View Full Version : gift computer with issues
ladyjess
2007-12-12, 05:28
I was given this computer by a family member to help with my school. I downloaded spybot search and destroy and ran a system scan and found a few problems and fixed them with the spybot. I would like a second opinion and if any further help is needed to fix this I would like to say thank you ahead of time.
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 11, 2007 7:44:45 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/12/2007
Kaspersky Anti-Virus database records: 480182
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 130122
Number of viruses found 16
Number of infected objects 59
Number of suspicious objects 2
Duration of the scan process 02:12:10
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\HP_Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ApplicationHistory\DiscUpdMgr.exe.f0c5ac89.ini.inuse Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\temp\sgk.up Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hijackthis\backups\backup-20071125-212741-486.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\hijackthis\backups\backup-20071125-212741-794.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071125-220538-494.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\hijackthis\backups\backup-20071125-220538-839.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071125-220717-740.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071126-123334-147.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071126-181842-164.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\hijackthis\backups\backup-20071126-181842-467.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071127-011929-530.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\hijackthis\backups\backup-20071127-011929-750.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071127-224338-166.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\hijackthis\backups\backup-20071127-224338-718.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\hijackthis\backups\backup-20071127-224338-980.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\hijackthis\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\hijackthis\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\hijackthis\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\qoobox\Quarantine\catchme2007-11-28_ 14746.00.zip/pmnlm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\qoobox\Quarantine\catchme2007-11-28_ 14746.00.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\mrofinu1188.exe.vir Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\sgrrfqv.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\SDFix\backups_old2\mrofinu1000106.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\SDFix\backups_old2\mrofinu1188.exe.tmp Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\SDFix\backups_old2\RMA05YY1080.0XE Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\SDFix\backups_old2\RMA18YY2328.0XE Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP11\A0012415.exe Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023306.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023306.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023312.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023357.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0023357.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023569.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023569.exe 7-Zip: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023873.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023895.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023900.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023904.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023946.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024949.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024951.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024956.exe Infected: Trojan-Downloader.Win32.VB.bto skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024957.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024958.exe Infected: Trojan.Win32.Agent.cmn skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024996.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0026140.exe Infected: Trojan-Downloader.Win32.Agent.fjx skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032842.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032846.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0033022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\CRACK.0XE Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Fonts\SVCHOST.0XE Infected: Trojan.Win32.Agent.cmn skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6727E66B-B276-4FB3-848E-8C86F3BB53E5}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DF363BAC-FDCD-438F-8F7E-E5233E343A0D}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dvdavelq.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\WINDOWS\system32\fccddef.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\lrbogxsu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped
C:\WINDOWS\system32\vhiudnlw.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\WINDOWS\system32\vtuurpo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ath skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\xbalfeal.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\change.log Object is locked skipped
Scan process completed.
ladyjess
2007-12-12, 07:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:23 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\vaxxolfv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [40a788bc] rundll32.exe "C:\WINDOWS\system32\dvdavelq.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 7142 bytes
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
Download and Run ComboFix
Download Combofix from one of the links below :
ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Then double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
ComboFix SHOULD NOT be used without supervision
ladyjess
2007-12-19, 07:39
ComboFix 07-12-19.2 - HP_Administrator 2007-12-18 22:06:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\djuakejh.exe
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\efbkwijw.dll
C:\WINDOWS\system32\eojuvnyo.dll
C:\WINDOWS\system32\ewyurwfq.dll
C:\WINDOWS\system32\fbttdcvu.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\fluoghvy.dll
C:\WINDOWS\system32\geonejxw.dll
C:\WINDOWS\system32\hlxkrxmc.dll
C:\WINDOWS\system32\hqwohped.exe
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kpgiwutq.ini
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\mkanvofo.dll
C:\WINDOWS\system32\mmnugfpo.ini
C:\WINDOWS\system32\oefbtxvg.exe
C:\WINDOWS\system32\oiwmfvsn.exe
C:\WINDOWS\system32\opfgunmm.dll
C:\WINDOWS\system32\pgcjbjcd.dll
C:\WINDOWS\system32\qhlktbcn.exe
C:\WINDOWS\system32\qjouxpbm.exe
C:\WINDOWS\system32\qlevadvd.ini
C:\WINDOWS\system32\qtuwigpk.dll
C:\WINDOWS\system32\usxgobrl.ini
C:\WINDOWS\system32\uvcdttbf.ini
C:\WINDOWS\system32\vaxxolfv.exe
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vrkurmvu.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\wicvcxex.dll
C:\WINDOWS\system32\wjhavopy.ini
C:\WINDOWS\system32\wjiwkbfe.ini
C:\WINDOWS\system32\xbalfeal.exe
C:\WINDOWS\system32\xexcvciw.ini
C:\WINDOWS\system32\xvfvkvyw.exe
C:\WINDOWS\system32\ypovahjw.dll
C:\WINDOWS\system32\yvhgoulf.ini
.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.
2007-12-12 03:52 . 2007-12-12 03:52 <DIR> d-------- C:\Program Files\Netflix
2007-12-11 22:41 . 2007-12-11 22:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 16:27 . 2007-12-09 16:27 0 --a------ C:\WINDOWS\Hammerhead.INI
2007-12-09 16:23 . 2007-12-09 16:28 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-05 20:06 . 2007-12-05 21:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2007-12-05 03:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56 . 2007-12-04 14:40 <DIR> d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24 . 2007-12-04 04:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19 . 2007-12-04 04:19 <DIR> d-------- C:\Program Files\ImgBurn
2007-12-04 01:33 . 2007-12-04 01:33 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-04 01:33 . 2007-12-15 04:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:05 . 2007-12-04 01:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21 . 2007-12-04 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18 . 2007-12-04 00:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:44 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-12-03 23:39 . 2007-12-03 23:39 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:39 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-03 23:39 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-03 23:22 . 2007-12-18 22:30 <DIR> d-------- C:\Program Files\lx_cats
2007-12-03 23:22 . 2005-12-23 07:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-03 23:22 . 2005-12-23 07:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-03 23:22 . 2005-12-23 07:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-03 23:22 . 2006-02-02 01:12 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-03 23:22 . 2006-02-02 01:11 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-03 23:22 . 2006-02-02 01:26 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-12-03 23:21 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:21 . 2007-12-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:20 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19 . 2006-02-20 12:25 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:18 . 2007-12-03 23:22 26,172 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-03 23:17 . 2006-03-21 08:42 303,104 -ra------ C:\WINDOWS\system32\lxcrcoin.dll
2007-12-03 23:17 . 2006-01-30 08:13 73,728 -ra------ C:\WINDOWS\system32\lxcrcfg.dll
2007-12-03 23:17 . 2006-04-19 12:13 1,688 -ra------ C:\WINDOWS\system32\lxcr.loc
2007-12-03 23:03 . 2007-12-03 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 20:35 . 2007-12-03 22:40 <DIR> d-------- C:\FIVE_PENNIES
2007-12-03 20:25 . 2007-12-03 20:25 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-03 20:25 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:16 . 2007-12-03 20:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 . 2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 . 2007-11-27 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-27 01:28 . 2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 . 2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 . 2007-11-26 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 . 2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 . 2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 . 2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 . 2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 . 2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 . 2007-11-25 23:03 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 . 2007-11-25 23:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 . 2007-11-25 23:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 . 2007-11-25 23:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27 . 2007-11-25 23:03 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:01 . 2007-12-14 14:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-25 21:36 . 2007-11-27 22:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 21:22 . 2007-12-11 20:00 <DIR> d-------- C:\hijackthis
2007-11-25 19:01 . 2007-11-25 19:04 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 . 2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:54 . 2007-11-26 21:57 <DIR> d-------- C:\Temp
2007-11-25 18:53 . 2007-12-09 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 17:52 . 2007-11-25 17:53 <DIR> d-------- C:\partition magic
2007-11-25 17:24 . 2007-12-05 20:37 <DIR> dr------- C:\Linux
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 . 2007-11-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 15:14 . 2007-11-25 15:15 32 --a------ C:\WINDOWS\CD_Start.INI
2007-11-25 14:15 . 2007-11-25 15:02 <DIR> d-------- C:\nero
2007-11-25 11:40 . 2007-12-10 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 . 2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 . 2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 . 2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 . 2007-11-24 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10 . 2007-11-24 21:07 <DIR> d-------- C:\Photoshop
2007-11-24 16:46 . 2007-11-24 16:46 <DIR> d-------- C:\Program Files\SD EnterNET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-28_ 1.49.32.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 01:50:20 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2007-12-04 06:07:00 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2006-05-25 01:50:20 864,256 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2007-12-04 06:07:00 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-05-25 01:50:20 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2007-12-04 06:07:00 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2005-08-06 04:01:54 239,104 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2005-12-16 02:14:04 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
- 2005-12-16 02:06:16 864,256 ------w C:\WINDOWS\ehome\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ------w C:\WINDOWS\ehome\ehepg.dll
- 2005-12-16 02:14:50 332,288 ------w C:\WINDOWS\ehome\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ------w C:\WINDOWS\ehome\ehglid.dll
- 2004-08-10 10:11:48 178,688 ------w C:\WINDOWS\ehome\ehkeyctl.dll
+ 2006-10-09 23:18:32 178,176 ------w C:\WINDOWS\ehome\ehkeyctl.dll
- 2005-12-16 02:14:40 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
+ 2006-10-09 23:16:56 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
- 2005-12-16 02:18:12 3,219,456 ------w C:\WINDOWS\ehome\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ------w C:\WINDOWS\ehome\ehshell.exe
- 2005-12-16 02:14:28 558,080 ------w C:\WINDOWS\ehome\ehui.dll
+ 2006-10-09 23:16:30 558,592 ------w C:\WINDOWS\ehome\ehui.dll
- 2005-12-16 02:11:02 106,496 ------w C:\WINDOWS\ehome\mstvcapn.dll
+ 2006-10-09 23:12:52 107,008 ------w C:\WINDOWS\ehome\mstvcapn.dll
- 2004-08-10 04:00:00 192,512 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
- 2005-12-16 02:14:04 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
- 2005-12-16 02:06:16 864,256 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
- 2005-12-16 02:14:50 332,288 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
- 2005-12-16 02:18:12 3,219,456 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
- 2005-12-16 02:14:28 558,080 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
+ 2006-10-09 23:16:30 558,592 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2004-08-10 04:00:00 356,352 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
ladyjess
2007-12-19, 07:41
- 2006-10-02 19:30:10 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2004-08-10 04:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-10 04:00:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2005-06-24 01:09:49 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2006-02-20 19:22:16 610,304 ----a-w C:\WINDOWS\system32\lxcrcomc.dll
+ 2006-02-20 19:36:06 421,888 ----a-w C:\WINDOWS\system32\lxcrcomm.dll
+ 2006-02-20 19:23:08 495,616 ----a-w C:\WINDOWS\system32\lxcrcoms.exe
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\lxcrcur.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\lxcrgf.dll
+ 2006-02-20 19:06:52 393,216 ----a-w C:\WINDOWS\system32\lxcriesc.dll
+ 2006-02-20 19:24:42 380,928 ----a-w C:\WINDOWS\system32\lxcrih.exe
+ 2006-02-20 19:03:02 409,600 ----a-w C:\WINDOWS\system32\lxcrinpa.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\lxcrinsr.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\lxcrjswr.dll
+ 2006-02-20 19:24:30 536,576 ----a-w C:\WINDOWS\system32\lxcrlmpm.dll
+ 2006-02-20 19:46:24 667,648 ----a-w C:\WINDOWS\system32\lxcrpmui.dll
+ 2006-02-20 19:23:16 114,688 ----a-w C:\WINDOWS\system32\lxcrpplc.dll
+ 2006-02-20 19:21:22 163,840 ----a-w C:\WINDOWS\system32\lxcrprox.dll
+ 2006-02-20 19:44:44 1,183,744 ----a-w C:\WINDOWS\system32\lxcrserv.dll
+ 2006-02-20 19:15:16 995,328 ----a-w C:\WINDOWS\system32\lxcrusb1.dll
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\lxcrutil.dll
+ 2005-07-08 08:11:22 40,960 ----a-w C:\WINDOWS\system32\lxcrvs.dll
+ 2006-10-02 22:28:42 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\sbe.dll
- 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-01-30 15:13:22 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-01-30 15:13:22 73,728 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrv.dll
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrvui.dll
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unires.dll
+ 2006-01-12 14:20:04 114,688 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
- 2006-09-16 07:05:22 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-23 01:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 04:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 04:00:00 1,582,080 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 04:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 04:00:00 174,080 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 04:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2006-10-19 03:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dl
ladyjess
2007-12-19, 07:42
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 10:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 22:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a788bc]
rundll32.exe C:\WINDOWS\system32\lrbogxsu.dll,b
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2007-08-31 16:46 1460560 --a------ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.6\webbuying.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-27 01:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-27 01:28]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 09:25]
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 22:30:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-18 22:32:11 - machine was rebooted
.
2007-12-18 10:02:38 --- E O F ---
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
File::
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\xbalfeal.exe
C:\WINDOWS\system32\lrbogxsu.dll
Folder::
C:\Program Files\Web Buying
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\40a788bc]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
:
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
How are things running now ?
ladyjess
2007-12-19, 08:57
ComboFix 07-12-19.2 - HP_Administrator 2007-12-18 23:21:55.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.526 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\xbalfeal.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.
2007-12-12 03:52 . 2007-12-12 03:52 <DIR> d-------- C:\Program Files\Netflix
2007-12-11 22:41 . 2007-12-11 22:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 16:27 . 2007-12-09 16:27 0 --a------ C:\WINDOWS\Hammerhead.INI
2007-12-09 16:23 . 2007-12-09 16:28 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-05 20:06 . 2007-12-05 21:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2007-12-05 03:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56 . 2007-12-04 14:40 <DIR> d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24 . 2007-12-04 04:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19 . 2007-12-04 04:19 <DIR> d-------- C:\Program Files\ImgBurn
2007-12-04 01:33 . 2007-12-04 01:33 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-04 01:33 . 2007-12-15 04:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:05 . 2007-12-04 01:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21 . 2007-12-04 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18 . 2007-12-04 00:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:44 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-12-03 23:39 . 2007-12-03 23:39 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:39 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-03 23:39 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-03 23:22 . 2007-12-18 22:30 <DIR> d-------- C:\Program Files\lx_cats
2007-12-03 23:22 . 2005-12-23 07:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-03 23:22 . 2005-12-23 07:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-03 23:22 . 2005-12-23 07:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-03 23:22 . 2006-02-02 01:12 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-03 23:22 . 2006-02-02 01:11 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-03 23:22 . 2006-02-02 01:26 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-12-03 23:21 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:21 . 2007-12-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:20 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19 . 2006-02-20 12:25 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:18 . 2007-12-03 23:22 26,172 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-03 23:17 . 2006-03-21 08:42 303,104 -ra------ C:\WINDOWS\system32\lxcrcoin.dll
2007-12-03 23:17 . 2006-01-30 08:13 73,728 -ra------ C:\WINDOWS\system32\lxcrcfg.dll
2007-12-03 23:17 . 2006-04-19 12:13 1,688 -ra------ C:\WINDOWS\system32\lxcr.loc
2007-12-03 23:03 . 2007-12-03 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 20:35 . 2007-12-03 22:40 <DIR> d-------- C:\FIVE_PENNIES
2007-12-03 20:25 . 2007-12-03 20:25 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-03 20:25 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:16 . 2007-12-03 20:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 . 2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 . 2007-11-27 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-27 01:28 . 2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 . 2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 . 2007-11-26 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 . 2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 . 2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 . 2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 . 2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 . 2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 . 2007-11-25 23:03 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 . 2007-11-25 23:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 . 2007-11-25 23:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 . 2007-11-25 23:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27 . 2007-11-25 23:03 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:01 . 2007-12-14 14:36 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-25 21:36 . 2007-11-27 22:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 21:22 . 2007-12-11 20:00 <DIR> d-------- C:\hijackthis
2007-11-25 19:01 . 2007-11-25 19:04 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 . 2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:54 . 2007-11-26 21:57 <DIR> d-------- C:\Temp
2007-11-25 18:53 . 2007-12-09 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 17:52 . 2007-11-25 17:53 <DIR> d-------- C:\partition magic
2007-11-25 17:24 . 2007-12-05 20:37 <DIR> dr------- C:\Linux
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 . 2007-11-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 15:14 . 2007-11-25 15:15 32 --a------ C:\WINDOWS\CD_Start.INI
2007-11-25 14:15 . 2007-11-25 15:02 <DIR> d-------- C:\nero
2007-11-25 11:40 . 2007-12-10 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 . 2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 . 2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 . 2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 . 2007-11-24 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10 . 2007-11-24 21:07 <DIR> d-------- C:\Photoshop
2007-11-24 16:46 . 2007-11-24 16:46 <DIR> d-------- C:\Program Files\SD EnterNET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-02-19 17:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 10:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 22:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-27 01:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-27 01:28]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 09:25]
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-18 23:36:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-18 23:37:11
C:\ComboFix2.txt ... 2007-12-18 22:32
.
2007-12-18 10:02:38 --- E O F ---
ladyjess
2007-12-19, 09:02
After running the text for combo fix I was unable to connect to the internet and tried to reinstall from my Comcast disc. It would not let me install, so I had to do a system restore to the point made by the first combofix. I am still having issues connecting to the internet. I have to open my task manager and delete the unused IEXPLORES that pop on. It usually takes me four of five different attempts to connect. The IEXPLORE appear to steal bandwidth. Not to sure though. Also I am not sure what was in the text that killed my internet connection??????
ladyjess
2007-12-19, 09:38
I ran a scan with spybot search and destroy.
adrevovler 2 entries
burstmedia 2 entries
doubleclick 1 entry
fastclick 1 entry
hitbox 1 entry
mediaplex 1 entry
statcounter 1 entry
virtumonde 3 entries
webtrends live 1 entry
zedo 1 entry
I didn't fix anything just looking for anything that could help you out. Hope it helped.
Did your machine reboot when you used ComboFix ?
If not then please delete your copy of Combofix, and download the updated version.
Run CF, and if you can't access the internet then reboot and try again.
If you still have trouble then you will have to restore and let me know.
ladyjess
2007-12-19, 22:37
ComboFix 07-12-19.2 - HP_Administrator 2007-12-19 13:07:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.452 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\My Documents\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\Fonts\CRACK.0XE
C:\WINDOWS\Fonts\SVCHOST.0XE
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\xbalfeal.exe
.
The following files were disabled during the run:
C:\WINDOWS\system32\guard32.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\djuakejh.exe
C:\WINDOWS\system32\dvdavelq.dll
C:\WINDOWS\system32\efbkwijw.dll
C:\WINDOWS\system32\eojuvnyo.dll
C:\WINDOWS\system32\ewyurwfq.dll
C:\WINDOWS\system32\fbttdcvu.dll
C:\WINDOWS\system32\fccddef.dll
C:\WINDOWS\system32\fluoghvy.dll
C:\WINDOWS\system32\geonejxw.dll
C:\WINDOWS\system32\hlxkrxmc.dll
C:\WINDOWS\system32\hqwohped.exe
C:\WINDOWS\system32\jkkjk.dll
C:\WINDOWS\system32\kjkkj.ini
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kpgiwutq.ini
C:\WINDOWS\system32\lrbogxsu.dll
C:\WINDOWS\system32\mkanvofo.dll
C:\WINDOWS\system32\mmnugfpo.ini
C:\WINDOWS\system32\oefbtxvg.exe
C:\WINDOWS\system32\oiwmfvsn.exe
C:\WINDOWS\system32\opfgunmm.dll
C:\WINDOWS\system32\pgcjbjcd.dll
C:\WINDOWS\system32\qhlktbcn.exe
C:\WINDOWS\system32\qjouxpbm.exe
C:\WINDOWS\system32\qlevadvd.ini
C:\WINDOWS\system32\qtuwigpk.dll
C:\WINDOWS\system32\usxgobrl.ini
C:\WINDOWS\system32\uvcdttbf.ini
C:\WINDOWS\system32\vaxxolfv.exe
C:\WINDOWS\system32\vhiudnlw.dll
C:\WINDOWS\system32\vrkurmvu.dll
C:\WINDOWS\system32\vtuurpo.dll
C:\WINDOWS\system32\wicvcxex.dll
C:\WINDOWS\system32\wjhavopy.ini
C:\WINDOWS\system32\wjiwkbfe.ini
C:\WINDOWS\system32\xbalfeal.exe
C:\WINDOWS\system32\xexcvciw.ini
C:\WINDOWS\system32\xvfvkvyw.exe
C:\WINDOWS\system32\ypovahjw.dll
C:\WINDOWS\system32\yvhgoulf.ini
.
((((((((((((((((((((((((( Files Created from 2007-11-19 to 2007-12-19 )))))))))))))))))))))))))))))))
.
2007-12-12 03:52 . 2007-12-12 03:52 <DIR> d-------- C:\Program Files\Netflix
2007-12-11 22:41 . 2007-12-11 22:41 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-09 16:27 . 2007-12-09 16:27 0 --a------ C:\WINDOWS\Hammerhead.INI
2007-12-09 16:23 . 2007-12-09 16:28 <DIR> d-------- C:\Program Files\Oberon Media
2007-12-05 20:06 . 2007-12-05 21:07 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45 . 2007-12-05 03:45 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56 . 2007-12-04 14:40 <DIR> d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24 . 2007-12-04 04:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19 . 2007-12-04 04:19 <DIR> d-------- C:\Program Files\ImgBurn
2007-12-04 01:33 . 2007-12-04 01:33 <DIR> d-------- C:\Program Files\BitTorrent
2007-12-04 01:33 . 2007-12-15 04:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:05 . 2007-12-04 01:05 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21 . 2007-12-04 00:21 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18 . 2007-12-04 00:18 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48 . 2007-12-03 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:44 . 2007-07-26 09:25 47,360 -ra------ C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 47,104 -ra------ C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 42,112 -ra------ C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 39,808 -ra------ C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2007-12-03 23:44 . 2007-07-26 09:25 32,000 -ra------ C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2007-12-03 23:39 . 2007-12-03 23:39 <DIR> d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:39 . 2001-11-30 19:05 131,072 --a------ C:\WINDOWS\system32\dzip32.dll
2007-12-03 23:39 . 2001-11-30 19:05 110,592 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-12-03 23:22 . 2007-12-19 13:28 <DIR> d-------- C:\Program Files\lx_cats
2007-12-03 23:22 . 2005-12-23 07:18 339,968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,345 --a------ C:\WINDOWS\system32\IMHOST32.DLL
2007-12-03 23:22 . 2005-12-23 07:18 98,304 --a------ C:\WINDOWS\system32\IM31XPNG.DEL
2007-12-03 23:22 . 2005-12-23 07:18 69,632 --a------ C:\WINDOWS\system32\IM31XTIF.DEL
2007-12-03 23:22 . 2005-12-23 07:18 49,152 --a------ C:\WINDOWS\system32\IM31IMG.DIL
2007-12-03 23:22 . 2006-02-02 01:12 40,960 --a------ C:\WINDOWS\system32\LXPRMON.DLL
2007-12-03 23:22 . 2006-02-02 01:11 32,768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL
2007-12-03 23:22 . 2006-02-02 01:26 12,288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL
2007-12-03 23:21 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:21 . 2007-12-03 23:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:20 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20 . 2007-12-03 23:22 <DIR> d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19 . 2007-12-03 23:20 <DIR> d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19 . 2006-02-20 12:25 233,472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:18 . 2007-12-03 23:22 26,172 --a------ C:\WINDOWS\system32\LexFiles.ulf
2007-12-03 23:17 . 2006-03-21 08:42 303,104 -ra------ C:\WINDOWS\system32\lxcrcoin.dll
2007-12-03 23:17 . 2006-01-30 08:13 73,728 -ra------ C:\WINDOWS\system32\lxcrcfg.dll
2007-12-03 23:17 . 2006-04-19 12:13 1,688 -ra------ C:\WINDOWS\system32\lxcr.loc
2007-12-03 23:03 . 2007-12-03 23:03 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 20:35 . 2007-12-03 22:40 <DIR> d-------- C:\FIVE_PENNIES
2007-12-03 20:25 . 2007-12-03 20:25 <DIR> d-------- C:\Program Files\DVD Shrink
2007-12-03 20:25 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:16 . 2007-12-03 20:16 <DIR> d--h----- C:\WINDOWS\PIF
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall\Bo-Shot
2007-11-27 12:39 . 2007-11-27 12:39 <DIR> d-------- C:\WINDOWS\uninstall
2007-11-27 04:14 . 2007-11-27 04:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Program Files\COMODO
2007-11-27 01:28 . 2007-11-27 01:28 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28 . 2007-11-27 01:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2007-11-27 01:28 . 2007-11-27 01:28 139,008 --a------ C:\WINDOWS\system32\guard32(2).dll
2007-11-27 01:28 . 2007-11-27 01:28 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2007-11-27 01:28 . 2007-11-27 01:28 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 22:12 . 2007-11-26 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 21:15 . 2007-11-26 21:16 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-26 18:34 . 2007-11-26 18:34 32 -r-hs---- C:\Temp\HPCD.sys
2007-11-26 18:32 . 2007-11-26 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-26 18:32 . 2007-11-26 18:32 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2007-11-26 13:00 . 2007-11-26 13:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50 . 2007-11-26 12:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 12:50 . 2007-05-30 05:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-26 00:28 . 2007-11-26 00:28 3,746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27 . 2007-11-25 23:03 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-26 00:27 . 2007-11-25 23:03 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-26 00:27 . 2007-11-25 23:03 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-26 00:27 . 2007-11-25 23:03 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27 . 2007-11-25 23:03 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-25 23:01 . 2007-12-19 13:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-25 21:36 . 2007-11-27 22:29 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-25 21:22 . 2007-12-11 20:00 <DIR> d-------- C:\hijackthis
2007-11-25 19:01 . 2007-11-25 19:04 <DIR> d-------- C:\Program Files\Incomplete
2007-11-25 18:58 . 2007-11-25 18:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-25 18:54 . 2007-11-26 21:57 <DIR> d-------- C:\Temp
2007-11-25 18:53 . 2007-12-09 16:27 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34 . 2007-11-25 19:22 <DIR> d-------- C:\Program Files\LimeWire
2007-11-25 17:52 . 2007-11-25 17:53 <DIR> d-------- C:\partition magic
2007-11-25 17:24 . 2007-12-05 20:37 <DIR> dr------- C:\Linux
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Program Files\Ahead
2007-11-25 15:24 . 2007-11-25 15:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-25 15:24 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2007-11-25 15:24 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Program Files\Nero
2007-11-25 15:18 . 2007-11-25 15:19 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18 . 2007-11-25 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 15:14 . 2007-11-25 15:15 32 --a------ C:\WINDOWS\CD_Start.INI
2007-11-25 14:15 . 2007-11-25 15:02 <DIR> d-------- C:\nero
2007-11-25 11:40 . 2007-12-10 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36 . 2007-11-25 11:36 <DIR> d-------- C:\Program Files\Bonjour
2007-11-25 11:28 . 2007-11-25 11:28 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09 . 2007-11-24 21:09 <DIR> d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35 . 2007-11-24 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10 . 2007-11-24 21:07 <DIR> d-------- C:\Photoshop
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 09:00 --------- d-----w C:\Program Files\Java
2007-11-27 08:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-27 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-27 03:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 19:39 --------- d-----w C:\Program Files\The Weather Channel FW
2007-11-26 01:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 18:35 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-25 04:13 --------- d-----w C:\Program Files\Yahoo!
2007-09-20 16:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 16:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-13 03:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-28_ 1.49.32.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-25 01:50:20 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
+ 2007-12-04 06:07:00 1,863,680 ----a-w C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\ehcm.dll
- 2006-05-25 01:50:20 864,256 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
+ 2007-12-04 06:07:00 868,352 ----a-w C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
- 2006-05-25 01:50:20 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiPlay.dll
+ 2007-12-04 06:07:00 204,800 ----a-w C:\WINDOWS\assembly\GAC\ehiPlay\6.0.3000.0__31bf3856ad364e35\ehiplay.dll
- 2005-08-06 04:01:54 239,104 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ------w C:\WINDOWS\Driver Cache\i386\psisdecd.dll
- 2005-12-16 02:14:04 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ------w C:\WINDOWS\ehome\ehcm.dll
- 2005-12-16 02:06:16 864,256 ------w C:\WINDOWS\ehome\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ------w C:\WINDOWS\ehome\ehepg.dll
- 2005-12-16 02:14:50 332,288 ------w C:\WINDOWS\ehome\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ------w C:\WINDOWS\ehome\ehglid.dll
- 2004-08-10 10:11:48 178,688 ------w C:\WINDOWS\ehome\ehkeyctl.dll
+ 2006-10-09 23:18:32 178,176 ------w C:\WINDOWS\ehome\ehkeyctl.dll
- 2005-12-16 02:14:40 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
+ 2006-10-09 23:16:56 237,568 ----a-w C:\WINDOWS\ehome\ehrecvr.exe
- 2005-12-16 02:18:12 3,219,456 ------w C:\WINDOWS\ehome\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ------w C:\WINDOWS\ehome\ehshell.exe
- 2005-12-16 02:14:28 558,080 ------w C:\WINDOWS\ehome\ehui.dll
+ 2006-10-09 23:16:30 558,592 ------w C:\WINDOWS\ehome\ehui.dll
- 2005-12-16 02:11:02 106,496 ------w C:\WINDOWS\ehome\mstvcapn.dll
+ 2006-10-09 23:12:52 107,008 ------w C:\WINDOWS\ehome\mstvcapn.dll
- 2004-08-10 04:00:00 192,512 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ------w C:\WINDOWS\inf\unregmp2.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\_SHCT_Sprint.exe.exe
+ 2007-12-04 06:20:46 139,264 ----a-r C:\WINDOWS\Installer\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-08-10 04:00:00 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 04:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\dllcache\drmk.sys
- 2005-12-16 02:14:04 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
+ 2006-10-09 23:16:00 1,863,680 ----a-w C:\WINDOWS\system32\dllcache\ehcm.dll
- 2005-12-16 02:06:16 864,256 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
+ 2006-10-09 23:07:44 868,352 ----a-w C:\WINDOWS\system32\dllcache\ehepg.dll
- 2005-12-16 02:14:50 332,288 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
+ 2006-10-09 23:17:04 328,704 ----a-w C:\WINDOWS\system32\dllcache\ehglid.dll
- 2005-12-16 02:18:12 3,219,456 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
+ 2006-10-09 23:19:14 3,223,552 ----a-w C:\WINDOWS\system32\dllcache\ehshell.exe
- 2005-12-16 02:14:28 558,080 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
+ 2006-10-09 23:16:30 558,592 ----a-w C:\WINDOWS\system32\dllcache\ehui.dll
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\dllcache\encdec.dll
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\dllcache\ks.sys
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2004-08-10 04:00:00 356,352 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 04:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\dllcache\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\dllcache\psisdecd.dll
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\dllcache\sbe.dll
- 2006-10-02 19:30:10 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 01:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2004-08-10 04:00:00 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-10 04:00:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 04:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2005-06-24 01:09:49 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 04:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll
ladyjess
2007-12-19, 22:38
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-04 13:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:08:00 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
- 2004-08-04 13:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 13:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 06:08:04 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2005-08-06 04:01:54 356,352 ----a-w C:\WINDOWS\system32\encdec.dll
+ 2006-10-09 23:12:44 456,192 ----a-w C:\WINDOWS\system32\encdec.dll
- 2004-08-04 14:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 07:56:44 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2006-02-20 19:22:16 610,304 ----a-w C:\WINDOWS\system32\lxcrcomc.dll
+ 2006-02-20 19:36:06 421,888 ----a-w C:\WINDOWS\system32\lxcrcomm.dll
+ 2006-02-20 19:23:08 495,616 ----a-w C:\WINDOWS\system32\lxcrcoms.exe
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\lxcrcur.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\lxcrgf.dll
+ 2006-02-20 19:06:52 393,216 ----a-w C:\WINDOWS\system32\lxcriesc.dll
+ 2006-02-20 19:24:42 380,928 ----a-w C:\WINDOWS\system32\lxcrih.exe
+ 2006-02-20 19:03:02 409,600 ----a-w C:\WINDOWS\system32\lxcrinpa.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\lxcrinsr.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\lxcrjswr.dll
+ 2006-02-20 19:24:30 536,576 ----a-w C:\WINDOWS\system32\lxcrlmpm.dll
+ 2006-02-20 19:46:24 667,648 ----a-w C:\WINDOWS\system32\lxcrpmui.dll
+ 2006-02-20 19:23:16 114,688 ----a-w C:\WINDOWS\system32\lxcrpplc.dll
+ 2006-02-20 19:21:22 163,840 ----a-w C:\WINDOWS\system32\lxcrprox.dll
+ 2006-02-20 19:44:44 1,183,744 ----a-w C:\WINDOWS\system32\lxcrserv.dll
+ 2006-02-20 19:15:16 995,328 ----a-w C:\WINDOWS\system32\lxcrusb1.dll
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\lxcrutil.dll
+ 2005-07-08 08:11:22 40,960 ----a-w C:\WINDOWS\system32\lxcrvs.dll
+ 2006-10-02 22:28:42 312,128 ----a-w C:\WINDOWS\system32\msdelta.dll
- 2005-12-16 02:13:54 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
+ 2006-10-09 23:15:52 1,669,632 ----a-w C:\WINDOWS\system32\msvidctl.dll
- 2005-08-06 04:01:54 239,104 ----a-w C:\WINDOWS\system32\psisdecd.dll
+ 2006-10-09 23:12:14 235,008 ----a-w C:\WINDOWS\system32\psisdecd.dll
- 2007-11-28 01:26:40 33,856 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2007-12-19 06:51:34 1,243,124 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
- 2005-08-06 04:01:54 282,112 ----a-w C:\WINDOWS\system32\sbe.dll
+ 2006-10-09 23:12:40 291,840 ----a-w C:\WINDOWS\system32\sbe.dll
- 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-26 00:58:48 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2006-01-30 15:13:22 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRV.DLL
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIDRVUI.DLL
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\UNIRES.DLL
+ 2006-01-30 15:13:22 73,728 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcfg.dll
+ 2006-02-03 22:12:30 385,024 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcomx.dll
+ 2006-04-18 08:48:26 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcu.dll
+ 2006-04-18 08:48:48 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcub.dll
+ 2006-04-18 08:51:10 36,864 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrcur.dll
+ 2006-01-12 14:19:46 156,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdr5c.dll
+ 2005-12-29 15:34:22 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrdrec.dll
+ 2005-11-15 08:12:26 434,176 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcredf.dll
+ 2006-02-07 22:50:18 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrflib.dll
+ 2005-12-15 16:33:56 983,107 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrgf.dll
+ 2006-02-07 22:50:20 561,152 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpec.dll
+ 2006-02-07 22:50:22 593,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpeh.dll
+ 2006-02-07 22:50:22 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrhpep.dll
+ 2006-04-18 08:48:12 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrins.dll
+ 2006-04-18 08:49:02 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsb.dll
+ 2006-04-18 08:51:16 106,496 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrinsr.dll
+ 2006-04-18 08:46:46 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjsw.dll
+ 2006-04-18 08:49:12 479,232 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswb.dll
+ 2006-04-18 08:50:30 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswr.dll
+ 2006-02-03 22:11:24 380,928 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrjswx.exe
+ 2006-04-18 08:47:52 1,171,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpa.dll
+ 2006-04-18 08:49:26 3,448,832 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpab.dll
+ 2006-04-18 08:50:46 217,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrlpar.dll
+ 2006-02-03 22:10:20 327,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrppx.dll
+ 2006-04-18 08:47:34 782,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprp.dll
+ 2006-04-18 08:49:46 3,371,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpb.dll
+ 2006-04-18 08:51:02 114,688 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrprpr.dll
+ 2006-04-18 08:46:52 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpsw.dll
+ 2006-04-18 08:50:04 843,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswb.dll
+ 2006-04-18 08:50:54 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswr.dll
+ 2006-02-03 22:12:10 249,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrpswx.exe
+ 2006-02-24 11:55:36 278,528 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrretv.dll
+ 2006-02-24 11:55:08 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrserv.exe
+ 2006-04-05 13:11:44 241,664 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk0.dll
+ 2005-12-15 16:33:58 204,800 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk1.dll
+ 2005-12-15 16:34:00 245,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrsk2.dll
+ 2006-02-24 11:54:40 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.dll
+ 2006-02-24 11:54:48 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtime.exe
+ 2005-10-20 17:56:12 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrtsfw.dll
+ 2006-01-12 14:20:38 74,240 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrui5c.dll
+ 2006-02-24 11:55:28 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcruldr.dll
+ 2006-04-18 08:48:30 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupd.dll
+ 2006-04-18 08:50:16 126,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdb.dll
+ 2006-04-18 08:51:30 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupdr.dll
+ 2006-02-24 11:54:30 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrupld.exe
+ 2006-04-18 08:46:32 446,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrutil.dll
+ 2006-02-24 11:54:56 45,056 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrview.exe
+ 2006-04-18 09:38:54 343,086 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_2400_series60ac\lxcrwavs.exe
+ 2004-08-04 07:56:48 264,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrv.dll
+ 2004-08-04 07:56:48 197,120 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unidrvui.dll
+ 2004-08-04 07:56:36 619,520 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\unires.dll
+ 2006-01-12 14:20:04 114,688 ----a-w C:\WINDOWS\system32\spool\prtprocs\w32x86\lxcrpp5c.dll
- 2006-09-16 07:05:22 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-26 00:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-07-23 01:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-14 04:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2004-08-10 04:00:00 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 04:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2007-04-30 14:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-10 04:00:00 131,072 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 04:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-10 04:00:00 278,528 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 04:47:20 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
- 2004-08-10 04:00:00 1,582,080 ----a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 04:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2005-06-24 01:15:30 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 04:47:20 613,376 ----a-w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 04:47:20 130,048 ----a-w C:\WINDOWS\system32\wmpps.dll
- 2004-08-10 04:00:00 81,920 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 04:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-08-10 04:00:00 174,080 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 04:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2006-10-19 03:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 04:47:22 38,400 ----a-w C:\WINDOWS\system32\wpdshextres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 21:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 23:35]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-16 02:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 09:05]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 18:18]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2007-11-27 01:28]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 10:48]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-02-06 22:10]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 01:11]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 04:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 18:40:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 21:01 67584 --a------ C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /run
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-11-27 01:28]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-11-27 01:28]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys [2007-07-26 09:25]
S4 GameConsoleService;GameConsoleService;"C:\Program Files\WildTangent\Apps\HP Game Console\GameConsoleService.exe" [2007-07-23 16:33]
--- E O F ---
ladyjess
2007-12-19, 22:41
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 13:28:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\guard32.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2007-12-19 13:30:12 - machine was rebooted [HP_Administrator]
C:\ComboFix2.txt ... 2007-12-18 23:37
C:\ComboFix3.txt ... 2007-12-18 22:32
.
2007-12-19 10:00:51
It worked this time, but still having issues pulling up an internet explorer. The task manager is still having the issues with the IEXPLORE. Opening a internet explorer it stalls at around 14k. It usually takes about three or four attempts to get one to actually open a new window. Thank you again for your time and effort with this I appreciate it.
There is nothing much showing now, so we will have to do a couple more scans.
TotalScan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Please go to this site Link >> TotalScan (http://www.nanoscan.com/as/v1/?) << LINK
Under Scan Now click the Full Scan button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small Save button and save the report to your desktop.
Please post the report in your reply.
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
ladyjess
2007-12-20, 12:09
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-20 02:56:28
PROTECTIONS: 0
MALWARE: 42
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP29\A0028159.exe[SDFix\apps\Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\hijackthis\SmitfraudFix\SmitfraudFix\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\hijackthis\SmitfraudFix.zip[SmitfraudFix/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\SDFix\apps\Process.exe
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00139535 Application/Processor HackTools No 0 No No C:\hijackthis\SDFix.exe[SDFix\apps\Process.exe]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
00167726 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tickle[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstbeacon[2].txt
00168108 Cookie/Tickle TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@web.tickle[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adrevolver[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@go[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atwola[1].txt
00377802 Spyware/PeoplePC Spyware No 0 Yes No C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
00517584 Application/SuperFast HackTools No 0 Yes No C:\hijackthis\SmitfraudFix.zip[SmitfraudFix/restart.exe]
00517584 Application/SuperFast HackTools No 0 Yes No C:\hijackthis\SmitfraudFix\SmitfraudFix\restart.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045173.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP63\A0044107.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0044070.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP61\A0043716.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045173.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\hijackthis\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024994.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024946.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\hijackthis\ComboFix.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045217.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045191.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe[nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0033002.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe[nircmd.exe]
01308048 Adware/TTC Adware No 0 Yes No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir
01308048 Adware/TTC Adware No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe
01308049 Adware/TTC Adware No 0 No No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir[TTC.dll]
01308049 Adware/TTC Adware No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe[TTC.dll]
01308049 Adware/TTC Adware No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023873.dll
01308049 Adware/TTC Adware No 0 Yes No C:\hijackthis\backups\backup-20071125-220538-494.dll
01658945 Adware/TTC Adware No 0 No No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\system32\j2\ejup83122.exe.vir[folder.js]
01658945 Adware/TTC Adware No 0 No No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023902.exe[folder.js]
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\hijackthis\SmitfraudFix\SmitfraudFix\Reboot.exe
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\hijackthis\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
02673602 Trj/Agent.GZA Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\Fonts\CRACK.0XE.vir
02673602 Trj/Agent.GZA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024957.exe
02677501 Trj/Downloader.QZJ Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024958.exe
02677501 Trj/Downloader.QZJ Virus/Trojan No 0 Yes No C:\qoobox\Quarantine\C\WINDOWS\Fonts\SVCHOST.0XE.vir
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\xbalfeal.exe.vir
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044981.exe
02688344 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043866.exe
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-224338-166.dll
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032842.dll
02688348 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0032846.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\lrbogxsu.dll.vir
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043877.dll
02812177 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044992.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043873.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071125-212741-794.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071125-220538-839.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-224338-718.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043900.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071126-123334-147.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071125-220717-740.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\fccddef.dll.vir
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044988.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071126-181842-467.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-011929-750.dll
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\catchme2007-12-18_223019.45.zip[vtuurpo.dll]
02874256 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\catchme2007-12-19_132802.23.zip[vtuurpo.dll]
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\SDFix\backups_old2\mrofinu1188.exe.tmp
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\SDFix\backups_old2\mrofinu1000106.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP24\A0023895.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-3335093116-3521897603-3913444391-500\Dc1\Quarantine\C\WINDOWS\mrofinu1188.exe.vir
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP27\A0026140.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024996.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023904.exe
02878097 Trj/Downloader.RHX Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0024951.exe
ladyjess
2007-12-20, 12:09
02882738 Spyware/Virtumonde Spyware No 1 Yes No C:\hijackthis\backups\backup-20071127-224338-561.dll
02882738 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0030664.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\vhiudnlw.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\vrkurmvu.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044986.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\hlxkrxmc.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\eojuvnyo.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\geonejxw.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043882.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043883.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043880.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043878.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044998.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044997.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\pgcjbjcd.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\mkanvofo.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044995.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043876.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043875.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044993.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\ewyurwfq.dll.vir
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044991.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044990.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043871.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043870.dll
02884436 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044985.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043868.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044989.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043872.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\fbttdcvu.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043874.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044994.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\opfgunmm.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044996.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044999.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043879.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\qtuwigpk.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043881.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045000.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\wicvcxex.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043884.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043885.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044987.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\efbkwijw.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\dvdavelq.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\ypovahjw.dll.vir
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043869.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044984.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044983.dll
02884444 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\fluoghvy.dll.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044978.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044979.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044980.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044977.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044982.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044976.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044975.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0044974.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\djuakejh.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\hqwohped.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\oefbtxvg.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043867.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\oiwmfvsn.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043865.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043864.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043863.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043862.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043860.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043859.exe
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\xvfvkvyw.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\qhlktbcn.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\qjouxpbm.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\qoobox\Quarantine\C\WINDOWS\system32\vaxxolfv.exe.vir
02884499 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043861.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP25\A0023940.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP30\A0034027.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP62\A0043910.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP26\A0025045.sys
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP66\A0045029.sys
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
ladyjess
2007-12-20, 12:11
Deckard's System Scanner v20071014.68
Run by HP_Administrator on 2007-12-20 02:58:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
67: 2007-12-20 09:59:05 UTC - RP67 - Deckard's System Scanner Restore Point
66: 2007-12-19 20:05:42 UTC - RP66 - ComboFix created restore point
65: 2007-12-19 10:00:19 UTC - RP65 - Software Distribution Service 3.0
64: 2007-12-19 06:48:45 UTC - RP64 - Restore Operation
63: 2007-12-19 06:21:41 UTC - RP63 - ComboFix created restore point
-- First Restore Point --
1: 2007-12-09 23:40:24 UTC - RP1 - Installed Java(TM) 6 Update 2
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as HP_Administrator.exe) ------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:01:07 AM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\HP_Administrator\Desktop\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\4fb06badf893aaaff075a5955e07f0f6\update\update.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\HP_Administrator.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
--
End of file - 8132 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 catchme - c:\docume~1\hp_adm~1\locals~1\temp\catchme.sys (file missing)
S1 intelppm (Intel Processor Driver) - c:\windows\system32\drivers\intelppm.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
S0 Pml Driver HPZ12 - \systemroot\c:\windows\system32\hpzipm12.exe (file missing)
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: 2400 Series
Device ID: USB\VID_043D&PID_00E9&MI_00\6&29B7DDFC&0&0000
Manufacturer:
Name: 2400 Series
PNP Device ID: USB\VID_043D&PID_00E9&MI_00\6&29B7DDFC&0&0000
Service:
-- Files created between 2007-11-20 and 2007-12-20 -----------------------------
2007-12-20 02:10:11 0 d-------- C:\Program Files\Panda Security
2007-12-19 23:52:39 0 d-------- C:\WINDOWS\LastGood
2007-12-14 13:53:12 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2007-12-12 03:52:45 0 d-------- C:\Program Files\Netflix
2007-12-11 22:41:52 0 d-------- C:\Program Files\Trend Micro
2007-12-09 16:23:29 0 d-------- C:\Program Files\Oberon Media
2007-12-05 20:06:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo
2007-12-05 03:45:59 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2007-12-04 06:56:22 0 d-------- C:\Program Files\Ubi Soft Games
2007-12-04 04:24:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2007-12-04 04:19:33 0 d-------- C:\Program Files\ImgBurn
2007-12-04 01:33:48 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-04 01:33:40 0 d-------- C:\Program Files\BitTorrent
2007-12-04 01:32:10 0 d-------- C:\bittorrent
2007-12-04 01:05:31 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\FaxCtr
2007-12-04 00:21:41 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\NeroDCTemplates
2007-12-04 00:18:18 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nero
2007-12-03 23:48:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-03 23:39:41 131072 --a------ C:\WINDOWS\system32\dzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading ZIP DLL>
2007-12-03 23:39:41 110592 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-12-03 23:39:30 0 d-------- C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-12-03 23:22:40 0 d-------- C:\Program Files\lx_cats
2007-12-03 23:22:02 40960 --a------ C:\WINDOWS\system32\LXPRMON.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-12-03 23:22:02 32768 --a------ C:\WINDOWS\system32\LXPMONUI.DLL <Not Verified; ; Lexmark Fax Solutions Software>
2007-12-03 23:22:02 12288 --a------ C:\WINDOWS\system32\LXPMONRC.DLL <Not Verified; Lexmark International, Inc.; Lexmark Fax Solutions Software Print Monitor>
2007-12-03 23:22:02 98345 --a------ C:\WINDOWS\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-03 23:22:02 339968 --a------ C:\WINDOWS\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-12-03 23:21:50 0 d-------- C:\Documents and Settings\All Users\Application Data\FaxCtr
2007-12-03 23:21:22 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-12-03 23:20:48 0 d-------- C:\Program Files\Lexmark Toolbar
2007-12-03 23:20:47 0 d-------- C:\Program Files\Lexmark 2400 Series
2007-12-03 23:19:24 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-12-03 23:19:03 233472 --a------ C:\WINDOWS\system32\LXCRinst.dll
2007-12-03 23:03:14 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 22:58:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-03 20:35:05 0 d-------- C:\FIVE_PENNIES
2007-12-03 20:25:44 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-03 20:25:40 0 d-------- C:\Program Files\DVD Shrink
2007-12-03 20:16:41 0 d--h----- C:\WINDOWS\PIF
2007-11-28 15:49:02 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2007-11-27 18:26:39 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-11-27 12:39:01 0 d-------- C:\WINDOWS\uninstall
2007-11-27 04:14:10 0 d-------- C:\Program Files\CCleaner
2007-11-27 01:28:53 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Comodo
2007-11-27 01:28:51 0 d-------- C:\Program Files\COMODO
2007-11-27 01:28:51 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2007-11-26 22:12:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-26 22:12:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-26 21:15:34 0 d-------- C:\WINDOWS\ERUNT
2007-11-26 18:32:51 0 d--hs---- C:\WINDOWS\ftpcache
2007-11-26 13:00:08 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-26 12:50:26 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Grisoft
2007-11-26 12:50:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-26 00:28:34 3746 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-26 00:27:58 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-26 00:27:58 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-11-26 00:27:58 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-11-26 00:27:58 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-26 00:27:57 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-11-25 21:22:05 0 d-------- C:\hijackthis
2007-11-25 19:01:11 0 d-------- C:\Program Files\Incomplete
2007-11-25 18:58:21 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-11-25 18:54:29 0 d-------- C:\Temp
2007-11-25 18:53:20 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-25 18:34:16 0 d-------- C:\Program Files\LimeWire
2007-11-25 17:52:37 0 d-------- C:\partition magic
2007-11-25 17:24:00 0 dr------- C:\Linux
2007-11-25 15:24:46 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-11-25 15:24:46 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-11-25 15:24:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-11-25 15:24:43 0 d-------- C:\Program Files\Common Files\Ahead
2007-11-25 15:24:43 0 d-------- C:\Program Files\Ahead
2007-11-25 15:18:08 0 d-------- C:\Program Files\Nero
2007-11-25 15:18:08 0 d-------- C:\Program Files\Common Files\Nero
2007-11-25 15:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-11-25 14:15:00 0 d-------- C:\nero
2007-11-25 13:58:29 0 d-------- C:\WINDOWS\pss
2007-11-25 11:40:06 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-25 11:36:00 0 d-------- C:\Program Files\Bonjour
2007-11-25 11:28:52 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-24 21:09:10 0 d-------- C:\Program Files\Glary Utilities
2007-11-24 20:35:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-24 20:10:27 0 d-------- C:\Photoshop
2007-11-24 16:46:05 0 d-------- C:\Program Files\SD EnterNET
2007-11-24 16:15:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-24 16:06:51 0 d-------- C:\Program Files\Download Manager
2007-11-24 15:52:54 0 d-------- C:\navy field
2007-11-24 15:36:26 0 d-------- C:\Program Files\Ventrilo
2007-11-24 15:35:53 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 15:32:19 0 d-------- C:\Program Files\blackdeath.nf.forumer
2007-11-24 15:07:57 0 d-------- C:\Program Files\support.com
2007-11-24 15:07:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Support.com
-- Find3M Report ---------------------------------------------------------------
2007-12-14 14:09:52 187 --a------ C:\Documents and Settings\HP_Administrator\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
2007-11-27 02:00:12 0 d-------- C:\Program Files\Java
2007-11-27 01:21:33 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 01:12:48 0 d-------- C:\Program Files\Common Files
2007-11-26 20:12:09 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Yahoo!
2007-11-26 12:39:42 0 d-------- C:\Program Files\The Weather Channel FW
2007-11-25 22:38:08 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Google
2007-11-25 18:54:34 0 d-------- C:\Program Files\Movie Maker
2007-11-25 18:42:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 11:35:57 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-24 21:13:09 0 d-------- C:\Program Files\Yahoo!
ladyjess
2007-12-20, 12:12
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [06/01/2005 11:35 PM]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [03/16/2006 02:11 AM]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [03/20/2006 09:05 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [12/15/2005 06:18 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [11/27/2007 01:28 AM]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [03/06/2006 10:48 AM]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [02/06/2006 10:10 PM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [02/02/2006 01:11 AM]
"LXCRCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [02/24/2006 04:54 AM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 04:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/09/2004 09:00 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [08/30/2007 05:43 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [09/20/2007 03:35 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [12/15/2005 6:40:44 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=C:\WINDOWS\pss\Updates From HP.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]
ARPWRMSG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Reminder"="C:\Windows\Creator\Remind_XP.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Newly Created Service* - RKPAVPROC
-- End of Deckard's System Scanner: finished at 2007-12-20 03:04:03 ------------
ladyjess
2007-12-20, 12:14
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Turion(tm) 64 Mobile Technology ML-34
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 958.48 MiB / 490.84 MiB
Pagefile Memory (total/avail): 2312.31 MiB / 1958.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.44 MiB
C: is Fixed (NTFS) - 177.54 GiB total, 138.73 GiB free.
D: is Fixed (FAT32) - 8.75 GiB total, 0.43 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
\\.\PHYSICALDRIVE0 - ST3200827AS - 186.31 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 177.54 GiB - C:
\PARTITION1 - Unknown - 8.76 GiB - D:
\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device
\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device
\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device
\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: COMODO Firewall Pro v3.0 (COMODO)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\HP_Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-4DACD0EA75
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\HP_Administrator
LOGONSERVER=\\YOUR-4DACD0EA75
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp
USERDOMAIN=YOUR-4DACD0EA75
USERNAME=HP_Administrator
USERPROFILE=C:\Documents and Settings\HP_Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
HP_Administrator (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.5 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI-SV92PP Soft Modem --> agrsmdel
Asianata --> "C:\Program Files\HP Games\Asianata\Uninstall.exe"
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Bejeweled 2 Deluxe --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
BitTorrent 6.0 --> C:\Program Files\BitTorrent\uninst.exe
Bo-Shot 1.02 --> C:\WINDOWS\uninstall\Bo-Shot\setup.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
DISCover --> "C:\Program Files\DISC\uninstall.exe"
Download Manager 2.3.6 --> C:\Program Files\Download Manager\uninst.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ENFUNS Updater --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{626713B4-F070-4605-9DF6-31783A5AEAAE}\setup.exe" -l0x9 -removeonly
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /remove
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Glary Utilities 2.3.3 --> "C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet 3740 Series --> rundll32 hpzcon10.dll,VendorJettison HP Deskjet 3740 Series
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console --> "C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0 --> C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper --> regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Insaniquarium Deluxe --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 2400 Series --> C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Media Library Management Wizard --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
Microsoft Away Mode -->
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Movie Maker Background Music Files --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
muvee autoProducer 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
NavyFIELD NorthAmerica --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6D425D2-803F-40E8-9D65-3DC00D577C11}\setup.exe" -l0x9 -removeonly
Nero 8 --> MsiExec.exe /X{5E6EC4DD-7B1F-4E10-82B9-EA1B90791033}
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Plus! MP3 Audio Converter LE --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Sea Life Safari --> "C:\Program Files\HP Games\Sea Life Safari\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Collapse! 3 --> C:\PROGRA~1\YAHOO!~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\SUPERC~1\INSTALL.LOG
Tradewinds --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Updates from HP (remove only) --> C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Media Bonus Pack for Windows XP --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ladyjess
2007-12-20, 12:16
-- Application Event Log -------------------------------------------------------
Event Record #/Type1100 / Error
Event Submitted/Written: 12/20/2007 03:03:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type1098 / Error
Event Submitted/Written: 12/20/2007 03:01:43 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.
Event Record #/Type1097 / Error
Event Submitted/Written: 12/20/2007 03:01:43 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.
Event Record #/Type1096 / Error
Event Submitted/Written: 12/20/2007 03:01:00 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
Event Record #/Type1095 / Error
Event Submitted/Written: 12/20/2007 03:01:00 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type4581 / Error
Event Submitted/Written: 12/20/2007 03:01:56 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB937894 installation failed.
Access is denied.
Event Record #/Type4580 / Error
Event Submitted/Written: 12/20/2007 03:01:54 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB942840 installation failed.
Access is denied.
Event Record #/Type4579 / Error
Event Submitted/Written: 12/20/2007 03:01:52 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB942763 installation failed.
Access is denied.
Event Record #/Type4578 / Error
Event Submitted/Written: 12/20/2007 03:01:49 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB941568 installation failed.
Access is denied.
Event Record #/Type4577 / Error
Event Submitted/Written: 12/20/2007 03:01:47 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB942615 installation failed.
Access is denied.
-- End of Deckard's System Scanner: finished at 2007-12-20 03:04:03 ------------
Thank you so very much for your assistance!!!!!!!!!!!!!
Well, there is evidence that a rootkit was present at some point so we will have to make sure it is not still present.
We will do a bit of cleaning first, so that to things we know about aren't being re-scanned.
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Delete the following items, if still present
Folders
C:\hijackthis\SmitfraudFix
C:\SDFix
Files
C:\hijackthis\SDFix.exe
C:\hijackthis\SmitfraudFix.zip
C:\hijackthis\ComboFix.exe
Empty your Recycle bin.
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
ROOTKIT REVEALER
Please download Rootkit Revealer
Click >>> HERE <<< (http://download.sysinternals.com/Files/RootkitRevealer.zip)
Extract it to your desktop.
Double click the rootkitrevealer folder, and double-click rootkitrevealer.exe
Click the Scan button
Don't do anything while it's running
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them in your next reply.
ladyjess
2007-12-20, 13:47
I had issues with the rootkitreveal. I ran the scan and upon trying to save it to the desktop it stated that rootkitreveal had an issue and needed to close. Text was lost.
Curious...
Try this instead
Please Download GMER to your desktop
Please create a folder in the Program Files folder called GMER.
Download GMER (http://www.majorgeeks.com/GMER_d5198.html) and extract it to the C:\program files\GMER folder you have just made.
Run the Gmer.exe program by double-clicking the executable file gmer.exe.
You may be prompted to scan immediately if GMER detects rootkit activity.
If you are prompted to scan your system click "yes" to begin the scan.
If you are not prompted, Click the "Rootkit" tab, then click "Scan".
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.
Please post the results from the GMER scan in your reply.
ladyjess
2007-12-20, 21:45
Sorry I have the report but it is extremely large and looks pretty crappy and hard to read when in the reply box. I am not to sure it will be easy for you to read. I have been looking around this great site and remember seeing something for extra large posts. If I post this it will be 7 posts. I just want to make this easier for you. If you want me to cut it up to post it I will but I do appreciate your help and want to make this as easy as possible for you to read. Any suggestions or just post as is???????
Just cut it up and post it, I will be able to put it back together :)
ladyjess
2007-12-21, 00:17
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-20 06:58:58
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread
---- Kernel code sections - GMER 1.0.13 ----
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified.
---- User code sections - GMER 1.0.13 ----
.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[172] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
ladyjess
2007-12-21, 00:18
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00A54FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A54F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00A51830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00A51200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00A51390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ B3, 88 ]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00A54BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00A516A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00A51520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00A548E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00A54A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Messenger\msmsgs.exe[432] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[440] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
ladyjess
2007-12-21, 00:20
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[812] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[824] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1052] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\arservice.exe[1100] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
ladyjess
2007-12-21, 00:21
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1144] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1180] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00634FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00634F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00631830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00631200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00631390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 71, 88 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00634BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] USER32.dll!mouse_event 7E466515 5 Bytes JMP 006316A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00631520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 006348E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00634A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1328] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1432] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
ladyjess
2007-12-21, 00:24
.text C:\WINDOWS\eHome\ehSched.exe[1736] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\eHome\ehSched.exe[1736] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1824] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\gmer\gmer.exe[2280] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[2328] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\dllhost.exe[2708] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
ladyjess
2007-12-21, 00:24
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00394FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00394F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00394BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003916A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00391520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00391830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00391200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00391390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 47, 88 ]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003948E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00394A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[2892] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\wuauclt.exe[3932] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
---- Kernel IAT/EAT - GMER 1.0.13 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
---- User IAT/EAT - GMER 1.0.13 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
ladyjess
2007-12-21, 00:29
---- Devices - GMER 1.0.13 ----
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F75E15C2] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F75E55D2] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7293454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7286F4C] fltMgr.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
ladyjess
2007-12-21, 00:30
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F75E15C2] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F75E55D2] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7293454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7286F4C] fltMgr.sys
---- EOF - GMER 1.0.13 ----
WOW !!!!.... You weren't kidding :laugh:
At least now I can safely say......
Congratulations your logs look clean :)
Let’s see if I can help you keep it that way
First lets tidy up :D
You can delete the two rootkit tools we downloaded.
Delete any logs we have produced and empty your recycle bin
Set correct settings for files that should be hidden in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please checkHide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK
Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All of the programs in this list have a free version,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
AVG Anti-Spyware 7.5 (http://www.ewido.net/en/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Ad-Aware 2007 Free (http://www.lavasoftusa.com/products/ad_aware_free.php) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/content/view/19/2/) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
ladyjess
2007-12-21, 13:50
I try to open IE from my quick launch and have to double of tripple click to get it to open. When I do that I immediatly open the task manager and see a bunch of IEXPLORES still. All running around 13k-15k. One will jump up to about 45k but that is the Internet Explorer that actually opened. Any ideas???? Other then that the results of your help have far exceeded my expectations. I actually have a fast machine. Thank you so very much. I wish you and yours a very merry xmas and happy new year!!!!!!
ladyjess
2007-12-21, 14:42
Superanitspyware killed a few problems I guess I missed when cleaning the old crap off of here. This is running great now again thank you so very much and happy holidays!!!!!!!!!
Have you tried installing IE 7 ?
I don't know if it will help, there seem to be a lot of people having problems with Iexplorer not starting properly.
ladyjess
2007-12-21, 17:35
Just installed the IE7 and it is amazing how quick this computer is running. THANK YOU!!!!!!!!!!!!!!!!!!!!!!!
:bigthumb: A pleasure :D:
Have a good Xmas :present: