Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please Help. winfixer virus? [CLOSED]


  • This topic is locked This topic is locked

#16
liebermojo

liebermojo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Combofix log:




ComboFix 08-07-09.5 - T.J 2008-07-11 0:49:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.358 [GMT -4:00]
Running from: C:\Documents and Settings\T.J\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\T.J\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\BM9b2700e8.xml
C:\WINDOWS\system32\dpbybkqyhvedhks.exe
C:\WINDOWS\system32\drivers\cd2e4d3f.sys
C:\WINDOWS\system32\g87.exe
C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll
C:\WINDOWS\system32\mouymjwe.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dpbybkqyhvedhks.exe
C:\WINDOWS\system32\g87.exe
C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll
C:\WINDOWS\system32\mouymjwe.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11
)))))))))))))))))))))))))))))))
.

2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d-------- C:\Program
Files\SUPERAntiSpyware
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d-------- C:\Program
Files\Common Files\Wise Installation Wizard
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d--------
C:\Documents and Settings\T.J\Application Data\SUPERAntiSpyware.com
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d-------- C:\Program
Files\Malwarebytes' Anti-Malware
2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d--------
C:\Documents and Settings\T.J\Application Data\Malwarebytes
2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 22:52 . 2008-07-07 17:35 34,296 --a------
C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 22:52 . 2008-07-07 17:35 17,144 --a------
C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 17:15 . 2008-07-11 00:56 54,156 --ah-----
C:\WINDOWS\QTFont.qfn
2008-07-10 17:15 . 2008-07-10 17:15 1,409 --a------
C:\WINDOWS\QTFont.for
2008-07-10 17:14 . 2008-07-11 00:54 58,476 --ah-----
C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf.szcpf
2008-07-09 19:53 . 2008-07-11 00:38 58,476 --ah-----
C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf
2008-07-09 19:26 . 2008-07-10 17:31 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-09 19:26 . 2008-07-10 17:18 6,792 --a------
C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-09 19:25 . 2008-07-09 19:25 <DIR> d-------- C:\Program
Files\STOPzilla!
2008-07-09 19:25 . 2008-07-09 19:25 <DIR> d-------- C:\Program
Files\Common Files\iS3
2008-07-09 19:25 . 2008-07-11 00:55 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-09 19:00 . 2008-07-09 19:00 <DIR> d-------- C:\Program
Files\Trend Micro
2008-07-09 16:24 . 2008-07-09 16:24 <DIR> d-------- C:\Deckard
2008-07-09 13:56 . 2008-07-10 03:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-09 13:50 . 2008-07-10 08:53 <DIR> d--------
C:\WINDOWS\system32\drivers\Avg
2008-07-09 13:50 . 2008-07-09 13:50 <DIR> d-------- C:\Program
Files\AVG
2008-07-09 13:50 . 2008-07-10 17:37 <DIR> d--------
C:\Documents and Settings\T.J\Application Data\AVGTOOLBAR
2008-07-09 13:50 . 2008-07-09 13:50 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 13:50 . 2008-07-09 13:50 96,520 --a------
C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 13:50 . 2008-07-09 13:50 76,040 --a------
C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-09 13:50 . 2008-07-09 13:50 10,520 --a------
C:\WINDOWS\system32\avgrsstx.dll
2008-07-08 19:34 . 2007-07-30 19:19 271,224 --a------
C:\WINDOWS\system32\mucltui.dll
2008-07-08 19:34 . 2007-07-30 19:19 207,736 --a------
C:\WINDOWS\system32\muweb.dll
2008-07-08 19:34 . 2007-07-30 19:19 30,072 --a------
C:\WINDOWS\system32\mucltui.dll.mui
2008-07-08 19:21 . 2007-11-27 22:56 116,416 --a------
C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-07-08 19:21 . 2007-11-27 22:56 91,328 --a------
C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-07-08 19:19 . 2008-07-08 19:19 <DIR> d--------
C:\WINDOWS\system32\bits
2008-07-08 19:19 . 2007-03-29 08:56 409,600 ---------
C:\WINDOWS\system32\dllcache\qmgr.dll
2008-07-08 19:19 . 2008-05-15 16:15 53,168 --a------
C:\WINDOWS\system32\drivers\MpFilter.sys
2008-07-08 19:19 . 2007-03-29 08:56 18,944 ---------
C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-07-08 19:19 . 2007-03-29 08:56 8,192 ---------
C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-07-08 19:19 . 2007-03-29 08:56 7,168 ---------
C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-07-08 19:19 . 2007-03-29 08:56 7,168 ---------
C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-07-08 19:19 . 2007-03-29 08:56 7,168 --a------
C:\WINDOWS\system32\bitsprx4.dll
2008-07-08 19:14 . 2008-07-10 09:00 <DIR> d-------- C:\Program
Files\Microsoft Windows OneCare Live
2008-07-08 18:17 . 2008-07-08 18:17 36,079 --a------
C:\WINDOWS\alaredun.ini
2008-07-08 00:21 . 2008-07-08 00:21 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\ESET
2008-07-07 23:48 . 2008-07-08 19:02 <DIR> d--------
C:\Documents and Settings\T.J\Application Data\Azureus
2008-07-07 23:48 . 2008-07-07 23:48 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-07 20:36 . 2008-07-07 20:36 <DIR> d-------- C:\Program
Files\Alwil Software
2008-07-07 17:05 . 2008-07-11 00:07 <DIR> d-------- C:\Program
Files
2008-07-07 13:09 . 2008-07-07 21:35 <DIR> d--------
C:\WINDOWS\system32\4808
2008-07-07 12:12 . 2008-07-07 12:12 9,662 --a------
C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-07 12:11 . 2008-07-07 12:11 <DIR> d-------- C:\Program
Files\AskSBar
2008-07-07 12:10 . 2008-07-07 23:51 <DIR> d-------- C:\Program
Files\Vuze
2008-07-07 12:02 . 2008-07-07 21:28 <DIR> d-------- C:\WINDOWS\VC5K
2008-07-07 12:02 . 2008-07-07 21:28 <DIR> d--------
C:\WINDOWS\system32\tfig
2008-07-07 12:02 . 2008-07-08 19:02 <DIR> d--------
C:\WINDOWS\system32\olixds01
2008-07-07 12:02 . 2008-07-07 21:27 <DIR> d--------
C:\WINDOWS\system32\net
2008-07-07 12:02 . 2008-07-07 22:33 <DIR> d--------
C:\WINDOWS\system32\cREG
2008-07-07 12:02 . 2008-07-07 22:32 <DIR> d--------
C:\WINDOWS\system32\1030
2008-07-07 12:02 . 2008-07-07 12:02 <DIR> d-------- C:\Temp\stmpv4
2008-07-07 12:02 . 2008-07-10 17:45 <DIR> d-------- C:\Temp
2008-07-07 12:02 . 2008-07-08 00:04 90,922 --a------
C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll-uninst.exe
2008-07-07 10:49 . 2008-07-07 10:39 <DIR> d-------- C:\kav
2008-07-06 22:14 . 2008-07-08 19:01 <DIR> d-------- C:\Program
Files\Spyware Doctor Enterprise Server
2008-07-06 22:13 . 2008-07-06 22:13 <DIR> d-------- C:\PC Tools
Spyware Doctor Enterprise
2008-07-06 21:59 . 2008-07-08 00:15 <DIR> d-------- C:\Program
Files\XoftSpySE
2008-07-06 21:39 . 2008-07-06 21:39 75 --a------
C:\WINDOWS\st_affiliate.ini
2008-07-06 21:35 . 2008-07-07 10:42 <DIR> d-------- C:\Program
Files\CyberDefender
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------
C:\WINDOWS\system32\SZBase5.dll
2008-06-29 17:25 . 2008-06-29 17:40 4,681,449,472 --a------
C:\SPIDERWICK _AC_D1_169.ISO
2008-06-28 21:49 . 2008-06-28 21:49 8,433 --a------
C:\SPIDERWICK_AC_D1_169.MDS
2008-06-28 21:34 . 2008-06-28 21:49 7,506,722,816 --a------
C:\SPIDERWICK_AC_D1_169.ISO
2008-06-26 11:20 . 2008-06-26 11:20 <DIR> d--------
C:\WINDOWS\Cache
2008-06-26 11:20 . 2008-06-26 11:20 <DIR> d-------- C:\Program
Files\Coupons
2008-06-26 11:20 . 2008-06-26 11:20 206,168 -ra------
C:\WINDOWS\system32\cpnprt2.cid
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------
C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------
C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------
C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------
C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------
C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------
C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------
C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------
C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------
C:\WINDOWS\system32\IS3Base5.dll
2008-06-20 13:41 . 2008-06-20 13:41 245,248 ---------
C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 ---------
C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 09:53 . 2008-06-19 09:53 <DIR> d--------
C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-06-11 05:38 . 2008-06-13 09:10 272,128 ---------
C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 05:38 . 2008-06-13 09:10 272,128 ---------
C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 04:44 --------- d-----w C:\Program Files\Mozilla
Thunderbird
2008-07-11 04:42 --------- d-----w C:\Documents and
Settings\T.J\Application Data\OpenOffice.org2
2008-07-11 04:37 --------- d-----w C:\Program Files\LogMeIn
2008-07-10 19:02 6,686 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-08 21:21 --------- d-----w C:\Documents and
Settings\T.J\Application Data\AdobeUM
2008-07-08 12:35 --------- d-----w C:\Documents and
Settings\All Users\Application Data\Kodak
2008-07-08 06:52 --------- d-----w C:\Program Files\Kodak
2008-07-08 04:21 --------- d-----w C:\Program Files\ESET
2008-07-08 04:15 --------- d-----w C:\Program Files\Spybot -
Search & Destroy
2008-07-08 04:15 --------- d-----w C:\Documents and
Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 04:14 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-03 19:04 --------- d-----w C:\Documents and
Settings\All Users\Application Data\alamode
2008-06-29 21:24 --------- d-----w C:\Documents and
Settings\All Users\Application Data\DVD Shrink
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w
C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w
C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w
C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w
C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w
C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w
C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-18 17:32 278,528 ------w C:\WINDOWS\MBWSetup.exe
2008-06-16 17:48 849,144 ----a-w
C:\WINDOWS\system32\auroraupgrade.dll
2008-06-16 14:24 --------- d-----w C:\Program Files\The Weather
Channel FW
2008-06-02 14:52 849,144 ----a-w C:\WINDOWS\system32\wtapi.exe
2008-05-30 18:52 3,921,264 ----a-w
C:\WINDOWS\system32\adbilling.dll
2008-05-28 16:33 83,288 ----a-w
C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-20 19:31 1,574,136 ----a-w C:\WINDOWS\system32\wtusers.dll
2008-05-20 17:16 500,984 ----a-w C:\WINDOWS\system32\alabilling.dll
2008-05-19 18:09 3,069,176 ----a-w
C:\WINDOWS\system32\alacontacts.dll
2008-05-13 14:03 34,432 ----a-r
C:\WINDOWS\system32\drivers\SZKG.sys
2008-05-08 17:12 1,398,008 ----a-w C:\WINDOWS\system32\wtfiles.dll
2008-05-08 12:28 202,752 ------w
C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w
C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w
C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w
C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w
C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w
C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w
C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-15 16:25 681,208 ----a-w C:\WINDOWS\system32\openreport.exe
2008-04-11 14:27 3,532,144 ----a-w
C:\WINDOWS\system32\filecabinet5.dll
2006-05-11 13:52 630,784 ----a-w C:\Documents and
Settings\T.J\chatlnk.exe
.

((((((((((((((((((((((((((((( [email protected]_17.55.49.96
)))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-10 21:49:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 04:54:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 04:07:51 18,944 ----a-r
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-07-11 04:07:51 65,024 ----a-r
C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
"myspaceim"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-11-16
17:42 1327104]
"msmsgs"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe"
[2007-01-01 17:22 3739648]
"dw6"="C:\Program Files\The Weather Channel
FW\Desktop\DesktopWeather.exe" [2008-06-10 16:18 785520]
"SUPERAntiSpyware"="C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sunjavaupdatesched"="C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48 32881]
"realtray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-17
08:12 26112]
"quicktime task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11
11:56 286720]
"onecareui"="C:\Program Files\Microsoft Windows OneCare
Live\winssnotify.exe" [2008-06-25 06:48 67112]
"mskdetectorexe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
[2005-07-12 20:05 1117184]
"logmein gui"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
[2007-04-17 14:03 63048]
"ituneshelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11
13:10 267048]
"isusscheduler"="C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"isuspm startup"="C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"google desktop search"="C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe" [2006-04-17 08:21 169472]
"ehtray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 15:01 67584]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13
16:48 1443072]
"dmxlauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
[2005-10-05 04:12 94208]
"dla"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"atipta"="C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"adobe photo downloader"="C:\Program Files\Adobe\Photoshop Album Starter
Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-09 13:50 1232152]
"sigmatelsystrayapp"="stsystra.exe" [2005-03-23 00:20 339968
C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\T.J\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
[2007-12-29 21:31:43 325632]
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org
2.1\program\quickstart.exe [2006-11-27 17:45:48 393216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
[2006-04-17 08:10:11 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
uteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program
Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\lmiinit]
2008-05-28 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\onecaremp]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"KodakCCS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\a la mode\\Sched\\eSched.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2008-05-13 10:03]
R1 avgldx86;AVG Free AVI Loader Driver
x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-09 13:50]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
[2008-03-13 16:52]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe
[2008-07-09 13:50]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[2008-07-09 13:50]
R2 avgtdix;AVG Free8 Network
Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-09 13:50]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program
Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System
Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R2 ochealthmon;Windows Live OneCare Health Monitor;C:\Program
Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-06-25 06:47]
S1 cd2e4d3f;cd2e4d3f;C:\WINDOWS\system32\drivers\cd2e4d3f.sys []
S3 marsqx5;Digital Blue QX5 V2
Microscope;C:\WINDOWS\system32\DRIVERS\marsqx5.sys [2007-04-02 16:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-10 16:15:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 00:55:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\locator.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.bin
C:\WINDOWS\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-07-11 1:04:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 05:03:45
ComboFix2.txt 2008-07-10 23:03:37
ComboFix3.txt 2008-07-10 21:56:42

Pre-Run: 100,250,648,576 bytes free
Post-Run: 100,257,386,496 bytes free

293 --- E O F --- 2008-07-09 07:02:35
  • 0

Advertisements


#17
liebermojo

liebermojo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Hijack this log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07:37 AM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,AutoConfigURL = 169.254.35.38
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} -
C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e}
- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
- c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: STOPzilla Browser Helper Object -
{e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program
Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} -
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar -
{A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} -
C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program
Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sigmatelsystrayapp] stsystra.exe
O4 - HKLM\..\Run: [realtray] C:\Program
Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [quicktime task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [onecareui] "C:\Program Files\Microsoft Windows
OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [mskdetectorexe] C:\Program
Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [logmein gui] "C:\Program
Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] "C:\Program Files\Common
Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [google desktop search] "C:\Program
Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dmxlauncher] C:\Program Files\Dell\Media
Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [atipta] "C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [adobe photo downloader] "C:\Program
Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [myspaceim] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google
Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [dw6] "C:\Program Files\The Weather Channel
FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Event Reminder.lnk = C:\Program
Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org
2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program
Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software
Updater.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common
files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common
files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common
files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common
files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common
files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common
files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty
MultiSelect) - http://mfr.mlxchange...ectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client
Utils) - http://mfr.mlxchange...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) -
http://mfr.mlxchange...ol/IRCSharc.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer
Class) -
http://a532.g.akamai...om/6712/player/
install3.5/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer
Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program
Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ,
s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o.
- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program
Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET
NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. -
C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program
Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -
C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program
Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O24 - Desktop Component 0: (no name) -

http://images.google...edia.org/wikipe
dia/en/thumb/0/00/Hottest.jpg/300px-Hottest.jpg
O24 - Desktop Component 1: (no name) -
http://www.wwe.com/s...rphotos/999.jpg

--
End of file - 12199 bytes
  • 0

#18
liebermojo

liebermojo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
and finally....

Kasperksy scan log:




Friday, July 11, 2008 9:59:13 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2
(Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/07/2008
Kaspersky Anti-Virus database records: 937938

*Scan Settings*
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

*Scan Target* My Computer
C:\
D:\
E:\

*Scan Statistics*
Total number of scanned objects 82644
Number of viruses found 1
Number of infected objects 0
Number of suspicious objects 26
Duration of the scan process 02:17:11


*Infected Object Name* *Virus Name* *Last Action*
C:\Documents and Settings\All Users\Application
Data\avg8\emc\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\avg8\Log\avgcore.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\avg8\Log\avglng.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\avg8\Log\avgrs.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\avg8\Log\avgui.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\avg8\Log\avgwd.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\avg8\Log\commonpriv.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32
Antivirus\Charon\CACHE.NDB Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32
Antivirus\Logs\virlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\ESET\ESET NOD32
Antivirus\Logs\warnlog.dat Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-
76f7-4481-b30b-ff1b40f8687f
Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare
Protection\Support\MPLog-07082008-192003.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Protection Service\edb.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Protection Service\edbtmp.log Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl Object is
locked skipped

C:\Documents and Settings\All Users\Application
Data\SITEguard\siteguard.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll1.zip/loader.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll1.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll4.zip/iedll.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll4.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll5.zip/loader.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll5.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll6.zip/iedll.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchAffIedll6.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchBootconf.zip/msupdate.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchBootconf.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchSvcinit.zip/mssys.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\CoolWWWSearchSvcinit.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC24.zip/window.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC24.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC30.zip/accesss.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC30.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC43.zip/clrssn.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC43.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC45.zip/y.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC45.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC46.zip/accesss.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC46.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC49.zip/win64.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudC49.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCgeneric.zip/iexplorer.exe Suspicious:
Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search &
Destroy\Recovery\SmitfraudCgeneric.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application
Data\STOPzilla!\sgdefs.db Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\STOPzilla!\targets.db Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\STOPzilla!\userdata.db Object is locked skipped

C:\Documents and Settings\All Users\Application
Data\STOPzilla!\zilla5.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is
locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked
skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is
locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is
locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary
Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is
locked skipped

C:\Documents and Settings\T.J\Application
Data\MySpace\IM\Logs\MySpaceIM-Network-20080711-005933.log Object is
locked skipped

C:\Documents and Settings\T.J\Application
Data\MySpace\IM\Logs\MySpaceIm_07-11-2008-00-58-11-0828.log Object is
locked skipped

C:\Documents and Settings\T.J\Application
Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-7-11-2008(
0-58-42 ).LOG Object is locked skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\abook.mab Object is locked
skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\cert8.db Object is locked
skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\ImapMail\imap.1and1.com\INBOX.msf
Object is locked skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\ImapMail\imap.1and1.com\Sent-1.msf
Object is locked skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\ImapMail\imap.1and1.com\Trash.msf
Object is locked skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\key3.db Object is locked
skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\panacea.dat Object is
locked skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\parent.lock Object is
locked skipped

C:\Documents and Settings\T.J\Application
Data\Thunderbird\Profiles\f3z4507x.default\urlclassifier2.sqlite Object
is locked skipped

C:\Documents and Settings\T.J\Cookies\index.dat Object is locked
skipped

C:\Documents and Settings\T.J\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\T.J\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\T.J\Local
Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\T.J\Local
Settings\Temp\Perflib_Perfdata_fc4.dat Object is locked skipped

C:\Documents and Settings\T.J\Local Settings\Temp\~DF1DA2.tmp Object is
locked skipped

C:\Documents and Settings\T.J\Local Settings\Temporary Internet
Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is
locked skipped

C:\Documents and Settings\T.J\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\T.J\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\T.J\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat Object
is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\prov.xml
Object is locked skipped

C:\Program Files\Microsoft Windows OneCare
Live\ClientSD\Prov\service.xml Object is locked skipped

C:\Program Files\Microsoft Windows OneCare
Live\ClientSD\Prov\service.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Prov\user.xml
Object is locked skipped

C:\Program Files\Microsoft Windows OneCare
Live\ClientSD\Prov\user.xml.bak Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\ClientSD\SubInfo.xml
Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log Object
is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb Object
is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb
Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\onecaremp_log.bin
Object is locked skipped

C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin Object
is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP11\A0002484.sys
Object is locked skipped

C:\System Volume
Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP11\A0002487.sys
Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is
locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D47B3A72-25C5-4F
72-8161-362854963026}.crmlog
Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\MSFWSVC.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked
skipped

C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf Object is locked skipped

C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf.szcpf Object is locked
skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped

C:\WINDOWS\Temp\Perflib_Perfdata_9d4.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

*Scan process completed.*
  • 0

#19
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
in this post we will clear away the malware i can see and scan some suspicious looking files.

also, on your notepad, could you turn off wordwrap - it makes the logs hard to read

any idea what this file is C:\SPIDERWICK _AC_D1_169.ISO ?


====STEP 1====
Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf.szcpf

Click on the submit button

Please also do the same with the following four files:
C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf
C:\WINDOWS\system32\drivers\kgpcpy.cfg
C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll-uninst.exe
C:\WINDOWS\st_affiliate.ini


Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal




====STEP 2====
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File:
C:\WINDOWS\system32\ZoneAlarmIconUS.ico

Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]

DirLook::
C:\Program Files\Common Files\iS3
C:\WINDOWS\system32\bits
C:\WINDOWS\system32\4808
C:\Program Files\AskSBar
C:\Program Files\Vuze
C:\WINDOWS\VC5K
C:\WINDOWS\system32\tfig
C:\WINDOWS\system32\olixds01
C:\WINDOWS\system32\net
C:\WINDOWS\system32\cREG
C:\WINDOWS\system32\1030
C:\Temp\stmpv4


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.


In your next reply could i see:
1. the five jotti reports
2. the combofix log
3. a new hijackthis log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#20
liebermojo

liebermojo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay, The file you asked about is a file my son downloaded. I was not aware that he had done this or what is was but I now have a very good idea and he will not be using the computer for quite a while. he said the the program he used is called Vuse. I will delete it and take more interest in his activities on the computer from now on. Is there any thing more you might recommend? I am very embarrassed about this and I apologize on his behalf and hope that this won't prevent your further assistance.

As far as the five jotti reports, on the first two files I received this reply;

"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

On the third... C:\WINDOWS\system32\drivers\kgpcpy.cfg


File kgpcpy.cfg received on 07.12.2008 04:01:54 (CET)
Current status: finished
Result: 0/33 (0%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 -
Authentium 5.1.0.4 2008.07.11 -
Avast 4.8.1195.0 2008.07.12 -
AVG 7.5.0.516 2008.07.11 -
BitDefender 7.2 2008.07.12 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.11 -
DrWeb 4.44.0.09170 2008.07.11 -
eSafe 7.0.17.0 2008.07.10 -
eTrust-Vet 31.6.5947 2008.07.11 -
Ewido 4.0 2008.07.11 -
F-Prot 4.4.4.56 2008.07.11 -
F-Secure 7.60.13501.0 2008.07.10 -
Fortinet 3.14.0.0 2008.07.11 -
GData 2.0.7306.1023 2008.07.12 -
Ikarus T3.1.1.26.0 2008.07.12 -
Kaspersky 7.0.0.125 2008.07.12 -
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.12 -
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.11 -
Prevx1 V2 2008.07.12 -
Rising 20.52.41.00 2008.07.11 -
Sophos 4.31.0 2008.07.12 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.12 -
TheHacker 6.2.96.376 2008.07.10 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.11 -
Webwasher-Gateway 6.6.2 2008.07.11 -
Additional information
File size: 6792 bytes
MD5...: b4cf4ebf27eb32ced2a92ad61b6186c7
SHA1..: 54eb5458817a50add21da6f1902abb7526194aea
SHA256: 05acb08ce71152542edeb8d845e9faba962737d8b4a64b888d1b60bd5417ab7d
SHA512: 2a18ba70613ad6aaa2efea810c8835589abcedfbdf258af7d39118fe1c65a2fd
8e0f03a42d59e5731af8ab8bfe8fc8086e751b9a4a1e785790d13a8702a1bd97
PEiD..: -
PEInfo: -


On the Fourth... C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll-uninst.exe

File itaswkecpvtbcwpbq.dll-uninst.exe received on 07.12.2008 04:06:18 (CET)
Current status: finished
Result: 4/33 (12.13%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 ADSPY/AdSpy.Gen
Authentium 5.1.0.4 2008.07.11 -
Avast 4.8.1195.0 2008.07.12 -
AVG 7.5.0.516 2008.07.11 -
BitDefender 7.2 2008.07.12 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.11 -
DrWeb 4.44.0.09170 2008.07.11 -
eSafe 7.0.17.0 2008.07.10 -
eTrust-Vet 31.6.5947 2008.07.11 -
Ewido 4.0 2008.07.11 -
F-Prot 4.4.4.56 2008.07.11 -
F-Secure 7.60.13501.0 2008.07.10 -
Fortinet 3.14.0.0 2008.07.11 -
GData 2.0.7306.1023 2008.07.12 -
Ikarus T3.1.1.26.0 2008.07.12 AdWare.AdSpy
Kaspersky 7.0.0.125 2008.07.12 -
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.12 -
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.11 -
Prevx1 V2 2008.07.12 Cloaked Malware
Rising 20.52.41.00 2008.07.11 -
Sophos 4.31.0 2008.07.12 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.12 -
TheHacker 6.2.96.376 2008.07.10 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.11 -
Webwasher-Gateway 6.6.2 2008.07.11 Ad-Spyware.AdSpy.Gen
Additional information
File size: 90922 bytes
MD5...: f1cabbb1daba3e53aca70f429689f3da
SHA1..: 2b89d63e97ea0c6db4d92519022c4fac87b80c28
SHA256: fd601e48c14687c60ebe03485796eb6ee16dbc508407fd4d13984ddfaf318a04
SHA512: a63f0c3008a6131c1f56fee8e826505d2ad931ac9032f23c9972ac8bb118b4ef
84f365436f7f7a695e13516a973cfe763fdcc32ff0d29cb8d3cadde3ffd6346c
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403225
timedatestamp.....: 0x481c71ea (Sat May 03 14:08:42 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5934 0x5a00 6.46 663546ac41801daf2dc51f560ec05a56
.rdata 0x7000 0x1190 0x1200 5.18 db16645055619c0cc73276ff5c3adb75
.data 0x9000 0x1af98 0x400 4.70 f0511f18783910813a0de0de02bc1206
.ndata 0x24000 0xa000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2e000 0x6fb0 0x7000 5.73 da0df9eeab5e54f3dc332a952344820b

( 8 imports )
> KERNEL32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetFileTime, GetTempPathA, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetWindowsDirectoryA
> USER32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
Prevx info: http://info.prevx.co...6D56D00F923FAB9


And On the Fifth... C:\WINDOWS\st_affiliate.ini



File st_affiliate.ini received on 07.12.2008 04:07:37 (CET)
Current status: finished
Result: 0/33 (0%)
Compact
Print results
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.11 -
AntiVir 7.8.0.64 2008.07.11 -
Authentium 5.1.0.4 2008.07.11 -
Avast 4.8.1195.0 2008.07.12 -
AVG 7.5.0.516 2008.07.11 -
BitDefender 7.2 2008.07.12 -
CAT-QuickHeal 9.50 2008.07.11 -
ClamAV 0.93.1 2008.07.11 -
DrWeb 4.44.0.09170 2008.07.11 -
eSafe 7.0.17.0 2008.07.10 -
eTrust-Vet 31.6.5947 2008.07.11 -
Ewido 4.0 2008.07.11 -
F-Prot 4.4.4.56 2008.07.11 -
F-Secure 7.60.13501.0 2008.07.10 -
Fortinet 3.14.0.0 2008.07.11 -
GData 2.0.7306.1023 2008.07.12 -
Ikarus T3.1.1.26.0 2008.07.12 -
Kaspersky 7.0.0.125 2008.07.12 -
McAfee 5337 2008.07.11 -
Microsoft 1.3704 2008.07.12 -
NOD32v2 3263 2008.07.11 -
Norman 5.80.02 2008.07.11 -
Panda 9.0.0.4 2008.07.11 -
Prevx1 V2 2008.07.12 -
Rising 20.52.41.00 2008.07.11 -
Sophos 4.31.0 2008.07.12 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.12 -
TheHacker 6.2.96.376 2008.07.10 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.12 -
VirusBuster 4.5.11.0 2008.07.11 -
Webwasher-Gateway 6.6.2 2008.07.11 -
Additional information
File size: 75 bytes
MD5...: ea4c078099b5c81d4737f02ff59b4f0b
SHA1..: 777f5b550618993968ae04c7bede3072ec139ec7
SHA256: 12e9c1d880c1616e2c16f0d008528128c0d034483939dac281fd69b5429358d9
SHA512: 90c276a8f31116671d6db2b8bf7261a45f4d79e25ee4daea3102f7467d2ececb
460ac13936838a64b737b8ce2fdbef6d8fd5b33af88b9388ea43e66b2d2e1eb0
PEiD..: -
  • 0

#21
liebermojo

liebermojo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Combofix log:


ComboFix 08-07-09.5 - T.J 2008-07-11 22:13:51.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT -4:00]
Running from: C:\Documents and Settings\T.J\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\T.J\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-11 21:52 . 2008-07-11 22:19 58,476 --ah----- C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf.szcpf
2008-07-11 01:09 . 2008-07-11 01:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-11 01:09 . 2008-07-11 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d-------- C:\Documents and Settings\T.J\Application Data\SUPERAntiSpyware.com
2008-07-11 00:07 . 2008-07-11 00:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d-------- C:\Documents and Settings\T.J\Application Data\Malwarebytes
2008-07-10 22:52 . 2008-07-10 22:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 22:52 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 22:52 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 17:15 . 2008-07-11 22:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 17:15 . 2008-07-10 17:15 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 19:53 . 2008-07-11 00:38 58,476 --ah----- C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf
2008-07-09 19:26 . 2008-07-10 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-09 19:26 . 2008-07-10 17:18 6,792 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-09 19:25 . 2008-07-09 19:25 <DIR> d-------- C:\Program Files\STOPzilla!
2008-07-09 19:25 . 2008-07-09 19:25 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-07-09 19:25 . 2008-07-11 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-09 19:00 . 2008-07-09 19:00 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-09 16:24 . 2008-07-09 16:24 <DIR> d-------- C:\Deckard
2008-07-09 13:56 . 2008-07-10 03:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-09 13:50 . 2008-07-11 19:24 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-09 13:50 . 2008-07-09 13:50 <DIR> d-------- C:\Program Files\AVG
2008-07-09 13:50 . 2008-07-10 17:37 <DIR> d-------- C:\Documents and Settings\T.J\Application Data\AVGTOOLBAR
2008-07-09 13:50 . 2008-07-09 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 13:50 . 2008-07-09 13:50 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-09 13:50 . 2008-07-09 13:50 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-09 13:50 . 2008-07-09 13:50 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-08 19:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-08 19:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-08 19:34 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-08 19:21 . 2007-11-27 22:56 116,416 --a------ C:\WINDOWS\system32\drivers\msfwhlpr.sys
2008-07-08 19:21 . 2007-11-27 22:56 91,328 --a------ C:\WINDOWS\system32\drivers\msfwdrv.sys
2008-07-08 19:19 . 2008-07-08 19:19 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-08 19:19 . 2007-03-29 08:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-07-08 19:19 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-07-08 19:19 . 2007-03-29 08:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-07-08 19:19 . 2007-03-29 08:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-07-08 19:19 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-07-08 19:19 . 2007-03-29 08:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-07-08 19:19 . 2007-03-29 08:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-07-08 19:14 . 2008-07-10 09:00 <DIR> d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-07-08 18:17 . 2008-07-08 18:17 36,079 --a------ C:\WINDOWS\alaredun.ini
2008-07-08 00:21 . 2008-07-08 00:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-07 23:48 . 2008-07-08 19:02 <DIR> d-------- C:\Documents and Settings\T.J\Application Data\Azureus
2008-07-07 23:48 . 2008-07-07 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-07 20:36 . 2008-07-07 20:36 <DIR> d-------- C:\Program Files\Alwil Software
2008-07-07 17:05 . 2008-07-11 00:07 <DIR> d-------- C:\Program Files
2008-07-07 13:09 . 2008-07-07 21:35 <DIR> d-------- C:\WINDOWS\system32\4808
2008-07-07 12:12 . 2008-07-07 12:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-07-07 12:11 . 2008-07-07 12:11 <DIR> d-------- C:\Program Files\AskSBar
2008-07-07 12:10 . 2008-07-07 23:51 <DIR> d-------- C:\Program Files\Vuze
2008-07-07 12:02 . 2008-07-07 21:28 <DIR> d-------- C:\WINDOWS\VC5K
2008-07-07 12:02 . 2008-07-07 21:28 <DIR> d-------- C:\WINDOWS\system32\tfig
2008-07-07 12:02 . 2008-07-08 19:02 <DIR> d-------- C:\WINDOWS\system32\olixds01
2008-07-07 12:02 . 2008-07-07 21:27 <DIR> d-------- C:\WINDOWS\system32\net
2008-07-07 12:02 . 2008-07-07 22:33 <DIR> d-------- C:\WINDOWS\system32\cREG
2008-07-07 12:02 . 2008-07-07 22:32 <DIR> d-------- C:\WINDOWS\system32\1030
2008-07-07 12:02 . 2008-07-07 12:02 <DIR> d-------- C:\Temp\stmpv4
2008-07-07 12:02 . 2008-07-10 17:45 <DIR> d-------- C:\Temp
2008-07-07 12:02 . 2008-07-08 00:04 90,922 --a------ C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll-uninst.exe
2008-07-07 10:49 . 2008-07-07 10:39 <DIR> d-------- C:\kav
2008-07-06 22:14 . 2008-07-08 19:01 <DIR> d-------- C:\Program Files\Spyware Doctor Enterprise Server
2008-07-06 22:13 . 2008-07-06 22:13 <DIR> d-------- C:\PC Tools Spyware Doctor Enterprise
2008-07-06 21:59 . 2008-07-08 00:15 <DIR> d-------- C:\Program Files\XoftSpySE
2008-07-06 21:39 . 2008-07-06 21:39 75 --a------ C:\WINDOWS\st_affiliate.ini
2008-07-06 21:35 . 2008-07-07 10:42 <DIR> d-------- C:\Program Files\CyberDefender
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-06-29 17:25 . 2008-06-29 17:40 4,681,449,472 --a------ C:\SPIDERWICK _AC_D1_169.ISO
2008-06-28 21:49 . 2008-06-28 21:49 8,433 --a------ C:\SPIDERWICK_AC_D1_169.MDS
2008-06-28 21:34 . 2008-06-28 21:49 7,506,722,816 --a------ C:\SPIDERWICK_AC_D1_169.ISO
2008-06-26 11:20 . 2008-06-26 11:20 <DIR> d-------- C:\WINDOWS\Cache
2008-06-26 11:20 . 2008-06-26 11:20 <DIR> d-------- C:\Program Files\Coupons
2008-06-26 11:20 . 2008-06-26 11:20 206,168 -ra------ C:\WINDOWS\system32\cpnprt2.cid
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-20 13:41 . 2008-06-20 13:41 245,248 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 06:44 . 2008-06-20 06:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 09:53 . 2008-06-19 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogMeIn

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 02:24 --------- d-----w C:\Documents and Settings\T.J\Application Data\OpenOffice.org2
2008-07-12 01:56 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-11 04:37 --------- d-----w C:\Program Files\LogMeIn
2008-07-10 19:02 6,686 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-07-08 21:21 --------- d-----w C:\Documents and Settings\T.J\Application Data\AdobeUM
2008-07-08 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-07-08 06:52 --------- d-----w C:\Program Files\Kodak
2008-07-08 04:21 --------- d-----w C:\Program Files\ESET
2008-07-08 04:15 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-08 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-08 04:14 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-03 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\alamode
2008-06-29 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-18 17:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-06-18 17:32 278,528 ------w C:\WINDOWS\MBWSetup.exe
2008-06-16 17:48 849,144 ----a-w C:\WINDOWS\system32\auroraupgrade.dll
2008-06-16 14:24 --------- d-----w C:\Program Files\The Weather Channel FW
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-02 14:52 849,144 ----a-w C:\WINDOWS\system32\wtapi.exe
2008-05-30 18:52 3,921,264 ----a-w C:\WINDOWS\system32\adbilling.dll
2008-05-28 16:33 83,288 ----a-w C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-05-28 16:32 87,352 ----a-w C:\WINDOWS\system32\LMIinit.dll
2008-05-28 16:32 24,608 ----a-w C:\WINDOWS\system32\LMIport.dll
2008-05-28 16:32 23,736 ----a-w C:\WINDOWS\system32\lmimirr.dll
2008-05-28 16:32 10,040 ----a-w C:\WINDOWS\system32\lmimirr2.dll
2008-05-20 19:31 1,574,136 ----a-w C:\WINDOWS\system32\wtusers.dll
2008-05-20 17:16 500,984 ----a-w C:\WINDOWS\system32\alabilling.dll
2008-05-19 18:09 3,069,176 ----a-w C:\WINDOWS\system32\alacontacts.dll
2008-05-13 14:03 34,432 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2008-05-08 17:12 1,398,008 ----a-w C:\WINDOWS\system32\wtfiles.dll
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,288,192 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-24 02:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:40 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-15 16:25 681,208 ----a-w C:\WINDOWS\system32\openreport.exe
2006-05-11 13:52 630,784 ----a-w C:\Documents and Settings\T.J\chatlnk.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\AskSBar ----

2008-07-11 22:03 452 --a------ C:\Program Files\AskSBar\bar\Cache\files.ini
2008-07-11 21:01 78 --a------ C:\Program Files\AskSBar\bar\Cache\007136BA
2008-07-07 12:13 9423 --a------ C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm
2008-07-07 12:13 78 --a------ C:\Program Files\AskSBar\bar\Cache\0027423B
2008-07-07 12:13 728 --a------ C:\Program Files\AskSBar\bar\Cache\002747E8.bin
2008-07-07 12:13 628 --a------ C:\Program Files\AskSBar\bar\Cache\0027470D.bin
2008-07-07 12:13 3388 --a------ C:\Program Files\AskSBar\bar\Cache\00274383.bin
2008-07-07 12:13 1212 --a------ C:\Program Files\AskSBar\bar\Cache\00274558.bin
2008-07-07 12:13 1212 --a------ C:\Program Files\AskSBar\bar\Cache\0027447D.bin
2008-07-07 12:13 1212 --a------ C:\Program Files\AskSBar\bar\Cache\00274410.bin
2008-07-07 12:13 1024 --a------ C:\Program Files\AskSBar\bar\History\search2
2008-07-07 12:11 6352 --a------ C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR
2008-07-07 12:11 53248 --a------ C:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLL
2008-07-07 12:11 49255 --a------ C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL
2008-07-07 12:11 4757 --a------ C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR
2008-07-07 12:11 262144 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
2008-07-07 12:11 24683 --a------ C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL
2008-07-07 12:11 16501 --a------ C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE
2008-07-07 12:11 140 --a------ C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
2008-07-07 12:11 140 --a------ C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST

---- Directory of C:\Program Files\Common Files\iS3 ----

2008-07-10 17:31 5001842 --a------ C:\Program Files\Common Files\iS3\Anti-Spyware\phishing.rsf
2008-07-09 19:30 156387 --a------ C:\Program Files\Common Files\iS3\Anti-Spyware\sgdfull.rsf
2008-07-09 19:28 2467467 --a------ C:\Program Files\Common Files\iS3\Anti-Spyware\fullupd.rsf
2008-07-03 15:49 83392 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SGTargetUpdate.Exe
2008-07-03 15:49 198080 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
2008-07-03 15:49 116160 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZTargetUpdate.Exe
2008-07-03 15:49 112064 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\IS3Updater.exe
2008-07-03 15:49 103872 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZPAHost.dll
2008-07-03 15:47 98304 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZEXIT.dll
2008-07-03 15:46 55296 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZHistory.dll
2008-07-03 15:45 122880 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZQrntn.dll
2008-07-03 15:44 106496 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\updcsz.dll
2008-07-03 15:43 98304 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZExtrSS.dll
2008-07-03 15:43 57344 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
2008-07-03 15:43 43008 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZClLic.dll
2008-07-03 15:43 409600 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SGPrxy.dll
2008-07-03 15:43 18432 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZSchSvc.dll
2008-07-03 15:42 73728 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZUniTrg.dll
2008-07-03 15:42 233472 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SGSvc.dll
2008-07-03 15:42 184320 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZSnsrSv.dll
2008-07-03 15:42 143360 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZSvcHost.dll
2008-07-03 15:42 102400 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZTrgSS.dll
2008-07-03 15:41 573440 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZJustice.dll
2008-07-03 15:41 26112 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZBrCom.dll
2008-07-03 15:41 163840 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZScnSvc.dll
2008-07-03 15:41 106496 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZClientCom.dll
2008-07-03 15:41 106496 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\SZCfgSvc.dll
2008-06-02 00:57 156952 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\iS3SploitChecker.dll
2008-06-02 00:57 152856 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\iS3SiteBlocker.dll
2008-05-16 17:51 169240 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
2007-09-26 19:14 4096 -ra------ C:\Program Files\Common Files\iS3\Anti-Spyware\detoured.dll

---- Directory of C:\Program Files\Vuze ----

2008-07-07 23:51 90666 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_6_5p83tu_1kde336.ico
2008-07-07 23:51 854732 --a------ C:\Program Files\Vuze\.install4j\i4jruntime.jar
2008-07-07 23:51 8065 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_9_5p83tu_1hamnt3.png
2008-07-07 23:51 74289 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_5_5p83tu.txt
2008-07-07 23:51 704 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_2_5p83tu_1vdagjj.png
2008-07-07 23:51 68 --a------ C:\Program Files\Vuze\.install4j\install.prop
2008-07-07 23:51 57344 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_11_5p83tu.dll
2008-07-07 23:51 552960 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_8_5p83tu.exe
2008-07-07 23:51 54 --a------ C:\Program Files\Vuze\.install4j\inst_jre.cfg
2008-07-07 23:51 51055 --a------ C:\Program Files\Vuze\.install4j\files.log
2008-07-07 23:51 49271 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_7_5p83tu_62t8mu.icns
2008-07-07 23:51 48 --a------ C:\Program Files\Vuze\installer.log
2008-07-07 23:51 4608 --a------ C:\Program Files\Vuze\.install4j\i4jdel.exe
2008-07-07 23:51 41995 --a------ C:\Program Files\Vuze\.install4j\response.varfile
2008-07-07 23:51 41179 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_10_5p83tu.txt
2008-07-07 23:51 38463 --a------ C:\Program Files\Vuze\.install4j\i4jparams.conf
2008-07-07 23:51 3681 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_1_5p83tu_3ozw4w.png
2008-07-07 23:51 343358 --a------ C:\Program Files\Vuze\.install4j\installation.log
2008-07-07 23:51 337 --a------ C:\Program Files\Vuze\.install4j\autoUninstall.2
2008-07-07 23:51 27532 --a------ C:\Program Files\Vuze\.install4j\MessagesDefault
2008-07-07 23:51 27532 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_0_5p83tu.utf8
2008-07-07 23:51 27 --a------ C:\Program Files\Vuze\.install4j\pref_jre.cfg
2008-07-07 23:51 25938 --a------ C:\Program Files\Vuze\.install4j\user.jar
2008-07-07 23:51 245408 --a------ C:\Program Files\Vuze\.install4j\unicows.dll
2008-07-07 23:51 22528 --a------ C:\Program Files\Vuze\.install4j\_shfoldr.dll
2008-07-07 23:51 19527 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_4_5p83tu_jhp9vg.png
2008-07-07 23:51 1678 --a------ C:\Program Files\Vuze\.install4j\i4j_extf_3_5p83tu_1hxg2db.png
2008-07-07 23:51 108544 --a------ C:\Program Files\Vuze\.install4j\i4jinst.dll
2008-07-07 23:50 994 --a------ C:\Program Files\Vuze\jre\Welcome.html
2008-07-07 23:50 9910 --a------ C:\Program Files\Vuze\jre\lib\security\java.security
2008-07-07 23:50 98304 --a------ C:\Program Files\Vuze\jre\bin\jpinscp.dll
2008-07-07 23:50 98304 --a------ C:\Program Files\Vuze\jre\bin\jpicom.dll
2008-07-07 23:50 98304 --a------ C:\Program Files\Vuze\jre\bin\instrument.dll
2008-07-07 23:50 976 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Baku
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Nauru
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Atlantic\Cape_Verde
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Vientiane
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Saigon
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Phnom_Penh
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Dhaka
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Calcutta
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Nairobi
2008-07-07 23:50 97 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Kampala
2008-07-07 23:50 968 --a------ C:\Program Files\Vuze\jre\lib\zi\Europe\Andorra
2008-07-07 23:50 962019 --a------ C:\Program Files\Vuze\jre\lib\plugin.jar
2008-07-07 23:50 932 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Indiana\Winamac
2008-07-07 23:50 93 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Dili
2008-07-07 23:50 93 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Blanc-Sablon
2008-07-07 23:50 93 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Atikokan
2008-07-07 23:50 928 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Miquelon
2008-07-07 23:50 900 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Indiana\Marengo
2008-07-07 23:50 892 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Tehran
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Niue
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Midway
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Kwajalein
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Kiritimati
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Enderbury
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Antananarivo
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Martinique
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Guyana
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Bogota
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Niamey
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Ndjamena
2008-07-07 23:50 89 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Maseru
2008-07-07 23:50 884 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Indiana\Vincennes
2008-07-07 23:50 884 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Indiana\Tell_City
2008-07-07 23:50 88256 --a------ C:\Program Files\Vuze\jre\lib\jce.jar
2008-07-07 23:50 880 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Mexico_City
2008-07-07 23:50 868 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Indiana\Indianapolis
2008-07-07 23:50 852 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Thule
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Kosrae
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Rangoon
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Makassar
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Jayapura
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Caracas
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Nouakchott
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Dar_es_Salaam
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Conakry
2008-07-07 23:50 85 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Bamako
2008-07-07 23:50 840 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Mazatlan
2008-07-07 23:50 830486 --a------ C:\Program Files\Vuze\jre\lib\ext\localedata.jar
2008-07-07 23:50 828 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Tunis
2008-07-07 23:50 824 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Windhoek
2008-07-07 23:50 8239 --a------ C:\Program Files\Vuze\jre\lib\ext\dnsns.jar
2008-07-07 23:50 8192 --a------ C:\Program Files\Vuze\jre\bin\npt.dll
2008-07-07 23:50 816 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Chihuahua
2008-07-07 23:50 81 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\DumontDUrville
2008-07-07 23:50 81 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\Davis
2008-07-07 23:50 81 --a------ C:\Program Files\Vuze\jre\lib\zi\America\La_Paz
2008-07-07 23:50 8003 --a------ C:\Program Files\Vuze\jre\lib\fontconfig.properties.src
2008-07-07 23:50 7945 --a------ C:\Program Files\Vuze\jre\lib\im\thaiim.jar
2008-07-07 23:50 792 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Cancun
2008-07-07 23:50 788 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Monterrey
2008-07-07 23:50 788 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Merida
2008-07-07 23:50 77824 --a------ C:\Program Files\Vuze\jre\bin\net.dll
2008-07-07 23:50 77824 --a------ C:\Program Files\Vuze\jre\bin\jli.dll
2008-07-07 23:50 77228 --a------ C:\Program Files\Vuze\jre\lib\classlist
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Saipan
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Pitcairn
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Pago_Pago
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Norfolk
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Majuro
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Galapagos
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Apia
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Chagos
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Thimphu
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Qatar
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Katmandu
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Brunei
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Bahrain
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Puerto_Rico
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Curacao
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Cayenne
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Aruba
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Antigua
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Porto-Novo
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Monrovia
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Malabo
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Gaborone
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\El_Aaiun
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Dakar
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Bissau
2008-07-07 23:50 77 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Banjul
2008-07-07 23:50 7680 --a------ C:\Program Files\Vuze\jre\bin\j2pcsc.dll
2008-07-07 23:50 760 --a------ C:\Program Files\Vuze\jre\PATCH.ERR
2008-07-07 23:50 7591 --a------ C:\Program Files\Vuze\jre\lib\fontconfig.98.properties.src
2008-07-07 23:50 7420 --a------ C:\Program Files\Vuze\jre\lib\tzmappings
2008-07-07 23:50 73 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Mogadishu
2008-07-07 23:50 724 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Indiana\Vevay
2008-07-07 23:50 698236 --a------ C:\Program Files\Vuze\jre\lib\fonts\LucidaSansRegular.ttf
2008-07-07 23:50 69632 --a------ C:\Program Files\Vuze\jre\bin\javacpl.cpl
2008-07-07 23:50 69632 --a------ C:\Program Files\Vuze\jre\bin\deploy.dll
2008-07-07 23:50 671 --a------ C:\Program Files\Vuze\jre\lib\i386\jvm.cfg
2008-07-07 23:50 6555645 --a------ C:\Program Files\Vuze\jre\lib\charsets.jar
2008-07-07 23:50 65536 --a------ C:\Program Files\Vuze\jre\bin\jpioji.dll
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Wallis
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Wake
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Truk
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Tarawa
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Tahiti
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Ponape
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Palau
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Marquesas
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Guam
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Guadalcanal
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Gambier
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Funafuti
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Fakaofo
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Reunion
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Mayotte
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Mauritius
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Maldives
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Mahe
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Kerguelen
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Comoro
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Atlantic\St_Helena
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Riyadh
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Muscat
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Kuwait
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Kabul
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Dubai
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Bangkok
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Aden
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\Vostok
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\Syowa
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\Rothera
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\Mawson
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Antarctica\Casey
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Tortola
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\St_Vincent
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\St_Thomas
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\St_Lucia
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\St_Kitts
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Port_of_Spain
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Panama
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Montserrat
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Guayaquil
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Guadeloupe
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Grenada
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Dominica
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Cayman
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Anguilla
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Sao_Tome
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Ouagadougou
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Mbabane
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Maputo
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Lusaka
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Luanda
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Libreville
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Lagos
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Kigali
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Harare
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Douala
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Djibouti
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Brazzaville
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Blantyre
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Bangui
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Asmara
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Addis_Ababa
2008-07-07 23:50 65 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Abidjan
2008-07-07 23:50 6457 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_ja.properties
2008-07-07 23:50 632 --a------ C:\Program Files\Vuze\jre\lib\cmm\GRAY.pf
2008-07-07 23:50 617 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Hong_Kong
2008-07-07 23:50 61440 --a------ C:\Program Files\Vuze\jre\bin\unpack.dll
2008-07-07 23:50 602112 --a------ C:\Program Files\Vuze\jre\bin\mlib_image.dll
2008-07-07 23:50 59944 --a------ C:\Program Files\Vuze\jre\lib\deploy\splash.jpg
2008-07-07 23:50 577 --a------ C:\Program Files\Vuze\jre\lib\zi\Atlantic\Reykjavik
2008-07-07 23:50 556594 --a------ C:\Program Files\Vuze\jre\lib\jsse.jar
2008-07-07 23:50 5506 --a------ C:\Program Files\Vuze\jre\lib\content-types.properties
2008-07-07 23:50 54672 --a------ C:\Program Files\Vuze\jre\bin\jureg.exe
2008-07-07 23:50 537 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Bahia
2008-07-07 23:50 529 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Resolute
2008-07-07 23:50 521 --a------ C:\Program Files\Vuze\jre\lib\ext\meta-index
2008-07-07 23:50 5159 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_ko.properties
2008-07-07 23:50 513 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Belize
2008-07-07 23:50 51236 --a------ C:\Program Files\Vuze\jre\lib\cmm\CIEXYZ.pf
2008-07-07 23:50 5120 --a------ C:\Program Files\Vuze\jre\bin\rmi.dll
2008-07-07 23:50 5120 --a------ C:\Program Files\Vuze\jre\bin\jawt.dll
2008-07-07 23:50 509328 --a------ C:\Program Files\Vuze\jre\bin\ssv.dll
2008-07-07 23:50 509 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Dawson_Creek
2008-07-07 23:50 49271 --a------ C:\Program Files\Vuze\jre\lib\security\cacerts
2008-07-07 23:50 49152 --a------ C:\Program Files\Vuze\jre\bin\javacpl.exe
2008-07-07 23:50 485 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Bishkek
2008-07-07 23:50 4821 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Riyadh87
2008-07-07 23:50 481 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Regina
2008-07-07 23:50 4765 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Riyadh89
2008-07-07 23:50 4733 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Riyadh88
2008-07-07 23:50 47104 --a------ C:\Program Files\Vuze\jre\bin\zip.dll
2008-07-07 23:50 469 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Tbilisi
2008-07-07 23:50 465 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Qyzylorda
2008-07-07 23:50 461 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Oral
2008-07-07 23:50 457 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Araguaina
2008-07-07 23:50 453 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Aqtobe
2008-07-07 23:50 453 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Aqtau
2008-07-07 23:50 453 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Almaty
2008-07-07 23:50 441 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Choibalsan
2008-07-07 23:50 437 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Ulaanbaatar
2008-07-07 23:50 437 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Hovd
2008-07-07 23:50 42721746 --a------ C:\Program Files\Vuze\jre\lib\rt.jar
2008-07-07 23:50 4221 --a------ C:\Program Files\Vuze\jre\COPYRIGHT
2008-07-07 23:50 393 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Macau
2008-07-07 23:50 393 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Maceio
2008-07-07 23:50 3828 --a------ C:\Program Files\Vuze\jre\lib\flavormap.properties
2008-07-07 23:50 382 --a------ C:\Program Files\Vuze\jre\lib\management-agent.jar
2008-07-07 23:50 381 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Taipei
2008-07-07 23:50 3789 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_zh_TW.properties
2008-07-07 23:50 3789 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_zh_HK.properties
2008-07-07 23:50 377 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Recife
2008-07-07 23:50 377 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Noronha
2008-07-07 23:50 377 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Fortaleza
2008-07-07 23:50 3746 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_zh_CN.properties
2008-07-07 23:50 37376 --a------ C:\Program Files\Vuze\jre\bin\j2pkcs11.dll
2008-07-07 23:50 36352 --a------ C:\Program Files\Vuze\jre\bin\JdbcOdbc.dll
2008-07-07 23:50 3501 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_fr.properties
2008-07-07 23:50 348160 --a------ C:\Program Files\Vuze\jre\bin\msvcr71.dll
2008-07-07 23:50 345 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Port-au-Prince
2008-07-07 23:50 341 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Danmarkshavn
2008-07-07 23:50 3403 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_es.properties
2008-07-07 23:50 3376 --a------ C:\Program Files\Vuze\jre\lib\management\snmp.acl.template
2008-07-07 23:50 337 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Khartoum
2008-07-07 23:50 335872 --a------ C:\Program Files\Vuze\jre\bin\fontmanager.dll
2008-07-07 23:50 333 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Algiers
2008-07-07 23:50 3304 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_sv.properties
2008-07-07 23:50 329104 --a------ C:\Program Files\Vuze\jre\bin\jucheck.exe
2008-07-07 23:50 329 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Boa_Vista
2008-07-07 23:50 3213 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_de.properties
2008-07-07 23:50 31744 --a------ C:\Program Files\Vuze\jre\bin\verify.dll
2008-07-07 23:50 31632 --a------ C:\Program Files\Vuze\jre\lib\ext\sunmscapi.jar
2008-07-07 23:50 3160 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages_it.properties
2008-07-07 23:50 3144 --a------ C:\Program Files\Vuze\jre\lib\cmm\sRGB.pf
2008-07-07 23:50 313 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Manaus
2008-07-07 23:50 313 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Eirunepe
2008-07-07 23:50 313 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Freetown
2008-07-07 23:50 3070 --a------ C:\Program Files\Vuze\jre\lib\psfont.properties.ja
2008-07-07 23:50 3070 --a------ C:\Program Files\Vuze\jre\lib\net.properties
2008-07-07 23:50 3058 --a------ C:\Program Files\Vuze\jre\lib\fontconfig.bfc
2008-07-07 23:50 297 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Rio_Branco
2008-07-07 23:50 297 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Porto_Velho
2008-07-07 23:50 297 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Belem
2008-07-07 23:50 2940 --a------ C:\Program Files\Vuze\jre\lib\security\local_policy.jar
2008-07-07 23:50 293 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Tripoli
2008-07-07 23:50 2856 --a------ C:\Program Files\Vuze\jre\lib\management\jmxremote.password.template
2008-07-07 23:50 285 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Rarotonga
2008-07-07 23:50 2807 --a------ C:\Program Files\Vuze\jre\lib\jvm.hprof.txt
2008-07-07 23:50 2710 --a------ C:\Program Files\Vuze\jre\lib\fontconfig.98.bfc
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\YST9
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\PST8
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\MST7
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\HST10
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\EST5
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\CST6
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\AST4
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Port_Moresby
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Johnston
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\MST
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Cocos
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Indian\Christmas
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\HST
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\GMT
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\UTC
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\UCT
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+9
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+8
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+7
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+6
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+5
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+4
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+3
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+2
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+12
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+11
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+10
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT+1
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-9
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-8
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-7
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-6
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-5
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-4
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-3
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-2
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-14
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-13
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-12
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-11
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-10
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Etc\GMT-1
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\EST
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Atlantic\South_Georgia
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Lubumbashi
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Lome
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Kinshasa
2008-07-07 23:50 27 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Bujumbura
2008-07-07 23:50 269 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Ashgabat
2008-07-07 23:50 2661 --a------ C:\Program Files\Vuze\jre\lib\deploy\messages.properties
2008-07-07 23:50 26112 --a------ C:\Program Files\Vuze\jre\bin\tnameserv.exe
2008-07-07 23:50 261 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Tashkent
2008-07-07 23:50 261 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Samarkand
2008-07-07 23:50 261 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Dushanbe
2008-07-07 23:50 2605062 --a------ C:\Program Files\Vuze\jre\lib\deploy.jar
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\servertool.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\rmiregistry.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\rmid.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\policytool.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\pack200.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\orbd.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\ktab.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\klist.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\kinit.exe
2008-07-07 23:50 25600 --a------ C:\Program Files\Vuze\jre\bin\keytool.exe
2008-07-07 23:50 25088 --a------ C:\Program Files\Vuze\jre\bin\java-rmi.exe
2008-07-07 23:50 24701 --a------ C:\Program Files\Vuze\jre\bin\w2k_lsa_auth.dll
2008-07-07 23:50 2469 --a------ C:\Program Files\Vuze\jre\lib\security\US_export_policy.jar
2008-07-07 23:50 241 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Swift_Current
2008-07-07 23:50 237568 --a------ C:\Program Files\Vuze\jre\bin\regutils.dll
2008-07-07 23:50 2351 --a------ C:\Program Files\Vuze\jre\lib\management\jmxremote.access
2008-07-07 23:50 2334720 --a------ C:\Program Files\Vuze\jre\bin\client\jvm.dll
2008-07-07 23:50 233 --a------ C:\Program Files\Vuze\jre\lib\zi\Pacific\Efate
2008-07-07 23:50 233 --a------ C:\Program Files\Vuze\jre\lib\zi\America\Jamaica
2008-07-07 23:50 2288 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\YST9YDT
2008-07-07 23:50 2288 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\PST8PDT
2008-07-07 23:50 2288 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\MST7MDT
2008-07-07 23:50 2288 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\EST5EDT
2008-07-07 23:50 2288 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\CST6CDT
2008-07-07 23:50 2288 --a------ C:\Program Files\Vuze\jre\lib\zi\SystemV\AST4ADT
2008-07-07 23:50 2245 --a------ C:\Program Files\Vuze\jre\lib\logging.properties
2008-07-07 23:50 224493 --a------ C:\Program Files\Vuze\jre\lib\ext\sunpkcs11.jar
2008-07-07 23:50 2221 --a------ C:\Program Files\Vuze\jre\lib\security\java.policy
2008-07-07 23:50 221 --a------ C:\Program Files\Vuze\jre\lib\zi\Australia\Lindeman
2008-07-07 23:50 217 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Kuching
2008-07-07 23:50 213 --a------ C:\Program Files\Vuze\jre\lib\zi\Africa\Casablanca
2008-07-07 23:50 205 --a------ C:\Program Files\Vuze\jre\lib\zi\Australia\Perth
2008-07-07 23:50 205 --a------ C:\Program Files\Vuze\jre\lib\zi\Australia\Eucla
2008-07-07 23:50 205 --a------ C:\Program Files\Vuze\jre\lib\zi\Asia\Harbin
2008-07-07 23:50 20480 --a------ C:\Program Files\Vuze\jre\bin\nio.dll
  • 0

#22
liebermojo

liebermojo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
And the Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:27 PM, on 7/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 169.254.35.38
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766b-9f49-4854-8034-f6ee26fcb1ec} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: AVG Security Toolbar - {a057a204-bacc-4d26-9990-79a187e2698e} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: STOPzilla Browser Helper Object - {e3215f20-3212-11d6-9f8b-00d0b743919d} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [sunjavaupdatesched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [sigmatelsystrayapp] stsystra.exe
O4 - HKLM\..\Run: [realtray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [onecareui] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [mskdetectorexe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [logmein gui] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [ituneshelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [isusscheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [isuspm startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [google desktop search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehtray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dmxlauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [atipta] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [adobe photo downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [myspaceim] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [msmsgs] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [dw6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mfr.mlxchange...ectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mfr.mlxchange...ClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange...ol/IRCSharc.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

--
End of file - 11835 bytes
  • 0

#23
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi liebermojo

no worries about your son, i just did not know that program. the three files in question are:
C:\SPIDERWICK _AC_D1_169.ISO
C:\SPIDERWICK_AC_D1_169.MDS
C:\SPIDERWICK_AC_D1_169.ISO
....i dont know if they are bad, if you dont delete them then we will scan them to be sure, just let me know what you do.


to remove Vuze, go to the control panel and delete it via add/remove programs
(Start > Control Panel > Add/Remove Programs and remove Vuze)

the jotti scans found one bad program and the ones you could not upload were also bad, so we will remove those also.

also, the combofix log got cut-off because it was so long, could you repost the remaining parts.....you may need to post them over one or more posts.....or you can attach the text file to the post by:
To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
====STEP 1====
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf.szcpf
    C:\WINDOWS\system32\drivers\cd2e4d3f.sys.szcpf
    C:\WINDOWS\system32\itaswkecpvtbcwpbq.dll-uninst.exe
    C:\Program Files\AskSBar
    EmptyTemp
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



In your next reply could i see:
1. whether you decided to delete those three files
2. the OTMoveIT log
3. the remaining part of the combofix log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#24
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP