Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan i think [RESOLVED]

Started by SatanicSarahX , Jun 30 2008 11:23 AM

  • This topic is locked This topic is locked

#1
SatanicSarahX
Posted 30 June 2008 - 11:23 AM

SatanicSarahX

    Member

  • Member
  • PipPip
  • 85 posts
my desk top keeps disapearing i cant acces windows media player or click on my doccuments or my computer to look through files

its driving me crazy ive been runnig virus scanns all day the malwabytes and the other spyware one
dosnet seem to be working -_-


here is my log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:49 PM, on 30/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\netdde.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINXP\system32\cisvc.exe
C:\WINXP\system32\clipsrv.exe
C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SuperRam\SuperRam.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINXP\system32\sessmgr.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\dllhost.exe
C:\WINXP\system32\tlntsvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\vssvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
C:\WINXP\system32\wbem\wmiapsrv.exe
C:\WINXP\System32\dmadmin.exe
C:\WINXP\system32\wscntfy.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINXP\system32\wuauclt.exe
C:\WINXP\system32\rundll32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINXP\system32\mmc.exe
C:\WINXP\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SuperRam] "C:\Program Files\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update Service] C:\WINXP\svchost.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah.ANA-PC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 10042 bytes
  • 0

Advertisements

#2
Rorschach112
Posted 30 June 2008 - 11:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
SatanicSarahX
Posted 30 June 2008 - 11:55 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
also my windowes media player isnt working still it just dosent open >.>
thought ud like to kno


ne way
ok here it is



SmitFraudFix v2.328

Scan done at 3:39:56.53, Tue 01/07/2008
Run from C:\Documents and Settings\Sarah.ANA-PC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

127.0.0.1 dl2.teenpassage.com
127.0.0.1 ntkrnlpa.info

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{EF98E8BE-E6B0-4500-9D19-F102D332FF5A}: DhcpNameServer=61.9.133.193 61.9.134.49
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EF98E8BE-E6B0-4500-9D19-F102D332FF5A}: DhcpNameServer=61.9.133.193 61.9.134.49
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EF98E8BE-E6B0-4500-9D19-F102D332FF5A}: DhcpNameServer=61.9.133.193 61.9.134.49
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=61.9.133.193 61.9.134.49
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=61.9.133.193 61.9.134.49
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=61.9.133.193 61.9.134.49


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





Deckard's System Scanner v20071014.68
Run by Sarah on 2008-07-01 03:48:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-30 17:48:42 UTC - RP68 - Deckard's System Scanner Restore Point
3: 2008-06-30 04:16:59 UTC - RP67 - Installed %1 %2.
2: 2008-06-21 18:54:07 UTC - RP66 - Removed PC Booster
1: 2008-06-21 15:43:53 UTC - RP65 - Removed GhostOnline


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sarah.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:51:40, on 1/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\netdde.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SuperRam\SuperRam.exe
C:\WINXP\system32\rundll32.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXP\system32\msiexec.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\vssvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
C:\WINXP\system32\wbem\wmiapsrv.exe
C:\WINXP\System32\dmadmin.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\Documents and Settings\Sarah.ANA-PC\Desktop\dss.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sarah.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SuperRam] "C:\Program Files\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update Service] C:\WINXP\svchost.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah.ANA-PC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ent/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 8282 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080630-203520-941 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\winxp\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil©>
R0 TPkd - c:\winxp\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R1 SCDEmu - c:\winxp\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 DigiNet (Digidesign Ethernet Support) - c:\winxp\system32\drivers\diginet.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
R2 npkcrypt - c:\nexon\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 BlueletAudio (Bluetooth Audio Service) - c:\winxp\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\winxp\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows ® 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\winxp\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\winxp\system32\drivers\vbtenum.sys
R3 npkcusb - c:\nexon\maplestory\npkcusb.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 VComm (Virtual Serial port driver) - c:\winxp\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\winxp\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\winxp\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
S3 DBKDRVR54 - c:\program files\cheat engine\dbk32.sys
S3 NPPTNT2 - c:\winxp\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 ROCKSTAR - e:\hacks\new folder\nooblegend\nooblegend\ksysdrv.sys (file missing)
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\winxp\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\winxp\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
R2 wampapache - "c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 wampmysqld - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld

S4 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&2C575ACB&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&2C575ACB&0
Service: i8042prt


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 03:40:26 2608 --a------ C:\WINXP\system32\tmp.reg
2008-07-01 03:39:30 236544 --a------ C:\WINXP\system32\WS2Fix.exe
2008-07-01 03:39:30 289144 --a------ C:\WINXP\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-01 03:39:30 99840 --a------ C:\WINXP\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-01 03:39:30 288417 --a------ C:\WINXP\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-01 03:39:30 98304 --a------ C:\WINXP\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-01 03:39:30 96256 --a------ C:\WINXP\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-01 03:39:30 61952 --a------ C:\WINXP\system32\dumphive.exe
2008-07-01 03:39:30 95232 --a------ C:\WINXP\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-30 19:09:34 0 d-------- C:\Program Files\XP Codec Pack
2008-06-30 15:47:40 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-30 14:31:23 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-30 14:28:05 0 d-------- C:\Program Files\Microsoft.NET
2008-06-30 14:26:54 0 d-------- C:\Program Files\MSXML 6.0
2008-06-30 14:24:25 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-30 14:24:25 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-30 14:19:50 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-30 14:19:50 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
2008-06-30 14:19:23 0 d-------- C:\Program Files\Microsoft SDKs
2008-06-30 14:17:55 0 d-------- C:\WINXP\system32\XPSViewer
2008-06-28 14:48:58 1073152 --a------ C:\WINXP\system32\libmysql_c.dll
2008-06-28 14:48:57 0 d-------- C:\Program Files\PremiumSoft
2008-06-28 12:28:41 0 d-------- C:\wamp
2008-06-28 12:00:20 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Thinstall
2008-06-27 08:15:24 0 d-------- C:\WINXP\system32\NtmsData
2008-06-25 22:28:13 0 d-------- C:\Program Files\Nsauditor
2008-06-22 01:38:22 0 d-------- C:\WINXP\system32\appmgmt
2008-06-21 21:39:43 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Nexon
2008-06-21 17:35:31 0 dr-h----- C:\Documents and Settings\Sarah.ANA-PC\Recent
2008-06-21 16:25:17 4682 --a------ C:\WINXP\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-06-21 16:24:58 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-21 16:22:50 51200 --a------ C:\WINXP\system32\wrgtqxry.dll
2008-06-21 16:16:41 0 d-------- C:\Nexon
2008-06-20 20:35:44 0 d-------- C:\Program Files\AnalogX
2008-06-19 10:36:10 0 d-------- C:\Program Files\NCH Software
2008-06-19 10:28:11 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\TmpRecentIcons
2008-06-19 10:26:28 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\NCH Swift Sound
2008-06-19 10:26:27 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-19 10:07:49 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Apple Computer
2008-06-17 02:09:13 564 --a------ C:\WINXP\system\cdplayer.dat
2008-06-16 18:33:27 0 d-------- C:\Program Files\QuickTime
2008-06-16 18:33:26 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer
2008-06-16 18:33:04 0 d-------- C:\Program Files\Apple Software Update
2008-06-16 18:33:04 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Apple
2008-06-16 18:30:51 0 d-------- C:\Program Files\InterLok
2008-06-16 18:29:57 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-06-16 18:29:57 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\PACE Anti-Piracy
2008-06-16 18:29:57 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\PACE Anti-Piracy
2008-06-16 18:29:10 217088 --a------ C:\WINXP\system32\qtmlClient.dll
2008-06-16 18:29:08 233472 --a------ C:\WINXP\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-06-16 18:29:08 638976 --a------ C:\WINXP\system32\ilinet.dll <Not Verified; PACE Anti-Piracy; InterLok>
2008-06-16 18:28:53 11776 --a------ C:\WINXP\system32\drivers\diginet.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
2008-06-16 18:28:50 0 d-------- C:\Program Files\Common Files\Digidesign
2008-06-16 14:41:20 0 d-------- C:\WINXP\system32\URTTEMP
2008-06-15 23:08:54 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Avg7
2008-06-15 17:40:52 0 d-------- C:\Program Files\Panda Security
2008-06-15 00:38:21 51200 --a------ C:\WINXP\system32\gkvisxdd.dll
2008-06-15 00:34:12 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\SUPERAntiSpyware.com
2008-06-15 00:33:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-15 00:33:31 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\SUPERAntiSpyware.com
2008-06-15 00:32:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 00:29:05 51200 --a------ C:\WINXP\system32\hmrkyaou.dll
2008-06-15 00:27:08 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Malwarebytes
2008-06-15 00:26:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 00:26:56 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2008-06-15 00:26:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 00:16:07 0 d-------- C:\Program Files\Trend Micro
2008-06-14 00:40:11 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Symantec
2008-06-13 18:47:50 51200 --a------ C:\WINXP\system32\vjaewiqi.dll
2008-06-13 18:44:51 51200 --a------ C:\WINXP\system32\fbcejbdu.dll
2008-06-13 18:38:36 51200 --a------ C:\WINXP\system32\spjjlukw.dll
2008-06-13 18:38:28 51200 --a------ C:\WINXP\system32\opqgeojm.dll
2008-06-13 18:19:54 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\U3
2008-06-13 02:25:06 962560 --a------ C:\WINXP\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-06 00:30:06 0 d-------- C:\Program Files\Virtual Poet
2008-06-05 17:17:54 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-06-04 15:43:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-04 15:38:46 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Symantec
2008-06-03 07:53:38 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-02 23:28:16 0 d-------- C:\WINXP\RegisteredPackages
2008-06-02 23:27:23 1675264 --a------ C:\WINXP\system32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 23:27:23 1634304 --a------ C:\WINXP\system32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 23:27:22 88064 --a------ C:\WINXP\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® Operating System>
2008-06-02 23:23:52 333824 --a------ C:\WINXP\system\DDRAW.DLL <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® 95 and 98>
2008-06-02 23:22:34 1629696 --a------ C:\WINXP\system\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-06-02 23:19:44 0 d-------- C:\Program Files\VirtualDJ
2008-06-02 23:19:11 0 d-------- C:\Program Files\Virtual DJ 3.0 With All Effects, Skins, Samples & Dj Decks Plugin
2008-06-02 14:19:14 0 d-------- C:\WINXP\system32\DirectX
2008-06-02 14:17:49 159744 --a------ C:\WINXP\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 14:17:49 61952 --a------ C:\WINXP\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 14:17:49 73728 --a------ C:\WINXP\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 13:50:56 0 d--h----- C:\WINXP\msdownld.tmp
2008-06-02 00:45:03 0 d-------- C:\WINXP\Prefetch
2008-06-02 00:33:01 0 d-------- C:\WINXP\system32\scripting
2008-06-02 00:33:00 0 d-------- C:\WINXP\l2schemas
2008-06-02 00:32:59 0 d-------- C:\WINXP\system32\en
2008-06-02 00:32:58 0 d-------- C:\WINXP\system32\bits
2008-06-02 00:23:48 0 d-------- C:\WINXP\network diagnostic
2008-06-02 00:13:35 0 d-------- C:\Program Files\PcBoost
2008-06-02 00:08:25 64512 --a------ C:\WINXP\system32\spupdwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:08:23 51200 --a------ C:\WINXP\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:08:21 184388 --a------ C:\WINXP\system32\slserv.exe <Not Verified; Smart Link; Soft Modem>
2008-06-02 00:08:21 110690 --a------ C:\WINXP\system32\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-06-02 00:08:21 110690 -----n--- C:\WINXP\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-06-02 00:08:16 110592 --a------ C:\WINXP\system32\setupn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-06-02 00:07:40 187392 --a------ C:\WINXP\system32\napstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:07:10 142848 --a------ C:\WINXP\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:06:27 53248 --a------ C:\WINXP\system32\comsdupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:06:16 31744 --a------ C:\WINXP\system32\faxpatch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 22:56:47 20872 --a------ C:\Documents and Settings\Sarah.ANA-PC\Application Data\GDIPFONTCACHEV1.DAT
2008-06-01 16:20:28 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\FLEXnet
2008-06-01 10:51:19 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\ALM
2008-06-01 10:49:31 0 d-------- C:\Program Files\Bonjour
2008-06-01 10:38:25 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-01 09:54:33 0 d-------- C:\Program Files\PowerISO
2008-06-01 00:38:53 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-07-01 03:45:31 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\DMCache
2008-06-30 15:47:40 0 d-------- C:\Program Files\Common Files
2008-06-30 14:30:58 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-30 05:16:45 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\uTorrent
2008-06-28 19:31:04 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-06-28 15:56:42 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Adobe
2008-06-26 18:37:03 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\LimeWire
2008-06-24 22:17:01 0 d-------- C:\Program Files\Cheat Engine
2008-06-22 10:41:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 01:38:06 0 d-------- C:\Program Files\Image-Line
2008-06-21 16:51:05 0 d-------- C:\Program Files\Internet Download Manager
2008-06-18 12:58:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-04 16:05:42 0 d-------- C:\Program Files\eBay
2008-06-02 23:32:15 0 d-------- C:\Program Files\MSN Messenger
2008-06-02 23:19:48 0 --a------ C:\Program Files\Virtual DJ 3.0 With All Effects
2008-06-02 00:33:53 0 d-------- C:\Program Files\Messenger
2008-06-02 00:32:58 0 d-------- C:\Program Files\Movie Maker
2008-06-02 00:26:59 0 d-------- C:\Program Files\Windows NT
2008-06-02 00:22:56 0 d-------- C:\Program Files\SuperRam
2008-06-01 10:49:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-01 10:16:16 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\IDM
2008-06-01 09:18:38 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\eBay
2008-05-31 12:38:47 0 d-------- C:\Program Files\Vstplugins
2008-05-31 12:32:24 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Publish Providers
2008-05-31 12:32:24 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\NetMedia Providers
2008-05-31 12:28:45 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Sony
2008-05-31 12:27:29 0 d-------- C:\Program Files\Sony
2008-05-31 12:21:22 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Sony Setup
2008-05-31 12:20:48 0 d-------- C:\Program Files\Sony Setup
2008-05-31 12:19:50 0 d-------- C:\Program Files\CCleaner
2008-05-31 12:10:57 0 d-------- C:\Program Files\DOSBox-0.72
2008-05-31 09:47:03 0 d-------- C:\Program Files\Mininova
2008-05-30 22:45:42 0 d-------- C:\Program Files\Doom 3
2008-05-30 16:53:46 0 d-------- C:\Program Files\uTorrent
2008-05-30 00:29:30 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Macromedia
2008-05-29 23:23:43 0 d-------- C:\Program Files\Java
2008-05-29 23:22:32 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Sun
2008-05-29 19:20:29 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-29 10:05:47 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-05-29 10:04:45 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\NCH Swift Sound
2008-05-29 10:00:38 0 d-------- C:\Program Files\AVI Codec Pack
2008-05-29 09:36:59 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\AdobeUM
2008-05-28 22:11:20 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\WinRAR
2008-05-28 20:37:36 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Google
2008-05-28 20:37:33 0 d-------- C:\Program Files\Google
2008-05-28 20:31:46 102400 --a------ C:\WINXP\system32\ProgHelp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-28 20:31:46 44440 --a------ C:\WINXP\system32\MtpAccess.dll
2008-05-28 17:58:44 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Identities
2008-05-17 18:04:20 62 --ahs---- C:\Documents and Settings\Sarah.ANA-PC\Application Data\desktop.ini
2008-05-17 14:53:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-17 14:51:54 0 d-------- C:\Program Files\Common Files\L&H
2008-05-17 14:40:31 0 d-------- C:\Program Files\Ahead
2008-05-17 09:01:25 0 d-------- C:\Program Files\Realtek
2008-05-17 09:01:18 360448 --a------ C:\WINXP\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-17 08:49:33 21640 --a------ C:\WINXP\system32\emptyregdb.dat
2008-04-14 10:16:51 342528 --a------ C:\WINXP\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 692224 --a------ C:\WINXP\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 57856 --a------ C:\WINXP\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 688128 --a------ C:\WINXP\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 128000 --a------ C:\WINXP\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 57856 --a------ C:\WINXP\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 31744 --a------ C:\WINXP\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 471040 --a------ C:\WINXP\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 63488 --a------ C:\WINXP\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 847872 --a------ C:\WINXP\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 118272 --a------ C:\WINXP\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 231424 --a------ C:\WINXP\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 74240 --a------ C:\WINXP\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 242176 --a------ C:\WINXP\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 167936 --a------ C:\WINXP\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-14 10:12:41 24576 --a------ C:\WINXP\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 87552 --a------ C:\WINXP\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:40 75776 --a------ C:\WINXP\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:40 16384 --a------ C:\WINXP\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:39 392704 --a------ C:\WINXP\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:39 542720 --a------ C:\WINXP\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:39 108544 --a------ C:\WINXP\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 366080 --a------ C:\WINXP\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 104960 --a------ C:\WINXP\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 60928 --a------ C:\WINXP\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 102400 --a------ C:\WINXP\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 94720 --a------ C:\WINXP\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 60416 --a------ C:\WINXP\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 88576 --a------ C:\WINXP\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 270336 --a------ C:\WINXP\system32\tracerpt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 357888 --a------ C:\WINXP\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 116736 --a------ C:\WINXP\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 89088 --a------ C:\WINXP\system32\tlntsess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 72192 --a------ C:\WINXP\system32\tlntadmn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 86528 --a------ C:\WINXP\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 343040 --a------ C:\WINXP\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 121344 --a------ C:\WINXP\system32\tasklist.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 87040 --a------ C:\WINXP\system32\taskkill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 117248 --a------ C:\WINXP\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 115712 --a------ C:\WINXP\system32\systeminfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 58368 --a------ C:\WINXP\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 68608 --a------ C:\WINXP\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 549376 --a------ C:\WINXP\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 100864 --a------ C:\WINXP\system32\sort.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 142336 --a------ C:\WINXP\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 100352 --a------ C:\WINXP\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 18944 --a------ C:\WINXP\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 167936 --a------ C:\WINXP\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 80896 --a------ C:\WINXP\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 95744 --a------ C:\WINXP\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 88576 --a------ C:\WINXP\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 55808 --a------ C:\WINXP\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 33792 --a------ C:\WINXP\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 74752 --a------ C:\WINXP\system32\sethc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 152576 --a------ C:\WINXP\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 128000 --a------ C:\WINXP\system32\secedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 120832 --a------ C:\WINXP\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 165376 --a------ C:\WINXP\system32\schtasks.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 106496 --a------ C:\WINXP\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 24064 --a------ C:\WINXP\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 25088 --a------ C:\WINXP\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 273408 --a------ C:\WINXP\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 88064 --a------ C:\WINXP\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 216576 --a------ C:\WINXP\system32\rsnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 25600 --a------ C:\WINXP\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 57344 --a------ C:\WINXP\system32\rexec.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 88064 --a------ C:\WINXP\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 60928 --a------ C:\WINXP\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 110592 --a------ C:\WINXP\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 24576 --a------ C:\WINXP\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 73728 --a------ C:\WINXP\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 65024 --a------ C:\WINXP\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 79360 --a------ C:\WINXP\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 67584 --a------ C:\WINXP\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 30720 --a------ C:\WINXP\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 19968 --a------ C:\WINXP\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 126464 --a------ C:\WINXP\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 157184 --a------ C:\WINXP\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 120320 --a------ C:\WINXP\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 92672 --a------ C:\WINXP\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 94208 --a------ C:\WINXP\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 26624 --a------ C:\WINXP\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 134656 --a------ C:\WINXP\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 324608 --a------ C:\WINXP\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 111104 --a------ C:\WINXP\system32\openfiles.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:30 464384 --a------ C:\WINXP\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:30 1276928 --a------ C:\WINXP\system32\ntbackup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 87552 --a------ C:\WINXP\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 112640 --a------ C:\WINXP\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 47616 --a------ C:\WINXP\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 96768 --a------ C:\WINXP\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 187392 --a------ C:\WINXP\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 266752 --a------ C:\WINXP\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 53248 --a------ C:\WINXP\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 14848 --a------ C:\WINXP\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 130048 --a------ C:\WINXP\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 55808 --a------ C:\WINXP\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 276480 --a------ C:\WINXP\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:28 452096 --a------ C:\WINXP\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:28 89600 --a------ C:\WINXP\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-04-14 10:12:27 16896 --a------ C:\WINXP\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-14 10:12:27 226304 --a------ C:\WINXP\system32\mqtgsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-14 10:12:27 48128 --a------ C:\WINXP\system32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-14 10:12:27 96256 --a------ C:\WINXP\system32\mqbkup.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-14 10:12:27 134144 --a------ C:\WINXP\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:26 154112 --a------ C:\WINXP\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-04-14 10:12:25 45056 --a------ C:\WINXP\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-14 10:12:25 1425408 --a------ C:\WINXP\system32\mmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:25 68096 --a------ C:\WINXP\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 83456 --a------ C:\WINXP\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 525312 --a------ C:\WINXP\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 70144 --a------ C:\WINXP\system32\logman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 86016 --a------ C:\WINXP\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 688640 --a------ C:\WINXP\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 227840 --a------ C:\WINXP\system32\irftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 34304 --a------ C:\WINXP\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 64000 --a------ C:\WINXP\system32\ipv6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:22 99328 --a------ C:\WINXP\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:22 161280 --a------ C:\WINXP\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:22 289280 --a------ C:\WINXP\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 59904 --a------ C:\WINXP\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 82944 --a------ C:\WINXP\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 164352 --a------ C:\WINXP\system32\gpresult.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 103424 --a------ C:\WINXP\system32\getmac.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 21504 --a------ C:\WINXP\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2008-04-14 10:12:20 53248 --a------ C:\WINXP\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 269312 --a------ C:\WINXP\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 18432 --a------ C:\WINXP\system32\forcedos.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 31744 --a------ C:\WINXP\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 33792 --a------ C:\WINXP\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 37888 --a------ C:\WINXP\system32\findstr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 100352 --a------ C:\WINXP\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 93696 --a------ C:\WINXP\system32\eventtriggers.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 61440 --a------ C:\WINXP\system32\eventcreate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 269312 --a------ C:\WINXP\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 1142784 --a------ C:\WINXP\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:18 258048 --a------ C:\WINXP\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-04-14 10:12:18 28672 --a------ C:\WINXP\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:18 21504 --a------ C:\WINXP\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:18 73728 --a------ C:\WINXP\system32\driverquery.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:17 92160 --a------ C:\WINXP\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-14 10:12:17 268288 --a------ C:\WINXP\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-04-14 10:12:17 174592 --a------ C:\WINXP\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-14 10:12:17 97792 --a------ C:\WINXP\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:16 126464 --a------ C:\WINXP\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-14 10:12:16 35840 --a------ C:\WINXP\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-14 10:12:16 40960 --a------ C:\WINXP\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:16 49664 --a------ C:\WINXP\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-04-14 10:12:16 58880 --a------ C:\WINXP\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating

Edited by SatanicSarahX, 30 June 2008 - 04:48 PM.

  • 0

#4
Rorschach112
Posted 30 June 2008 - 06:43 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.





Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINXP\system32\wrgtqxry.dll
C:\WINXP\system32\gkvisxdd.dll
C:\WINXP\system32\hmrkyaou.dll
C:\WINXP\system32\vjaewiqi.dll
C:\WINXP\system32\fbcejbdu.dll
C:\WINXP\system32\spjjlukw.dll
C:\WINXP\system32\opqgeojm.dll
C:\windows\system32\blank.htm
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Reboot and post a new DSS log
  • 0

#5
SatanicSarahX
Posted 30 June 2008 - 08:18 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ok here it goes



SDFix: Version 1.199
Run by Sarah on Tue 01/07/2008 at 11:18

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-01 11:35:07
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060e2acb6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060e2acb6]

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ćTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"F:\\iTunes\\iTunes.exe"="F:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"G:\\iTunes\\iTunes.exe"="G:\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:1\\iTunes\\iTunes.exe"="C:1\\iTunes\\iTunes.exe:*:Enabled:iTunes.exe"
"C:3\\iTunes\\iTunes.exe"="C:3\\iTunes\\iTunes.exe:*:Enabled:iTunes.exe"
"C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"="C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Sarah.ANA-PC\\My Documents\\Downloads\\private sever\\MapleStoryServer\\Debug\\MapleStoryServer.exe"="C:\\Documents and Settings\\Sarah.ANA-PC\\My Documents\\Downloads\\private sever\\MapleStoryServer\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"
"C:\\Documents and Settings\\Sarah.ANA-PC\\My Documents\\Downloads\\private sever\\MapleStory\\Debug\\MapleStoryServer.exe"="C:\\Documents and Settings\\Sarah.ANA-PC\\My Documents\\Downloads\\private sever\\MapleStory\\Debug\\MapleStoryServer.exe:*:Enabled:MapleStoryServer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Thu 26 Jun 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINXP\DRM\DRMv1.bak"
Fri 27 Feb 2004 233,472 A..H. --- "C:\Program Files\Image-Line\FL Studio 7\REX Shared Library.dll"
Sun 2 Dec 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 28 May 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINXP\DRM\Cache\Indiv01.tmp"
Thu 29 May 2008 65,806 ...HR --- "C:\WINXP\system32\drivers\etc\Hosts.bak"
Wed 6 Feb 2008 879 A..H. --- "C:\Documents and Settings\Sarah.ANA-PC\Application Data\PACE Anti-Piracy\oRRDeGhgLNV\VTzhaGKzyYV7.tmp"
Mon 12 Feb 2007 3,108,864 A..H. --- "C:\Documents and Settings\Sarah.ANA-PC\Application Data\U3\temp\Launchpad Removal.exe"
Thu 28 Sep 2006 922 A..H. --- "C:\Documents and Settings\Sarah.ANA-PC\Local Settings\Application Data\RRDeGhgLNVUS\VTzhaGKzyYV7.tmp"
Tue 14 Dec 2004 295,812 A..H. --- "C:\WINXP\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\download\BIT63.tmp"
Thu 9 Jun 2005 19,495 A..H. --- "C:\WINXP\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BIT51.tmp"
Sat 23 Sep 2006 526,860 A..H. --- "C:\WINXP\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\download\BIT31.tmp"
Mon 30 Jun 2008 311,519,232 A..H. --- "C:\Deckard\System Scanner\backup\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\21022.08\1033\wcu\msdnexpress\BIT22.tmp"

Finished!





now the next one kept freezing so i did it a few times so here they are but i think the files moved



File/Folder not found.
File/Folder C:\WINXP\system32\wrgtqxry.dll not found.
File/Folder C:\WINXP\system32\gkvisxdd.dll not found.
File/Folder C:\WINXP\system32\hmrkyaou.dll not found.
File/Folder C:\WINXP\system32\vjaewiqi.dll not found.
File/Folder C:\WINXP\system32\fbcejbdu.dll not found.
File/Folder C:\WINXP\system32\spjjlukw.dll not found.
File/Folder C:\WINXP\system32\opqgeojm.dll not found.
File/Folder C:\windows\system32\blank.htm not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF2ACA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINXP\temp\Perflib_Perfdata_264.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_120555

Files moved on Reboot...
C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF2ACA.tmp moved successfully.
File C:\WINXP\temp\Perflib_Perfdata_264.dat not found!




2nd one


Explorer killed successfully
File/Folder C:\WINXP\system32\wrgtqxry.dll not found.
File/Folder C:\WINXP\system32\gkvisxdd.dll not found.
File/Folder C:\WINXP\system32\hmrkyaou.dll not found.
File/Folder C:\WINXP\system32\vjaewiqi.dll not found.
File/Folder C:\WINXP\system32\fbcejbdu.dll not found.
File/Folder C:\WINXP\system32\spjjlukw.dll not found.
File/Folder C:\WINXP\system32\opqgeojm.dll not found.
File/Folder C:\windows\system32\blank.htm not found.
< purity >
< EmptyTemp >
File delete failed. C:\WINXP\temp\Perflib_Perfdata_730.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07012008_120943

Files moved on Reboot...
File C:\WINXP\temp\Perflib_Perfdata_730.dat not found!



but hey i dunno >.<

also stil the windowes media player isnt working
btw THANKS so much =]
  • 0

#6
Rorschach112
Posted 01 July 2008 - 07:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Post a new DSS log
  • 0

#7
SatanicSarahX
Posted 01 July 2008 - 07:36 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Deckard's System Scanner v20071014.68
Run by Sarah on 2008-07-01 23:33:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Sarah.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:34:09, on 1/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\system32\netdde.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\dllhost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\vssvc.exe
c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINXP\system32\wbem\wmiapsrv.exe
C:\WINXP\System32\dmadmin.exe
C:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\SuperRam\SuperRam.exe
C:\WINXP\system32\rundll32.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\XP Codec Pack\mpc\mplayerc.exe
C:\Nexon\MapleStory\AinaMSv551.4.exe
C:\Program Files\Paint Shop Pro 6\Psp.exe
C:\Documents and Settings\Sarah.ANA-PC\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sarah.exe
C:\WINXP\system32\igfxsrvc.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SuperRam] "C:\Program Files\SuperRam\SuperRam.exe" /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Update Service] C:\WINXP\svchost.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Sarah.ANA-PC\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 8522 bytes

-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 12:20:27 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Media Player Classic
2008-07-01 11:32:20 88064 --a------ C:\WINXP\mrofinu1001186.exe
2008-07-01 11:07:18 0 d-------- C:\WINXP\ERUNT
2008-07-01 03:40:26 2608 --a------ C:\WINXP\system32\tmp.reg
2008-07-01 03:39:30 236544 --a------ C:\WINXP\system32\WS2Fix.exe
2008-07-01 03:39:30 289144 --a------ C:\WINXP\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-01 03:39:30 99840 --a------ C:\WINXP\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-01 03:39:30 288417 --a------ C:\WINXP\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-01 03:39:30 98304 --a------ C:\WINXP\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-01 03:39:30 96256 --a------ C:\WINXP\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-01 03:39:30 61952 --a------ C:\WINXP\system32\dumphive.exe
2008-07-01 03:39:30 95232 --a------ C:\WINXP\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-06-30 19:09:34 0 d-------- C:\Program Files\XP Codec Pack
2008-06-30 15:47:40 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-30 14:31:23 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-30 14:28:05 0 d-------- C:\Program Files\Microsoft.NET
2008-06-30 14:26:54 0 d-------- C:\Program Files\MSXML 6.0
2008-06-30 14:24:25 0 d-------- C:\Program Files\Microsoft Synchronization Services
2008-06-30 14:24:25 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-06-30 14:19:50 0 d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-06-30 14:19:50 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Microsoft Help
2008-06-30 14:19:23 0 d-------- C:\Program Files\Microsoft SDKs
2008-06-30 14:17:55 0 d-------- C:\WINXP\system32\XPSViewer
2008-06-28 14:48:58 1073152 --a------ C:\WINXP\system32\libmysql_c.dll
2008-06-28 14:48:57 0 d-------- C:\Program Files\PremiumSoft
2008-06-28 12:28:41 0 d-------- C:\wamp
2008-06-28 12:00:20 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Thinstall
2008-06-27 08:15:24 0 d-------- C:\WINXP\system32\NtmsData
2008-06-25 22:28:13 0 d-------- C:\Program Files\Nsauditor
2008-06-22 01:38:22 0 d-------- C:\WINXP\system32\appmgmt
2008-06-21 21:39:43 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Nexon
2008-06-21 17:35:31 0 dr-h----- C:\Documents and Settings\Sarah.ANA-PC\Recent
2008-06-21 16:25:17 4682 --a------ C:\WINXP\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2008-06-21 16:24:58 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-06-21 16:16:41 0 d-------- C:\Nexon
2008-06-20 20:35:44 0 d-------- C:\Program Files\AnalogX
2008-06-19 10:36:10 0 d-------- C:\Program Files\NCH Software
2008-06-19 10:28:11 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\TmpRecentIcons
2008-06-19 10:26:28 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\NCH Swift Sound
2008-06-19 10:26:27 0 d-------- C:\Program Files\NCH Swift Sound
2008-06-19 10:07:49 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Apple Computer
2008-06-17 02:09:13 564 --a------ C:\WINXP\system\cdplayer.dat
2008-06-16 18:33:27 0 d-------- C:\Program Files\QuickTime
2008-06-16 18:33:26 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Apple Computer
2008-06-16 18:33:04 0 d-------- C:\Program Files\Apple Software Update
2008-06-16 18:33:04 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Apple
2008-06-16 18:30:51 0 d-------- C:\Program Files\InterLok
2008-06-16 18:29:57 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2008-06-16 18:29:57 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\PACE Anti-Piracy
2008-06-16 18:29:57 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\PACE Anti-Piracy
2008-06-16 18:29:10 217088 --a------ C:\WINXP\system32\qtmlClient.dll
2008-06-16 18:29:08 233472 --a------ C:\WINXP\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>
2008-06-16 18:29:08 638976 --a------ C:\WINXP\system32\ilinet.dll <Not Verified; PACE Anti-Piracy; InterLok>
2008-06-16 18:28:53 11776 --a------ C:\WINXP\system32\drivers\diginet.sys <Not Verified; Digidesign, A Division of Avid Technology, Inc.; Pro Tools®>
2008-06-16 18:28:50 0 d-------- C:\Program Files\Common Files\Digidesign
2008-06-16 14:41:20 0 d-------- C:\WINXP\system32\URTTEMP
2008-06-15 23:08:54 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Avg7
2008-06-15 17:40:52 0 d-------- C:\Program Files\Panda Security
2008-06-15 00:34:12 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\SUPERAntiSpyware.com
2008-06-15 00:33:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-15 00:33:31 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\SUPERAntiSpyware.com
2008-06-15 00:32:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 00:27:08 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Malwarebytes
2008-06-15 00:26:56 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-15 00:26:56 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Malwarebytes
2008-06-15 00:26:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-15 00:16:07 0 d-------- C:\Program Files\Trend Micro
2008-06-14 00:40:11 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\Symantec
2008-06-13 18:19:54 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\U3
2008-06-13 02:25:06 962560 --a------ C:\WINXP\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-06-06 00:30:06 0 d-------- C:\Program Files\Virtual Poet
2008-06-05 17:17:54 0 d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2008-06-04 15:43:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-04 15:38:46 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Symantec
2008-06-03 07:53:38 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-02 23:28:16 0 d-------- C:\WINXP\RegisteredPackages
2008-06-02 23:27:23 1675264 --a------ C:\WINXP\system32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 23:27:23 1634304 --a------ C:\WINXP\system32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 23:27:22 88064 --a------ C:\WINXP\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® Operating System>
2008-06-02 23:23:52 333824 --a------ C:\WINXP\system\DDRAW.DLL <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® 95 and 98>
2008-06-02 23:22:34 1629696 --a------ C:\WINXP\system\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-06-02 23:19:44 0 d-------- C:\Program Files\VirtualDJ
2008-06-02 23:19:11 0 d-------- C:\Program Files\Virtual DJ 3.0 With All Effects, Skins, Samples & Dj Decks Plugin
2008-06-02 14:19:14 0 d-------- C:\WINXP\system32\DirectX
2008-06-02 14:17:49 159744 --a------ C:\WINXP\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 14:17:49 61952 --a------ C:\WINXP\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 14:17:49 73728 --a------ C:\WINXP\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 13:50:56 0 d--h----- C:\WINXP\msdownld.tmp
2008-06-02 00:45:03 0 d-------- C:\WINXP\Prefetch
2008-06-02 00:33:01 0 d-------- C:\WINXP\system32\scripting
2008-06-02 00:33:00 0 d-------- C:\WINXP\l2schemas
2008-06-02 00:32:59 0 d-------- C:\WINXP\system32\en
2008-06-02 00:32:58 0 d-------- C:\WINXP\system32\bits
2008-06-02 00:23:48 0 d-------- C:\WINXP\network diagnostic
2008-06-02 00:13:35 0 d-------- C:\Program Files\PcBoost
2008-06-02 00:08:25 64512 --a------ C:\WINXP\system32\spupdwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:08:23 51200 --a------ C:\WINXP\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:08:21 184388 --a------ C:\WINXP\system32\slserv.exe <Not Verified; Smart Link; Soft Modem>
2008-06-02 00:08:21 110690 --a------ C:\WINXP\system32\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-06-02 00:08:21 110690 --a------ C:\WINXP\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2008-06-02 00:08:16 110592 --a------ C:\WINXP\system32\setupn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2008-06-02 00:07:40 187392 --a------ C:\WINXP\system32\napstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:07:10 142848 --a------ C:\WINXP\system32\mmcperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:06:27 53248 --a------ C:\WINXP\system32\comsdupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-02 00:06:16 31744 --a------ C:\WINXP\system32\faxpatch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-06-01 22:56:47 20872 --a------ C:\Documents and Settings\Sarah.ANA-PC\Application Data\GDIPFONTCACHEV1.DAT
2008-06-01 16:20:28 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\FLEXnet
2008-06-01 10:51:19 0 d-------- C:\Documents and Settings\All Users.WINXP\Application Data\ALM
2008-06-01 10:49:31 0 d-------- C:\Program Files\Bonjour
2008-06-01 10:38:25 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-01 09:54:33 0 d-------- C:\Program Files\PowerISO
2008-06-01 00:38:53 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-07-01 19:17:06 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\DMCache
2008-07-01 12:58:26 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-06-30 15:47:40 0 d-------- C:\Program Files\Common Files
2008-06-30 14:30:58 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-30 05:16:45 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\uTorrent
2008-06-28 15:56:42 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Adobe
2008-06-26 18:37:03 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\LimeWire
2008-06-24 22:17:01 0 d-------- C:\Program Files\Cheat Engine
2008-06-22 10:41:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-22 01:38:06 0 d-------- C:\Program Files\Image-Line
2008-06-21 16:51:05 0 d-------- C:\Program Files\Internet Download Manager
2008-06-18 12:58:28 0 d-------- C:\Program Files\YouTube Downloader
2008-06-04 16:05:42 0 d-------- C:\Program Files\eBay
2008-06-02 23:32:15 0 d-------- C:\Program Files\MSN Messenger
2008-06-02 23:19:48 0 --a------ C:\Program Files\Virtual DJ 3.0 With All Effects
2008-06-02 00:33:53 0 d-------- C:\Program Files\Messenger
2008-06-02 00:32:58 0 d-------- C:\Program Files\Movie Maker
2008-06-02 00:26:59 0 d-------- C:\Program Files\Windows NT
2008-06-02 00:22:56 0 d-------- C:\Program Files\SuperRam
2008-06-01 10:49:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-01 10:16:16 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\IDM
2008-06-01 09:18:38 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\eBay
2008-05-31 12:38:47 0 d-------- C:\Program Files\Vstplugins
2008-05-31 12:32:24 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Publish Providers
2008-05-31 12:32:24 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\NetMedia Providers
2008-05-31 12:28:45 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Sony
2008-05-31 12:27:29 0 d-------- C:\Program Files\Sony
2008-05-31 12:21:22 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Sony Setup
2008-05-31 12:20:48 0 d-------- C:\Program Files\Sony Setup
2008-05-31 12:19:50 0 d-------- C:\Program Files\CCleaner
2008-05-31 12:10:57 0 d-------- C:\Program Files\DOSBox-0.72
2008-05-31 09:47:03 0 d-------- C:\Program Files\Mininova
2008-05-30 22:45:42 0 d-------- C:\Program Files\Doom 3
2008-05-30 16:53:46 0 d-------- C:\Program Files\uTorrent
2008-05-30 00:29:30 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Macromedia
2008-05-29 23:23:43 0 d-------- C:\Program Files\Java
2008-05-29 23:22:32 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Sun
2008-05-29 19:20:29 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-05-29 10:05:47 0 d-------- C:\Program Files\DVDFab HD Decrypter 4
2008-05-29 10:04:45 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\NCH Swift Sound
2008-05-29 10:00:38 0 d-------- C:\Program Files\AVI Codec Pack
2008-05-29 09:36:59 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\AdobeUM
2008-05-28 22:11:20 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\WinRAR
2008-05-28 20:37:36 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Google
2008-05-28 20:37:33 0 d-------- C:\Program Files\Google
2008-05-28 20:31:46 102400 --a------ C:\WINXP\system32\ProgHelp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-05-28 20:31:46 44440 --a------ C:\WINXP\system32\MtpAccess.dll
2008-05-28 17:58:44 0 d-------- C:\Documents and Settings\Sarah.ANA-PC\Application Data\Identities
2008-05-17 18:04:20 62 --ahs---- C:\Documents and Settings\Sarah.ANA-PC\Application Data\desktop.ini
2008-05-17 14:53:17 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-17 14:51:54 0 d-------- C:\Program Files\Common Files\L&H
2008-05-17 14:40:31 0 d-------- C:\Program Files\Ahead
2008-05-17 09:01:25 0 d-------- C:\Program Files\Realtek
2008-05-17 09:01:18 360448 --a------ C:\WINXP\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-05-17 08:49:33 21640 --a------ C:\WINXP\system32\emptyregdb.dat
2008-04-14 10:16:51 342528 --a------ C:\WINXP\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 692224 --a------ C:\WINXP\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 57856 --a------ C:\WINXP\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 688128 --a------ C:\WINXP\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 128000 --a------ C:\WINXP\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 57856 --a------ C:\WINXP\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:44 31744 --a------ C:\WINXP\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 471040 --a------ C:\WINXP\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 63488 --a------ C:\WINXP\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 847872 --a------ C:\WINXP\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 118272 --a------ C:\WINXP\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:43 231424 --a------ C:\WINXP\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 74240 --a------ C:\WINXP\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 242176 --a------ C:\WINXP\system32\wuauclt1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 167936 --a------ C:\WINXP\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-14 10:12:41 24576 --a------ C:\WINXP\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:41 87552 --a------ C:\WINXP\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:40 75776 --a------ C:\WINXP\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:40 16384 --a------ C:\WINXP\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:39 392704 --a------ C:\WINXP\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:39 542720 --a------ C:\WINXP\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:39 108544 --a------ C:\WINXP\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 366080 --a------ C:\WINXP\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 104960 --a------ C:\WINXP\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 60928 --a------ C:\WINXP\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 102400 --a------ C:\WINXP\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 94720 --a------ C:\WINXP\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 60416 --a------ C:\WINXP\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 88576 --a------ C:\WINXP\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 270336 --a------ C:\WINXP\system32\tracerpt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 357888 --a------ C:\WINXP\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:38 116736 --a------ C:\WINXP\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 89088 --a------ C:\WINXP\system32\tlntsess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 72192 --a------ C:\WINXP\system32\tlntadmn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 86528 --a------ C:\WINXP\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 343040 --a------ C:\WINXP\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 121344 --a------ C:\WINXP\system32\tasklist.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 87040 --a------ C:\WINXP\system32\taskkill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:37 117248 --a------ C:\WINXP\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 115712 --a------ C:\WINXP\system32\systeminfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 58368 --a------ C:\WINXP\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 68608 --a------ C:\WINXP\system32\spoolsv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 549376 --a------ C:\WINXP\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 100864 --a------ C:\WINXP\system32\sort.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:36 142336 --a------ C:\WINXP\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 100352 --a------ C:\WINXP\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 18944 --a------ C:\WINXP\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 167936 --a------ C:\WINXP\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 80896 --a------ C:\WINXP\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 95744 --a------ C:\WINXP\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 88576 --a------ C:\WINXP\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:35 55808 --a------ C:\WINXP\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 33792 --a------ C:\WINXP\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 74752 --a------ C:\WINXP\system32\sethc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 152576 --a------ C:\WINXP\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 128000 --a------ C:\WINXP\system32\secedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 120832 --a------ C:\WINXP\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:34 165376 --a------ C:\WINXP\system32\schtasks.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 106496 --a------ C:\WINXP\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 24064 --a------ C:\WINXP\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 25088 --a------ C:\WINXP\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 273408 --a------ C:\WINXP\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 88064 --a------ C:\WINXP\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 216576 --a------ C:\WINXP\system32\rsnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 25600 --a------ C:\WINXP\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:33 57344 --a------ C:\WINXP\system32\rexec.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 88064 --a------ C:\WINXP\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 60928 --a------ C:\WINXP\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 110592 --a------ C:\WINXP\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 24576 --a------ C:\WINXP\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 73728 --a------ C:\WINXP\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 65024 --a------ C:\WINXP\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 79360 --a------ C:\WINXP\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 67584 --a------ C:\WINXP\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 30720 --a------ C:\WINXP\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 19968 --a------ C:\WINXP\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 126464 --a------ C:\WINXP\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:32 157184 --a------ C:\WINXP\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 120320 --a------ C:\WINXP\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 92672 --a------ C:\WINXP\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 94208 --a------ C:\WINXP\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 26624 --a------ C:\WINXP\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 134656 --a------ C:\WINXP\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 324608 --a------ C:\WINXP\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:31 111104 --a------ C:\WINXP\system32\openfiles.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:30 464384 --a------ C:\WINXP\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:30 1276928 --a------ C:\WINXP\system32\ntbackup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 87552 --a------ C:\WINXP\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 112640 --a------ C:\WINXP\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 47616 --a------ C:\WINXP\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 96768 --a------ C:\WINXP\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 187392 --a------ C:\WINXP\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 266752 --a------ C:\WINXP\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 53248 --a------ C:\WINXP\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 14848 --a------ C:\WINXP\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 130048 --a------ C:\WINXP\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 55808 --a------ C:\WINXP\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:29 276480 --a------ C:\WINXP\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:28 452096 --a------ C:\WINXP\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:28 89600 --a------ C:\WINXP\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2008-04-14 10:12:27 16896 --a------ C:\WINXP\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2008-04-14 10:12:27 226304 --a------ C:\WINXP\system32\mqtgsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-14 10:12:27 48128 --a------ C:\WINXP\system32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-14 10:12:27 96256 --a------ C:\WINXP\system32\mqbkup.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2008-04-14 10:12:27 134144 --a------ C:\WINXP\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:26 154112 --a------ C:\WINXP\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2008-04-14 10:12:25 45056 --a------ C:\WINXP\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2008-04-14 10:12:25 1425408 --a------ C:\WINXP\system32\mmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:25 68096 --a------ C:\WINXP\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 83456 --a------ C:\WINXP\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 525312 --a------ C:\WINXP\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 70144 --a------ C:\WINXP\system32\logman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:24 86016 --a------ C:\WINXP\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 688640 --a------ C:\WINXP\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 227840 --a------ C:\WINXP\system32\irftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 34304 --a------ C:\WINXP\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:23 64000 --a------ C:\WINXP\system32\ipv6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:22 99328 --a------ C:\WINXP\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:22 161280 --a------ C:\WINXP\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:22 289280 --a------ C:\WINXP\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 59904 --a------ C:\WINXP\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 82944 --a------ C:\WINXP\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 164352 --a------ C:\WINXP\system32\gpresult.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 103424 --a------ C:\WINXP\system32\getmac.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:21 21504 --a------ C:\WINXP\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2008-04-14 10:12:20 53248 --a------ C:\WINXP\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 269312 --a------ C:\WINXP\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 18432 --a------ C:\WINXP\system32\forcedos.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 31744 --a------ C:\WINXP\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 33792 --a------ C:\WINXP\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:20 37888 --a------ C:\WINXP\system32\findstr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 100352 --a------ C:\WINXP\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 93696 --a------ C:\WINXP\system32\eventtriggers.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 61440 --a------ C:\WINXP\system32\eventcreate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 269312 --a------ C:\WINXP\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:19 1142784 --a------ C:\WINXP\explorer.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:18 258048 --a------ C:\WINXP\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2008-04-14 10:12:18 28672 --a------ C:\WINXP\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:18 21504 --a------ C:\WINXP\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:18 73728 --a------ C:\WINXP\system32\driverquery.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:17 92160 --a------ C:\WINXP\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2008-04-14 10:12:17 268288 --a------ C:\WINXP\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2008-04-14 10:12:17 174592 --a------ C:\WINXP\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-04-14 10:12:17 97792 --a------ C:\WINXP\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:16 126464 --a------ C:\WINXP\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-14 10:12:16 35840 --a------ C:\WINXP\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2008-04-14 10:12:16 40960 --a------ C:\WINXP\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:16 49664 --a------ C:\WINXP\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2008-04-14 10:12:16 58880 --a------ C:\WINXP\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:15 151552 --a------ C:\WINXP\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2008-04-14 10:12:15 38400 --a------ C:\WINXP\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:15 107008 --a------ C:\WINXP\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-14 10:12:15 50688 --a------ C:\WINXP\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-14 10:12:14 69120 --a------ C:\WINXP\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2008-04-14 10:12:14 399872 --a------ C:\WINXP\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:14 76800 --a------ C:\WINXP\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:14 113664 --a------ C:\WINXP\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:14 74752 --a------ C:\WINXP\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:14 81920 --a------ C:\WINXP\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:14 67584 --a------ C:\WINXP\system32\cipher.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:13 30720 --a------ C:\WINXP\system32\cacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:13 186368 --a------ C:\WINXP\system32\bootcfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:13 213504 --a------ C:\WINXP\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 57856 --a------ C:\WINXP\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 23040 --a------ C:\WINXP\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 87552 --a------ C:\WINXP\system32\atmadm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 101376 --a------ C:\WINXP\system32\at.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 43520 --a------ C:\WINXP\system32\asr_pfu.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 106496 --a------ C:\WINXP\system32\asr_fmt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 55296 --a------ C:\WINXP\system32\alg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 141824 --a------ C:\WINXP\system32\ahui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 10:12:12 47616 --a------ C:\WINXP\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2008-04-14 10:12:11 195072 --a------ C:\WINXP\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 05:42:38 54784 --a------ C:\WINXP\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-14 04:43:31 89088 --a------ C:\WINXP\system32\spiisupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
21/05/2008 00:43 1526296 --a------ C:\Program Files\Mininova\tbMini.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= C:\Program Files\Mininova\tbMini.dll [21/05/2008 00:43 1526296]

[-HKEY_CLASSES_ROOT\CLSID\{F592709F-FF4A-4862-B659-4AFABDA56312}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINXP\system32\igfxtray.exe" [05/10/2006 23:11]
"HotKeysCmds"="C:\WINXP\system32\hkcmd.exe" [05/10/2006 23:13]
"Persistence"="C:\WINXP\system32\igfxpers.exe" [05/10/2006 23:10]
"RTHDCPL"="RTHDCPL.EXE" [10/04/2007 17:28 C:\WINXP\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [04/04/2007 19:22 C:\WINXP\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"SuperRam"="C:\Program Files\SuperRam\SuperRam.exe" [03/01/2005 22:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27/05/2008 10:50]
"Windows Update Service"="C:\WINXP\svchost.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [14/04/2008 10:12 C:\WINXP\system32\bthprops.cpl]
"PcBoost"="C:\Program Files\PcBoost\PcBoost.exe" []
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [15/03/2008 09:50]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" []
"NeroFilterCheck"="C:\WINXP\system32\NeroCheck.exe" [09/07/2001 11:50]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINXP\system32\ctfmon.exe" [14/04/2008 10:12]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [16/06/2008 09:12]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [21/12/2007 15:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [14/06/2008 23:53]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 11:54]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [16/06/2008 09:12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 16/06/2008 09:12 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINXP\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE&
  • 0

#8
Rorschach112
Posted 01 July 2008 - 07:57 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\WINXP\mrofinu1001186.exe
purity 
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new DSS log
  • 0

#9
SatanicSarahX
Posted 01 July 2008 - 08:07 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ok here it is



Explorer killed successfully
C:\WINXP\mrofinu1001186.exe moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF1083.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF10A2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF2151.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF2164.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF80D3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DFC336.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DFC34F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINXP\temp\Perflib_Perfdata_5b0.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07022008_000850

Files moved on Reboot...
File C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF1083.tmp not found!
File C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF10A2.tmp not found!
File C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF2151.tmp not found!
File C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF2164.tmp not found!
C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DF80D3.tmp moved successfully.
File C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DFC336.tmp not found!
File C:\DOCUME~1\SARAH~1.ANA\LOCALS~1\Temp\~DFC34F.tmp not found!
File C:\WINXP\temp\Perflib_Perfdata_5b0.dat not found!



ill post the kaspery in parts as i CANNOT upload it n have tried many times
  • 0

#10
SatanicSarahX
Posted 01 July 2008 - 08:08 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
r

Edited by SatanicSarahX, 01 July 2008 - 08:55 PM.

  • 0

Advertisements

#11
SatanicSarahX
Posted 01 July 2008 - 08:11 PM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
actuallay postins this is harder than i thought it diddnt put all of it in so u have any idead of how i can upload it besides the upload form on this forum which dosent work >.>



okok i found a website so i could do this here is the link

kaspersky.txt successfully uploaded!


Here is your link:
http://uppit.com/RVW3JT

Edited by SatanicSarahX, 01 July 2008 - 08:22 PM.

  • 0

#12
Rorschach112
Posted 02 July 2008 - 06:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok I got some bad news

You have virut, which is a file infecter. What it has done is infect every single exe file on your PC. Such an infection is impossible to fix 100%. I recommend that you reformat your PC and be a lot more careful what you download

Folders such as

e:\hacks

Will only get your PC wrecked, same for keygens and cracks



I suggest that you make a back up on CD, any important documents you might need, you can also back up your music and picture files, but don't back up any exe files or screensavers. All these will be infected and you run a risk of getting infected again if you use them anywhere else.

I am afraid that clean reformat is the only choice here. You will need to have recovery cd or back up image of the system. After reformatting, use Kaspersky to scan your back up CD to confirm that the back up you have is clean of this virus.



Any questions ?
  • 0

#13
SatanicSarahX
Posted 02 July 2008 - 07:20 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
aww What the... thats lame as [bleep] -_-

so no way that its possible?
man.....
does this virus affect it the badly?
what does it do? make the peformance slow?

how badly would if affect my pc if i left them on there?
also what if the exe file was in a compressed file like a .zip
or .rar would it stil be infected?

also u kno a way to save the windowes media player setting as in the songs that are on there and how many times ive played them and the date i added them if not i dont think ill whipe my pc cuz it took to long to rename them all

and ive done it heaps of times in the past cant be bothered to do it again....

also if i had that virus on my portable hardrive or my usb's and i connected it to a pc would it come from off there and transfer to my pc and wreck it again?

Edited by SatanicSarahX, 02 July 2008 - 07:27 AM.

  • 0

#14
Rorschach112
Posted 02 July 2008 - 07:42 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
There is zero chance of me fixing this. It has infected important files that are needed. If I even tried fixing it I could destroy your PC

You have 1200 infected files, it is impossible

how badly would if affect my pc if i left them on there?
also what if the exe file was in a compressed file like a .zip
or .rar would it stil be infected?

It would be a terrible idea. It would only be a matter of time before your PC got wrecked beyond repair. Yes exe files in a zip file will be infected as well

also u kno a way to save the windowes media player setting as in the songs that are on there and how many times ive played them and the date i added them if not i dont think ill whipe my pc cuz it took to long to rename them all

No, I would ask in the Applications forum about that

also if i had that virus on my portable hardrive or my usb's and i connected it to a pc would it come from off there and transfer to my pc and wreck it again?

Possibly. I would be cautious about running any exe files from that hard drive or from your usb


When you reformat I would suggest running Kaspersky again to make sure you are clean
  • 0

#15
SatanicSarahX
Posted 02 July 2008 - 07:46 AM

SatanicSarahX

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
ok i guess there is no choice ill wait till i hear back from you about the windowes media player

n does it save the artist info too? o.o i forghot to add that one b4
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP