-
Linabbs's blog- ZA采用升級安裝或者導入舊版ZA的配置文件到新版導致程序列表假死的Bug。
- 裝了ZA,如何使你的開機速度快點
- 如何設置查看局域網內被設入internet區機器的共享資源
- ZA也可以做到低資源占用!
- 關于za for vista(在VISTA下用ZA的人過來看看)
- CheckPoint Integrity Desktop v6.5.063.207 KeyGen
- 戰術攻防之近距離搏擊篇(ARP)攻擊
- 還在使用老版ZA的朋友們注意:ZoneAlarm防火墻產品有多個本地權限提升存在漏洞
- Knowledge Base / KB Extended (KE) 內容列表及說明
- 關于《利用ZA專家規則,允許/禁止端口》的一點補充和說明
Jan
5
[Active] Malware Issues (HJT log)
Filed Under Virus |
I am having some Malware issues… I have run Spybot multiple times and have deleted some Malware/Trojan files but still I have issues. If i go into my documents and click on one my my folders like: My Music, My Pictures I get a pop-up that tells me my computer is infected and directs me to click ok to scan my computer, when clicking yes or no it takes me to Webfreescan.com Can anyone help me remove this?
RIST LOG (sorry for some reason it didn’t open a "info.txt"
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Owner at 2008-12-17 15:57:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 32 GB (60%) free of 53 GB
Total RAM: 223 MB (14% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:22 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\TunePat\TunePat.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Koal.com - {3D1380C8-274A-4C31-8372-DD17055F1D33} - C:\WINDOWS\system32\knzg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TunePat] C:\Program Files\TunePat\TunePat.exe /silence
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1817] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC611] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9347] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC908] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3225] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4357] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA176] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8546] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1045] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC552] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6466] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2023] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4260] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4174] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8421] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4258] command /c del "C:\WINDOWS\system32\p.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7430] cmd /c del "C:\WINDOWS\system32\p.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3443] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8002] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1466] command /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC618] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4571] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4515] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7979] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC536] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2889] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7107] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4521] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4687] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7246] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4923] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2216] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1693] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3272] command /c del "C:\WINDOWS\system32\p.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6078] cmd /c del "C:\WINDOWS\system32\p.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2893] command /c del "c:\resycled\boot.com"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6383] cmd /c del "c:\resycled\boot.com"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8380] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1897] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [SpybotDeletingB707] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9716] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3894] command /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1387] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6821] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8429] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5983] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD334] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1769] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5201] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6477] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6000] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3509] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2475] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1346] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3511] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4670] command /c del "C:\WINDOWS\system32\p.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4820] cmd /c del "C:\WINDOWS\system32\p.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1421] command /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7816] cmd /c del "C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5105] command /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1045] cmd /c del "C:\Documents and Settings\Owner\Favorites\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7688] command /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1384] cmd /c del "C:\Documents and Settings\Owner\Favorites\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6766] command /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1985] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5552] command /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7722] cmd /c del "C:\Documents and Settings\Owner\Start Menu\Search Online.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8688] command /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2802] cmd /c del "C:\Documents and Settings\Owner\Start Menu\VIP Casino.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9798] command /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1214] cmd /c del "C:\Documents and Settings\Owner\Favorites\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9734] command /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8827] cmd /c del "C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5941] command /c del "C:\WINDOWS\system32\p.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1053] cmd /c del "C:\WINDOWS\system32\p.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3555] command /c del "c:\resycled\boot.com"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2222] cmd /c del "c:\resycled\boot.com"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9153] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3464] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra ‘Tools’ menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge…sh/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
–
End of file - 14211 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{3D1380C8-274A-4C31-8372-DD17055F1D33}]
Koal.com - C:\WINDOWS\system32\knzg.dll [2008-12-16 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb127\SearchSettings.dll [2008-06-12 1111904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"=C:\WINDOWS\system32\SiSPower.dll [2008-03-20 53248]
"Blubster"=C:\Program Files\Blubster\Blubster.exe SILENT []
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"Easy Dock"= []
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"TunePat"=C:\Program Files\TunePat\TunePat.exe [2008-08-27 4235264]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA1817"=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingC611"=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingA9347"=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingC908"=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingA3225"=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingC4357"=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingA176"=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingC8546"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingA1045"=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingC552"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingC6466"=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingA2023"=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingC4260"=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingA4174"=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingC8421"=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingA4258"=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingC7430"=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingA3443"=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingC8002"=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingA1466"=command /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingC618"=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingA4571"=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingC4515"=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingA7979"=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingC536"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingA2889"=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingC7107"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingA4521"=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingC4687"=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingA7246"=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingC4923"=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingA2216"=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingC1693"=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingA3272"=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingC6078"=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingA2893"=command /c del c:\resycled\boot.com []
"SpybotDeletingC6383"=cmd /c del c:\resycled\boot.com []
"SpybotDeletingA8380"=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingC1897"=cmd /c del C:\WINDOWS\SchedLgU.Txt []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Aim6"= []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB707"=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingD9716"=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingB3894"=command /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingD1387"=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingB6821"=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingD8429"=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingB5983"=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingD334"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingB1769"=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingD5201"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingB6477"=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingD6000"=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingB3509"=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingD2475"=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingB1346"=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingD3511"=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingB4670"=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingD4820"=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingB1421"=command /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingD7816"=cmd /c del C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url []
"SpybotDeletingB5105"=command /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingD1045"=cmd /c del C:\Documents and Settings\Owner\Favorites\Search Online.url []
"SpybotDeletingB7688"=command /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingD1384"=cmd /c del C:\Documents and Settings\Owner\Favorites\VIP Casino.url []
"SpybotDeletingB6766"=command /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingD1985"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url []
"SpybotDeletingB5552"=command /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingD7722"=cmd /c del C:\Documents and Settings\Owner\Start Menu\Search Online.url []
"SpybotDeletingB8688"=command /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingD2802"=cmd /c del C:\Documents and Settings\Owner\Start Menu\VIP Casino.url []
"SpybotDeletingB9798"=command /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingD1214"=cmd /c del C:\Documents and Settings\Owner\Favorites\SMS TRAP.url []
"SpybotDeletingB9734"=command /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingD8827"=cmd /c del C:\Documents and Settings\Owner\Start Menu\SMS TRAP.url []
"SpybotDeletingB5941"=command /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingD1053"=cmd /c del C:\WINDOWS\system32\p.ico []
"SpybotDeletingB3555"=command /c del c:\resycled\boot.com []
"SpybotDeletingD2222"=cmd /c del c:\resycled\boot.com []
"SpybotDeletingB9153"=command /c del C:\WINDOWS\SchedLgU.Txt []
"SpybotDeletingD3464"=cmd /c del C:\WINDOWS\SchedLgU.Txt []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
RCA Detective.lnk - C:\Documents and Settings\Owner\My Documents\RCA Detective\RCADetective.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoa dGroup]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoDriveAutoRun"=60000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explo rer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Blubster\Blubster.exe"="C:\Program Files\Blubster\Blubster.exe:*:Enabled:Blubster"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\G]
shell\AutoRun\command - G:\AutoRun.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{99edc0bf-c8c3-11dd-b9d0-0003252316a9}]
shell\AutoRun\command - G:\AutoRun.EXE
======List of files/folders created in the last 3 months======
2008-12-17 15:50:52 —-D—- C:\rsit
2008-12-16 12:21:02 —-A—- C:\WINDOWS\system32\knzg.dll
2008-12-16 12:02:28 —-A—- C:\WINDOWS\SWFDecompiler.INI
2008-12-16 12:01:36 —-D—- C:\Program Files\Common Files\SourceTec
2008-12-16 12:01:32 —-D—- C:\Program Files\SourceTec
2008-12-15 18:16:18 —-D—- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-15 18:02:22 —-A—- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-12-15 18:02:21 —-A—- C:\WINDOWS\system32\NPSWF32.dll
2008-12-15 17:51:33 —-HDC—- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-15 17:50:05 —-HDC—- C:\WINDOWS\$NtUninstallKB955839$
2008-12-15 17:19:32 —-HDC—- C:\WINDOWS\$NtUninstallKB954600$
2008-12-15 17:17:12 —-HDC—- C:\WINDOWS\$NtUninstallKB956802$
2008-12-15 16:59:08 —-D—- C:\Program Files\Common Files\Macrovision Shared
2008-12-15 16:43:34 —-D—- C:\Program Files\Adobe Solutions Network
2008-12-15 16:40:28 —-D—- C:\Program Files\Adobe CS3
2008-12-15 14:47:19 —-D—- C:\Program Files\Macromedia
2008-12-15 13:58:29 —-D—- C:\Documents and Settings\Owner\Application Data\Download Manager
2008-12-13 20:38:28 —-D—- C:\Program Files\iToys
2008-12-12 19:20:22 —-D—- C:\Program Files\KingsIsle Entertainment
2008-12-10 16:32:28 —-A—- C:\WINDOWS\system32\msqpdxrsvdnrsr.dll
2008-12-10 16:28:12 —-D—- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
2008-12-10 16:28:12 —-D—- C:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-12-10 16:27:29 —-D—- C:\Program Files\GlobalSCAPE
2008-12-10 16:18:45 —-D—- C:\Program Files\SmartFTP FTP Library
2008-12-05 11:28:43 —-D—- C:\Documents and Settings\All Users\Application Data\Launcher
2008-12-05 11:25:54 —-D—- C:\Documents and Settings\Owner\Application Data\vlc
2008-12-05 10:24:36 —-D—- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2008-12-05 10:24:08 —-D—- C:\Documents and Settings\Owner\Application Data\MozillaControl
2008-12-05 09:29:33 —-D—- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-12-05 09:27:25 —-D—- C:\Program Files\VideoLAN
2008-12-05 09:27:20 —-D—- C:\Program Files\Graboid
2008-12-04 10:53:13 —-D—- C:\Program Files\Trainer Maker Kit
2008-11-27 00:25:01 —-D—- C:\Program Files\GodswarOnline
2008-11-25 23:04:14 —-D—- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-11-25 23:02:45 —-D—- C:\Program Files\WorldOfGoo
2008-11-20 16:33:05 —-D—- C:\Program Files\SmartFTP Client
2008-11-20 16:31:27 —-D—- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-11-18 22:02:54 —-D—- C:\Program Files\mIRC
2008-11-18 22:02:54 —-D—- C:\Documents and Settings\Owner\Application Data\mIRC
2008-11-17 17:07:47 —-HDC—- C:\WINDOWS\$NtUninstallKB957097$
2008-11-17 17:02:56 —-HDC—- C:\WINDOWS\$NtUninstallKB955069$
2008-11-16 20:21:57 —-D—- C:\WINDOWS\Applian FLV Player
2008-11-16 20:21:57 —-D—- C:\Program Files\FLV Player
2008-11-16 20:21:50 —-A—- C:\WINDOWS\Applian FLV Player Setup Log.txt
2008-11-01 22:26:53 —-HDC—- C:\WINDOWS\$NtUninstallKB956803$
2008-11-01 22:26:45 —-HDC—- C:\WINDOWS\$NtUninstallKB956391$
2008-11-01 22:26:36 —-HDC—- C:\WINDOWS\$NtUninstallKB957095$
2008-11-01 22:22:01 —-HDC—- C:\WINDOWS\$NtUninstallKB954211$
2008-11-01 22:21:20 —-HDC—- C:\WINDOWS\$NtUninstallKB956841$
2008-11-01 22:18:46 —-HDC—- C:\WINDOWS\$NtUninstallKB958644$
2008-10-01 19:47:35 —-A—- C:\WINDOWS\cdplayer.ini
2008-10-01 18:34:52 —-A—- C:\Player Loader_log.txt
2008-09-30 16:43:34 —-A—- C:\WINDOWS\system32\msxml4.dll
2008-09-27 22:03:14 —-D—- C:\Program Files\iPod
2008-09-27 22:02:51 —-D—- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 22:02:50 —-D—- C:\Program Files\iTunes
2008-09-27 22:00:12 —-D—- C:\Program Files\Bonjour
2008-09-27 21:58:32 —-D—- C:\Program Files\QuickTime
2008-09-27 21:56:06 —-D—- C:\Program Files\Apple Software Update
2008-09-27 21:55:13 —-D—- C:\Program Files\Common Files\Apple
2008-09-24 20:47:56 —-A—- C:\WINDOWS\EasyRip.ini
2008-09-21 10:59:32 —-AD—- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-21 10:57:35 —-D—- C:\Program Files\TunePat
2008-09-21 10:50:09 —-D—- C:\Converted
======List of files/folders modified in the last 3 months======
2008-12-17 15:51:13 —-D—- C:\WINDOWS\Prefetch
2008-12-17 14:08:32 —-D—- C:\Program Files\Mozilla Firefox
2008-12-17 13:30:30 —-D—- C:\WINDOWS\TEMP
2008-12-17 13:28:30 —-A—- C:\WINDOWS\wininit.ini
2008-12-17 13:28:29 —-RD—- C:\Program Files
2008-12-17 13:28:28 —-D—- C:\WINDOWS\system32
2008-12-17 12:49:53 —-D—- C:\Program Files\Spybot - Search & Destroy
2008-12-17 10:08:02 —-N—- C:\WINDOWS\SchedLgU.Txt
2008-12-17 10:08:02 —-D—- C:\WINDOWS
2008-12-16 12:01:36 —-D—- C:\Program Files\Common Files
2008-12-16 09:12:37 —-D—- C:\Documents and Settings\Owner\Application Data\Adobe
2008-12-16 07:06:57 —-D—- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-15 18:14:57 —-SHD—- C:\WINDOWS\Installer
2008-12-15 18:08:54 —-D—- C:\Program Files\Adobe
2008-12-15 17:56:49 —-D—- C:\Program Files\Common Files\Adobe
2008-12-15 17:51:55 —-HD—- C:\WINDOWS\inf
2008-12-15 17:51:45 —-RSHDC—- C:\WINDOWS\system32\dllcache
2008-12-15 17:51:15 —-A—- C:\WINDOWS\imsins.BAK
2008-12-15 17:32:32 —-D—- C:\WINDOWS\system32\CatRoot2
2008-12-15 17:27:45 —-D—- C:\Program Files\Internet Explorer
2008-12-15 17:22:20 —-HD—- C:\WINDOWS\$hf_mig$
2008-12-15 14:49:48 —-D—- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-12-15 14:48:33 —-D—- C:\Program Files\Common Files\Vbox
2008-12-15 14:47:18 —-HD—- C:\Program Files\InstallShield Installation Information
2008-12-14 18:27:54 —-A—- C:\WINDOWS\ModemLog_Conexant SoftK56 Data Fax Modem.txt
2008-12-13 20:38:30 —-SD—- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-10 16:32:28 —-D—- C:\WINDOWS\system32\drivers
2008-12-06 12:57:01 —-D—- C:\Program Files\Tales of Pirates Online
2008-12-05 23:44:50 —-D—- C:\WINDOWS\system32\Adobe
2008-12-05 13:10:25 —-D—- C:\WINDOWS\Microsoft.NET
2008-12-05 13:10:23 —-RSD—- C:\WINDOWS\assembly
2008-12-05 10:21:54 —-A—- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-05 10:17:46 —-D—- C:\WINDOWS\WinSxS
2008-12-04 10:53:10 —-D—- C:\WINDOWS\system
2008-11-24 15:58:02 —-D—- C:\WINDOWS\Help
2008-11-11 22:06:51 —-D—- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-11-01 22:24:27 —-A—- C:\WINDOWS\win.ini
2008-11-01 16:56:22 —-D—- C:\WINDOWS\system32\CatRoot_bak
2008-11-01 16:56:21 —-D—- C:\WINDOWS\system32\CatRoot
2008-11-01 16:02:36 —-A—- C:\WINDOWS\SpeedGear.INI
2008-10-23 07:01:36 —-A—- C:\WINDOWS\system32\gdi32.dll
2008-10-22 03:47:07 —-A—- C:\WINDOWS\system32\tzchange.exe
2008-10-17 02:08:40 —-A—- C:\WINDOWS\system32\mshtml.dll
2008-10-16 14:38:40 —-A—- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:39 —-A—- C:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:39 —-A—- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:39 —-A—- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:39 —-A—- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:39 —-A—- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:39 —-A—- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:38 —-A—- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 —-A—- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:37 —-A—- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:37 —-A—- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:37 —-A—- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:37 —-A—- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:37 —-A—- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:37 —-A—- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:35 —-A—- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:35 —-A—- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:35 —-A—- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:35 —-A—- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:35 —-A—- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:35 —-A—- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:34 —-A—- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 —-A—- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 —-A—- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 —-A—- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 —-A—- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 —-A—- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 —-A—- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 —-A—- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 —-A—- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 —-A—- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 —-A—- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 —-A—- C:\WINDOWS\system32\mucltui.dll
2008-10-16 07:11:09 —-A—- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 07:11:09 —-A—- C:\WINDOWS\system32\ie4uinit.exe
2008-10-15 10:57:55 —-A—- C:\WINDOWS\system32\netapi32.dll
2008-10-15 01:04:53 —-A—- C:\WINDOWS\system32\ieakui.dll
2008-10-03 04:15:47 —-A—- C:\WINDOWS\system32\strmdll.dll
2008-09-27 22:03:55 —-DC—- C:\WINDOWS\system32\DRVSTORE
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-11-23 35840]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2008-03-20 18944]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-02-22 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 BCM43XX;BCM 802.11b Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-06-26 341760]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-08 1041536]
R3 HSFHWSIS;HSFHWSIS; C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2004-09-08 193280]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2008-03-20 323072]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-03-26 180000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-08 685184]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-04 42496]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files\Bots\GameGuard\dump_wmimmc.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MusCDriverV32;MusCDriverV32; C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2008-09-18 23096]
S3 MusCVideo32;MusCVideo32; C:\WINDOWS\system32\DRIVERS\MusCVideo32.sys [2008-09-18 3768]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt –defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-15 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-05-04 69632]
S4 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-02-22 172032]
—————–EOF—————–
Last edited by Ludocane; 2 Weeks Ago at 23:03.
Reason: Missed some Information
Related Posts:
Comments
Leave a Reply
You must be logged in to post a comment.