp3
C:\Program Files\Dixie Chicks - Landslide.mp3
C:\Program Files\Elisa - Dancing.mp3
C:\Program Files\Fall Out Boy - Get Busy Living Or Get Busy Dying.mp3
C:\Program Files\Folder.jpg
C:\Program Files\Harvey Birdman Attorney at Law - 103 - Death By Chocolate.mpg
C:\Program Files\Harvey Birdman Attorney at Law - 109 - Blackwatch Plaid.mpg
C:\Program Files\Journey - Don't Stop Beleiving.MP3
C:\Program Files\Journey - When The Lights Go Down In The City.mp3
C:\Program Files\Madonna Feat Justin Timberlake & Timbaland-4 Minutes.mp3
C:\Program Files\Maroon 5 - Harder To Breathe.mp3
C:\Program Files\Maroon 5 - Shiver.mp3
C:\Program Files\Maroon 5 - Simple Kind of Lovely.mp3
C:\Program Files\Maroon five - Rag Doll.mp3
C:\Program Files\Musiq Soulchild - Dont Change.mp3
C:\Program Files\Nickelback - Photogragh.mp3
C:\Program Files\Nsync - I thought she knew.mp3
C:\Program Files\Nsync - Selfish.mp3
C:\Program Files\Nsync - Something Like You.mp3
C:\Program Files\Pharell Williams, P Diddy, Lenny Kravitz - Show Me Your Soul.mp3
C:\Program Files\Phil Collins - Take Me Home (long version).mp3
C:\Program Files\Phil Collins - You'll Be In My Heart.mp3
C:\Program Files\Sade - King Of Sorrow.mp3
C:\Program Files\Switchfoot - I Dare You To Move (A Walk To Remember Soundtrack)(1).mp3
C:\WINDOWS\system32\6709BCCFE0.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jessica\Application Data\FrostWire
C:\Documents and Settings\Jessica\Application Data\FrostWire\createtimes.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\data.ser
C:\Documents and Settings\Jessica\Application Data\FrostWire\fileurns.bak
C:\Documents and Settings\Jessica\Application Data\FrostWire\fileurns.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\filters.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\frostwire.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\gnutella.net
C:\Documents and Settings\Jessica\Application Data\FrostWire\installation.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\library.dat
C:\Documents and Settings\Jessica\Application Data\FrostWire\pub1.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\public.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\questions.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\responses.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\secureMessage.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\spam.dat
C:\Documents and Settings\Jessica\Application Data\FrostWire\tables.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme.skin
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme\kill.png
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme\theme.txt
C:\Documents and Settings\Jessica\Application Data\FrostWire\ttree.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\version.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\version.xml
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\data\audio.sxml
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\data\delete_me
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\data\video.sxml
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\application.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\audio.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\document.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\image.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\video.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\application.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\audio.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\document.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\image.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\video.xsd
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Large.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Small.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Large.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Small.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Small.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Large.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Small.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Large.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Small.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Large.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Small.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Large.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Small.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Large.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Small.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Large.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Small.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Large.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Small.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Large.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Small.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Large.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Small.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Large.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Small.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Large.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Small.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Large.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Small.jpg
C:\Program Files\AlbumArtSmall.jpg
C:\Program Files\Aretha Franklin (feat. Lauryn Hill) - A Rose Is Still A Rose.mp3
C:\Program Files\Dixie Chicks - Landslide.mp3
C:\Program Files\Elisa - Dancing.mp3
C:\Program Files\Fall Out Boy - Get Busy Living Or Get Busy Dying.mp3
C:\Program Files\Folder.jpg
C:\Program Files\FrostWire
C:\Program Files\FrostWire\clink.jar
C:\Program Files\FrostWire\commons-httpclient.jar
C:\Program Files\FrostWire\commons-logging.jar
C:\Program Files\FrostWire\commons-net.jar
C:\Program Files\FrostWire\commons-pool.jar
C:\Program Files\FrostWire\daap.jar
C:\Program Files\FrostWire\EULA.txt
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\FrostWire\FrostWire.ico
C:\Program Files\FrostWire\FrostWire.jar
C:\Program Files\FrostWire\GPL2.txt
C:\Program Files\FrostWire\hashes
C:\Program Files\FrostWire\hs_err_pid1912.log
C:\Program Files\FrostWire\i18n.jar
C:\Program Files\FrostWire\icu4j.jar
C:\Program Files\FrostWire\id3v2.jar
C:\Program Files\FrostWire\irc.jar
C:\Program Files\FrostWire\jcraft.jar
C:\Program Files\FrostWire\jdic.dll
C:\Program Files\FrostWire\jdic.jar
C:\Program Files\FrostWire\jdic_stub.jar
C:\Program Files\FrostWire\jl011.jar
C:\Program Files\FrostWire\jmdns.jar
C:\Program Files\FrostWire\jython.jar
C:\Program Files\FrostWire\log.txt
C:\Program Files\FrostWire\log4j.jar
C:\Program Files\FrostWire\log4j.properties
C:\Program Files\FrostWire\looks.jar
C:\Program Files\FrostWire\MessagesBundle.properties
C:\Program Files\FrostWire\MessagesBundles.jar
C:\Program Files\FrostWire\mp3sp14.jar
C:\Program Files\FrostWire\pmf.ico
C:\Program Files\FrostWire\ProgressTabs.jar
C:\Program Files\FrostWire\SystemUtilities.dll
C:\Program Files\FrostWire\themes.jar
C:\Program Files\FrostWire\tray.dll
C:\Program Files\FrostWire\tritonus.jar
C:\Program Files\FrostWire\Uninstall.exe
C:\Program Files\FrostWire\update.ver
C:\Program Files\FrostWire\vorbis.jar
C:\Program Files\FrostWire\xml-apis.jar
C:\Program Files\FrostWire\xml.war
C:\Program Files\Harvey Birdman Attorney at Law - 103 - Death By Chocolate.mpg
C:\Program Files\Harvey Birdman Attorney at Law - 109 - Blackwatch Plaid.mpg
C:\Program Files\Journey - Don't Stop Beleiving.MP3
C:\Program Files\Journey - When The Lights Go Down In The City.mp3
C:\Program Files\Madonna Feat Justin Timberlake & Timbaland-4 Minutes.mp3
C:\Program Files\Maroon 5 - Harder To Breathe.mp3
C:\Program Files\Maroon 5 - Shiver.mp3
C:\Program Files\Maroon 5 - Simple Kind of Lovely.mp3
C:\Program Files\Maroon five - Rag Doll.mp3
C:\Program Files\Musiq Soulchild - Dont Change.mp3
C:\Program Files\Nickelback - Photogragh.mp3
C:\Program Files\Nsync - I thought she knew.mp3
C:\Program Files\Nsync - Selfish.mp3
C:\Program Files\Nsync - Something Like You.mp3
C:\Program Files\Pharell Williams, P Diddy, Lenny Kravitz - Show Me Your Soul.mp3
C:\Program Files\Phil Collins - Take Me Home (long version).mp3
C:\Program Files\Phil Collins - You'll Be In My Heart.mp3
C:\Program Files\Sade - King Of Sorrow.mp3
C:\Program Files\Switchfoot - I Dare You To Move (A Walk To Remember Soundtrack)(1).mp3
C:\WINDOWS\system32\6709BCCFE0.sys

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 12:39 . 2008-06-25 12:39 <DIR> d-------- C:\Deckard
2008-06-24 15:25 . 2008-06-24 15:25 <DIR> d-------- C:\Documents and Settings\Pimpin Ken\Application Data\Corel
2008-06-21 23:54 . 2008-06-21 23:54 1,932 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-11 08:29 . 2008-06-13 06:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 08:29 . 2008-05-08 09:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 17:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:19 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-26 16:47 --------- d-----w C:\Program Files\Dl_cats
2008-06-24 20:34 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 00:35 383 --sh--w C:\Program Files\desktop.ini
2008-05-31 22:58 --------- d-----w C:\Program Files\VideoLAN
2008-05-31 22:56 --------- d-----w C:\Program Files\DivX
2008-05-13 15:55 --------- d-----w C:\Documents and Settings\Pimpin Ken\Application Data\CyberLink
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-09 21:47 --------- d-----w C:\Program Files\Java
2008-05-09 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 19:26 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Malwarebytes
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 16:47 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\clb.dll
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 00:10 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2008-05-04 19:44 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-04 15:06 --------- d-----w C:\Documents and Settings\kiwana\Application Data\InstallShield Installation Information
2008-05-01 18:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 18:06 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-29 19:41 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Move Networks
2008-04-28 19:57 634,628 ----a-w C:\WINDOWS\java\Packages\BDZ3XBF9.ZIP
2008-04-28 03:45 --------- d-----w C:\Program Files\Google
2008-04-27 17:33 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-04-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-27 07:24 --------- d-----w C:\Documents and Settings\Jessica\Application Data\PC Tools
2008-04-26 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Visual Networks
2008-04-24 13:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:42 8,944,288 ----a-w C:\Program Files\P-Diddy feat. Keisha Cole- Last night.mp3
2008-04-13 22:19 2,353 --sh--w C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Small.jpg
2008-04-13 22:18 9,449 --sh--w C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Large.jpg
2008-04-13 22:18 9,173 --sh--w C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Large.jpg
2008-04-13 22:18 7,783 --sh--w C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg
2008-04-13 22:18 2,429 --sh--w C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Small.jpg
2008-04-13 22:18 2,219 --sh--w C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg
2008-04-13 22:17 8,798 --sh--w C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Large.jpg
2008-04-13 22:17 3,024 --sh--w C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Small.jpg
2008-04-13 22:17 2,765 --sh--w C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Small.jpg
2008-04-13 22:17 2,403 --sh--w C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Small.jpg
2008-04-13 22:17 2,388 --sh--w C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Small.jpg
2008-04-13 22:17 12,196 --sh--w C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Large.jpg
2008-04-13 22:17 10,291 --sh--w C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Large.jpg
2008-04-13 22:16 3,208,853 ----a-w C:\Program Files\Fall Out Boy-This Aint A Scene, Its An Arms Race.mp3
2008-04-13 22:16 10,044 --sh--w C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Large.jpg
2008-04-13 22:15 8,915 --sh--w C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Large.jpg
2008-04-13 22:15 8,814 --sh--w C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Large.jpg
2008-04-13 22:15 7,954 --sh--w C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Large.jpg
2008-04-13 22:15 2,509 --sh--w C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Small.jpg
2008-04-13 22:15 2,412 --sh--w C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Small.jpg
2008-04-13 22:15 2,095 --sh--w C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Small.jpg
2008-04-13 22:14 8,574 --sh--w C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Large.jpg
2008-04-13 22:14 7,495 --sh--w C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Large.jpg
2008-04-13 22:14 2,389 --sh--w C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Small.jpg
2008-04-13 22:14 2,229 --sh--w C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Small.jpg
2008-04-13 22:14 2,175 --sh--w C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Small.jpg
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Pimpin Ken\Application Data\Corel ----

2008-06-24 15:28 86511 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\wp12US.wpt
2008-06-24 15:28 22297 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\XML.wpt
2004-01-27 11:01 2900 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\corelpdf.ini
2004-01-16 18:41 23442 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\maco.lab
2004-01-16 18:36 17288 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\WilsonJ.lab
2003-11-11 15:03 4009 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\wp_org.wcm
2003-11-11 15:02 65281 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\tconvert.wcm
2003-11-11 15:02 58688 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\uawp12EN.wcm
2003-11-11 15:01 8158 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\SAVETOA.WCM
2003-11-11 15:00 42426 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\reverse.wcm
2003-11-11 15:00 18553 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\saveall.wcm
2003-11-11 14:59 160042 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\prompts.wcm
2003-11-11 14:47 44524 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\pleading.wcm
2003-11-11 14:38 45173 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\LONGNAME.WCM
2003-11-11 14:38 43717 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\PARABRK.WCM
2003-11-11 14:37 4318 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\nomacro.wcm
2003-11-11 14:36 7454 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\FONTUP.WCM
2003-11-11 14:36 2955 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\footend.wcm
2003-11-11 14:35 7617 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\FONTDN.WCM
2003-11-11 14:30 13243 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\flipenv.wcm
2003-11-11 14:29 19439 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\EXPNDALL.WCM
2003-11-11 14:29 17429 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\FILESTMP.WCM
2003-11-11 14:28 2955 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\endfoot.wcm
2003-11-11 14:27 10929 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\DCConvert.wcm
2003-11-11 14:24 112831 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\cvtdocs12.wcm
2003-11-11 14:23 3267 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\CTRLM.WCM
2003-11-11 14:23 21991 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\closeall.wcm
2003-11-11 14:22 7920 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\checkbox.wcm
2003-11-11 14:22 15786 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ALLFONTS.WCM
2003-11-11 12:54 20972 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\adrs2mrg.wcm
2003-11-11 12:52 45331 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ABBREV.WCM
2003-11-11 12:34 7832 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\wp_pr.wcm
2003-08-14 13:06 3018 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\CorelApp.ini
2003-08-14 13:05 54712 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\filters.ini
2003-01-01 13:01 79658 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\app-a50.wpt
2003-01-01 13:01 76263 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\app-d30.wpt
2003-01-01 13:01 7128 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\stucco2.gif
2003-01-01 13:01 48935 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html32ip.wpt
2003-01-01 13:01 4483 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\stucco1.gif
2003-01-01 13:01 41380 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\overview.wpt
2003-01-01 13:01 40744 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html3_2.wpt
2003-01-01 13:01 40086 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\xmlnews.wpt
2003-01-01 13:01 37971 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html.wpt
2003-01-01 13:01 29961 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\sample1.wpt
2003-01-01 13:01 27328 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\wrinkle.gif
2003-01-01 13:01 248062 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\docbook3.wpt
2003-01-01 13:01 218743 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\docbook2.wpt
2003-01-01 13:01 16395 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\tile.gif
2003-01-01 13:01 161751 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\sample2.wpt
2003-01-01 13:01 12684 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\water.gif
2003-01-01 13:01 101368 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\teilite.wpt
2003-01-01 13:00 9585 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\marble1.gif
2003-01-01 13:00 8391 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\oil1.gif
2003-01-01 13:00 8235 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\lace1.gif
2003-01-01 13:00 5120 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\_autotmp.wpx
2003-01-01 13:00 44948 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\paper2.gif
2003-01-01 13:00 38696 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\marble2.gif
2003-01-01 13:00 36014 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\greenbrk.gif
2003-01-01 13:00 3362 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\rock.gif
2003-01-01 13:00 27655 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\pine.gif
2003-01-01 13:00 19328 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\poplar.gif
2003-01-01 13:00 17797 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\bluterra.gif
2003-01-01 13:00 17376 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt
2003-01-01 13:00 16182 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\paper1.gif
2003-01-01 13:00 15238 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\poly.gif
2003-01-01 13:00 111114 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\lace2.gif
2003-01-01 13:00 10491 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\hatch.gif
2003-01-01 13:00 10123 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\oil2.gif
2003-01-01 12:57 4284 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Tower.lab
2003-01-01 12:56 60442 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Herma_e.lab
2003-01-01 12:55 41772 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Avery Labels EN.lab
2003-01-01 12:55 24720 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Avery Labels A4.lab
2003-01-01 12:55 1290 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\c-line.lab
2003-01-01 12:55 12654 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\apli_eng.lab
2003-01-01 12:53 6712 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender06.wpg
2003-01-01 12:53 670 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender02.wpg
2003-01-01 12:53 482 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender10.wpg
2003-01-01 12:53 3418 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender05.wpg
2003-01-01 12:53 2271 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender07.wpg
2003-01-01 12:53 1855 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender08.wpg
2003-01-01 12:53 1454 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender03.wpg
2003-01-01 12:53 1404 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender09.wpg
2003-01-01 12:53 1286 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender01.wpg
2003-01-01 12:53 1167 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender04.wpg
2003-01-01 12:49 69 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\CdrConv.ini
2003-01-01 12:49 3249 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\Corelflt.ini
2003-01-01 12:49 1887 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\Color.ini

---- Directory of C:\Documents and Settings\Pimpin Ken\Application Data\Help ----



((((((((((((((((((((((((((((( [email protected]_18.13.10.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 23:04:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 14:18:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 07:38 69632]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-08 23:05 26112]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-02 20:39 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-05-01 13:06]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 13:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 12:34:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 12:37:12
ComboFix-quarantined-files.txt 2008-06-26 17:36:26
ComboFix2.txt 2008-06-25 23:13:38

Pre-Run: 44,930,134,016 bytes free
Post-Run: 44,950,847,488 bytes free

493 --- E O F --- 2008-06-20 15:32:29

Edited by Dazed&Confused08, 26 June 2008 - 11:42 AM.

  • 0

#20
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my ComboFix log

ComboFix 08-06-20.4 - Jessica 2008-06-26 12:32:30.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.893 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Large.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Small.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Large.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Small.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Small.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Large.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Small.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Large.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Small.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Large.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Small.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Large.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Small.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Large.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Small.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Large.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Small.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Large.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Small.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Large.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Small.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Large.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Small.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Large.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Small.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Large.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Small.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Large.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Small.jpg
C:\Program Files\AlbumArtSmall.jpg
C:\Program Files\Aretha Franklin (feat. Lauryn Hill) - A Rose Is Still A Rose.mp3
C:\Program Files\Dixie Chicks - Landslide.mp3
C:\Program Files\Elisa - Dancing.mp3
C:\Program Files\Fall Out Boy - Get Busy Living Or Get Busy Dying.mp3
C:\Program Files\Folder.jpg
C:\Program Files\Harvey Birdman Attorney at Law - 103 - Death By Chocolate.mpg
C:\Program Files\Harvey Birdman Attorney at Law - 109 - Blackwatch Plaid.mpg
C:\Program Files\Journey - Don't Stop Beleiving.MP3
C:\Program Files\Journey - When The Lights Go Down In The City.mp3
C:\Program Files\Madonna Feat Justin Timberlake & Timbaland-4 Minutes.mp3
C:\Program Files\Maroon 5 - Harder To Breathe.mp3
C:\Program Files\Maroon 5 - Shiver.mp3
C:\Program Files\Maroon 5 - Simple Kind of Lovely.mp3
C:\Program Files\Maroon five - Rag Doll.mp3
C:\Program Files\Musiq Soulchild - Dont Change.mp3
C:\Program Files\Nickelback - Photogragh.mp3
C:\Program Files\Nsync - I thought she knew.mp3
C:\Program Files\Nsync - Selfish.mp3
C:\Program Files\Nsync - Something Like You.mp3
C:\Program Files\Pharell Williams, P Diddy, Lenny Kravitz - Show Me Your Soul.mp3
C:\Program Files\Phil Collins - Take Me Home (long version).mp3
C:\Program Files\Phil Collins - You'll Be In My Heart.mp3
C:\Program Files\Sade - King Of Sorrow.mp3
C:\Program Files\Switchfoot - I Dare You To Move (A Walk To Remember Soundtrack)(1).mp3
C:\WINDOWS\system32\6709BCCFE0.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jessica\Application Data\FrostWire
C:\Documents and Settings\Jessica\Application Data\FrostWire\createtimes.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\data.ser
C:\Documents and Settings\Jessica\Application Data\FrostWire\fileurns.bak
C:\Documents and Settings\Jessica\Application Data\FrostWire\fileurns.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\filters.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\frostwire.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\gnutella.net
C:\Documents and Settings\Jessica\Application Data\FrostWire\installation.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\library.dat
C:\Documents and Settings\Jessica\Application Data\FrostWire\pub1.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\public.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\questions.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\responses.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\secureMessage.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\spam.dat
C:\Documents and Settings\Jessica\Application Data\FrostWire\tables.props
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme.skin
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme\kill.png
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
C:\Documents and Settings\Jessica\Application Data\FrostWire\themes\frostwire_theme\theme.txt
C:\Documents and Settings\Jessica\Application Data\FrostWire\ttree.cache
C:\Documents and Settings\Jessica\Application Data\FrostWire\version.key
C:\Documents and Settings\Jessica\Application Data\FrostWire\version.xml
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\data\audio.sxml
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\data\delete_me
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\data\video.sxml
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\application.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\audio.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\document.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\image.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\misc\video.gif
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\application.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\audio.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\document.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\image.xsd
C:\Documents and Settings\Jessica\Application Data\FrostWire\xml\schemas\video.xsd
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Large.jpg
C:\Program Files\AlbumArt_{033D1EB7-074A-46D2-BA8A-17D0065BFBF3}_Small.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Large.jpg
C:\Program Files\AlbumArt_{18E0C471-9547-461B-B883-11319DB73B6D}_Small.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Large.jpg
C:\Program Files\AlbumArt_{22CCD8D5-06CF-49FE-BC7C-0C701F5B94AD}_Small.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Large.jpg
C:\Program Files\AlbumArt_{28589D26-941F-487F-8083-26A485FE8DF3}_Small.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Large.jpg
C:\Program Files\AlbumArt_{38B91EDA-C821-4B5B-ADAC-CCE0D5E56086}_Small.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Large.jpg
C:\Program Files\AlbumArt_{4FC3015B-9D06-4C8A-BCD0-3199619B0F84}_Small.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Large.jpg
C:\Program Files\AlbumArt_{6BD410FA-C4E0-40CC-BAA0-721B8D95A562}_Small.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Large.jpg
C:\Program Files\AlbumArt_{6E91038F-40AF-43DF-B7EB-445D2A7501CE}_Small.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Large.jpg
C:\Program Files\AlbumArt_{78A4206F-C8AD-45D4-B1A5-ED5044C8BAD1}_Small.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Large.jpg
C:\Program Files\AlbumArt_{9830F7D9-15CA-47D1-B61E-D55C9179548A}_Small.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Large.jpg
C:\Program Files\AlbumArt_{9DD0D907-2284-4F72-9391-14BB2B690BA8}_Small.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Large.jpg
C:\Program Files\AlbumArt_{BEC47316-A373-4054-8368-7D8D139252D7}_Small.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Large.jpg
C:\Program Files\AlbumArt_{C1E4658C-4D7B-481F-8A25-E033A117028A}_Small.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Large.jpg
C:\Program Files\AlbumArt_{C79F18F5-5CE1-469C-9E63-F772460A2263}_Small.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Large.jpg
C:\Program Files\AlbumArt_{C91F467F-9332-482A-80E6-B9AF8BE8C16D}_Small.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Large.jpg
C:\Program Files\AlbumArt_{CC231E2D-2C05-4C61-813B-E4B6D42BED36}_Small.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Large.jpg
C:\Program Files\AlbumArt_{DE36FA42-A68C-4CA2-AE5B-4C11D5042FDF}_Small.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Large.jpg
C:\Program Files\AlbumArt_{EAB9A23B-D51C-4FE4-84DA-1780064BD5D9}_Small.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Large.jpg
C:\Program Files\AlbumArt_{F41A35BC-CE0D-4961-B41D-D6040135C77A}_Small.jpg
C:\Program Files\AlbumArtSmall.jpg
C:\Program Files\Aretha Franklin (feat. Lauryn Hill) - A Rose Is Still A Rose.mp3
C:\Program Files\Dixie Chicks - Landslide.mp3
C:\Program Files\Elisa - Dancing.mp3
C:\Program Files\Fall Out Boy - Get Busy Living Or Get Busy Dying.mp3
C:\Program Files\Folder.jpg
C:\Program Files\FrostWire
C:\Program Files\FrostWire\clink.jar
C:\Program Files\FrostWire\commons-httpclient.jar
C:\Program Files\FrostWire\commons-logging.jar
C:\Program Files\FrostWire\commons-net.jar
C:\Program Files\FrostWire\commons-pool.jar
C:\Program Files\FrostWire\daap.jar
C:\Program Files\FrostWire\EULA.txt
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\FrostWire\FrostWire.ico
C:\Program Files\FrostWire\FrostWire.jar
C:\Program Files\FrostWire\GPL2.txt
C:\Program Files\FrostWire\hashes
C:\Program Files\FrostWire\hs_err_pid1912.log
C:\Program Files\FrostWire\i18n.jar
C:\Program Files\FrostWire\icu4j.jar
C:\Program Files\FrostWire\id3v2.jar
C:\Program Files\FrostWire\irc.jar
C:\Program Files\FrostWire\jcraft.jar
C:\Program Files\FrostWire\jdic.dll
C:\Program Files\FrostWire\jdic.jar
C:\Program Files\FrostWire\jdic_stub.jar
C:\Program Files\FrostWire\jl011.jar
C:\Program Files\FrostWire\jmdns.jar
C:\Program Files\FrostWire\jython.jar
C:\Program Files\FrostWire\log.txt
C:\Program Files\FrostWire\log4j.jar
C:\Program Files\FrostWire\log4j.properties
C:\Program Files\FrostWire\looks.jar
C:\Program Files\FrostWire\MessagesBundle.properties
C:\Program Files\FrostWire\MessagesBundles.jar
C:\Program Files\FrostWire\mp3sp14.jar
C:\Program Files\FrostWire\pmf.ico
C:\Program Files\FrostWire\ProgressTabs.jar
C:\Program Files\FrostWire\SystemUtilities.dll
C:\Program Files\FrostWire\themes.jar
C:\Program Files\FrostWire\tray.dll
C:\Program Files\FrostWire\tritonus.jar
C:\Program Files\FrostWire\Uninstall.exe
C:\Program Files\FrostWire\update.ver
C:\Program Files\FrostWire\vorbis.jar
C:\Program Files\FrostWire\xml-apis.jar
C:\Program Files\FrostWire\xml.war
C:\Program Files\Harvey Birdman Attorney at Law - 103 - Death By Chocolate.mpg
C:\Program Files\Harvey Birdman Attorney at Law - 109 - Blackwatch Plaid.mpg
C:\Program Files\Journey - Don't Stop Beleiving.MP3
C:\Program Files\Journey - When The Lights Go Down In The City.mp3
C:\Program Files\Madonna Feat Justin Timberlake & Timbaland-4 Minutes.mp3
C:\Program Files\Maroon 5 - Harder To Breathe.mp3
C:\Program Files\Maroon 5 - Shiver.mp3
C:\Program Files\Maroon 5 - Simple Kind of Lovely.mp3
C:\Program Files\Maroon five - Rag Doll.mp3
C:\Program Files\Musiq Soulchild - Dont Change.mp3
C:\Program Files\Nickelback - Photogragh.mp3
C:\Program Files\Nsync - I thought she knew.mp3
C:\Program Files\Nsync - Selfish.mp3
C:\Program Files\Nsync - Something Like You.mp3
C:\Program Files\Pharell Williams, P Diddy, Lenny Kravitz - Show Me Your Soul.mp3
C:\Program Files\Phil Collins - Take Me Home (long version).mp3
C:\Program Files\Phil Collins - You'll Be In My Heart.mp3
C:\Program Files\Sade - King Of Sorrow.mp3
C:\Program Files\Switchfoot - I Dare You To Move (A Walk To Remember Soundtrack)(1).mp3
C:\WINDOWS\system32\6709BCCFE0.sys

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 12:39 . 2008-06-25 12:39 <DIR> d-------- C:\Deckard
2008-06-24 15:25 . 2008-06-24 15:25 <DIR> d-------- C:\Documents and Settings\Pimpin Ken\Application Data\Corel
2008-06-21 23:54 . 2008-06-21 23:54 1,932 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-11 08:29 . 2008-06-13 06:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 08:29 . 2008-05-08 09:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 17:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:19 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-26 16:47 --------- d-----w C:\Program Files\Dl_cats
2008-06-24 20:34 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 00:35 383 --sh--w C:\Program Files\desktop.ini
2008-05-31 22:58 --------- d-----w C:\Program Files\VideoLAN
2008-05-31 22:56 --------- d-----w C:\Program Files\DivX
2008-05-13 15:55 --------- d-----w C:\Documents and Settings\Pimpin Ken\Application Data\CyberLink
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-09 21:47 --------- d-----w C:\Program Files\Java
2008-05-09 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 19:26 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Malwarebytes
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 16:47 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\clb.dll
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 00:10 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2008-05-04 19:44 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-04 15:06 --------- d-----w C:\Documents and Settings\kiwana\Application Data\InstallShield Installation Information
2008-05-01 18:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 18:06 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-29 19:41 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Move Networks
2008-04-28 19:57 634,628 ----a-w C:\WINDOWS\java\Packages\BDZ3XBF9.ZIP
2008-04-28 03:45 --------- d-----w C:\Program Files\Google
2008-04-27 17:33 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-04-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-27 07:24 --------- d-----w C:\Documents and Settings\Jessica\Application Data\PC Tools
2008-04-26 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Visual Networks
2008-04-24 13:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:42 8,944,288 ----a-w C:\Program Files\P-Diddy feat. Keisha Cole- Last night.mp3
2008-04-13 22:19 2,353 --sh--w C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Small.jpg
2008-04-13 22:18 9,449 --sh--w C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Large.jpg
2008-04-13 22:18 9,173 --sh--w C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Large.jpg
2008-04-13 22:18 7,783 --sh--w C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg
2008-04-13 22:18 2,429 --sh--w C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Small.jpg
2008-04-13 22:18 2,219 --sh--w C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg
2008-04-13 22:17 8,798 --sh--w C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Large.jpg
2008-04-13 22:17 3,024 --sh--w C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Small.jpg
2008-04-13 22:17 2,765 --sh--w C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Small.jpg
2008-04-13 22:17 2,403 --sh--w C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Small.jpg
2008-04-13 22:17 2,388 --sh--w C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Small.jpg
2008-04-13 22:17 12,196 --sh--w C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Large.jpg
2008-04-13 22:17 10,291 --sh--w C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Large.jpg
2008-04-13 22:16 3,208,853 ----a-w C:\Program Files\Fall Out Boy-This Aint A Scene, Its An Arms Race.mp3
2008-04-13 22:16 10,044 --sh--w C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Large.jpg
2008-04-13 22:15 8,915 --sh--w C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Large.jpg
2008-04-13 22:15 8,814 --sh--w C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Large.jpg
2008-04-13 22:15 7,954 --sh--w C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Large.jpg
2008-04-13 22:15 2,509 --sh--w C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Small.jpg
2008-04-13 22:15 2,412 --sh--w C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Small.jpg
2008-04-13 22:15 2,095 --sh--w C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Small.jpg
2008-04-13 22:14 8,574 --sh--w C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Large.jpg
2008-04-13 22:14 7,495 --sh--w C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Large.jpg
2008-04-13 22:14 2,389 --sh--w C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Small.jpg
2008-04-13 22:14 2,229 --sh--w C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Small.jpg
2008-04-13 22:14 2,175 --sh--w C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Small.jpg
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Pimpin Ken\Application Data\Corel ----

2008-06-24 15:28 86511 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\wp12US.wpt
2008-06-24 15:28 22297 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\XML.wpt
2004-01-27 11:01 2900 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\corelpdf.ini
2004-01-16 18:41 23442 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\maco.lab
2004-01-16 18:36 17288 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\WilsonJ.lab
2003-11-11 15:03 4009 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\wp_org.wcm
2003-11-11 15:02 65281 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\tconvert.wcm
2003-11-11 15:02 58688 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\uawp12EN.wcm
2003-11-11 15:01 8158 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\SAVETOA.WCM
2003-11-11 15:00 42426 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\reverse.wcm
2003-11-11 15:00 18553 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\saveall.wcm
2003-11-11 14:59 160042 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\prompts.wcm
2003-11-11 14:47 44524 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\pleading.wcm
2003-11-11 14:38 45173 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\LONGNAME.WCM
2003-11-11 14:38 43717 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\PARABRK.WCM
2003-11-11 14:37 4318 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\nomacro.wcm
2003-11-11 14:36 7454 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\FONTUP.WCM
2003-11-11 14:36 2955 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\footend.wcm
2003-11-11 14:35 7617 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\FONTDN.WCM
2003-11-11 14:30 13243 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\flipenv.wcm
2003-11-11 14:29 19439 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\EXPNDALL.WCM
2003-11-11 14:29 17429 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\FILESTMP.WCM
2003-11-11 14:28 2955 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\endfoot.wcm
2003-11-11 14:27 10929 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\DCConvert.wcm
2003-11-11 14:24 112831 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\cvtdocs12.wcm
2003-11-11 14:23 3267 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\CTRLM.WCM
2003-11-11 14:23 21991 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\closeall.wcm
2003-11-11 14:22 7920 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\checkbox.wcm
2003-11-11 14:22 15786 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ALLFONTS.WCM
2003-11-11 12:54 20972 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\adrs2mrg.wcm
2003-11-11 12:52 45331 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ABBREV.WCM
2003-11-11 12:34 7832 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\wp_pr.wcm
2003-08-14 13:06 3018 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\CorelApp.ini
2003-08-14 13:05 54712 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\filters.ini
2003-01-01 13:01 79658 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\app-a50.wpt
2003-01-01 13:01 76263 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\app-d30.wpt
2003-01-01 13:01 7128 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\stucco2.gif
2003-01-01 13:01 48935 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html32ip.wpt
2003-01-01 13:01 4483 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\stucco1.gif
2003-01-01 13:01 41380 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\overview.wpt
2003-01-01 13:01 40744 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html3_2.wpt
2003-01-01 13:01 40086 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\xmlnews.wpt
2003-01-01 13:01 37971 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\html.wpt
2003-01-01 13:01 29961 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\sample1.wpt
2003-01-01 13:01 27328 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\wrinkle.gif
2003-01-01 13:01 248062 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\docbook3.wpt
2003-01-01 13:01 218743 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\docbook2.wpt
2003-01-01 13:01 16395 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\tile.gif
2003-01-01 13:01 161751 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\sample2.wpt
2003-01-01 13:01 12684 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\water.gif
2003-01-01 13:01 101368 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\XML\teilite.wpt
2003-01-01 13:00 9585 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\marble1.gif
2003-01-01 13:00 8391 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\oil1.gif
2003-01-01 13:00 8235 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\lace1.gif
2003-01-01 13:00 5120 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\_autotmp.wpx
2003-01-01 13:00 44948 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\paper2.gif
2003-01-01 13:00 38696 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\marble2.gif
2003-01-01 13:00 36014 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\greenbrk.gif
2003-01-01 13:00 3362 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\rock.gif
2003-01-01 13:00 27655 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\pine.gif
2003-01-01 13:00 19328 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\poplar.gif
2003-01-01 13:00 17797 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\bluterra.gif
2003-01-01 13:00 17376 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\qw12EN.wpt
2003-01-01 13:00 16182 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\paper1.gif
2003-01-01 13:00 15238 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\poly.gif
2003-01-01 13:00 111114 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\lace2.gif
2003-01-01 13:00 10491 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\hatch.gif
2003-01-01 13:00 10123 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectExpert\12\Custom WP Templates\oil2.gif
2003-01-01 12:57 4284 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Tower.lab
2003-01-01 12:56 60442 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Herma_e.lab
2003-01-01 12:55 41772 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Avery Labels EN.lab
2003-01-01 12:55 24720 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\Avery Labels A4.lab
2003-01-01 12:55 1290 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\c-line.lab
2003-01-01 12:55 12654 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect\12\Labels\apli_eng.lab
2003-01-01 12:53 6712 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender06.wpg
2003-01-01 12:53 670 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender02.wpg
2003-01-01 12:53 482 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender10.wpg
2003-01-01 12:53 3418 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender05.wpg
2003-01-01 12:53 2271 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender07.wpg
2003-01-01 12:53 1855 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender08.wpg
2003-01-01 12:53 1454 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender03.wpg
2003-01-01 12:53 1404 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender09.wpg
2003-01-01 12:53 1286 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender01.wpg
2003-01-01 12:53 1167 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\PerfectScript\12\WordPerfect\ender04.wpg
2003-01-01 12:49 69 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\CdrConv.ini
2003-01-01 12:49 3249 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\Corelflt.ini
2003-01-01 12:49 1887 --a------ C:\Documents and Settings\Pimpin Ken\Application Data\Corel\WordPerfect Office 12\User Config\Color.ini

---- Directory of C:\Documents and Settings\Pimpin Ken\Application Data\Help ----



((((((((((((((((((((((((((((( [email protected]_18.13.10.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 23:04:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 14:18:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 07:38 69632]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-08 23:05 26112]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-02 20:39 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-05-01 13:06]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 13:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 12:34:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 12:37:12
ComboFix-quarantined-files.txt 2008-06-26 17:36:26
ComboFix2.txt 2008-06-25 23:13:38

Pre-Run: 44,930,134,016 bytes free
Post-Run: 44,950,847,488 bytes free

493 --- E O F --- 2008-06-20 15:32:29
  • 0

#21
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:58 PM, on 6/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games....ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.cus...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...960/mcfscan.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6688 bytes
  • 0

#22
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Dazed&Confused08,

Looks like my eyes were playing tricks on me and I missed a few of the files the first time :) so lets get rid of the rest.


Please follow the steps below:


Combofix Script.txt

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\P-Diddy feat. Keisha Cole- Last night.mp3
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Small.jpg
C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Large.jpg
C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Large.jpg
C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg
C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Small.jpg
C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg
C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Large.jpg
C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Small.jpg
C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Small.jpg
C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Small.jpg
C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Small.jpg
C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Large.jpg
C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Large.jpg
C:\Program Files\Fall Out Boy-This Aint A Scene, Its An Arms Race.mp3
C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Large.jpg
C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Large.jpg
C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Large.jpg
C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Large.jpg
C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Small.jpg
C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Small.jpg
C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Small.jpg
C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Large.jpg
C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Large.jpg
C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Small.jpg
C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Small.jpg
C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Small.jpg


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

===============================================



ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

===============================================

Kaspersky WebScanner
please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
===============================================

Needed in your next reply:

ComboFix Log

Kaspersky WebScanner Results

And let me know how things are running :)

*NOTE* You may need to post the requested logs in more then one reply due to how long they are. Please check to make sure all of the logs are posted.
  • 0

#23
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my ComboFix log

ComboFix 08-06-20.4 - Jessica 2008-06-26 13:40:58.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.876 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Large.jpg
C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Small.jpg
C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Large.jpg
C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Small.jpg
C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Large.jpg
C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Small.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Small.jpg
C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Large.jpg
C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Small.jpg
C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Large.jpg
C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Small.jpg
C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Large.jpg
C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Small.jpg
C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Large.jpg
C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Small.jpg
C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg
C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg
C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Large.jpg
C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Small.jpg
C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Large.jpg
C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Small.jpg
C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Large.jpg
C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Small.jpg
C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Large.jpg
C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Small.jpg
C:\Program Files\Fall Out Boy-This Aint A Scene, Its An Arms Race.mp3
C:\Program Files\P-Diddy feat. Keisha Cole- Last night.mp3
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Large.jpg
C:\Program Files\AlbumArt_{08098882-E0B2-43A9-942F-12F923FF5998}_Small.jpg
C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Large.jpg
C:\Program Files\AlbumArt_{0C5915AB-BCCE-4C76-B3B0-BC59D1CC4A1B}_Small.jpg
C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Large.jpg
C:\Program Files\AlbumArt_{20EEE73E-5BD8-4F6F-8B04-8FDB3C988089}_Small.jpg
C:\Program Files\AlbumArt_{305C1E68-7556-453B-B2B3-E07E091D44E6}_Small.jpg
C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Large.jpg
C:\Program Files\AlbumArt_{38EA4E20-F84E-4BA2-9B46-7CE9BA2863A4}_Small.jpg
C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Large.jpg
C:\Program Files\AlbumArt_{5BA158BA-1376-4B75-9912-3EADD5C69625}_Small.jpg
C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Large.jpg
C:\Program Files\AlbumArt_{6F5AD8DD-5286-4BD4-ABAC-39B30077C604}_Small.jpg
C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Large.jpg
C:\Program Files\AlbumArt_{9EBDBA08-AE07-4F77-A6CD-6E5E0E8FFE71}_Small.jpg
C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Large.jpg
C:\Program Files\AlbumArt_{A158502E-D531-4BC9-966B-5CFC0EEE8D9D}_Small.jpg
C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Large.jpg
C:\Program Files\AlbumArt_{A656F895-F50C-43C6-815D-1000CCE2C02C}_Small.jpg
C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Large.jpg
C:\Program Files\AlbumArt_{AE85E330-21BE-4D3D-9954-75312FFF543E}_Small.jpg
C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Large.jpg
C:\Program Files\AlbumArt_{B6287462-6DFF-464A-89FD-B0867AB749E3}_Small.jpg
C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Large.jpg
C:\Program Files\AlbumArt_{F93F3FAD-2F98-48F1-870E-9AD9F9E6E2E5}_Small.jpg
C:\Program Files\Fall Out Boy-This Aint A Scene, Its An Arms Race.mp3
C:\Program Files\P-Diddy feat. Keisha Cole- Last night.mp3

.
((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 12:39 . 2008-06-25 12:39 <DIR> d-------- C:\Deckard
2008-06-24 15:25 . 2008-06-24 15:25 <DIR> d-------- C:\Documents and Settings\Pimpin Ken\Application Data\Corel
2008-06-21 23:54 . 2008-06-21 23:54 1,932 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-11 08:29 . 2008-06-13 06:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 08:29 . 2008-05-08 09:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 17:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:19 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-26 16:47 --------- d-----w C:\Program Files\Dl_cats
2008-06-24 20:34 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 00:35 383 --sh--w C:\Program Files\desktop.ini
2008-05-31 22:58 --------- d-----w C:\Program Files\VideoLAN
2008-05-31 22:56 --------- d-----w C:\Program Files\DivX
2008-05-13 15:55 --------- d-----w C:\Documents and Settings\Pimpin Ken\Application Data\CyberLink
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-09 21:47 --------- d-----w C:\Program Files\Java
2008-05-09 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 19:26 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Malwarebytes
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 16:47 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\clb.dll
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-06 00:10 --------- d-----w C:\Program Files\Mozilla Firefox(2)
2008-05-04 19:44 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-04 15:06 --------- d-----w C:\Documents and Settings\kiwana\Application Data\InstallShield Installation Information
2008-05-01 18:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 18:06 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-29 19:41 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Move Networks
2008-04-28 19:57 634,628 ----a-w C:\WINDOWS\java\Packages\BDZ3XBF9.ZIP
2008-04-28 03:45 --------- d-----w C:\Program Files\Google
2008-04-27 17:33 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-04-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-27 07:24 --------- d-----w C:\Documents and Settings\Jessica\Application Data\PC Tools
2008-04-26 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Visual Networks
2008-04-24 13:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 22:42 7,605,857 ----a-w C:\Program Files\Gwen Steffani - Wind It Up.mp3
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-10 04:11 8,412 --sh--w C:\Program Files\AlbumArt_{41E88225-A345-4F9B-ABCC-68C71057C919}_Large.jpg
2008-04-10 04:11 2,401 --sh--w C:\Program Files\AlbumArt_{41E88225-A345-4F9B-ABCC-68C71057C919}_Small.jpg
2008-04-10 04:10 2,888 --sh--w C:\Program Files\AlbumArt_{F1F9DFCC-4E07-48F7-A59D-E4743097ABEE}_Small.jpg
2008-04-10 04:10 10,506 --sh--w C:\Program Files\AlbumArt_{F1F9DFCC-4E07-48F7-A59D-E4743097ABEE}_Large.jpg
2008-04-01 21:57 5,622,768 ----a-w C:\Program Files\Carrie Underwood - Before He Cheats.Mp3
2008-04-01 21:57 3,828,437 ----a-w C:\Program Files\Jamiroquai - Little L.mp3
2008-04-01 21:51 4,233,647 ----a-w C:\Program Files\Red Hot Chilli Peppers - City of Angels.mp3
2008-04-01 21:50 8,550 --sh--w C:\Program Files\AlbumArt_{2C37F23F-6CEA-4CBC-B2F9-BE20D211E5EC}_Large.jpg
2008-04-01 21:50 8,506,942 ----a-w C:\Program Files\Ciara - Get Up.mp3
2008-04-01 21:50 8,284 --sh--w C:\Program Files\AlbumArt_{CAD8CB3D-A890-40E1-8D5C-ACA336C6D779}_Large.jpg
2008-04-01 21:50 2,389 --sh--w C:\Program Files\AlbumArt_{CAD8CB3D-A890-40E1-8D5C-ACA336C6D779}_Small.jpg
2008-04-01 21:50 2,333 --sh--w C:\Program Files\AlbumArt_{2C37F23F-6CEA-4CBC-B2F9-BE20D211E5EC}_Small.jpg
2008-04-01 21:49 4,065 --sh--w C:\Program Files\AlbumArt_{793208AE-A9A4-4EFF-A89A-D25C530348C7}_Large.jpg
2008-04-01 21:49 2,675 --sh--w C:\Program Files\AlbumArt_{D2EB3CBD-4AC8-402E-8ED4-5F8F3160F62F}_Small.jpg
2008-04-01 21:49 10,391 --sh--w C:\Program Files\AlbumArt_{D2EB3CBD-4AC8-402E-8ED4-5F8F3160F62F}_Large.jpg
.

((((((((((((((((((((((((((((( [email protected]_18.13.10.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 23:04:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-26 14:18:51 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 07:38 69632]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-08 23:05 26112]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-02 20:39 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-05-01 13:06]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 13:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 13:42:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 13:44:07
ComboFix-quarantined-files.txt 2008-06-26 18:43:45
ComboFix2.txt 2008-06-26 17:37:12
ComboFix3.txt 2008-06-25 23:13:38

Pre-Run: 44,972,294,144 bytes free
Post-Run: 44,948,983,808 bytes free

247 --- E O F --- 2008-06-20 15:32:29
  • 0

#24
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:22 PM, on 6/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games....ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.cus...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...960/mcfscan.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6687 bytes
  • 0

#25
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Dazed&Confused08,

Ok I figured out why every time I get a new log there are more C:\Program Files\AlbumArt… files. Combofix only looks back at files for about 3 months, and every time we have run it, it clears out a few days worth of files so then it reads older files it did not read the last time.

So here’s what you need to do, since I can’t see all the files you can do it the old way.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\Program Files\ then delete anything that is a song ( title of song .mp3 ) or that says AlbumArt



Also don’t forget the Kaspersky WebScanner Results, and let me know how things are running :)
  • 0

Advertisements


#26
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, June 26, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, June 26, 2008 17:45:34
Records in database: 884878
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Files scanned: 93321
Threat name: 5
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 01:26:42


File name / Threat name / Threats count
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-53c56aa5 Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-693a1e59 Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6dcea57c Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-79a56bc7 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\44\3076c3ac-3de03dfe Infected: Trojan-Downloader.Java.OpenConnection.ap 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-3bfc8bb8 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7123a88c Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-2712f29f Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-40f74726 Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\Vickey.JESS\My Documents\SmileyCentralSetup2.2.60.11-2.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DYB49IN\update[1].upd Infected: Trojan-Downloader.Win32.Small.uzg 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODAJGTAB\update[1].upd Infected: Trojan.Win32.Agent.lkz 1

The selected area was scanned.
  • 0

#27
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hello again,

Lets get rid of this last llittle bit.... :)


Combofix Script.txt

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Vickey.JESS\My Documents\SmileyCentralSetup2.2.60.11-2.exe 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DYB49IN\update[1].upd 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODAJGTAB\update[1].upd
Folder::
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-53c56aa5 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-693a1e59 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6dcea57c 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-79a56bc7 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\44\3076c3ac-3de03dfe 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-3bfc8bb8 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7123a88c 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-2712f29f 
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-40f74726


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#28
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my ComboFix log

ComboFix 08-06-20.4 - Jessica 2008-06-26 19:30:53.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.927 [GMT -5:00]
Running from: C:\Documents and Settings\Jessica\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jessica\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Vickey.JESS\My Documents\SmileyCentralSetup2.2.60.11-2.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DYB49IN\update[1].upd
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODAJGTAB\update[1].upd
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-53c56aa5\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-693a1e59\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6dcea57c\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-79a56bc7\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\44\3076c3ac-3de03dfe\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-3bfc8bb8\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7123a88c\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-2712f29f\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-40f74726\
.
---- Previous Run -------
.
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-53c56aa5\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\30\6301139e-693a1e59\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-6dcea57c\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\34\63206922-79a56bc7\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\44\3076c3ac-3de03dfe\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-3bfc8bb8\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-7123a88c\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-2712f29f\
C:\Documents and Settings\Jessica\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-40f74726\
C:\Documents and Settings\Vickey.JESS\My Documents\SmileyCentralSetup2.2.60.11-2.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DYB49IN\update[1].upd
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\ODAJGTAB\update[1].upd

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-25 12:39 . 2008-06-25 12:39 <DIR> d-------- C:\Deckard
2008-06-24 15:25 . 2008-06-24 15:25 <DIR> d-------- C:\Documents and Settings\Pimpin Ken\Application Data\Corel
2008-06-21 23:54 . 2008-06-21 23:54 1,932 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-06-11 08:29 . 2008-06-13 06:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-11 08:29 . 2008-05-08 09:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 17:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 17:19 --------- d-----w C:\Program Files\Spyware Doctor
2008-06-26 16:47 --------- d-----w C:\Program Files\Dl_cats
2008-06-24 20:34 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 00:35 383 --sh--w C:\Program Files\desktop.ini
2008-05-31 22:58 --------- d-----w C:\Program Files\VideoLAN
2008-05-31 22:56 --------- d-----w C:\Program Files\DivX
2008-05-13 15:55 --------- d-----w C:\Documents and Settings\Pimpin Ken\Application Data\CyberLink
2008-05-13 01:49 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-09 21:47 --------- d-----w C:\Program Files\Java
2008-05-09 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 19:26 --------- d-----w C:\Program Files\Yahoo! Games
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Malwarebytes
2008-05-08 20:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-08 16:47 --------- d-----w C:\Program Files\Trend Micro
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\dllcache\clb.dll
2008-05-07 18:31 10,752 ----a-w C:\WINDOWS\system32\clb.dll
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-04 19:44 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-05-04 15:06 --------- d-----w C:\Documents and Settings\kiwana\Application Data\InstallShield Installation Information
2008-05-01 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 18:06 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-04-29 19:41 --------- d-----w C:\Documents and Settings\Jessica\Application Data\Move Networks
2008-04-28 19:57 634,628 ----a-w C:\WINDOWS\java\Packages\BDZ3XBF9.ZIP
2008-04-28 03:45 --------- d-----w C:\Program Files\Google
2008-04-27 17:33 --------- d-----w C:\Program Files\Common Files\PC Tools
2008-04-27 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-04-27 07:24 --------- d-----w C:\Documents and Settings\Jessica\Application Data\PC Tools
2008-04-24 13:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-04-24 03:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-04-24 03:14 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 10:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 10:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 10:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27 79,872 ------w C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-10 04:11 8,412 --sh--w C:\Program Files\AlbumArt_{41E88225-A345-4F9B-ABCC-68C71057C919}_Large.jpg
2008-04-10 04:11 2,401 --sh--w C:\Program Files\AlbumArt_{41E88225-A345-4F9B-ABCC-68C71057C919}_Small.jpg
2008-04-10 04:10 2,888 --sh--w C:\Program Files\AlbumArt_{F1F9DFCC-4E07-48F7-A59D-E4743097ABEE}_Small.jpg
2008-04-10 04:10 10,506 --sh--w C:\Program Files\AlbumArt_{F1F9DFCC-4E07-48F7-A59D-E4743097ABEE}_Large.jpg
2008-04-01 21:50 8,550 --sh--w C:\Program Files\AlbumArt_{2C37F23F-6CEA-4CBC-B2F9-BE20D211E5EC}_Large.jpg
2008-04-01 21:50 8,284 --sh--w C:\Program Files\AlbumArt_{CAD8CB3D-A890-40E1-8D5C-ACA336C6D779}_Large.jpg
2008-04-01 21:50 2,389 --sh--w C:\Program Files\AlbumArt_{CAD8CB3D-A890-40E1-8D5C-ACA336C6D779}_Small.jpg
2008-04-01 21:50 2,333 --sh--w C:\Program Files\AlbumArt_{2C37F23F-6CEA-4CBC-B2F9-BE20D211E5EC}_Small.jpg
2008-04-01 21:49 4,065 --sh--w C:\Program Files\AlbumArt_{793208AE-A9A4-4EFF-A89A-D25C530348C7}_Large.jpg
2008-04-01 21:49 2,675 --sh--w C:\Program Files\AlbumArt_{D2EB3CBD-4AC8-402E-8ED4-5F8F3160F62F}_Small.jpg
2008-04-01 21:49 10,391 --sh--w C:\Program Files\AlbumArt_{D2EB3CBD-4AC8-402E-8ED4-5F8F3160F62F}_Large.jpg
2008-04-01 21:49 1,492 --sh--w C:\Program Files\AlbumArt_{793208AE-A9A4-4EFF-A89A-D25C530348C7}_Small.jpg
2008-04-01 21:48 2,794 --sh--w C:\Program Files\AlbumArt_{883BBF7E-CE68-43A9-A75E-621B6AABAB67}_Small.jpg
2008-04-01 21:48 10,949 --sh--w C:\Program Files\AlbumArt_{883BBF7E-CE68-43A9-A75E-621B6AABAB67}_Large.jpg
2008-04-01 21:43 3,391 --sh--w C:\Program Files\AlbumArt_{613A8D68-9D6B-41DD-A369-4C33DD367B49}_Small.jpg
2008-04-01 21:43 16,068 --sh--w C:\Program Files\AlbumArt_{613A8D68-9D6B-41DD-A369-4C33DD367B49}_Large.jpg
2008-04-01 21:40 5,765 --sh--w C:\Program Files\AlbumArt_{D6D6FADC-B55A-4C8B-A639-5F5D428D9770}_Large.jpg
2008-04-01 21:40 1,845 --sh--w C:\Program Files\AlbumArt_{D6D6FADC-B55A-4C8B-A639-5F5D428D9770}_Small.jpg
2008-04-01 21:32 8,488 --sh--w C:\Program Files\AlbumArt_{511441A0-1A74-47C2-B05A-04ED681081B8}_Large.jpg
.

((((((((((((((((((((((((((((( [email protected]_18.13.10.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 23:04:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-27 00:20:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 07:38 69632]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-08 23:05 26112]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-02 20:39 282624]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 06:33 122941]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPager.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-05-01 13:06]
S3 dump_wmimmc;dump_wmimmc;C:\ijji\ENGLISH\U_SF\GameGuard\dump_wmimmc.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 13:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 19:32:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-26 19:34:11
ComboFix-quarantined-files.txt 2008-06-27 00:33:53
ComboFix2.txt 2008-06-26 18:44:08
ComboFix3.txt 2008-06-26 17:37:12
ComboFix4.txt 2008-06-25 23:13:38

Pre-Run: 45,870,841,856 bytes free
Post-Run: 45,846,577,152 bytes free

220 --- E O F --- 2008-06-20 15:32:29
  • 0

#29
Dazed&Confused08

Dazed&Confused08

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here's my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:33 PM, on 6/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file://c:/windows/homepage.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,[email protected]
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Pool 2 - http://origin.games....ts/y/poti_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.cus...l/java/RntX.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...960/mcfscan.cab
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6614 bytes
  • 0

#30
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,642 posts
Hi Dazed&Confused08,

Well it looks like your all clean of malware :) , is your system still running slow? Is your mouse still freezing up? If so I will see if we can get the tech staff to pick up your topic in the waiting room.

Lets do a little clean up……

ComboFix Removal
Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

===============================================

Reset your restore points

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


===============================================



This is my standard post for when you are clear - which you now are - or seem to be. Please advise me of any problems you still have.

I know you all ready have some of these items but I still like to share them incase you ever need them, or want to change them.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Posted Image 1.) Watch what you download!
Many freeware programs, and P2P programs like Grokster, Imesh, Kazaa and others are amongst the most notorious, come with an enormous amount of bundled spyware that will eat system resources, slow down your system, clash with other installed software, or just plain crash your browser or even Windows itself. If you insist on using a P2P program, please read This Article written by Mike Healan of Spywareinfo.com fame. It is an updated and comprehensive article that gives in-depth detail about which P2P programs are "safe" to use.

Posted Image 2.) Go to Intenet Explorer > Tools > Windows Update > Product Updates, and install ALL High-Priority Security Updates listed. If you're running Windows XP, that of course includes the Service Pack 2! If you suspect your computer is infected with Malware of any type, we advise you to not install SP2 if you don't already have it. You can post a HijackThis log on our Forums to get free Expert help cleaning your machine. Once you are sure you have a clean system, it is highly recommended to install SP2 to help prevent against future infections.

It's important to always keep current with the latest security fixes from Microsoft.
Install those patches for Internet Explorer, and make sure your installation of Java VM is up-to-date. There are some well known security bugs with Microsoft Java VM which are exploited regularly by browser hijackers.

Posted Image 3.) Open Intenet Explorer and go to Internet Options > Security > Internet, then press "Default Level", then OK. Now press "Custom Level." In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".

Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed.
Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.

So why is ActiveX so dangerous that you have to increase the security for it?
When your browser runs an activex control, it is running an executable program. It's no different from doubleclicking an exe file on your hard drive.
Would you run just any random file downloaded off a web site without knowing what it is and what it does?

Posted Image 4.) Install Javacool's SpywareBlaster

It will protect you from most spy/foistware in it's database by blocking installation of their ActiveX objects.

Download and install, download the latest updates, and you'll see a list of all spyware programs covered by the program (NOTE: this is NOT spyware found on your computer) Press "Enable All Protection", and you're done.
The spyware that you told Spywareblaster to set the "kill bit" for won't be a hazard to you any longer. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
Don't forget to check for updates every week or so.

Posted Image 5.) Let's also not forget that Spybot Search & Destroy has the Immunize feature which works roughly the same way. Another feature within Spybot is the TeaTimer option. This option immediately detects known malicious processes wanting to start and terminates them. TeaTimer also detects when something wants to change some critical registry keys and gives you an option to allow them or not.

Posted Image 6.) Microsoft now offers their own free malicious software blocking tool. Windows Defender improves Internet browsing safety by guarding over fifty (50) ways spyware can enter your PC.

Posted Image 7.) Another excellent program by Javacool we recommend is SpywareGuard.
It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method.

Posted Image 8.) IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Another good hosts program is mvpshosts. This little program packs a powerful punch as it block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial.

*It is important to note that all of the above programs/files can be run simultaneously on your system. They will work together in layers, so to speak, to help protect your computer. However, the following suggestions are designed to only run one of each. It is not a good idea to run more than one firewall, and one anti-virus program. Running more than one of these at a time can cause system crashes, high system usage and/or conflicts with each other.*

Posted Image 9.) It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerio and Sygate

Posted Image 10.) An Anti-Virus product is a necessity. There are many excellent programs that you can purchase. However, we choose to advocate the use of free programs whenever possible. Some very good and easy-to-use free A/V programs are AVG, Avast, and AntiVir. It's a good idea to set these to receive automatic updates so you are always as fully protected as possible from the newest virus threats.

NOTE: DO NOT install more than one anti-virus program. They will conflict, and provide less protection, not more.


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Thanks for letting us help you!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP