View Full Version : Please help!
qwerty77
2008-01-01, 02:11
I have some sort of malware in my registry I can't get rid of and I'm about to lose my mind. It's locked up my control panel completely and I can't turn system restore off either. I've tried Norton and McAffee antivirus scans, Ad-Watch, Ad-Aware, Spybot SD, and Spyware Doctor. It now won't let me run any of these scans, even when booted in safe mode. I've downloaded HJT but can't run it. I can't end programs in task manager or use msconfig to change startup programs. I repeatedly get 2 windows pop up. One is an about a spyware removal program that redirects to a series of websites beginning with TrustedAntivirus.com. The other is an error 1810 about not being online, but it just comes up randomly, not when opening programs. Does anyone have any suggestions???
qwerty77
2008-01-01, 02:40
I'm also getting blue screens of death and random restarts now, but the blue screens dissapear before I can read the error code on them.
Hello.
Do you have access to another computer so you can download HJT?
Upload to infected machine
Place HJT into own folder
Run HJT on the infected PC and post the log you produce using the clean PC in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)
Let us know. :)
qwerty77
2008-01-01, 02:59
Hi,
I have HJT installed in C:/ on the infected computer, I just can't open it, or any other scanning programs for some reason.
Hello.
Oops, missed that part. I have moved your topic to the malware removal forum and will leave a note for our helpers.
Best wishes.
qwerty77
2008-01-02, 02:29
I got HJT to run today. Here is the log from it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:18 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [lanmanwrk.exe] C:\WINDOWS\System32\lanmanwrk.exe
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: murka.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 17187 bytes
Welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those three things, everything should go smoothly :D
AntiVirus
You appear to have Symantec and McAfee
First you should know that you're actually doing more harm than good by running more than one Anti Virus program.
When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.
I recommend that you choose one that you want to keep.
The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.
Download and Run ComboFix
Download Combofix from one of the links below :
ComboFix.exe 1 (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/Beta/ComboFix.exe)
ComboFix.exe 3 (http://subs.geekstogo.com/Beta/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Rename ComboFix.exe to Combo.exe BEFORE you run it
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
qwerty77
2008-01-02, 04:14
Thanks! Here is the CF log:
ComboFix 07-12-31.4 - Owner 2008-01-01 21:35:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.459 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\QdrDrive
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\16875.exe
C:\WINDOWS\system32\31699.exe
C:\WINDOWS\system32\97585.exe
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\suspend.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_LANMANDRV
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:36 . 2007-12-31 20:30 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-28 08:01 . 2007-12-28 08:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:43 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:38 --------- d-----w C:\Program Files\Apoint
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-30 17:36 4670968]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 17:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"HostManager"="C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe" [2007-12-30 17:36 50792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"KernelDrv.exe"="C:\WINDOWS\System32\KernelDrv.exe" [ ]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
"@"="" []
"lanmanwrk.exe"="C:\WINDOWS\System32\lanmanwrk.exe" [ ]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-01 18:19 1065800]
"Medichi"="medichi.exe" []
"Medichi2"="medichi2.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
Files\Webshots\Launcher.exe [2007-06-03 21:52:53]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 23:13:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-06-16 12:48:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-01 21:46:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-01 21:54:57 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 02:54:53
.
2007-12-31 22:36:05 --- E O F ---
qwerty77
2008-01-02, 04:15
and here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:43 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [KernelDrv.exe] C:\WINDOWS\System32\KernelDrv.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 16176 bytes
That looks better, how are things running now ?
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire
BitTorrent
I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216&sid=81e62eb6fe99a5bad157cee792b31b7f) where we explain why it's not a good idea to have them.
Also available here (http://forum.malwareremoval.com/viewtopic.php?t=23812&sid=a609c56441d8a2e5dc8d24e3e96420cc).
My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Please note: you must NOT use this whilst we are cleaning your machine.
Disable Teatimer
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelDrv.exe"=-
"lanmanwrk.exe"=-
"Medichi"=-
"Medichi2"=-
"KernelFaultCheck"=-
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
qwerty77
2008-01-02, 14:18
It's running somewhat better, here is the new CF log:
ComboFix 07-12-31.4 - Owner 2008-01-02 7:59:29.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:36 . 2007-12-31 20:30 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-28 08:01 . 2007-12-28 08:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:51 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 21:57 8,477 ----a-w C:\WINDOWS\system32\ksvcl.dll
2007-12-31 21:57 26,120 ----a-w C:\WINDOWS\system32\kcopt.dll
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:38 --------- d-----w C:\Program Files\Apoint
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 12:48:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-30 17:36 4670968]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 17:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-01 18:19 1065800]
"HostManager"="C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-06-03 21:52:53]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 23:13:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-06-16 12:48:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 08:06:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-02 8:11:41
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 13:11:35
C:\qoobox\ComboFix2.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---
qwerty77
2008-01-02, 14:24
When the computer rebooted after the CF scan I got a "system has recovered from a serious error" message.
When the computer rebooted after the CF scan I got a "system has recovered from a serious error" message.
Curious ???
There is no malware visible in the last log, what problems are you having now ?
Did you disable/remove one of the Antivirus programs ?
Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Please post all three logs in your reply ( you may need more than one post )
qwerty77
2008-01-02, 15:44
I can't use MS office, my antivirus programs, or IE yet. My control panel is back though.
qwerty77
2008-01-02, 16:01
I also get pop-up errors about a persistance module every few hours.
Here's the extra log:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.11 MiB / 393.09 MiB
Pagefile Memory (total/avail): 2441.59 MiB / 1891.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.81 MiB
C: is Fixed (NTFS) - 104.79 GiB total, 66.3 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
\\.\PHYSICALDRIVE1 - MemoryStick0 Device
\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 7 GiB
\PARTITION1 (bootable) - Installable File System - 104.79 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.) Disabled
AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=480037D956F7448
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\480037D956F7448
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=480037D956F7448
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Owner (admin)
Administrator (admin)
-- Add/Remove Programs ---------------------------------------------------------
HijackThis 2.0.2 --> "C:\DOCUME~1\Owner\Desktop\HijackThis.exe" /uninstall
-- Application Event Log -------------------------------------------------------
Event Record #/Type15036 / Warning
Event Submitted/Written: 01/02/2008 08:28:02 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'
Event Record #/Type15034 / Error
Event Submitted/Written: 01/02/2008 08:27:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application igfxpers.exe, version 3.0.0.4543, faulting module igfxpers.exe, version 3.0.0.4543, fault address 0x00012fe1.
Processing media-specific event for [igfxpers.exe!ws!]
Event Record #/Type15032 / Warning
Event Submitted/Written: 01/02/2008 08:27:41 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355
Event Record #/Type15018 / Warning
Event Submitted/Written: 01/02/2008 07:56:24 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'
Event Record #/Type15016 / Warning
Event Submitted/Written: 01/02/2008 07:56:08 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type13652 / Error
Event Submitted/Written: 01/02/2008 07:51:33 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 f7956a20.
Event Record #/Type13628 / Error
Event Submitted/Written: 01/02/2008 07:48:24 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 0018DE6CA3A7 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
Event Record #/Type13614 / Warning
Event Submitted/Written: 01/01/2008 11:04:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Record #/Type13610 / Error
Event Submitted/Written: 12/26/2007 09:29:38 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.
Event Record #/Type13609 / Error
Event Submitted/Written: 12/25/2007 09:46:59 PM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom0.
-- End of Deckard's System Scanner: finished at 2008-01-02 09:48:48 ------------
qwerty77
2008-01-02, 16:06
Here's the main log in 2 parts; it's too long for 1 post:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-02 09:46:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
98: 2008-01-02 14:46:53 UTC - RP251 - Deckard's System Scanner Restore Point
97: 2008-01-02 12:59:11 UTC - RP250 - ComboFix created restore point
96: 2008-01-02 02:35:03 UTC - RP249 - ComboFix created restore point
95: 2008-01-01 23:32:18 UTC - RP248 - Unsigned driver install
94: 2008-01-01 23:14:15 UTC - RP247 - Unsigned driver install
-- First Restore Point --
1: 2007-10-04 19:31:38 UTC - RP154 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:09 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 14115 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 DCamUSBET (scopetek dcm130 usb2.0 device) - c:\windows\system32\drivers\etdevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
S3 FiltUSBET (dcm130 USB Device Lower Filter) - c:\windows\system32\drivers\etfilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
S3 ScanUSBET (dcm130 USB Still Image Capture Device) - c:\windows\system32\drivers\etscan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
qwerty77
2008-01-02, 16:07
-- Files created between 2007-12-02 and 2008-01-02 -----------------------------
2007-12-31 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-31 19:28:03 0 d-------- C:\WINDOWS\CSC
2007-12-31 18:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43:03 28672 -ra------ C:\WINDOWS\etRun.exe <Not Verified; eMPIA Technology, Inc.; etRun>
2007-12-30 17:43:03 36864 -ra------ C:\WINDOWS\etMon.exe <Not Verified; EMPIA Technology Corporation; etMonitor>
2007-12-30 17:43:02 61440 -ra------ C:\WINDOWS\system32\etVFW.dll <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:43:02 17808 -ra------ C:\WINDOWS\system32\emYUV.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-12-30 17:43:02 159872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
2007-12-30 17:42:59 6016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:42:58 94720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:36:22 16384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24:33 217088 --a------ C:\WINDOWS\etSTI.exe <Not Verified; eMPIA Technology, Inc.; etSTI>
2007-12-30 17:24:33 208896 --a------ C:\WINDOWS\etCap.exe <Not Verified; eMPIA Technology, Inc.; etCap>
2007-12-30 17:24:33 393306 --a------ C:\WINDOWS\etamcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2007-12-30 17:24:33 0 d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24:32 0 d-------- C:\Program Files\eMPIA-ET
2007-12-30 15:11:54 0 d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20:03 0 d-------- C:\Program Files\MSECache
2007-12-20 18:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-10 08:53:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-01-02 09:44:01 148 --a------ C:\Documents and Settings\Owner\Application Data\GL_Alerts.conf
2008-01-02 08:34:35 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-02 07:55:26 0 d-------- C:\Program Files\LimeWire
2008-01-02 07:39:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 07:39:19 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 07:37:59 0 d-------- C:\Program Files\DAPlus
2008-01-02 07:37:20 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 21:44:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 20:30:31 118784 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-31 19:34:50 0 d-------- C:\Program Files\Trend Micro
2007-12-31 16:57:14 8477 --a------ C:\WINDOWS\system32\ksvcl.dll
2007-12-31 16:57:10 26120 --a------ C:\WINDOWS\system32\kcopt.dll
2007-12-31 13:19:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 17:46:55 0 d-------- C:\Program Files\Java
2007-12-30 17:38:39 0 d-------- C:\Program Files\iTunes
2007-12-30 17:38:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 17:38:39 0 d-------- C:\Program Files\Apoint
2007-12-30 17:38:38 0 d-------- C:\Program Files\QuickTime
2007-12-30 17:36:25 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:36:24 77824 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 17:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-26 21:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-25 22:04:57 0 d-------- C:\Program Files\Yahoo!
2007-12-25 22:04:57 0 d-------- C:\Program Files\1Club.FM
2007-12-25 21:53:42 0 d-------- C:\Program Files\Common Files
2007-12-25 21:51:42 0 d-------- C:\Program Files\BitTorrent
2007-12-10 08:53:10 0 d-------- C:\Program Files\AIM
2007-12-07 00:25:06 47760 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 13:37:53 0 d-------- C:\Program Files\Google
2007-11-08 16:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-11-07 21:20:57 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-11-07 21:20:55 0 d-------- C:\Program Files\MySpace
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 12:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/30/2007 05:36 PM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/30/2007 05:36 PM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [12/30/2007 05:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/08/2006 12:50 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [12/30/2007 05:36 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/31/2007 08:30 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/30/2007 05:36 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 09:50 AM]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [12/30/2007 05:36 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [12/30/2007 05:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/30/2007 05:36 PM]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/23/2004 03:16 AM]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [12/30/2007 05:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [12/31/2007 01:10 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/30/2007 05:36 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [12/30/2007 05:36 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [12/30/2007 05:36 PM]
"etMonitor"="C:\WINDOWS\etMon.exe" [10/11/2005 05:57 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [8/2/2006 3:15:47 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [08/02/2006 03:15 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 04:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command- E:\sony\Autorun.exe
-- End of Deckard's System Scanner: finished at 2008-01-02 09:48:48 ------------
qwerty77
2008-01-02, 16:11
The Kaspersky scanner says only run it in IE >6.0 but my IE won't open. Is it ok to run it in firefox?
Try this first, then try IE again
SD Fix
DownloadSDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
qwerty77
2008-01-02, 22:53
Here is the SDFix log:
SDFix: Version 1.122
Run by Owner on Wed 01/02/2008 at 10:53 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\F\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 11:37:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Mon 10 Sep 2007 74,752 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
qwerty77
2008-01-02, 23:01
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
qwerty77
2008-01-02, 23:02
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
qwerty77
2008-01-02, 23:15
"C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0073.tmp"
Tue 3 Oct 2006 51,712 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL0445.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1636.tmp"
Wed 4 Oct 2006 58,368 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1671.tmp"
Wed 4 Oct 2006 56,832 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL1824.tmp"
Wed 4 Oct 2006 56,320 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL2503.tmp"
Wed 4 Oct 2006 57,856 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\Lab\Enzyme\~WRL3750.tmp"
Fri 10 Nov 2006 186,368 A..H. --- "C:\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\RU Research\Manuscripts\NPYaMSHbehaveNEW\~WRL1346.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\F\F\F\F\F\F\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Finished!
qwerty77
2008-01-02, 23:18
and here is the new HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:17:11 PM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HiJackThis(2).exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 13982 bytes
Do you know anything about these folders ?
C:\F\F\F
They seem so go back a long time if the dates are correct.
Do you have the IE tab addon for Firefox ? if yes, then use Kaspersky with that.
qwerty77
2008-01-03, 00:29
No, I've been having to search for files and finding multiple versions of them with up to ten "F"'s in front of the filename and don't know why. That's been going on for a few months now though. I think I got this laptop last April so it may have even started that far back.
Do you have the IE tab addon for Firefox ? if yes, then use Kaspersky with that.
Did you try IE again ?
qwerty77
2008-01-03, 20:20
I did get IE to work, but the Kaspersky won't run because I have a symantec scan installed and it won't let me remove that.
Upload a File
Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)
Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\AIM\\DeadAIM.ocm
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\drivers\etFilter.sys
C:\WINDOWS\system32\etVFW.dll
Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)
Please start a new threadand give a the following information
Name:-- Your name
E-mail:-- Your E-mail (this is confidential and will not be displayed)
Subject:-- O4 infected files ? for Katana/Mosaic
In the main text window please put the following link
http://forums.spybot.info/showthread.php?p=149870#post149870
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.
Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files
Thanks, we think we may have found the problem.
please can we have some more ??
Run suspicious file packer again, and paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\users32.dat
Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)
Please start a new threadand give a the following information
Name:-- Your name
E-mail:-- Your E-mail (this is confidential and will not be displayed)
Subject:-- Katana/Mosaic full set
In the main text window please put the following link
http://forums.spybot.info/showthread.php?p=149870#post149870
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.
Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
You DO NOT need to be a member to upload, anybody can upload the files[/QUOTE]
============================================================================================
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
http://forums.spybot.info/showthread.php?p=149870#post149870
Comment:: Katana/Mosaic
Collect::[4]
C:\WINDOWS\system32\users32.dat
Suspect::[4]
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
Click OK and follow the instructions to submit the file.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
qwerty77
2008-01-04, 03:16
ok, I got the kaspersky scan to run and here is the report from that. I'm running the new CF scan now.
Thursday, January 03, 2008 9:03:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/01/2008
Kaspersky Anti-Virus database records: 502255
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
qwerty77
2008-01-04, 03:17
Scan Statistics
Total number of scanned objects 80755
Number of viruses found 11
Number of infected objects 50
Number of suspicious objects 0
Duration of the scan process 01:07:34
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_480037D956F7448.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_480037D956F7448.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.ldf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Entertainment Platform\1.0\VzCdb\VzCdb_Mgr.mdf Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-01-03_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EA80000\4FACFD9E.VBN Infected: Trojan-PSW.Win32.OnLineGames.fwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400001\57496114.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400002\57496257.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400003\5749685B.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400004\57496DF6.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400005\574973D2.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400006\574979B6.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400007\57497F8A.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400008\57498565.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400009\57498B45.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000A\5749911F.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000B\574996FB.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000C\57499CD7.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000D\5749A2B4.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000E\5749A896.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540000F\5749AE79.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400010\5749B453.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400011\5749BA22.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400012\5749BFFE.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400013\5749C617.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400014\5749CC13.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400015\5749D1B8.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400016\5749D793.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400017\5749DD50.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400018\5749E32C.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15400019\5749E91D.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540001A\5749F16E.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1540001B\5749F855.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15AC0000\57FF5224.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17600003\5772E94C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17600004\57786110.VBN Infected: Trojan.Win32.DNSChanger.acs skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Aim\biogurl06\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Aim\biogurl06\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2008-01-03_17_02].cab/C:/WINDOWS/system32/users32.dat Infected: not-a-virus:AdWare.Win32.Agent.zb skipped
C:\Documents and Settings\Owner\Desktop\requested-files[2008-01-03_17_02].cab CAB: infected - 1 skipped
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm Infected: Trojan-Downloader.WMA.Wimad.m skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Pop3.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\ruexchange.radford.edu - Inbox.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{FFDDCD6C-B597-484D-BA90-708AD2F6F82C}\Microsoft\Outlook Express\Smtp.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
qwerty77
2008-01-04, 03:18
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\wilervyr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\NAILogs\UpdaterUI_480037D956F7448.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_ce0.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\History\History.IE5\MSHist012008010320080104\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Temp\SB\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Downloads\TheGameOfLife-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0092NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0332NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\install.exe.vir Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\suspend.exe.vir Infected: Trojan-Downloader.Win32.Wixud.n skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP205\A0011814.exe Infected: Trojan-Downloader.Win32.Small.hcc skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP205\A0011958.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP241\A0013389.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP243\A0013485.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0014485.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0014524.exe Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0016532.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP244\A0016557.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP245\A0016688.exe Infected: not-virus:Hoax.Win32.Renos.aom skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP246\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.Agent.zb skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP249\A0018816.exe Infected: Trojan-Dropper.Win32.Small.bdf skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP249\A0018818.exe Infected: Trojan-Downloader.Win32.Wixud.n skipped
C:\System Volume Information\_restore{ECE42D92-315C-418E-8F32-95DC4FF2BBEF}\RP252\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6F70F626-E1E9-4C15-B211-B0BCD6B6EAF4}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\users32.dat Infected: not-a-virus:AdWare.Win32.Agent.zb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JETDD50.tmp Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
qwerty77
2008-01-04, 05:06
ComboFix 07-12-31.4 - Owner 2008-01-03 21:20:52.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.420 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript2.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\users32.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 14:18 . 2008-01-03 14:18 <DIR> d-------- C:\KAV
2008-01-02 10:51 . 2008-01-02 10:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-02 09:46 . 2008-01-02 09:46 <DIR> d-------- C:\Deckard
2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-20 18:38 . 2007-12-20 18:38 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 02:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-04 02:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 02:20 --------- d-----w C:\Program Files\Apoint
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 21:57 8,477 ----a-w C:\WINDOWS\system32\ksvcl.dll
2007-12-31 21:57 26,120 ----a-w C:\WINDOWS\system32\kcopt.dll
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-02 15:51:54 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:55 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-02 15:51:30 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:30 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-02 16:35:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 15:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 17:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-30 17:36 8720384 --a------ C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2008-01-01 18:19 1065800 --a------ C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-03 21:26:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 21:31:10
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 02:31:06
C:\qoobox\ComboFix2.txt 2008-01-02 13:11:42
C:\qoobox\ComboFix3.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---
Thank you very much for your prompt cooperation :D:
I am going to remove some programs from startup as they have been infected, I will give you details of some that you will need to reinstall before we finish.
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
http://forums.spybot.info/showthread.php?p=150701#post150701
Comment:: Katana
Suspect::[4]
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\kcopt.dll
File::
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm
C:\Downloads\TheGameOfLife-dm[1].exe
C:\WINDOWS\system32\ksvcl.dll
C:\WINDOWS\system32\kcopt.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"=-
"SonyPowerCfg"=-
"ISBMgr.exe"=-
"Switcher.exe"=-
"igfxpers"=-
"McAfeeUpdaterUI"=-
"VAIO Update 3"=-
"vptray"=-
"ccApp"=-
"VAIOCameraUtility"=-
"SunJavaUpdateSched"=-
"igfxtray"=-
"Apoint"=-
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"=-
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
A window will open asking you to ensure you are connected to the internet, this is so a file can be submitted for analysis.
Click OK and follow the instructions to submit the file.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Now we would like some more files from you please.
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it reglook.bat Please save it on your desktop.
reg save HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep C:\beep.hiv
regedit /e /a C:\beep.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep
del /q reglook.bat
exit
Double click on reglook.bat
A window will open, and then close on it's own. When it has closed please continue with the following instructions.
Upload a File
Open suspicious file packer again and paste in the list of files below, then press next
C:\beep.hiv
C:\beep.txt
Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)
Please start a new thread and give the following information
Name:-- Your name
E-mail:-- Your E-mail (this is confidential and will not be displayed)
Subject:-- Reglook for Cretemonster
In the main text window please put the following link
http://forums.spybot.info/showthread.php?p=150701#post150701
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.
qwerty77
2008-01-05, 12:42
ComboFix 07-12-31.4 - Owner 2008-01-05 2:56:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.384 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript3.txt
* Created a new restore point
FILE
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm
C:\Downloads\TheGameOfLife-dm[1].exe
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ksvcl.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Owner\Desktop\TUNES2\just beat it.wm
C:\Downloads\TheGameOfLife-dm[1].exe
C:\WINDOWS\system32\kcopt.dll
C:\WINDOWS\system32\ksvcl.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-03 17:06 . 2008-01-03 17:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 14:18 . 2008-01-03 14:18 <DIR> d-------- C:\KAV
2008-01-02 10:51 . 2008-01-02 10:51 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-02 09:46 . 2008-01-02 09:46 <DIR> d-------- C:\Deckard
2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-20 18:38 . 2007-12-20 18:38 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 04:11 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-04 02:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-04 02:20 --------- d-----w C:\Program Files\Apoint
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.
((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-02 15:51:54 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:55 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-02 08:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-02 15:51:30 5,242,880 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-02 15:51:30 151,552 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2008-01-02 16:35:37 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_3b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 15:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-12-30 17:36 256576 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2007-12-30 17:36 8720384 --a------ C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2008-01-01 18:19 1065800 --a------ C:\Program Files\Spyware Doctor\SDTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 03:01:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 3:06:46
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-05 08:06:43
C:\qoobox\ComboFix2.txt 2008-01-04 02:31:11
C:\qoobox\ComboFix3.txt 2008-01-02 13:11:42
C:\qoobox\ComboFix4.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---
You need to uninstall the following and reinstall them from a fresh download.
McAfee
Symantec
(You only want to install one of the above, but you need to uninstall both.
Google uninstall all programs and reinstall.
Java Runtime Environment (JRE) 6u3 (http://java.sun.com/javase/downloads/index.jsp)
find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.
@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
dir /a "hkcmd.exe >> C:\look.txt
dir /a "SPMgr.exe" >> C:\look1.txt
dir /a "ISBMgr.exe" >> C:\look2.txt
dir /a "Switcher.exe" >> C:\look3.txt
dir /a "igfxpers.exe" >> C:\look4.txt
dir /a "VAIOUpdt.exe" >> C:\look5.txt
dir /a "VCUServe.exe >> C:\look6.txt
dir /a "igfxtray.exe >> C:\look7.txt
dir /a "Apoint.exe >> C:\look8.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt
Double click findfiles.bat. Notepad will open, copy and paste the contents in your reply.
qwerty77
2008-01-05, 23:21
I can't find a way to delete the Symantec or McAfee.
Remove McAfee
Please click HERE (http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033&pf=1) and follow the instructions to download and run the Mcafee removal tool
Remove Norton
Please click HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=) and follow the instructions to download and run the norton removal tool
qwerty77
2008-01-06, 00:47
ok, I got McAfee removed, but the Norton removal tool says I have to remove it through Add/Remove Programs before I can use that removal tool. When I go to Add/Remove Programs it lists it there but doesn't give me a Remove option.
Just nuke it with the removal tool :bigthumb:
Regarding the C:\F\F\F\ folders, are there any files in there that you want to keep ?
qwerty77
2008-01-06, 20:08
The removal tool won't let me proceed.
qwerty77
2008-01-06, 20:09
The F/F/F files....as long as I have 1 copy of each of them I don't need any of the others (I believe each F/ is a duplicate somehow).
Each \F is a separate folder, if you delete C:\F then ALL the other folders will be gone.
It looks like something is backing up the folders, and at the rate it is going it will eat your entire drive.
Which Antivirus will you be keeping ?
qwerty77
2008-01-06, 21:50
I guess I'll be keeping the symantec antivirus. Should I copy the F: files I need onto another drive and then delete the C:/F: ones to delete all the copies? I was hesitant to back anything up and upload it on another computer in case I was taking the infection with it.
Ok, we will delete the McAfee files shortly.
Copy any files in the \F folders that you want to keep, and then just delete the first F folder on the C: drive.
That will remove them all.
Do you have the results of Findfiles.bat ?
qwerty77
2008-01-06, 23:38
oh, yes, sorry, I thought that was after I removed those programs.
findfiles.bat:
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\Documents and Settings\Owner\Desktop
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\Documents and Settings\Owner\Desktop
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\Documents and Settings\Owner\Desktop
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\Documents and Settings\Owner\Desktop
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\Documents and Settings\Owner\Desktop
My mistake, please run the following file
find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.
@echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
cd c:
dir /a /s "hkcmd.exe >> C:\look.txt
dir /a /s "SPMgr.exe" >> C:\look1.txt
dir /a /s "ISBMgr.exe" >> C:\look2.txt
dir /a /s "Switcher.exe" >> C:\look3.txt
dir /a /s "igfxpers.exe" >> C:\look4.txt
dir /a /s "VAIOUpdt.exe" >> C:\look5.txt
dir /a /s "VCUServe.exe >> C:\look6.txt
dir /a /s "igfxtray.exe >> C:\look7.txt
dir /a /s "Apoint.exe >> C:\look8.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt
Double click findfiles.bat. Notepad will open, copy and paste the contents in your reply.
qwerty77
2008-01-07, 00:00
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
And that is what you get for rushing something :rolleyes:
Let's try that again, hopefully for the last time
find a file
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it findfiles.bat Please save it on your desktop.
Echo off
if exist C:\look*.txt del /q C:\look*.txt
if exist C:\kresults.txt del /q C:\kresults.txt
cd c:\
dir /s /a "hkcmd.exe" >> C:\look.txt
dir /s /a "SPMgr.exe" >> C:\look1.txt
dir /s /a "ISBMgr.exe" >> C:\look2.txt
dir /s /a "Switcher.exe" >> C:\look3.txt
dir /s /a "igfxpers.exe" >> C:\look4.txt
dir /s /a "VAIOUpdt.exe" >> C:\look5.txt
dir /s /a "VCUServe.exe" >> C:\look6.txt
dir /s /a "igfxtray.exe" >> C:\look7.txt
dir /s /a "Apoint.exe" >> C:\look8.txt
type C:\look*.txt >> C:\kresults.txt
start notepad C:\kresults.txt
del /q C:\look*.txt
Double click findfiles.bat. Notepad will open, copy and paste the contents in your reply.
qwerty77
2008-01-07, 00:42
hmm I just have a command prompt opened and says "C:\Documents and Settings\Owner\Desktop>Echo off"
Don't worry, it will close shortly
qwerty77
2008-01-07, 00:54
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\F\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Directory of C:\WINDOWS\system32
12/30/2007 05:36 PM 77,824 hkcmd.exe
1 File(s) 77,824 bytes
Total Files Listed:
32 File(s) 2,490,368 bytes
0 Dir(s) 70,603,694,080 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\F\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Directory of C:\Program Files\Sony\VAIO Power Management
12/30/2007 05:36 PM 217,088 spmgr.exe
1 File(s) 217,088 bytes
Total Files Listed:
16 File(s) 3,473,408 bytes
0 Dir(s) 70,603,522,048 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\F\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Directory of C:\Program Files\Sony\ISB Utility
12/30/2007 05:36 PM 32,768 isbmgr.exe
1 File(s) 32,768 bytes
Total Files Listed:
16 File(s) 524,288 bytes
0 Dir(s) 70,603,386,880 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\F\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Directory of C:\Program Files\Sony\Wireless Switch Setting Utility
12/30/2007 05:36 PM 176,128 switcher.exe
1 File(s) 176,128 bytes
Total Files Listed:
16 File(s) 2,818,048 bytes
0 Dir(s) 70,603,350,016 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
qwerty77
2008-01-07, 00:55
Directory of C:\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\F\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Directory of C:\WINDOWS\system32
12/31/2007 08:30 PM 118,784 igfxpers.exe
1 File(s) 118,784 bytes
Total Files Listed:
32 File(s) 3,801,088 bytes
0 Dir(s) 70,603,276,288 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\F\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Directory of C:\Program Files\Sony\VAIO Update 3
12/30/2007 05:36 PM 551,032 vaioupdt.exe
1 File(s) 551,032 bytes
Total Files Listed:
16 File(s) 8,816,512 bytes
0 Dir(s) 70,603,227,136 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\F\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Directory of C:\Program Files\Sony\VAIO Camera Utility
12/30/2007 05:36 PM 69,632 vcuserve.exe
1 File(s) 69,632 bytes
Total Files Listed:
16 File(s) 1,114,112 bytes
0 Dir(s) 70,603,161,600 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\F\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\WINDOWS\Drivers\Intel 945G Display
04/05/2006 01:21 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Directory of C:\WINDOWS\system32
12/30/2007 05:36 PM 94,208 igfxtray.exe
1 File(s) 94,208 bytes
Total Files Listed:
32 File(s) 3,014,656 bytes
0 Dir(s) 70,603,231,232 bytes free
Volume in drive C has no label.
Volume Serial Number is E412-D2BE
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\F\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Directory of C:\Program Files\Apoint
12/30/2007 05:36 PM 118,784 apoint.exe
1 File(s) 118,784 bytes
Directory of C:\WINDOWS\Drivers\Touchpad
11/17/2004 10:47 PM 118,784 Apoint.exe
1 File(s) 118,784 bytes
Total Files Listed:
32 File(s) 3,801,088 bytes
0 Dir(s) 70,603,071,488 bytes free
Very curious ????
It looks like those \F folders may be part of the infection, DO NOT delete any of those folders yet.
Let's see if we can replace some of those infected files,
I will need to look at some, so we know they are clean.
Upload a File
Open suspicious file packer again and paste in the list of files below, then press next
C:\F\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe
C:\F\Program Files\Sony\VAIO Power Management\spmgr.exe
C:\F\Program Files\Sony\ISB Utility\isbmgr.exe
C:\F\Program Files\Sony\Wireless Switch Setting Utility\switcher.exe
C:\F\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe
C:\F\Program Files\Sony\VAIO Update 3\vaioupdt.exe
C:\F\Program Files\Sony\VAIO Camera Utility\vcuserve.exe
C:\F\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe
C:\F\WINDOWS\Drivers\Touchpad\Apoint.exe
Go to spykiller (http://thespykiller.co.uk/index.php/topic,5628.0.html)
This is your original topic
Subject:-- Check for legit files
In the main text window please put the following link
http://forums.spybot.info/showthread.php?p=150701#post150701
you may also add any comments you wish
then press attach and upload the zip/cab file that was created.
Please re-run DSS and post the log, so we can make sure nothing has changed.
qwerty77
2008-01-08, 03:24
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-07 21:19:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Percentage of Memory in Use: 89% (more than 75%).
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:20:25 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Owner\Desktop\Computer\dss.exe
C:\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/200015205/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11510 bytes
qwerty77
2008-01-08, 03:25
-- Files created between 2007-12-07 and 2008-01-07 -----------------------------
2008-01-05 17:15:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-01-03 17:06:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 17:06:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 14:18:26 0 d-------- C:\KAV
2008-01-02 10:51:07 0 d-------- C:\WINDOWS\ERUNT
2007-12-31 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-31 19:28:03 0 d-------- C:\WINDOWS\CSC
2007-12-31 18:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43:03 28672 -ra------ C:\WINDOWS\etRun.exe <Not Verified; eMPIA Technology, Inc.; etRun>
2007-12-30 17:43:03 36864 -ra------ C:\WINDOWS\etMon.exe <Not Verified; EMPIA Technology Corporation; etMonitor>
2007-12-30 17:43:02 61440 -ra------ C:\WINDOWS\system32\etVFW.dll <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:43:02 17808 -ra------ C:\WINDOWS\system32\emYUV.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-12-30 17:43:02 159872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
2007-12-30 17:42:59 6016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:42:58 94720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:24:33 217088 --a------ C:\WINDOWS\etSTI.exe <Not Verified; eMPIA Technology, Inc.; etSTI>
2007-12-30 17:24:33 208896 --a------ C:\WINDOWS\etCap.exe <Not Verified; eMPIA Technology, Inc.; etCap>
2007-12-30 17:24:33 393306 --a------ C:\WINDOWS\etamcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2007-12-30 17:24:33 0 d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24:32 0 d-------- C:\Program Files\eMPIA-ET
2007-12-30 15:11:54 0 d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20:03 0 d-------- C:\Program Files\MSECache
2007-12-20 18:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-10 08:53:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-01-05 18:38:12 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-05 18:20:51 0 d-------- C:\Program Files\Common Files
2008-01-05 17:11:59 0 d-------- C:\Program Files\Google
2008-01-03 21:20:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 21:20:28 0 d-------- C:\Program Files\Apoint
2008-01-02 16:39:27 146 --a------ C:\Documents and Settings\Owner\Application Data\GL_Alerts.conf
2008-01-02 07:55:26 0 d-------- C:\Program Files\LimeWire
2008-01-02 07:48:05 0 d-------- C:\Program Files\Common Files\AOL
2008-01-02 07:39:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 07:39:19 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 07:37:59 0 d-------- C:\Program Files\DAPlus
2008-01-01 21:44:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 20:30:31 118784 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-31 19:34:50 0 d-------- C:\Program Files\Trend Micro
2007-12-31 13:19:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 17:46:55 0 d-------- C:\Program Files\Java
2007-12-30 17:38:39 0 d-------- C:\Program Files\iTunes
2007-12-30 17:38:38 0 d-------- C:\Program Files\QuickTime
2007-12-30 17:36:25 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:36:24 77824 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 17:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-26 21:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-25 22:04:57 0 d-------- C:\Program Files\Yahoo!
2007-12-25 22:04:57 0 d-------- C:\Program Files\1Club.FM
2007-12-25 21:51:42 0 d-------- C:\Program Files\BitTorrent
2007-12-10 08:53:10 0 d-------- C:\Program Files\AIM
2007-12-07 00:25:06 47760 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-11-08 16:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-11-07 21:20:57 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-11-07 21:20:55 0 d-------- C:\Program Files\MySpace
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 12:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/08/2006 12:50 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" []
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/23/2004 03:16 AM]
"etMonitor"="C:\WINDOWS\etMon.exe" [10/11/2005 05:57 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [8/2/2006 3:15:47 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [08/02/2006 03:15 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 04:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command- E:\sony\Autorun.exe
-- End of Deckard's System Scanner: finished at 2008-01-07 21:20:44 ------------
qwerty77
2008-01-08, 03:49
I wasn't sure why it said I had so much memory in use so I rebooted and reran the DSS and this is the new log:
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-07 21:45:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:24 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Owner\Desktop\Computer\dss.exe
C:\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/200015205/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11348 bytes
-- Files created between 2007-12-07 and 2008-01-07 -----------------------------
2008-01-05 17:15:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-01-03 17:06:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 17:06:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 14:18:26 0 d-------- C:\KAV
2008-01-02 10:51:07 0 d-------- C:\WINDOWS\ERUNT
2007-12-31 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-31 19:28:03 0 d-------- C:\WINDOWS\CSC
2007-12-31 18:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43:03 28672 -ra------ C:\WINDOWS\etRun.exe <Not Verified; eMPIA Technology, Inc.; etRun>
2007-12-30 17:43:03 36864 -ra------ C:\WINDOWS\etMon.exe <Not Verified; EMPIA Technology Corporation; etMonitor>
2007-12-30 17:43:02 61440 -ra------ C:\WINDOWS\system32\etVFW.dll <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:43:02 17808 -ra------ C:\WINDOWS\system32\emYUV.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-12-30 17:43:02 159872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
2007-12-30 17:42:59 6016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:42:58 94720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:24:33 217088 --a------ C:\WINDOWS\etSTI.exe <Not Verified; eMPIA Technology, Inc.; etSTI>
2007-12-30 17:24:33 208896 --a------ C:\WINDOWS\etCap.exe <Not Verified; eMPIA Technology, Inc.; etCap>
2007-12-30 17:24:33 393306 --a------ C:\WINDOWS\etamcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2007-12-30 17:24:33 0 d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24:32 0 d-------- C:\Program Files\eMPIA-ET
2007-12-30 15:11:54 0 d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20:03 0 d-------- C:\Program Files\MSECache
2007-12-20 18:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-10 08:53:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-01-07 21:43:43 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-07 21:39:42 413 --a------ C:\Program Files\Shortcut to HiJackThis.exe.lnk
2008-01-05 18:20:51 0 d-------- C:\Program Files\Common Files
2008-01-05 17:11:59 0 d-------- C:\Program Files\Google
2008-01-03 21:20:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 21:20:28 0 d-------- C:\Program Files\Apoint
2008-01-02 16:39:27 146 --a------ C:\Documents and Settings\Owner\Application Data\GL_Alerts.conf
2008-01-02 07:55:26 0 d-------- C:\Program Files\LimeWire
2008-01-02 07:48:05 0 d-------- C:\Program Files\Common Files\AOL
2008-01-02 07:39:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 07:39:19 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 07:37:59 0 d-------- C:\Program Files\DAPlus
2008-01-01 21:44:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 20:30:31 118784 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-31 19:34:50 0 d-------- C:\Program Files\Trend Micro
2007-12-31 13:19:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 17:46:55 0 d-------- C:\Program Files\Java
2007-12-30 17:38:39 0 d-------- C:\Program Files\iTunes
2007-12-30 17:38:38 0 d-------- C:\Program Files\QuickTime
2007-12-30 17:36:25 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:36:24 77824 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 17:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-26 21:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-25 22:04:57 0 d-------- C:\Program Files\Yahoo!
2007-12-25 22:04:57 0 d-------- C:\Program Files\1Club.FM
2007-12-25 21:51:42 0 d-------- C:\Program Files\BitTorrent
2007-12-10 08:53:10 0 d-------- C:\Program Files\AIM
2007-12-07 00:25:06 47760 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-11-08 16:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-11-07 21:20:57 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-11-07 21:20:55 0 d-------- C:\Program Files\MySpace
qwerty77
2008-01-08, 03:50
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 12:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/08/2006 12:50 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" []
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/23/2004 03:16 AM]
"etMonitor"="C:\WINDOWS\etMon.exe" [10/11/2005 05:57 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [8/2/2006 3:15:47 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [08/02/2006 03:15 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 04:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command- E:\sony\Autorun.exe
-- End of Deckard's System Scanner: finished at 2008-01-07 21:45:48 ------------
Create A Batch File
Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad.
Save it as "All Files" and name it batfix.bat Please save it on your desktop.
@echo off
if exist "C:\WINDOWS\system32\hkcmd.exe" ren "C:\WINDOWS\system32\hkcmdold.exe"
copy "C:\F\WINDOWS\Drivers\Intel 945G Display\hkcmd.exe" C:\WINDOWS\system32\
if exist "C:\WINDOWS\system32\igfxpers.exe" ren "C:\WINDOWS\system32\igfxpersold.exe"
Copy "C:\F\WINDOWS\Drivers\Intel 945G Display\igfxpers.exe" C:\WINDOWS\system32\
if exist "C:\WINDOWS\system32\igfxtray.exe" ren "C:\WINDOWS\system32\igfxtrayold.exe"
COPY "C:\F\WINDOWS\Drivers\Intel 945G Display\igfxtray.exe" C:\WINDOWS\system32\
if exist "C:\Program Files\Apoint\Apoint.exe" ren "C:\Program Files\Apoint\Apointold.exe"
COPY "C:\F\WINDOWS\Drivers\Touchpad\Apoint.exe" "C:\Program Files\Apoint\"
del /q batfix.bat
Double click on batfix.bat
Please post a fresh DSS log when you have done.
How are things running now ?
qwerty77
2008-01-10, 06:07
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-10 00:05:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Owner.exe) -----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:50 AM, on 1/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Computer\dss.exe
C:\Owner.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/200015205/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34ECE614-5A9B-4706-A8CA-AF78FA1C3775}: Domain = siu.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{34ECE614-5A9B-4706-A8CA-AF78FA1C3775}: NameServer = 131.230.9.10,131.230.24.10
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = siu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = siu.edu
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe (file missing)
O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 11960 bytes
qwerty77
2008-01-10, 06:08
-- Files created between 2007-12-10 and 2008-01-10 -----------------------------
2008-01-09 02:19:50 0 d-------- C:\WINDOWS\LastGood
2008-01-05 17:15:32 0 d-------- C:\Documents and Settings\Owner\.SunDownloadManager
2008-01-03 17:06:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-03 17:06:49 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-03 14:18:26 0 d-------- C:\KAV
2008-01-02 10:51:07 0 d-------- C:\WINDOWS\ERUNT
2007-12-31 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-31 19:28:03 0 d-------- C:\WINDOWS\CSC
2007-12-31 18:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43:03 28672 -ra------ C:\WINDOWS\etRun.exe <Not Verified; eMPIA Technology, Inc.; etRun>
2007-12-30 17:43:03 36864 -ra------ C:\WINDOWS\etMon.exe <Not Verified; EMPIA Technology Corporation; etMonitor>
2007-12-30 17:43:02 61440 -ra------ C:\WINDOWS\system32\etVFW.dll <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:43:02 17808 -ra------ C:\WINDOWS\system32\emYUV.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-12-30 17:43:02 159872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
2007-12-30 17:42:59 6016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:42:58 94720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:24:33 217088 --a------ C:\WINDOWS\etSTI.exe <Not Verified; eMPIA Technology, Inc.; etSTI>
2007-12-30 17:24:33 208896 --a------ C:\WINDOWS\etCap.exe <Not Verified; eMPIA Technology, Inc.; etCap>
2007-12-30 17:24:33 393306 --a------ C:\WINDOWS\etamcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2007-12-30 17:24:33 0 d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24:32 0 d-------- C:\Program Files\eMPIA-ET
2007-12-30 15:11:54 0 d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20:03 0 d-------- C:\Program Files\MSECache
2007-12-20 18:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-10 08:53:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-01-07 21:43:43 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-07 21:39:42 413 --a------ C:\Program Files\Shortcut to HiJackThis.exe.lnk
2008-01-05 18:20:51 0 d-------- C:\Program Files\Common Files
2008-01-05 17:11:59 0 d-------- C:\Program Files\Google
2008-01-03 21:20:30 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-03 21:20:28 0 d-------- C:\Program Files\Apoint
2008-01-02 16:39:27 146 --a------ C:\Documents and Settings\Owner\Application Data\GL_Alerts.conf
2008-01-02 07:55:26 0 d-------- C:\Program Files\LimeWire
2008-01-02 07:48:05 0 d-------- C:\Program Files\Common Files\AOL
2008-01-02 07:39:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 07:39:19 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 07:37:59 0 d-------- C:\Program Files\DAPlus
2008-01-01 21:44:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 19:34:50 0 d-------- C:\Program Files\Trend Micro
2007-12-31 13:19:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 17:46:55 0 d-------- C:\Program Files\Java
2007-12-30 17:38:39 0 d-------- C:\Program Files\iTunes
2007-12-30 17:38:38 0 d-------- C:\Program Files\QuickTime
2007-12-30 17:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 17:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-26 21:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-25 22:04:57 0 d-------- C:\Program Files\Yahoo!
2007-12-25 22:04:57 0 d-------- C:\Program Files\1Club.FM
2007-12-25 21:51:42 0 d-------- C:\Program Files\BitTorrent
2007-12-10 08:53:10 0 d-------- C:\Program Files\AIM
2007-12-07 00:25:06 47760 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 12:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/08/2006 12:50 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" []
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/23/2004 03:16 AM]
"etMonitor"="C:\WINDOWS\etMon.exe" [10/11/2005 05:57 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [8/2/2006 3:15:47 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [08/02/2006 03:15 PM 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 04:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command- E:\sony\Autorun.exe
-- End of Deckard's System Scanner: finished at 2008-01-10 00:06:11 ------------
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
Folder::
"C:\Program Files\McAfee
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe"
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe"
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe"
"Apoint"="C:\Program Files\Apoint\Apoint.exe"
"ShStatEXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
Save this as CFScript.txt and place it on your desktop.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Seven pages, thank you katana. :)