Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Winlogon

  1. 2007-11-25, 10:07 #21
    Plutonus
    Plutonus is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    21

    Default

    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\36\19-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v536-{94EFD367-7931-4B32-95B8-FFF4BE13400B}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1512 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\37\537-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v537-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v537-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\38\538-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v538-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v538-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1584 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\39\539-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v539-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v539-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1712 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\46\546-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v546-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v546-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1728 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\49\149-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v149-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v149-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 128 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\51\151-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v151-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v151-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1408 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\52\152-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v152-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v152-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2088 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\53\153-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v153-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v153-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1456 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\54\154-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v154-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v154-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1848 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\55\155-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v155-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v155-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1552 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\56\156-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v156-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v156-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1040 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\57\157-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v157-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v157-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 800 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\58\158-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v158-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v158-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\63\163-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v163-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v163-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 2928 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\63\568-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v563-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v568-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9120 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\63\568-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v563-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v568-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1000 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\64\582-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v564-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v582-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9192 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\64\582-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v564-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v582-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1016 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\65\583-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v565-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v583-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 9840 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\65\583-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v565-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v583-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1096 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\66\566-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v566-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v566-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1728 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\67\567-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v567-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v567-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1808 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\70\570-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v570-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v570-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 848 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\71\571-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v571-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v571-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\72\572-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v572-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v572-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1800 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\73\173-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v173-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v173-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 488 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\73\573-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v573-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v573-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1776 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\74\584-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v574-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v584-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 15834 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\74\584-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v574-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v584-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\75\585-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v575-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v585-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16662 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\75\585-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v575-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v585-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1800 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\76\586-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v576-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1 16050 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\76\586-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v576-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v586-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\77\577-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v577-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v577-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1728 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\78\578-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v578-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v578-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1792 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\79\579-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v579-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v579-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1864 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\80\580-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v580-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v580-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1376 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\82\382-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v382-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v382-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1704 bytes hidden from API
    E:\Documents and Settings\Matt2\Local Settings\Application Data\Microsoft\Messenger\hmmproductions_2000@hotmail.com\SharingMetadata\the_boredom_takes_over@hotmail.com\DFSR\Staging\CS{9F3D7A35-1186-874C-EE15-4EBA4B65B231}\87\187-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v187-{08D2D9E8-2AC3-4F9B-9B35-9005C9314960}-v187-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 1920 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 86


    --- Analysing Catchme logfile ---

    no matching regkeys found


    Finished!


    Nothing was found on that file, either.

    (Had to split it up, said the original post was too large)
  2. 2007-11-25, 23:57 #22
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Plutonus,

    no joy for you or me.
    lets delete that copy of combofix like this:

    go to start>run and type in combofix /u click ok
    note; there is a space after the "x" in combofix
    ------------------------
    next;

    please do a online scan here:
    F-secure scan:
    http://support.f-secure.com/enu/home/ols.shtml

    uses Internet Explorer only

    click on the "start scanning button" near bottom of page.
    click to accept/install the ActiveX applet
    "accept" the License Agreement, click "full system scan"
    Once the download of files completes,the scan will begin automatically.
    The scan may take some time to finish.
    When the scan completes, click the Automatic cleaning (recommended) button.

    Click the Show Report button and Copy&Paste the entire report in your next reply along with a current HijackThis log.
    --------------------
    last: get the new combofix:
    Please download ComboFix (by sUBs) from one of the following links:

    http://www.techsupportforum.com/sect...s/ComboFix.exe

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Save it to the Desktop.
    Double-click combofix.exe and follow the prompts.

    CAUTION: Do not mouse-click ComboFix's window while it is running.
    It may cause it to stall.

    When finished, it produces a log.

