|
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Hi there, I really hope you can help with this.
My laptop was recently infected. At first I was getting fake virus alerts. I found 3 new .exe files that had been downloaded, and got rid of them. The virus alerts stopped, but now when I google something and click on one of the listed items, I'm redirected to spurious sites. Sometimes I get random audio playing. I was unable to run any antivirus scan apart from ad-aware, nor could I get system restore to run (something was stopping it). Ad-aware warned me it had found win32trojantdss but it couldn't remove it. Eventually with the help of a forum member I got malwarebytes to run. It found and removed lots of infections but there is one left, c:windows\system32\uacinit.dll. After rebooting I still get the browser redirection problem. Here's the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:57, on 22/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 5183 bytes
|
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Hi Surreyfrog,
I read your post in the other forum. As I understand it you used Hijackthis yourself and removed certain entries that looked suspicious to you without consulting anyone.
If that is the case then its best to restore the system from the HJT backup and start again as you may have removed some vital system files.
Can you do that first as a matter of urgency and then do another HJT scan and post the complete log.
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Hi Joe
OK, I did what you asked, I restored all the entries from the Hijackthis backup.
Here is the latest Hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:52, on 22/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HPCC\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={C5280A13-4B43-4C21-930D-F62ECB98FE3A}; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" -"http://www.miniclip.com/games/police-chopper/en/"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 6801 bytes
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Hi again Surreyfrog,
Please open Hijackthis,
Click Config | Misc Tools | Open Unistall Manager.
A list of the entries in Add/remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents in your next reply.
Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you don't know how to disable some of your security programs have a look :- HERE
Double click on ComboFix.exe & follow the prompts.
When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
FOR OTHER USERS, DO NOT RUN COMBOFIX UNLESS YOU ARE ASKED TO DO SO BY A HJT HELPER
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Joe
followed your Instructions including downloading combofix.exe to desktop.
But when it came to trying to run it, clicking on the icon to run it, the program does not run.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Something may be blocking it, the question is what?
First ensure that all your full time protections are turned off.
I see you have Spybot Search & Destroy Teatimer on.
Please disable TeaTimer, it can be re-activated once your HijackThis log is clean at the end of this fix.
- Open Spybot Search & Destroy.
- In the Mode menu click "Advanced mode" if not already selected.
- Choose "Yes" at the Warning prompt.
- Expand the "Tools" menu.
- Click "Resident".
- Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
- In the File menu click "Exit" to exit Spybot Search & Destroy.
If that doesn't work try re-naming combofix.exe to say surreyfrog.exe
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
OK, it has run, I renamed the file and it worked.
UNINSTALL_LIST.TXT:
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
3DVIA Player 4.1
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 8.5
CAM UnZip 4.42
CCleaner (remove only)
Cheat Engine 5.3
Cheat Engine 5.5
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Driver Detective
DV 5900
EphPod
Express Burn
Free Studio version 4.1
Gabbasoft Cube Demo
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotkey 1.0.4
InterActual Player
iTunes
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
LG MC USB Modem driver
LG PC Suite II
Macrogaming SweetIM 2.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Movavi Video Converter 6
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicnotes Player V1.22.3
Nero 7 Essentials
Nero BackItUp 2 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Norton PC Checkup
Paragon Drive Backup™ 9.0 Express
Photo Story 3 for Windows
Photo Viewer 2.25
Pivot Stickfigure Animator
PowerDVD
QuickTime
Quivic
Sage Instant Accounts v14
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
SpywareBlaster 4.2
SweetIM For Internet Explorer 3.0b
Switch
The Sims 2
U211 DVD 2
Ulead Photo Explorer 8.0 SE Basic
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Uninstall
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Xdrive Desktop Lite
Xdrive Desktop Lite
COMBOFIX LOG:
ComboFix 09-06-21.01 - HPCC 22/06/2009 21:00.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.766.620 [GMT 1:00]
Running from: c:\documents and settings\HPCC\Desktop\dave.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1311457910-2216357783-1963112701-500
c:\recycler\S-1-5-21-1311457910-2216357783-1963112701-500\desktop.ini
c:\recycler\S-1-5-21-1311457910-2216357783-1963112701-500\INFO2
c:\windows\system32\drivers\UACnmrinqorivkcksjgc.sys
c:\windows\system32\UACercriuhnqvmaapstk.dll
c:\windows\system32\UACfalkyxuwqeefotfit.dll
c:\windows\system32\UACfiblqwpjwxnclwkls.log
c:\windows\system32\UACibvvtstnioffumyrv.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkdqlcemidvbjljvts.dll
c:\windows\system32\UAClespwivxeeolctims.dll
c:\windows\system32\UACossfanoronsbnrerr.dll
c:\windows\system32\UACqmdbwnaqhwbdwfodc.log
c:\windows\system32\UACuxxtpelwkppyymseb.dat
E:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.
2009-07-02 17:24 . 2009-07-02 17:24 -------- d-----w- c:\program files\LG Electronics
2009-07-02 17:21 . 2007-11-08 15:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-07-02 17:21 . 2009-07-02 17:21 -------- d-----w- c:\documents and settings\HPCC\Application Data\LG Electronics
2009-07-02 17:21 . 2009-07-02 17:22 -------- d-----w- c:\program files\LG PC Suite II
2009-07-02 17:20 . 2009-07-02 17:20 -------- d-----w- c:\documents and settings\HPCC\Application Data\InstallShield
2009-06-29 10:09 . 2009-06-29 10:09 -------- d-----w- c:\program files\CAM Development
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- C:\Com
2009-06-22 19:30 . 2009-06-22 19:31 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-06-22 19:30 . 2009-06-22 19:30 -------- d-----w- C:\Fix
2009-06-22 19:30 . 2009-06-22 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-22 10:10 . 2009-06-22 10:10 -------- d-----w- c:\documents and settings\HPCC\Application Data\Malwarebytes
2009-06-22 10:07 . 2009-06-22 10:07 -------- d-----w- c:\program files\mwb
2009-06-21 21:24 . 2009-06-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-21 21:03 . 2009-06-22 18:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 17:10 . 2009-06-22 18:01 -------- d-----w- c:\program files\Lavasoft
2009-06-21 17:10 . 2009-06-21 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:28 . 2009-06-18 08:58 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-20 14:55 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 14:55 . 2009-06-22 12:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 14:55 . 2009-06-20 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 14:55 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 08:59 . 2009-06-09 07:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-18 08:59 . 2009-06-09 07:49 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-18 08:59 . 2009-06-09 07:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-16 09:06 . 2009-06-16 09:06 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\Sage
2009-06-16 09:00 . 2009-06-16 09:00 -------- d-----w- c:\program files\Common Files\InstallEngine
2009-06-16 08:57 . 2009-06-16 08:57 -------- d-----w- c:\program files\Common Files\Sage Shared
2009-06-16 08:55 . 2009-06-16 08:57 -------- d-----w- c:\program files\Common Files\Sage Line50
2009-06-16 08:55 . 2009-06-16 09:07 -------- d-----w- c:\program files\Common Files\Sage SBD
2009-06-16 08:55 . 2009-06-16 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sage
2009-06-16 08:55 . 2009-06-16 08:58 -------- d-----w- c:\program files\Common Files\Sage Report Designer 2007
2009-06-16 08:54 . 2009-06-16 08:54 -------- d-----w- c:\program files\Sage
2009-06-09 12:08 . 2009-06-09 12:08 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\AVG Security Toolbar
2009-06-09 08:23 . 2009-06-09 08:24 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\Deployment
2009-06-09 08:22 . 2009-06-02 12:38 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-09 07:50 . 2009-06-09 07:49 826344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-09 07:49 . 2009-06-11 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-09 07:48 . 2009-06-09 07:48 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-01 07:14 . 2008-02-22 14:33 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-06-01 07:14 . 2008-02-22 14:33 114304 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-06-01 07:14 . 2008-02-22 14:33 87936 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-06-01 07:14 . 2009-06-01 07:14 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-06-01 07:14 . 2009-01-08 08:42 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-06-01 07:14 . 2009-01-08 08:42 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-06-01 07:14 . 2009-01-08 08:42 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-06-01 07:14 . 2009-06-01 07:14 -------- d-----w- c:\documents and settings\HPCC\Application Data\Samsung
2009-06-01 07:13 . 2009-06-01 07:13 -------- d-----w- c:\program files\MarkAny
2009-06-01 07:13 . 2009-06-01 07:13 -------- d-----w- c:\program files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 17:37 . 2009-04-02 17:42 -------- d-----w- c:\program files\Cheat Engine
2009-06-21 15:08 . 2008-08-31 19:54 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 10:11 . 2008-03-10 20:24 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-18 08:58 . 2007-04-05 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 09:00 . 2007-01-15 17:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 06:08 . 2007-04-05 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 07:49 . 2009-03-27 16:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 07:14 . 2007-12-25 11:51 -------- d-----w- c:\program files\DIFX
2009-05-28 10:15 . 2008-08-06 08:54 34 ----a-w- c:\documents and settings\HPCC\jagex_runescape_preferences.dat
2009-05-07 15:44 . 2006-01-30 17:59 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-01-30 17:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-01-30 17:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 14:47 . 2008-11-03 22:07 -------- d-----w- c:\documents and settings\HPCC\Application Data\Ahead
2009-04-25 07:41 . 2009-03-27 16:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-25 07:41 . 2009-03-27 16:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 07:40 . 2009-03-27 16:37 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-17 09:58 . 2006-01-30 17:59 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:26 . 2006-01-30 17:59 583168 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 18:51 . 2009-04-07 18:51 127 ----a-w- c:\documents and settings\HPCC\Local Settings\Application Data\fusioncache.dat
2002-04-16 09:27 . 2002-04-16 09:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMailRL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2004-08-04 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 07:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [27/03/2009 17:37 12552]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [08/11/2008 12:10 40464]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [27/03/2009 17:37 108552]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [27/03/2009 17:37 327688]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/03/2009 17:37 906520]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/03/2009 17:37 298776]
S2 azkl;azkl;c:\windows\system32\drivers\tcym.sys --> c:\windows\system32\drivers\tcym.sys [?]
S2 Ca536av;DV 5900(Video);c:\windows\system32\drivers\Ca536av.sys [30/03/2008 14:57 514859]
S2 MrHealthyService;MrHealthy;c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service --> c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe -service [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [01/06/2009 08:14 36608]
S3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [15/01/2007 18:40 659456]
S3 USBCamera;DV 5900(Still);c:\windows\system32\drivers\Bulk536.sys [30/03/2008 14:57 11048]
S4 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [01/06/2009 08:14 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
2009-06-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
2009-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3121785044-16713964-2988421403-1005.job
- c:\documents and settings\HPCC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 08:24]
2009-06-17 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
2009-06-21 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\Norton PC Checkup\PC_Checkup.exe [2009-01-29 22:10]
.
- - - - ORPHANS REMOVED - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={C5280A13-4B43-4C21-930D-F62ECB98FE3A}; GTB6; .NET CLR 1.1.4322; .NET
HKLM-Run-NPSStartup - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 21:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-22 21:08
ComboFix-quarantined-files.txt 2009-06-22 20:08
Pre-Run: 34,650,185,728 bytes free
Post-Run: 34,712,920,064 bytes free
198 --- E O F --- 2009-06-14 06:08
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Joe - dare I say it, after doing the above it all seems back to normal.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Quote:
Joe - dare I say it, after doing the above it all seems back to normal.
Thought it might but we still have work to do.
Please go to the add/remove utility in the control panel and uninstall all the following programmes:
Ask Toolbar
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
SweetIM For Internet Explorer 3.0b
I suggest reviewing your securities as you appear to have some duplication
I recommend uninstalling the following as well as it does much the same job as other programmes you have on there.
Ad-Aware
Ad-Aware
Now run Ccleaner.
Now run malwarebytes and post the report/log (Be sure to update definitions first.)
Do you recognise these drivers? Its possible Mbam will remove them if they are dodgy. Do not remove them otherwise.
2002-04-16 09:27 . 2002-04-16 09:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMailRL.sys
What firewall do you have?
Post the following:
- The Malwarebytes log.
- Another Hijackthis log
- Another Uninstall List.
- The Requested Information.
This may not remove all the infections present. It is important that you post back and complete the fix.
Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
Edited by Joe_London (Mon Jun 22 2009 11:45 PM)
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Quote:
Please go to the add/remove utility in the control panel and uninstall all the following programmes:
Ask Toolbar
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
SweetIM For Internet Explorer 3.0b
Joe sorry to be a pain, but it's not clear to me which button to hit.
HJT gives a list of programs that can be removed.
I first selected ASK toolbar
I saw three buttons I could use: 'delete this entry' 'edit uninstall command' and 'open add/remove software list'
I hit 'delete this entry'
Having done so I wondered if I had done the right thing, and maybe I should have used 'open add/remove software list'
Can you advise please?
Edited by surreyfrog (Tue Jun 23 2009 07:07 AM)
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Quote:
hit 'delete this entry'
Sorry if it was unclear, if you're not sure what to do post back first before doing anything as you may remove something vital to the system. HJT contains good entries as well as the nasty ones. Unfortunately in this instance it didn't show the nasties at all.
I was referring to the Add/remove utility accessible through the control panel. Go to Start | Control Panel. Then select the Add/Remove utility from there, then scroll down and remove all those entries I listed.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Thanks Joe - your instructions below with my responses with asterisks round them (? couldn't put colours/bold etc in reply):
Please go to the add/remove utility in the control panel and uninstall all the following programmes:
Ask Toolbar
J2SE Runtime Environment 5.0 Update 7
Java(TM) 6 Update 10
Java(TM) 6 Update 6
Java(TM) 6 Update 7
SweetIM For Internet Explorer 3.0b
**********************************************************************
As mentioned in my last post I used the delete option in HJT on Ask Toolbar. Ask toolbar does now not show in add/remove programs in XP control panel. Removed the rest of the programs in your list using XP control panel but when removing SweetIM got this message:
trying to uninstall sweetim: error 1905 module c:\program files macrogaming\sweetimbarforie\toolbar dll failed to unregister. hresult - 2147220472. contact your support personnel
*******************************************************************
I suggest reviewing your securities as you appear to have some duplication
I recommend uninstalling the following as well as it does much the same job as other programmes you have on there.
Ad-Aware
Ad-Aware
********************************
now removed
********************************
Now run Ccleaner.
**************************************************
done, but I did not run the registry cleaner in ccleaner
********************************************************
Now run malwarebytes and post the report/log (Be sure to update definitions first.)
*************************************
done - log below.
Malwarebytes' Anti-Malware 1.38
Database version: 2321
Windows 5.1.2600 Service Pack 2
23/06/2009 10:08:17
mbam-log-2009-06-23 (10-08-17).txt
Scan type: Full Scan (C:\|)
Objects scanned: 185131
Time elapsed: 1 hour(s), 6 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Qoobox\quarantine\C\WINDOWS\system32\UACercriuhnqvmaapstk.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACfalkyxuwqeefotfit.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UAClespwivxeeolctims.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\WINDOWS\system32\UACossfanoronsbnrerr.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2fe390b6-fb31-48e2-8d14-5a0feedef327}\RP679\A0116026.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2fe390b6-fb31-48e2-8d14-5a0feedef327}\RP679\A0116027.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2fe390b6-fb31-48e2-8d14-5a0feedef327}\RP679\A0116028.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2fe390b6-fb31-48e2-8d14-5a0feedef327}\RP679\A0116025.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
***********************************************************************
Do you recognise these drivers? Its possible Mbam will remove them if they are dodgy. Do not remove them otherwise.
2002-04-16 09:27 . 2002-04-16 09:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMailRL.sys
*************************************************************
Sorry, I don't have the technical knowledge to be able to interpret what these items are.
***************************************************************
What firewall do you have?
*****************************************************
As far as I know it's the one that comes with windows XP
*****************************************************
Post the following:
- The Malwarebytes log.
****************************************
DONE - SEE ABOVE
**************************************
- Another Hijackthis log
*********************************************
done - below
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:13:30, on 23/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HPCC\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\our laptop HDD copy 090609\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
--
End of file - 5665 bytes
************************************************************
- Another Uninstall List.
**********************************************************
done - below
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
3DVIA Player 4.1
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Apple Mobile Device Support
Apple Software Update
AVG 8.5
CAM UnZip 4.42
CCleaner (remove only)
Cheat Engine 5.3
Cheat Engine 5.5
Conexant HD Audio
Critical Update for Windows Media Player 11 (KB959772)
Driver Detective
DV 5900
EphPod
Express Burn
Free Studio version 4.1
Gabbasoft Cube Demo
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Home Media Server 4.0.0.0072
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotkey 1.0.4
InterActual Player
iTunes
LG MC USB Modem driver
LG PC Suite II
Macrogaming SweetIM 2.1
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Movavi Video Converter 6
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicnotes Player V1.22.3
Nero 7 Essentials
Nero BackItUp 2 Essentials
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Launcher
Norton PC Checkup
Paragon Drive Backup™ 9.0 Express
Photo Story 3 for Windows
Photo Viewer 2.25
Pivot Stickfigure Animator
PowerDVD
QuickTime
Quivic
Sage Instant Accounts v14
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
Samsung New PC Studio
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Smart Menus (Windows Live Toolbar)
Soft Data Fax Modem with SmartCP
Switch
The Sims 2
U211 DVD 2
Ulead Photo Explorer 8.0 SE Basic
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb970012)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WavePad Uninstall
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Xdrive Desktop Lite
Xdrive Desktop Lite
******************************************************************
- The Requested Information.
This may not remove all the infections present. It is important that you post back and complete the fix.
Please post in this thread for further review and evaluation.
Please provide details of any problems you encountered whilst performing the above steps & update us on how the Computer is running.
Joe.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
OK, things are taking shape now but still some more to do if you wish to proceed. Basically its a tidy up and update exercise now as the immediate infection is gone. This is very important to complete while the computer is clean and also to prevent further infections.
You appear to have installed Ccleaner and Hijackthis in the wrong place which is not good. I recommend uninstalling them both via the add/remove utility in the control panel. I'll give you the re-install instructions later.
Also uninstall:
Norton PC Checkup
Do you use the following:? See discription below.
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
From Bleeping Computer:
Microsoft's Narrator program which is an accessibility program that reads the text on your screen to you via your speakers.
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
From Answers that work:
Utterly useless and occasionally problematic background service installed when a user installs the CD that comes with some USB thumb drives (Memory sticks / Flash memory / USB memory / Pen Drive). From our tests, and from our experience, despite using very little memory this service performs no function other than seriously impact the performance of some PCs. On some PCs this service will often cause PC slowness or random freezes.
IoctlSvc.exe Recommendation : Immediately disable this task by setting its Startup Mode to Disabled on the Services tab - your thumb drive (Memory stick / Flash memory / USB memory / Pen Drive) will work fine without it.
It is your option to have these programmes running at start-up or not as you wish.
Let me know what you wish to do please. Then I can instruct you.
What kind of drive is the "E Drive" e.g. partition, removable drive?
Is there a user account called "HPCC" if so what is it?
Are there any other user accounts on there?
My understanding is that AVG 8 includes an Anti-virus and anti-malware only but not a firewall. Is that correct?
To check this out Go to Start | Control Panel | Security Centre |
Expand the firewall and virus protection by clicking the down arrow. Let me know the name of the programmes it lists.
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
You appear to have installed Ccleaner and Hijackthis in the wrong place which is not good. I recommend uninstalling them both via the add/remove utility in the control panel. I'll give you the re-install instructions later.
*********************************
done
************************************
Also uninstall:
Norton PC Checkup
*****************************
done
******************************
Do you use the following:?
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
*************
no
*************
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
***************
no
***************
It is your option to have these programmes running at start-up or not as you wish.
Let me know what you wish to do please. Then I can instruct you.
*****************
don't want 'em
*****************************
What kind of drive is the "E Drive" e.g. partition, removable drive?
*****************************
external usb hard drive
****************************
Is there a user account called "HPCC" if so what is it?
***********************************
yes. this computer is my wife's work computer. it came to her already set up with an hpcc (admin) user (stands for haslemere parish something or other). she only uses the hpcc account and nothing else.
*****************************************
Are there any other user accounts on there?
********************************
control panel/users shows two users, hpcc and guest
**********************************
My understanding is that AVG 8 includes an Anti-virus and anti-malware only but not a firewall. Is that correct?
To check this out Go to Start | Control Panel | Security Centre |
Expand the firewall and virus protection by clicking the down arrow. Let me know the name of the programmes it lists.
*************************************************************
windows firewall and that's all
************************************************************
Joe.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Quote:
yes. this computer is my wife's work computer. it came to her already set up with an hpcc (admin) user (stands for haslemere parish something or other). she only uses the hpcc account and nothing else.
I'm not sure this fully complies with our rules, perhaps you would take a look yourself and give us your opinion. I'm sure you wouldn't deliberately seek to break the rules.
http://www.webuser.co.uk/forums/showflat.php/Cat/0/Number/358300/an/0/page/0#358300
If its used in a commercial environment then its not eligible for free help and support here.
In any event I will finish the work as we are now almost complete.
The next steps:
Go to: Start > Run
Type: services.msc
Click Enter
Maximize the Services window
Drag the separator bar between Name and Description, so you can see all the text in the Name column.
Scroll down for: Prolific Technology Inc.
Right click it and select "Properties"
Click the "Stop" button and wait for the service to be stopped.
Change the "Startup Type" from Automatic to "Disabled" (c/o drop-down menu)
Click Apply then OK
Close the Services window
Download and install the latest version "Hijackthis Executable" from:-
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Double-click the file you've just downloaded to install the program.
It will be installed to the C:\Program Files\Trend Micro\HijackThis\ folder by default.
Now drag and drop the downloaded install file on your desktop to the trend micro folder or alternatively delete it.
Open Hijackthis, take another scan and place a checkmark next to these entries.
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
Close all open Windows except Hijackthis and click on "fix Checked".
Reboot the computer.
Copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad*
Copy and paste all the text in the quotebox below into it:
Quote:
KillAll::
File::
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe
Folder::
c:\program files\Common Files\Symantec Shared
C:\Program Files\Norton PC Checkup
ADS::
C:\windows\system32
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
If the image isn't visible Click Here to view.
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This reactivates Combofix. Again follow the prompts.
It will create another System restore point.
When finished, it shall produce a log for you at C:\ComboFix.txt
Copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.
*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Joe
I certainly did not intend to contravene any of the rules of the forum.
Can I say that my wife is a youth minister for our local church. She works from home and the church bought her a laptop so she coupld prepare presentations etc. She does not work in a commercial environment. There's really just the local reverend and her. They do not have a technical support team, any problems they get they try to sort out themselves. Hope this makes ourt situation a bitclearer and that you're OK with this.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Go to: Start > Run
Type: services.msc
Click Enter
Maximize the Services window
Drag the separator bar between Name and Description, so you can see all the text in the Name column.
Scroll down for: Prolific Technology Inc.
Right click it and select "Properties"
****************************************************
Prolific Technology Inc was not there
******************************************
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Quote:
I certainly did not intend to contravene any of the rules of the forum.
Can I say that my wife is a youth minister for our local church. She works from home and the church bought her a laptop so she coupld prepare presentations etc. She does not work in a commercial environment. There's really just the local reverend and her. They do not have a technical support team, any problems they get they try to sort out themselves. Hope this makes ourt situation a bitclearer and that you're OK with this.
Thanks for the explanation, thats fine.
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
Joe_London
HijackThis Helper
Reg'd: Tue
Posts: 11783
Loc: London
|
|
Quote:
Prolific Technology Inc was not there
It may be called PLFlash DeviceIoControl Service
Joe.
--------------------
If I've helped you and saved you money please consider a donation to support my work :
Member of UNITE and ASAP.
|
surreyfrog
regular
Reg'd: Tue
Posts: 80
|
|
Go to: Start > Run
Type: services.msc
Click Enter
Maximize the Services window
Drag the separator bar between Name and Description, so you can see all the text in the Name column.
Scroll down for: Prolific Technology Inc.
Right click it and select "Properties"
Click the "Stop" button and wait for the service to be stopped.
Change the "Startup Type" from Automatic to "Disabled" (c/o drop-down menu)
Click Apply then OK
Close the Services window
******************************************************************************
done
******************************************************************************
Download and install the latest version "Hijackthis Executable" from:-
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
Double-click the file you've just downloaded to install the program.
It will be installed to the C:\Program Files\Trend Micro\HijackThis\ folder by default.
Now drag and drop the downloaded install file on your desktop to the trend micro folder or alternatively delete it.
Open Hijackthis, take another scan and place a checkmark next to these entries.
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
Close all open Windows except Hijackthis and click on "fix Checked".
*************************************************************************
done
*************************************************************************
Reboot the computer.
Copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad*
Copy and paste all the text in the quotebox below into it:
Quote:
KillAll::
File::
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\Documents and Settings\HPCC\Desktop\HiJackThis.exe
Folder::
c:\program files\Common Files\Symantec Shared
C:\Program Files\Norton PC Checkup
ADS::
C:\windows\system32
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.
If the image isn't visible Click Here to view.
Referring to the picture above, drag CFScript.txt into ComboFix.exe
This reactivates Combofix. Again follow the prompts.
It will create another System restore point.
When finished, it shall produce a log for you at C:\ComboFix.txt
********************************************************************
done but please be aware - I left Combofix running, came back to the laptop some time later, it was stuck on a 'windows is shutting down' screen. I closed the laptop with the power off button, restarted it, and the Combofix window was still there, saying it was producing its log. a few minutes later it finished running.
***************************************************************************
Copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.
******************************************************************
COMBOFIX:
ComboFix 09-06-21.01 - HPCC 23/06/2009 20:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.404 [GMT 1:00]
Running from: c:\documents and settings\HPCC\Desktop\dave.exe
Command switches used :: c:\documents and settings\HPCC\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\documents and settings\HPCC\Desktop\HiJackThis.exe"
"c:\program files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\Support Controls\SymXPep2.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090513.003\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090607.004\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\20090620.025\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\catalog.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\cceraser.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ecmsvr32.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\eeCtrl.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.grd
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sig
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.spm
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ERASER.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\esrdef.bin
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\hh
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\naveng32.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex15.sys
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\navex32a.dll
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\ncsacert.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\scrauth.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.cat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\symaveng.inf
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.cat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\SymErase.inf
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcdefs.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan7.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan8.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tcscan9.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\technote.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinf.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfidx.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tinfl.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\tscan1hd.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.grd
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\v.sig
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan.inf
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan1.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan2.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan3.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan4.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan5.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan6.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan7.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan8.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\virscan9.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\whatsnew.txt
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\BinHub\zdone.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\definfo.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\V.990
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\V.991
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN.989
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN1.988
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN2.987
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN3.986
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN4.985
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN5.984
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN6.983
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN7.982
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN8.981
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCAN9.980
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\VIRSCANT.979
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp1f61.tmp\WHATSNEW.978
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\V.990
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\V.991
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN.989
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN1.988
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN2.987
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN3.986
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN4.985
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN5.984
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN6.983
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN7.982
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN8.981
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCAN9.980
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\VIRSCANT.979
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp247f.tmp\WHATSNEW.978
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\cur.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\ESRDEF.999
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TCDEFS.998
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TCSCAN7.997
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TCSCAN8.996
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TCSCAN9.995
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TINF.994
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TINFL.993
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\TSCAN1.992
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\V.990
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\V.991
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN.989
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN1.988
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN2.987
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN3.986
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN4.985
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN5.984
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN6.983
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN7.982
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN8.981
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\VIRSCAN9.980
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\virscant.dat
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp5c2d.tmp\WHATSNEW.979
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\CATALOG.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\CCERASER.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ECMSVR32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\EECTRL.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ERASER.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ERASER.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ERASER.SPM
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ERASER.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ESRDEF.BIN
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\HH
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\hub.scr
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\NAVENG.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\NAVENG32.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\NAVEX15.SYS
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\NAVEX32A.DLL
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\NCSACERT.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\SCRAUTH.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\SYMAVENG.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\SYMAVENG.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\SYMERASE.CAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\SYMERASE.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TCDEFS.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TCSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TCSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TCSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TECHNOTE.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TINF.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TINFIDX.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TINFL.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\TSCAN1HD.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\V.GRD
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\V.SIG
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN.INF
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN1.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN2.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN3.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN4.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN5.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN6.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN7.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN8.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCAN9.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\VIRSCANT.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\WHATSNEW.TXT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\tmp7620.tmp\ZDONE.DAT
c:\program files\Common Files\Symantec Shared\SymcData\virusdefs-2.5-e\usage.dat
.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.
2009-07-02 17:24 . 2009-07-02 17:24 -------- d-----w- c:\program files\LG Electronics
2009-07-02 17:21 . 2007-11-08 15:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2009-07-02 17:21 . 2009-07-02 17:21 -------- d-----w- c:\documents and settings\HPCC\Application Data\LG Electronics
2009-07-02 17:21 . 2009-07-02 17:22 -------- d-----w- c:\program files\LG PC Suite II
2009-07-02 17:20 . 2009-07-02 17:20 -------- d-----w- c:\documents and settings\HPCC\Application Data\InstallShield
2009-06-29 10:09 . 2009-06-29 10:09 -------- d-----w- c:\program files\CAM Development
2009-06-23 19:29 . 2009-06-23 19:29 -------- d-----w- c:\program files\Trend Micro
2009-06-23 10:17 . 2009-06-23 10:17 -------- d-----w- c:\windows\system32\scripting
2009-06-23 10:17 . 2009-06-23 10:17 -------- d-----w- c:\windows\l2schemas
2009-06-23 10:17 . 2009-06-23 10:17 -------- d-----w- c:\windows\system32\en
2009-06-23 10:17 . 2009-06-23 10:17 -------- d-----w- c:\windows\system32\bits
2009-06-23 10:10 . 2009-06-23 10:18 -------- d-----w- c:\windows\ServicePackFiles
2009-06-22 19:31 . 2009-06-22 19:31 -------- d-----w- C:\Com
2009-06-22 19:30 . 2009-06-22 19:31 -------- d-----w- C:\32788R22FWJFW.1.tmp
2009-06-22 19:30 . 2009-06-22 19:30 -------- d-----w- C:\Fix
2009-06-22 19:30 . 2009-06-22 19:30 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-22 10:10 . 2009-06-22 10:10 -------- d-----w- c:\documents and settings\HPCC\Application Data\Malwarebytes
2009-06-22 10:07 . 2009-06-22 10:07 -------- d-----w- c:\program files\mwb
2009-06-21 21:24 . 2009-06-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-21 21:03 . 2009-06-22 18:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 17:10 . 2009-06-22 18:01 -------- d-----w- c:\program files\Lavasoft
2009-06-21 17:10 . 2009-06-21 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-21 07:28 . 2009-06-18 08:58 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-20 14:55 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-20 14:55 . 2009-06-22 12:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 14:55 . 2009-06-20 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-20 14:55 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-18 08:59 . 2009-06-09 07:49 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-18 08:59 . 2009-06-09 07:49 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-18 08:59 . 2009-06-09 07:49 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-16 09:06 . 2009-06-16 09:06 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\Sage
2009-06-16 09:00 . 2009-06-16 09:00 -------- d-----w- c:\program files\Common Files\InstallEngine
2009-06-16 08:57 . 2009-06-16 08:57 -------- d-----w- c:\program files\Common Files\Sage Shared
2009-06-16 08:55 . 2009-06-16 08:57 -------- d-----w- c:\program files\Common Files\Sage Line50
2009-06-16 08:55 . 2009-06-16 09:07 -------- d-----w- c:\program files\Common Files\Sage SBD
2009-06-16 08:55 . 2009-06-16 09:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sage
2009-06-16 08:55 . 2009-06-16 08:58 -------- d-----w- c:\program files\Common Files\Sage Report Designer 2007
2009-06-16 08:54 . 2009-06-16 08:54 -------- d-----w- c:\program files\Sage
2009-06-09 12:08 . 2009-06-09 12:08 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\AVG Security Toolbar
2009-06-09 08:23 . 2009-06-09 08:24 -------- d-----w- c:\documents and settings\HPCC\Local Settings\Application Data\Deployment
2009-06-09 08:22 . 2009-06-02 12:38 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-09 07:50 . 2009-06-09 07:49 826344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-09 07:49 . 2009-06-11 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-09 07:48 . 2009-06-09 07:48 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-01 07:14 . 2008-02-22 14:33 14976 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2009-06-01 07:14 . 2008-02-22 14:33 114304 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2009-06-01 07:14 . 2008-02-22 14:33 87936 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2009-06-01 07:14 . 2008-02-22 14:33 12160 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2009-06-01 07:14 . 2009-06-01 07:14 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-06-01 07:14 . 2009-01-08 08:42 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2009-06-01 07:14 . 2009-01-08 08:42 233472 ----a-w- c:\windows\system32\FsUsbExService.Exe
2009-06-01 07:14 . 2009-01-08 08:42 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2009-06-01 07:14 . 2009-06-01 07:14 -------- d-----w- c:\documents and settings\HPCC\Application Data\Samsung
2009-06-01 07:13 . 2009-06-01 07:13 -------- d-----w- c:\program files\MarkAny
2009-06-01 07:13 . 2009-06-01 07:13 -------- d-----w- c:\program files\Samsung
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-23 12:44 . 2007-04-20 15:26 85600 ----a-w- c:\documents and settings\HPCC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-23 10:22 . 2006-01-30 19:15 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-23 07:24 . 2008-03-16 08:35 -------- d-----w- c:\program files\Macrogaming
2009-06-23 07:24 . 2007-04-05 10:03 -------- d-----w- c:\program files\Java
2009-06-22 17:37 . 2009-04-02 17:42 -------- d-----w- c:\program files\Cheat Engine
2009-06-20 10:11 . 2008-03-10 20:24 -------- d-----w- c:\program files\Windows Live Toolbar
2009-06-18 08:58 . 2007-04-05 10:18 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 09:00 . 2007-01-15 17:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 06:08 . 2007-04-05 10:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-09 07:49 . 2009-03-27 16:37 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-01 07:14 . 2007-12-25 11:51 -------- d-----w- c:\program files\DIFX
2009-05-28 10:15 . 2008-08-06 08:54 34 ----a-w- c:\documents and settings\HPCC\jagex_runescape_preferences.dat
2009-05-07 15:32 . 2006-01-30 17:59 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2006-01-30 17:59 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2006-01-30 17:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 14:47 . 2008-11-03 22:07 -------- d-----w- c:\documents and settings\HPCC\Application Data\Ahead
2009-04-25 07:41 . 2009-03-27 16:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-25 07:41 . 2009-03-27 16:37 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-25 07:40 . 2009-03-27 16:37 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-04-17 12:26 . 2006-01-30 17:59 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-01-30 17:59 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-07 18:51 . 2009-04-07 18:51 127 ----a-w- c:\documents and settings\HPCC\Local Settings\Application Data\fusioncache.dat
2002-04-16 09:27 . 2002-04-16 09:27 5 --sha-w- c:\windows\system32\CdI5T.drv
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\flfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\rlfnlf.sys
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMail3FL.SYS
1998-03-19 23:00 . 1998-03-19 23:00 1048 --sha-w- c:\windows\system32\TMailRL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-22_20.06.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-06 00:16 . 2008-04-14 00:12 57344 c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcirt.dll
- 2007-04-21 09:00 . 2007-01-19 20:15 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2008-09-06 00:16 . 2008-04-14 00:12 74802 c:\windows\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 50688 c:\windows\twain_32.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 50688 c:\windows\twain_32.dll
- 2006-01-30 19:12 . 2006-03-01 19:42 11776 c:\windows\system32\xolehlp.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 11776 c:\windows\system32\xolehlp.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 50176 c:\windows\system32\xmlprovi.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 50176 c:\windows\system32\xmlprovi.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 30720 c:\windows\system32\xcopy.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 30720 c:\windows\system32\xcopy.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 91648 c:\windows\system32\xactsrv.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 91648 c:\windows\system32\xactsrv.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 52736 c:\windows\system32\wzcsapi.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 18432 c:\windows\system32\wtsapi32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 18432 c:\windows\system32\wtsapi32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 50688 c:\windows\system32\wstdecod.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 50688 c:\windows\system32\wstdecod.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 22528 c:\windows\system32\wsock32.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 22528 c:\windows\system32\wsock32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 41984 c:\windows\system32\wsnmp32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 19456 c:\windows\system32\wshtcpip.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 11264 c:\windows\system32\wshrm.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 14336 c:\windows\system32\wship6.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 14336 c:\windows\system32\wship6.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 90112 c:\windows\system32\wshext.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 36864 c:\windows\system32\wshcon.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 80896 c:\windows\system32\wscsvc.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 13824 c:\windows\system32\wscntfy.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 13824 c:\windows\system32\wscntfy.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 19968 c:\windows\system32\ws2help.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 19968 c:\windows\system32\ws2help.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 82432 c:\windows\system32\ws2_32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 11264 c:\windows\system32\wpnpinst.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 32256 c:\windows\system32\wpabaln.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 32256 c:\windows\system32\wpabaln.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 20480 c:\windows\system32\wmpui.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 20480 c:\windows\system32\wmpui.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcore.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcore.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 20480 c:\windows\system32\wmpcd.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 20480 c:\windows\system32\wmpcd.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 92672 c:\windows\system32\wlnotify.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 92672 c:\windows\system32\wlnotify.dll
+ 2008-09-06 00:18 . 2008-04-14 00:12 69120 c:\windows\system32\wlanapi.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 53760 c:\windows\system32\winsta.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 53760 c:\windows\system32\winsta.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 17408 c:\windows\system32\winshfhc.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 17408 c:\windows\system32\winshfhc.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 99328 c:\windows\system32\winscard.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 99328 c:\windows\system32\winscard.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 16896 c:\windows\system32\winrnr.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 16896 c:\windows\system32\winrnr.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 32256 c:\windows\system32\winipsec.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 75776 c:\windows\system32\wiascr.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 75776 c:\windows\system32\wiascr.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 65024 c:\windows\system32\wextract.exe
- 2006-01-30 17:59 . 2006-01-04 03:35 68096 c:\windows\system32\webclnt.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 68096 c:\windows\system32\webclnt.dll
+ 2004-08-04 00:56 . 2008-04-14 00:12 23552 c:\windows\system32\wdmaud.drv
- 2004-08-04 00:56 . 2004-08-04 00:56 23552 c:\windows\system32\wdmaud.drv
- 2006-01-30 17:59 . 2006-03-24 04:37 49152 c:\windows\system32\wdigest.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 49152 c:\windows\system32\wdigest.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 95232 c:\windows\system32\wbem\wmiutils.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 95232 c:\windows\system32\wbem\wmiutils.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 41472 c:\windows\system32\wbem\wmipsess.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 62464 c:\windows\system32\wbem\wmipjobj.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 61952 c:\windows\system32\wbem\wmipiprt.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 60928 c:\windows\system32\wbem\wmicookr.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 88576 c:\windows\system32\wbem\wmiaprpl.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 43520 c:\windows\system32\wbem\wbemsvc.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 43520 c:\windows\system32\wbem\wbemsvc.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 18944 c:\windows\system32\wbem\wbemprox.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 43008 c:\windows\system32\wbem\wbemperf.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 43008 c:\windows\system32\wbem\wbemperf.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 71680 c:\windows\system32\wbem\wbemcons.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 71680 c:\windows\system32\wbem\wbemcons.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 86528 c:\windows\system32\wbem\stdprov.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 86528 c:\windows\system32\wbem\stdprov.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 36352 c:\windows\system32\wbem\scrcons.exe
- 2006-01-30 19:12 . 2004-08-04 12:00 92672 c:\windows\system32\wbem\policman.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 92672 c:\windows\system32\wbem\policman.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 47104 c:\windows\system32\wbem\ncprov.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 47104 c:\windows\system32\wbem\ncprov.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2006-01-30 19:12 . 2008-04-14 00:12 16384 c:\windows\system32\wbem\mofcomp.exe
+ 2006-01-30 19:12 . 2008-04-14 00:11 24576 c:\windows\system32\wbem\krnlprov.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 24576 c:\windows\system32\wbem\krnlprov.dll
+ 2006-01-30 17:59 . 2008-04-14 00:11 21504 c:\windows\system32\wbem\evntrprv.dll
+ 2006-01-30 17:59 . 2008-04-14 00:11 45056 c:\windows\system32\wbem\cmdevtgprov.dll
+ 2006-01-30 17:59 . 2008-04-13 18:44 17664 c:\windows\system32\watchdog.sys
- 2006-01-30 17:59 . 2004-08-04 12:00 17664 c:\windows\system32\watchdog.sys
+ 2006-01-30 17:59 . 2008-04-14 00:12 15872 c:\windows\system32\w3ssl.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 15872 c:\windows\system32\w3ssl.dll
+ 2008-04-06 12:42 . 2008-04-14 00:12 53760 c:\windows\system32\vfwwdm32.dll
- 2008-04-06 12:42 . 2004-08-03 23:56 53760 c:\windows\system32\vfwwdm32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 18944 c:\windows\system32\version.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 18944 c:\windows\system32\version.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 26624 c:\windows\system32\verifier.dll
- 2007-04-05 10:05 . 2006-03-17 00:38 28672 c:\windows\system32\verclsid.exe
+ 2007-04-05 10:05 . 2008-04-14 00:12 28672 c:\windows\system32\verclsid.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 51712 c:\windows\system32\vdmredir.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 51712 c:\windows\system32\vdmredir.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 26112 c:\windows\system32\vdmdbg.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 26112 c:\windows\system32\vdmdbg.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 30749 c:\windows\system32\vbajet32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 30749 c:\windows\system32\vbajet32.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 50176 c:\windows\system32\utilman.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 50176 c:\windows\system32\utilman.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 19968 c:\windows\system32\usmt\log.dll
+ 2006-01-30 17:59 . 2008-04-14 00:11 19968 c:\windows\system32\usmt\log.dll
+ 2008-09-06 00:16 . 2008-04-13 16:44 17920 c:\windows\system32\usmt\cobramsg.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 26112 c:\windows\system32\userinit.exe
- 2006-01-30 19:09 . 2004-08-04 00:56 74240 c:\windows\system32\usbui.dll
+ 2006-01-30 19:09 . 2008-04-14 00:12 74240 c:\windows\system32\usbui.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 16896 c:\windows\system32\usbmon.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 16896 c:\windows\system32\usbmon.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 18432 c:\windows\system32\ups.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 18432 c:\windows\system32\ups.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 16896 c:\windows\system32\upnpcont.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 16896 c:\windows\system32\upnpcont.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 13824 c:\windows\system32\uniplat.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 13824 c:\windows\system32\uniplat.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 74240 c:\windows\system32\unimdmat.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 74240 c:\windows\system32\unimdmat.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 35840 c:\windows\system32\umandlg.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 35840 c:\windows\system32\umandlg.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 26624 c:\windows\system32\udhisapi.dll
+ 2007-01-29 08:58 . 2008-04-14 00:12 60416 c:\windows\system32\tzchange.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 57856 c:\windows\system32\twext.dll
+ 2008-09-06 00:18 . 2008-04-14 00:12 50688 c:\windows\system32\tspkg.dll
+ 2008-09-06 00:18 . 2008-04-14 00:12 53248 c:\windows\system32\tsgqec.dll
+ 2006-01-30 17:59 . 2008-04-14 00:13 12168 c:\windows\system32\tsddd.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 12168 c:\windows\system32\tsddd.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 93696 c:\windows\system32\tscfgwmi.dll
- 2006-01-30 19:12 . 2004-08-04 12:00 93696 c:\windows\system32\tscfgwmi.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 90112 c:\windows\system32\trkwks.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 12800 c:\windows\system32\tree.com
+ 2006-01-30 17:59 . 2008-04-14 00:12 12288 c:\windows\system32\tracert.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 12288 c:\windows\system32\tracert.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 73216 c:\windows\system32\tlntsvr.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 73216 c:\windows\system32\tlntsvr.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 78336 c:\windows\system32\tlntsess.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 78336 c:\windows\system32\tlntsess.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 61440 c:\windows\system32\tlntadmn.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 61440 c:\windows\system32\tlntadmn.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 75776 c:\windows\system32\telnet.exe
- 2006-01-30 17:59 . 2005-05-10 23:45 75776 c:\windows\system32\telnet.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmonui.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmonui.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 45568 c:\windows\system32\tcpmon.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 45568 c:\windows\system32\tcpmon.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 14848 c:\windows\system32\tcpmib.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 14848 c:\windows\system32\tcpmib.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 77824 c:\windows\system32\tasklist.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 76288 c:\windows\system32\taskkill.exe
+ 2006-01-30 17:58 . 2008-04-14 00:12 71680 c:\windows\system32\systeminfo.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 57856 c:\windows\system32\synceng.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 57856 c:\windows\system32\synceng.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 14336 c:\windows\system32\svchost.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 14336 c:\windows\system32\svchost.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 75776 c:\windows\system32\strmfilt.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2006-01-30 19:07 . 2008-04-14 00:12 74752 c:\windows\system32\storprop.dll
- 2006-01-30 19:07 . 2004-08-04 00:56 74752 c:\windows\system32\storprop.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 14848 c:\windows\system32\stimon.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 14848 c:\windows\system32\stimon.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 68096 c:\windows\system32\sti.dll
+ 2006-01-30 19:12 . 2008-04-14 00:12 59392 c:\windows\system32\stclient.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 14336 c:\windows\system32\ssstars.scr
+ 2006-01-30 17:59 . 2008-04-14 00:12 14336 c:\windows\system32\ssstars.scr
+ 2006-01-30 17:59 . 2008-04-14 00:12 18944 c:\windows\system32\ssmyst.scr
- 2006-01-30 17:59 . 2004-08-04 12:00 18944 c:\windows\system32\ssmyst.scr
+ 2006-01-30 17:59 . 2008-04-14 00:12 47104 c:\windows\system32\ssmypics.scr
- 2006-01-30 17:59 . 2004-08-04 12:00 47104 c:\windows\system32\ssmypics.scr
- 2006-01-30 17:59 . 2004-08-04 12:00 20992 c:\windows\system32\ssmarque.scr
+ 2006-01-30 17:59 . 2008-04-14 00:12 20992 c:\windows\system32\ssmarque.scr
- 2006-01-30 17:59 . 2004-08-04 12:00 71680 c:\windows\system32\ssdpsrv.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 71680 c:\windows\system32\ssdpsrv.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 34816 c:\windows\system32\ssdpapi.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 34816 c:\windows\system32\ssdpapi.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 19968 c:\windows\system32\ssbezier.scr
+ 2006-01-30 17:59 . 2008-04-14 00:12 19968 c:\windows\system32\ssbezier.scr
+ 2006-01-30 17:59 . 2008-04-14 00:12 96768 c:\windows\system32\srvsvc.dll
- 2006-01-30 17:59 . 2004-12-07 19:32 96768 c:\windows\system32\srvsvc.dll
+ 2006-01-30 19:14 . 2008-04-14 00:12 67584 c:\windows\system32\srclient.dll
- 2006-01-30 19:14 . 2004-08-04 12:00 67584 c:\windows\system32\srclient.dll
+ 2008-09-06 00:18 . 2008-04-14 00:12 20992 c:\windows\system32\spupdwxp.exe
+ 2006-01-30 19:25 . 2007-08-10 19:46 26488 c:\windows\system32\spupdsvc.exe
- 2006-01-30 19:25 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 57856 c:\windows\system32\spoolsv.exe
- 2006-01-30 17:59 . 2005-06-10 23:53 57856 c:\windows\system32\spoolsv.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 75264 c:\windows\system32\spoolss.dll
+ 2006-01-30 17:59 . 2008-04-14 04:42 11264 c:\windows\system32\spnpinst.exe
- 2007-05-09 10:41 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2007-05-09 10:41 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2006-01-30 17:59 . 2008-04-13 18:43 12800 c:\windows\system32\spiisupd.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 12800 c:\windows\system32\spiisupd.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 24576 c:\windows\system32\sort.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 18944 c:\windows\system32\snmpapi.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 18944 c:\windows\system32\snmpapi.dll
+ 2008-09-06 00:16 . 2008-04-14 00:12 10752 c:\windows\system32\smtpapi.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 50688 c:\windows\system32\smss.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 50688 c:\windows\system32\smss.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 89600 c:\windows\system32\smlogsvc.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 89600 c:\windows\system32\smlogsvc.exe
+ 2008-09-06 00:18 . 2008-04-14 00:12 73796 c:\windows\system32\slserv.exe
+ 2008-09-06 00:18 . 2008-04-14 00:12 32866 c:\windows\system32\slrundll.exe
+ 2008-09-06 00:18 . 2008-04-14 00:12 73832 c:\windows\system32\slcoinst.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 98304 c:\windows\system32\slbiop.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 98304 c:\windows\system32\slbiop.dll
+ 2006-01-30 17:59 . 2008-04-14 00:12 25088 c:\windows\system32\slayerxp.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 25088 c:\windows\system32\slayerxp.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 26112 c:\windows\system32\skeys.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 26112 c:\windows\system32\skeys.exe
- 2006-01-30 17:59 . 2004-08-04 12:00 70144 c:\windows\system32\sigverif.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 70144 c:\windows\system32\sigverif.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 13312 c:\windows\system32\sigtab.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 13312 c:\windows\system32\sigtab.dll
- 2006-01-30 17:59 . 2004-08-04 12:00 19456 c:\windows\system32\shutdown.exe
+ 2006-01-30 17:59 . 2008-04-14 00:12 19456 c:\windows\system32\shutdown.exe
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