    Please provide the contents of the ComboFix log in your reply--

    shelf life
    How Can I Reduce My Risk?
  3. 2007-12-04, 06:35 #23
    Plutonus
    Plutonus is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    21

    Default

    F-Secure scan

    Possibly infected with an unknown virus (virus)

    * F:\MY STUFF\WEBBIES\CATS\ZENCART\ZEN-CART-V1.2.1D\INCLUDES\MODULES\ORDER_TOTAL\OT_COUPON.PHP (Submitted)

    Tracking Cookie (spyware)

    * System (Disinfected)
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System
    * System

    W32/Malware.BHMR (virus)

    * E:\WINDOWS\SYSTEM32\BASSMOD.DLL (Submitted)

    Statistics
    Scanned:

    * Files: 90093
    * System: 4643
    * Not scanned: 8

    Actions:

    * Disinfected: 1
    * Renamed: 0
    * Deleted: 0
    * None: 30
    * Submitted: 2

    Files not scanned:

    * E:\PAGEFILE.SYS
    * E:\WINDOWS\TEMP\MCAFEE_QAABZ5XJV2CT629
    * E:\WINDOWS\TEMP\MCMSC_58FY8CI22HLEJJT
    * E:\WINDOWS\TEMP\MCMSC_P6EIWJY2WJAL8WI
    * E:\WINDOWS\TEMP\MCMSC_VJ9IPSYNVDIICOO
    * E:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    * E:\DOCUMENTS AND SETTINGS\MATT2\LOCAL SETTINGS\TEMP\~ROMFN_00000BE8
    * E:\DOCUMENTS AND SETTINGS\MATT2\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\OUTLOOK\OUTLOOK.PST

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:29:42 PM, on 4/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Bonjour\mDNSResponder.exe
    E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    E:\WINDOWS\Explorer.EXE
    e:\program files\common files\mcafee\mna\mcnasvc.exe
    e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    E:\Program Files\McAfee\MPF\MPFSrv.exe
    E:\Program Files\nHancer\nHancerService.exe
    E:\PROGRA~1\McAfee.com\Agent\mcagent.exe
    E:\WINDOWS\system32\CNAC6RPK.EXE
    C:\Apps\NetLimiter 2 Pro\nlsvc.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\ASUS\Asus Probe\AsusProb.exe
    E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Apps\Winamp\winampa.exe
    E:\WINDOWS\LOGI_MWX.EXE
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Apps\D-Tools\daemon.exe
    E:\WINDOWS\system32\RUNDLL32.EXE
    E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\WINDOWS\system32\wscntfy.exe
    C:\Games\Steam\Steam.exe
    E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Apps\NetLimiter 2 Pro\NLClient.exe
    E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    E:\Program Files\nHancer\nHancer.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Apps\Winamp\winamp.exe
    E:\Program Files\MSN Messenger\usnsvc.exe
    E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    E:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
    E:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Apps\mIRC\mirc.exe
    E:\WINDOWS\system32\WISPTIS.EXE
    C:\Games\Flight Simulator 9\fs9.exe
    C:\Games\Flight Simulator 9\fs9.exe
    E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\DOCUME~1\Matt2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
    E:\DOCUME~1\Matt2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
    E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    E:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    Hijack this
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Apps\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - E:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [ASUS Probe] E:\Program Files\ASUS\Asus Probe\AsusProb.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Apps\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Apps\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Apps\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [mcagent_exe] E:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Steam] "C:\Games\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [nHancer] "E:\Program Files\nHancer\nHancer.exe" /tray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1190284954735
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1190285765076
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: tt - E:\WINDOWS\
    O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - E:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - e:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - e:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - E:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - E:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: NBService - Nero AG - C:\Apps\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - E:\Program Files\nHancer\nHancerService.exe
    O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Apps\NetLimiter 2 Pro\nlsvc.exe
    O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Core LC - Unknown owner - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 9972 bytes
  4. 2007-12-04, 06:36 #24
    Plutonus
    Plutonus is offline
    Junior Member
    Join Date
    Aug 2007
    Posts
    21

    Default

    Combofix

    ComboFix 07-12-02.7 - Matt2 2007-12-04 16:31:19.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.831 [GMT 11:00]
    Running from: F:\My Stuff\Downloads\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
    .

    2007-11-26 10:52 . 2007-11-26 11:08 715 --a------ E:\WINDOWS\eReg.dat
    2007-11-26 00:43 . 2007-12-02 00:12 54,156 --ah----- E:\WINDOWS\QTFont.qfn
    2007-11-26 00:43 . 2007-11-26 00:43 1,409 --a------ E:\WINDOWS\QTFont.for
    2007-11-25 19:49 . 2001-05-25 06:01 90,112 --a------ E:\WINDOWS\system32\RegDACL.exe
    2007-11-25 19:49 . 2007-10-11 14:42 8,925 --a------ E:\clean.bat
    2007-11-25 19:49 . 2004-07-22 12:15 4,096 --a------ E:\WINDOWS\system32\reboot.exe
    2007-11-25 19:49 . 2007-10-11 08:55 347 --a------ E:\run2.reg
    2007-11-25 16:37 . 2007-11-25 16:37 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\NVIDIA
    2007-11-25 16:36 . 2007-11-25 16:36 <DIR> d-------- E:\Program Files\nHancer
    2007-11-25 16:36 . 2007-11-25 16:37 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\nHancer
    2007-11-22 19:46 . 2007-11-22 19:46 <DIR> d-------- E:\Program Files\MSXML 4.0
    2007-11-22 19:46 . 2005-05-26 15:34 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
    2007-11-11 22:08 . 2007-12-04 16:32 <DIR> d-------- E:\Documents and Settings\Matt2\Application Data\mIRC
    2007-11-11 14:58 . 2007-11-11 14:58 <DIR> d-------- E:\Documents and Settings\Matt2\Application Data\InstallShield
    2007-11-10 18:32 . 2003-06-05 20:13 53,248 --a------ E:\WINDOWS\system32\Process.exe
    2007-11-10 18:32 . 2007-11-10 18:32 1,814 --a------ E:\WINDOWS\system32\tmp.reg
    2007-11-10 18:29 . 2007-09-05 23:22 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe
    2007-11-10 18:29 . 2006-04-27 16:49 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
    2007-11-10 18:29 . 2004-07-31 17:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
    2007-11-10 18:29 . 2007-10-03 23:36 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-25 07:18 --------- d-----w E:\Program Files\McAfee
    2007-11-22 08:46 --------- d--h--w E:\Program Files\InstallShield Installation Information
    2007-11-21 12:19 --------- d-----w E:\Program Files\Common Files\McAfee
    2007-11-14 09:55 --------- d-----w E:\Program Files\Emirates TravelDesk
    2007-11-11 12:49 --------- d-----w E:\Program Files\Common Files\InstallShield
    2007-11-10 07:40 --------- d-----w E:\Program Files\SUPERAntiSpyware
    2007-11-03 03:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-11-01 06:37 --------- d-----w E:\Program Files\Windows Live
    2007-11-01 06:37 --------- d-----w E:\Program Files\MSN Messenger
    2007-11-01 06:37 --------- d-----w E:\Program Files\Messenger Plus! Live
    2007-10-31 04:11 --------- d-----w E:\Program Files\Common Files\Wise Installation Wizard
    2007-10-31 04:11 --------- d-----w E:\Documents and Settings\Matt2\Application Data\SUPERAntiSpyware.com
    2007-10-31 04:11 --------- d-----w E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-10-29 08:32 --------- d-----w E:\Documents and Settings\Matt2\Application Data\Locktime
    2007-10-29 08:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\Locktime
    2007-10-26 06:51 --------- d-----w E:\Program Files\SkyTeam Travel Timetable
    2007-10-22 07:58 --------- d-----w E:\Program Files\Creative
    2007-10-18 06:29 --------- d-----w E:\Documents and Settings\Matt2\Application Data\AdobeUM
    2007-10-18 06:28 --------- d-----w E:\Program Files\Canon
    2007-10-14 04:39 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-10-14 04:36 --------- d-----w E:\Program Files\Trend Micro
    2007-10-11 23:58 --------- d-----w E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-10-11 12:28 --------- d-----w E:\Documents and Settings\All Users\Application Data\McAfee
    2007-10-11 12:27 --------- d-----w E:\Program Files\McAfee.com
    2007-10-11 12:24 --------- d-----w E:\Program Files\Common Files\Symantec Shared
    2007-10-11 12:24 --------- d-----w E:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-10 17:32 --------- d-----w E:\Documents and Settings\Matt2\Application Data\Symantec
    2007-10-10 10:18 805 ----a-w E:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-10-10 10:18 10,740 ----a-w E:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-10-07 15:14 246,545 ----a-w E:\WINDOWS\system32\libssl32.dll
    2007-10-07 15:14 1,188,375 ----a-w E:\WINDOWS\system32\libeay32.dll
    2007-10-07 04:07 737,280 ----a-w E:\WINDOWS\iun6002.exe
    2007-10-06 01:44 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-09-29 09:36 356,352 ----a-w E:\WINDOWS\eSellerateEngine.dll
    2007-09-23 10:57 108,144 ----a-w E:\WINDOWS\system32\CmdLineExt.dll
    2007-09-21 09:30 60,416 ----a-w E:\WINDOWS\ALCFDRTM.EXE
    2007-09-21 07:48 81,920 ------r E:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2007-09-21 07:34 81,920 ------r E:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSyncU.exe"="E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 15:32]
    "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:56]
    "LDM"="E:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-09-21 18:48]
    "Steam"="C:\Games\Steam\Steam.exe" [2007-12-01 18:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03]
    "SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
    "nHancer"="E:\Program Files\nHancer\nHancer.exe" [2007-10-31 10:43]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS Probe"="E:\Program Files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 17:07]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 18:56 E:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2007-06-29 01:43 E:\WINDOWS\system32\nwiz.exe]
    "GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47]
    "WinampAgent"="C:\Apps\Winamp\winampa.exe" [2007-05-15 09:22]
    "Logitech Utility"="LOGI_MWX.EXE" [2002-11-08 20:50 E:\WINDOWS\LOGI_MWX.EXE]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 E:\WINDOWS\KHALMNPR.Exe]
    "SoundMan"="SOUNDMAN.EXE" [2005-06-20 22:42 E:\WINDOWS\SOUNDMAN.EXE]
    "QuickTime Task"="C:\Apps\QuickTime\qttask.exe" [2007-06-29 07:24]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
    "DAEMON Tools-1033"="C:\Apps\D-Tools\daemon.exe" [2004-08-22 18:05]
    "NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57]
    "NvMediaCenter"="RUNDLL32.exe" [2004-08-04 18:56 E:\WINDOWS\system32\rundll32.exe]
    "mcagent_exe"="E:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 18:56]

    E:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-10-01 21:26:36]
    Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-09-21 18:48:55]
    Logitech SetPoint.lnk - E:\Program Files\Logitech\SetPoint\KEM.exe [2007-09-21 18:46:42]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tt]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    R1 nltdi;nltdi;\??\E:\WINDOWS\system32\drivers\nltdi.sys
    R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\E:\DOCUME~1\Matt2\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
    R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter;E:\WINDOWS\system32\Drivers\LUsbKbd.Sys
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;E:\WINDOWS\system32\drivers\WmBEnum.sys
    R3 WmFilter;Logitech Gaming HID Filter Driver;E:\WINDOWS\system32\drivers\WmFilter.sys
    R3 WmHidLo;Logitech Gaming USB Filter Driver;E:\WINDOWS\system32\drivers\WmHidLo.sys
    R3 WmXlCore;Logitech WingMan Translation Layer Driver;E:\WINDOWS\system32\drivers\WmXlCore.sys
    S3 WmVirHid;Logitech Virtual Hid Device Driver;E:\WINDOWS\system32\drivers\WmVirHid.sys

    *Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER
    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-14 15:16:56 E:\WINDOWS\Tasks\McDefragTask.job"
    - e:\program files\mcafee\mqc\QcConsol.exe'
    "2007-11-30 14:00:10 E:\WINDOWS\Tasks\McQcTask.job"
    - e:\program files\mcafee\mqc\QcConsol.exe
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-04 16:33:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-04 16:33:34
    E:\ComboFix2.txt ... 2007-11-17 18:46
    E:\ComboFix3.txt ... 2007-10-19 21:22
    .
    --- E O F ---
  5. 2007-12-05, 03:24 #25
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi Plutonus,

    not seeing much at all.

    Copy the entire contents inside the code box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

    Code:
    REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tt]
    reboot once. let me know how its going.

    shelf life
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules