Thread: DSS Logs
View Single Post
Old 11-29-2007, 11:05 PM   #3 (permalink)
scunow
Registered User
 
Join Date: Nov 2007
Posts: 5
OS: XP


Re: DSS Logs
Below are my log files from SDFix, ComboFix, and HijackThis.

I'm ready for the next step.

Thanks again for help.


SDFix: Version 1.116

Run by Mr. Cunow on Thu 11/29/2007 at 08:52 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
cmdService
core
Network Monitor

Path:
C:\WINDOWS\TXIuIEN1bm93\command.exe
system32\drivers\core.sys
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
core - Deleted
Network Monitor - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\TXIuIEN1bm93\asappsrv.dll - Deleted
C:\WINDOWS\TXIuIEN1bm93\command.exe - Deleted
C:\WINDOWS\TXIuIEN1bm93\nrKRKHhYvA6a.vbs - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\Temp\abW9\tPho.log - Deleted
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe - Deleted
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe - Deleted
C:\Program Files\Network Monitor\netmon.exe - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\winshow.exe - Deleted



Folder C:\Program Files\Network Monitor - Removed
Folder C:\Temp\abW9 - Removed
Folder C:\Temp\1cb - Removed
Folder C:\WINDOWS\system32\rMa02yy - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 21:11:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Setup.exe"="D:\\Setup.exe:*:Enabled:Setup"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Documents and Settings\\Piracy\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"="C:\\Documents and Settings\\Piracy\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe:*:Disabled:Skype - Free Internet Telephony"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Disabled:SoulSeek Client"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Mr. Cunow\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Mr. Cunow\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\system32\\uhesgkue.exe"="C:\\WINDOWS\\system32\\uhe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 13 Oct 2007 31 A..H. --- "C:\WINDOWS\uccspecc.sys"
Fri 24 Aug 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 2 Sep 2005 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\Desktop\~WRL0001.tmp"
Tue 27 Nov 2007 72,704 ..SHR --- "C:\Program Files\Common Files\??crosoft.NET\notepad.exe"
Mon 3 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 9 Nov 2007 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL0001.tmp"
Sat 10 Nov 2007 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL0003.tmp"
Sat 10 Nov 2007 36,864 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL0066.tmp"
Sat 10 Nov 2007 38,912 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL0185.tmp"
Sat 10 Nov 2007 37,376 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL0336.tmp"
Sat 10 Nov 2007 38,912 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL0705.tmp"
Sat 10 Nov 2007 38,912 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL1063.tmp"
Sat 10 Nov 2007 37,376 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL1870.tmp"
Sat 10 Nov 2007 37,888 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL2233.tmp"
Sat 10 Nov 2007 38,400 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\112A\~WRL2699.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0020.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0070.tmp"
Wed 14 Dec 2005 29,184 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0091.tmp"
Wed 14 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0099.tmp"
Wed 14 Dec 2005 23,040 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0129.tmp"
Wed 14 Dec 2005 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0159.tmp"
Wed 14 Dec 2005 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0166.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0212.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0222.tmp"
Wed 14 Dec 2005 25,088 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0236.tmp"
Wed 14 Dec 2005 31,744 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0241.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0257.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0272.tmp"
Wed 14 Dec 2005 31,744 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0273.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0280.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0364.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0432.tmp"
Wed 14 Dec 2005 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0436.tmp"
Wed 14 Dec 2005 24,576 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0492.tmp"
Thu 15 Dec 2005 36,864 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0514.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0547.tmp"
Wed 14 Dec 2005 30,720 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0552.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0564.tmp"
Wed 14 Dec 2005 25,088 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0568.tmp"
Wed 14 Dec 2005 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0581.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0611.tmp"
Tue 13 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0690.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0708.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0739.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0782.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0856.tmp"
Wed 14 Dec 2005 21,504 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0896.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL0963.tmp"
Wed 14 Dec 2005 25,088 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1013.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1014.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1015.tmp"
Tue 13 Dec 2005 24,576 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1028.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1045.tmp"
Wed 14 Dec 2005 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1053.tmp"
Wed 14 Dec 2005 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1084.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1159.tmp"
Wed 14 Dec 2005 25,088 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1161.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1177.tmp"
Wed 14 Dec 2005 29,184 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1200.tmp"
Tue 13 Dec 2005 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1207.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1225.tmp"
Thu 15 Dec 2005 37,376 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1242.tmp"
Wed 14 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1292.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1307.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1374.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1380.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1384.tmp"
Wed 14 Dec 2005 26,624 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1393.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1414.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1444.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1545.tmp"
Thu 15 Dec 2005 37,376 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1589.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1594.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1729.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1747.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1759.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1786.tmp"
Tue 13 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1806.tmp"
Wed 14 Dec 2005 25,088 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1829.tmp"
Wed 14 Dec 2005 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1851.tmp"
Wed 14 Dec 2005 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1867.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1870.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1888.tmp"
Thu 15 Dec 2005 32,768 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1924.tmp"
Wed 14 Dec 2005 24,576 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL1944.tmp"
Thu 15 Dec 2005 35,840 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2008.tmp"
Tue 13 Dec 2005 24,576 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2026.tmp"
Thu 15 Dec 2005 35,840 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2034.tmp"
Thu 15 Dec 2005 35,840 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2068.tmp"
Wed 14 Dec 2005 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2069.tmp"
Thu 15 Dec 2005 36,864 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2081.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2100.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2162.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2269.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2281.tmp"
Wed 14 Dec 2005 27,648 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2306.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2312.tmp"
Tue 13 Dec 2005 24,576 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2342.tmp"
Wed 14 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2375.tmp"
Wed 14 Dec 2005 23,040 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2377.tmp"
Wed 14 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2399.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2418.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2421.tmp"
Wed 14 Dec 2005 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2451.tmp"
Wed 14 Dec 2005 21,504 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2474.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2498.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2546.tmp"
Wed 14 Dec 2005 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2547.tmp"
Wed 14 Dec 2005 31,232 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2577.tmp"
Wed 14 Dec 2005 28,160 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2601.tmp"
Thu 15 Dec 2005 38,400 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2613.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2618.tmp"
Wed 14 Dec 2005 21,504 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2620.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2621.tmp"
Thu 15 Dec 2005 39,936 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2626.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2632.tmp"
Wed 14 Dec 2005 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2683.tmp"
Wed 14 Dec 2005 27,136 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2736.tmp"
Wed 14 Dec 2005 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2749.tmp"
Wed 14 Dec 2005 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2772.tmp"
Wed 14 Dec 2005 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2777.tmp"
Wed 14 Dec 2005 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2864.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2869.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2875.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2894.tmp"
Thu 15 Dec 2005 37,376 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2918.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL2980.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3050.tmp"
Tue 13 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3127.tmp"
Wed 14 Dec 2005 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3131.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3149.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3179.tmp"
Wed 14 Dec 2005 21,504 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3233.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3270.tmp"
Wed 14 Dec 2005 21,504 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3274.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3283.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3311.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3395.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3400.tmp"
Thu 15 Dec 2005 39,424 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3401.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3430.tmp"
Wed 14 Dec 2005 29,696 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3462.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3498.tmp"
Wed 14 Dec 2005 23,040 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3522.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3548.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3565.tmp"
Wed 14 Dec 2005 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3584.tmp"
Wed 14 Dec 2005 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3586.tmp"
Thu 15 Dec 2005 35,328 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3612.tmp"
Thu 15 Dec 2005 32,256 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3619.tmp"
Wed 14 Dec 2005 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3661.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3697.tmp"
Thu 15 Dec 2005 36,352 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3737.tmp"
Tue 13 Dec 2005 24,576 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3776.tmp"
Wed 14 Dec 2005 35,840 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3809.tmp"
Thu 15 Dec 2005 36,864 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3814.tmp"
Wed 14 Dec 2005 31,744 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3824.tmp"
Wed 14 Dec 2005 27,136 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3889.tmp"
Wed 14 Dec 2005 28,672 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3914.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3925.tmp"
Wed 14 Dec 2005 23,040 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL3943.tmp"
Wed 14 Dec 2005 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL4002.tmp"
Wed 14 Dec 2005 25,600 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL4008.tmp"
Wed 14 Dec 2005 25,088 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL4045.tmp"
Wed 14 Dec 2005 26,112 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL4088.tmp"
Thu 15 Dec 2005 36,864 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Development in Brazil I\~WRL4095.tmp"
Thu 30 Nov 2006 41,984 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Job Stuff\~WRL0109.tmp"
Thu 30 Nov 2006 41,984 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Job Stuff\~WRL0462.tmp"
Thu 30 Nov 2006 41,984 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Job Stuff\~WRL1354.tmp"
Thu 30 Nov 2006 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Phd Applications\~WRL0491.tmp"
Thu 30 Nov 2006 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Phd Applications\~WRL1883.tmp"
Thu 30 Nov 2006 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Phd Applications\~WRL2099.tmp"
Thu 30 Nov 2006 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Phd Applications\~WRL2899.tmp"
Thu 30 Nov 2006 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Phd Applications\~WRL2979.tmp"
Fri 24 Dec 2004 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Populism and Democracy\~WRL0537.tmp"
Sun 26 Dec 2004 119,808 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Populism and Democracy\~WRL0828.tmp"
Sat 25 Dec 2004 80,384 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Populism and Democracy\~WRL0893.tmp"
Mon 20 Dec 2004 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Populism and Democracy\~WRL2385.tmp"
Fri 24 Dec 2004 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Populism and Democracy\~WRL2753.tmp"
Sat 25 Dec 2004 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\Populism and Democracy\~WRL3107.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0005.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0036.tmp"
Tue 6 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0096.tmp"
Mon 5 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0184.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0205.tmp"
Mon 5 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0308.tmp"
Tue 6 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0328.tmp"
Tue 6 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0479.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0493.tmp"
Mon 5 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0521.tmp"
Mon 5 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0545.tmp"
Tue 6 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0633.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0646.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0670.tmp"
Mon 5 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0806.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0864.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0908.tmp"
Mon 5 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL0984.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1198.tmp"
Tue 6 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1213.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1319.tmp"
Mon 5 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1454.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1630.tmp"
Mon 5 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1677.tmp"
Mon 5 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL1983.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2008.tmp"
Mon 5 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2037.tmp"
Mon 5 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2386.tmp"
Mon 5 Nov 2007 20,480 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2495.tmp"
Mon 5 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2502.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2741.tmp"
Mon 5 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2764.tmp"
Mon 5 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2778.tmp"
Mon 5 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2833.tmp"
Tue 6 Nov 2007 20,992 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL2978.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3033.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3324.tmp"
Mon 5 Nov 2007 19,968 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3387.tmp"
Mon 5 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3442.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3577.tmp"
Mon 5 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3583.tmp"
Mon 5 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3730.tmp"
Mon 5 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3769.tmp"
Tue 6 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL3787.tmp"
Mon 5 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Mr. Cunow\My Documents\200A- Foundations in Political Science\Reading Notes\Week 5\~WRL4009.tmp"

Finished!


ComboFix 07-11-19.4C - Mr. Cunow 2007-11-29 21:35:01.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.463 [GMT -8:00]
Running from: C:\Documents and Settings\Mr. Cunow\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Mr. Cunow\Application Data\Sskknwrd.dll
C:\Program Files\Common Files\crosof~1.net
C:\Program Files\Common Files\crosof~1.net\??crosoft.NET\
C:\Program Files\Common Files\crosof~1.net\notepad.exe
C:\temp\tn3
C:\WINDOWS\system32\c1
C:\WINDOWS\system32\c1\baslook11.exe
C:\WINDOWS\system32\j2
C:\WINDOWS\system32\jjjlm.ini
C:\WINDOWS\system32\jjjlm.ini2
C:\WINDOWS\system32\m8
C:\WINDOWS\system32\m8\nsts2dll1.exe
C:\WINDOWS\system32\mljjj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 )))))))))))))))))))))))))))))))
.

2007-11-29 20:50 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-29 20:21 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-29 09:30 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-28 23:12 71,232 --a------ C:\WINDOWS\system32\uhesgkue.exe
2007-11-28 00:39 <DIR> d-------- C:\Deckard
2007-11-28 00:36 <DIR> d-------- C:\Program Files\ZonedOut
2007-11-27 15:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-27 15:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-27 15:57 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-27 15:56 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-27 15:46 38,912 --a------ C:\WINDOWS\system32\urqrpqr.dll
2007-11-27 15:45 38,912 --a------ C:\WINDOWS\system32\jkkifeb.dll
2007-11-27 15:44 38,912 --a------ C:\WINDOWS\system32\xxyaxut.dll
2007-11-27 15:41 38,912 --a------ C:\WINDOWS\system32\khfdeca.dll
2007-11-27 15:40 <DIR> d-------- C:\WINDOWS\TXIuIEN1bm93
2007-11-27 15:40 38,912 --a------ C:\WINDOWS\system32\rqrrqnl.dll
2007-11-27 10:48 6,058,496 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-27 10:48 2,455,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-27 10:48 991,232 --a------ C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-27 10:48 459,264 --a------ C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-27 10:48 383,488 --a------ C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-27 10:48 267,776 --a------ C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-27 10:48 63,488 --a------ C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-27 10:48 52,224 --a------ C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-27 10:48 13,824 --a------ C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-14 09:15 <DIR> d-------- C:\Program Files\Pando Networks
2007-10-13 10:43 161,112 -rah----- C:\WINDOWS\system32\cpnprt2.cid
2007-10-13 10:40 <DIR> d-------- C:\WINDOWS\Cache
2007-10-13 10:40 <DIR> d-------- C:\Program Files\Coupons
2007-10-13 10:40 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-10-11 17:38 178 --a------ C:\handle.dat
2007-10-10 15:30 584,192 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-09 09:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-10-09 09:31 675,840 -ra------ C:\WINDOWS\system32\hpowiax3.dll
2007-10-09 09:31 569,344 -ra------ C:\WINDOWS\system32\hpotscl3.dll
2007-10-09 09:31 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2007-10-09 09:31 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2007-10-09 09:31 294,912 -ra------ C:\WINDOWS\system32\hpovst10.dll
2007-10-09 09:31 258,048 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-10-09 09:31 117,760 --a------ C:\WINDOWS\system32\hpzll4v2.dll
2007-10-09 09:30 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-09 09:26 116,092 --a------ C:\WINDOWS\hpoins12.dat
2007-10-09 09:26 1,470 --------- C:\WINDOWS\hpomdl12.dat
2007-10-09 09:22 <DIR> d-------- C:\temp\HP_WebRelease

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 05:48 --------- d-----w C:\Program Files\Symantec Antivirus
2007-11-30 04:21 --------- d-----w C:\Program Files\Java
2007-11-28 07:58 --------- d-----w C:\Program Files\TagRename
2007-11-28 07:58 --------- d-----w C:\Program Files\SpywareGuard
2007-11-28 07:55 --------- d-----w C:\Program Files\NZSearch
2007-11-28 07:51 --------- d-----w C:\Program Files\Linksys Wireless-G Music Bridge
2007-11-28 07:50 --------- d-----w C:\Program Files\iTunes
2007-11-28 07:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-28 07:40 --------- d-----w C:\Program Files\Apoint2K
2007-11-28 00:15 --------- d-----w C:\Program Files\Viewpoint
2007-11-28 00:15 --------- d-----w C:\Documents and Settings\Mr. Cunow\Application Data\Viewpoint
2007-11-28 00:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-27 19:17 --------- d-----w C:\Documents and Settings\Mr. Cunow\Application Data\Skype
2007-11-27 19:03 --------- d-----w C:\Program Files\SpywareBlaster
2007-11-02 07:05 --------- d-----w C:\Documents and Settings\Mr. Cunow\Application Data\ZoomBrowser EX
2007-11-02 07:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 17:12 --------- d-----w C:\Program Files\AIM6
2007-10-24 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-23 23:02 --------- d-----w C:\Documents and Settings\Mr. Cunow\Application Data\Apple Computer
2007-10-12 06:11 --------- d-----w C:\Program Files\Soulseek
2007-08-22 13:12 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 13:12 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 13:12 1,494,528 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 13:12 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 13:12 1,022,976 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 23:34 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-14 02:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-14 02:54 413,696 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
2007-08-14 02:54 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-14 02:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-14 02:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-14 02:54 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2007-08-14 02:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-14 02:45 78,336 ----a-w C:\WINDOWS\system32\dllcache\ieencode.dll
2007-08-14 02:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-14 02:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-14 02:44 40,960 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2007-08-14 02:42 17,408 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2007-08-14 02:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-14 02:39 71,680 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
2007-08-14 02:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-14 02:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-14 02:39 55,296 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
2007-08-14 02:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-08-14 02:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-14 02:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-14 02:36 36,352 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2007-08-14 02:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-14 02:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-14 02:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2007-08-14 02:18 60,416 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2007-08-14 02:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-08-14 02:01 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
2007-04-01 23:22 73,728 ----a-w C:\Documents and Settings\Mr. Cunow\SetupNI.dll
2006-02-14 18:31 184,808 ----a-w C:\Documents and Settings\Mr. Cunow\Application Data\shb.dat
2005-11-03 04:36 48,504 ----a-w C:\Documents and Settings\Mr. Cunow\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
2007-11-27 15:40 38912 --a------ C:\WINDOWS\system32\rqrrqnl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [2004-11-09 00:29]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 13:45]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33]
"Aaou"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\notepad.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-07 19:40]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-30 05:40 C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 09:05]
"CamMonitor"="C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [2002-10-06 23:23]
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 09:42]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 08:21]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 00:01]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 18:55]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 16:31]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-08-02 15:36]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 10:54]
"ATIModeChange"="Ati2mdxx.exe" [2004-04-01 23:16 C:\WINDOWS\system32\Ati2mdxx.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 19:11]
"CmFlywaveName"="C:\WINDOWS\System\CmFlywav.exe" [2005-10-05 10:38]
"Linksys WMB54G Utility"="C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe" [2005-11-22 22:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 15:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 06:36]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\Mr. Cunow\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 15:05:35]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 19:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2004-12-04 11:08:28]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 15:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 15:50:52]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2003-07-29 20:49:48]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\rqrrqnl.dll [2007-11-27 15:40 38912]
C:\WINDOWS\System32\NavLogon.dll 2004-08-02 15:36 83272 C:\WINDOWS\system32\NavLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqnl]
rqrrqnl.dll 2007-11-27 15:40 38912 C:\WINDOWS\system32\rqrrqnl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll

R3 cmvad;C-Media Wi-Sonic Wireless Audio Interface;C:\WINDOWS\system32\drivers\cmudaxv.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 CE3;Xircom Ethernet Adapter 10/100 Service;C:\WINDOWS\system32\DRIVERS\ce3n5.sys
S3 PhDebug32;PhDebug32;\??\c:\bios\hr60\debug32.sys
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03804255-705b-11dc-9a6e-000fb009b67c}]
\Shell\1\Command - .\System\Memory\autorun.exe
\Shell\2\Command - .\System\Memory\autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\System\Memory\autorun.exe

.
Contents of the 'Scheduled Tasks' folder
"2005-06-27 21:31:07 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
"2007-11-18 18:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-07-01 13:44:20 C:\WINDOWS\Tasks\iRadio 1.2 task 3.job"
- C:\PROGRA~1\3aLab\iRadio\iRadio.exe
"2005-04-19 13:47:48 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 21:50:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?6?0?5??????? ???B???????????????B? ??????

scanning hidden files ...

C:\WINDOWS\system32\vybeg.ini 320 bytes
C:\WINDOWS\system32\vybeg.ini2 320 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
Completion time: 2007-11-29 21:59:04 - machine was rebooted
.
--- E O F ---


Deckard's System Scanner v20071014.68
Run by Mr. Cunow on 2007-11-29 22:00:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Mr. Cunow.exe) -------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:00:44 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Mr. Cunow\Desktop\dss.exe
C:\HIJACK~1\MRCUNO~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/radio/aod/mainf...d/radio1.shtml
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.nyu.edu:8000
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Mr. Cunow\Application Data\Mozilla\Profiles\default\bj26lb4b.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mr. Cunow\Application Data\Mozilla\Profiles\default\bj26lb4b.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\rqrrqnl.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BE6C2349-407C-4987-8BF0-7B4B697B73D8} - C:\WINDOWS\system32\gebyv.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [Aaou] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\notepad.exe" -vt yazb
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093672044250
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{451478F6-D9D9-40CF-8E57-EE621B7344BD}: NameServer = 128.122.253.92,128.122.253.37
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nyu.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = nyu.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rqrrqnl - C:\WINDOWS\SYSTEM32\rqrrqnl.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


-- Files created between 2007-10-29 and 2007-11-29 -----------------------------

2007-11-29 21:55:58 392 --ahs---- C:\WINDOWS\system32\vybeg.ini2
2007-11-29 21:55:39 324192 --a------ C:\WINDOWS\system32\gebyv.dll
2007-11-29 20:50:41 0 d-------- C:\WINDOWS\ERUNT
2007-11-28 23:12:34 71232 --a------ C:\WINDOWS\system32\uhesgkue.exe <Not Verified; ; DDC>
2007-11-28 00:36:10 0 d-------- C:\Program Files\ZonedOut
2007-11-27 15:56:55 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-11-27 15:46:50 38912 --a------ C:\WINDOWS\system32\urqrpqr.dll
2007-11-27 15:45:32 38912 --a------ C:\WINDOWS\system32\jkkifeb.dll
2007-11-27 15:44:41 38912 --a------ C:\WINDOWS\system32\xxyaxut.dll
2007-11-27 15:41:21 38912 --a------ C:\WINDOWS\system32\khfdeca.dll
2007-11-27 15:40:35 0 d-------- C:\WINDOWS\TXIuIEN1bm93
2007-11-27 15:40:13 38912 --a------ C:\WINDOWS\system32\rqrrqnl.dll
2007-11-27 10:41:15 0 d-------- C:\WINDOWS\network diagnostic


-- Find3M Report ---------------------------------------------------------------

2007-11-29 21:48:29 0 d-------- C:\Program Files\Symantec Antivirus
2007-11-29 21:41:58 0 d-------- C:\Program Files\Common Files
2007-11-29 20:21:25 0 d-------- C:\Program Files\Java
2007-11-27 23:58:31 0 d-------- C:\Program Files\TagRename
2007-11-27 23:58:15 0 d-------- C:\Program Files\SpywareGuard
2007-11-27 23:55:19 0 d-------- C:\Program Files\NZSearch
2007-11-27 23:51:34 0 d-------- C:\Program Files\Linksys Wireless-G Music Bridge
2007-11-27 23:50:59 0 d-------- C:\Program Files\iTunes
2007-11-27 23:43:14 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-27 23:40:48 0 d-------- C:\Program Files\Apoint2K
2007-11-27 16:15:44 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\Viewpoint
2007-11-27 16:15:42 0 d-------- C:\Program Files\Viewpoint
2007-11-27 11:17:27 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\Skype
2007-11-27 11:03:49 0 d-------- C:\Program Files\SpywareBlaster
2007-11-01 23:05:47 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\ZoomBrowser EX
2007-10-24 09:12:17 0 d-------- C:\Program Files\AIM6
2007-10-23 15:02:23 0 d-------- C:\Documents and Settings\Mr. Cunow\Application Data\Apple Computer
2007-10-14 09:15:38 0 d-------- C:\Program Files\Pando Networks
2007-10-13 10:40:24 0 d-------- C:\Program Files\Coupons
2007-10-13 10:40:23 31 --ah----- C:\WINDOWS\uccspecc.sys
2007-10-11 22:11:06 0 d-------- C:\Program Files\Soulseek
2007-10-11 17:38:22 178 --a------ C:\handle.dat
2007-10-09 09:46:17 116092 --a------ C:\WINDOWS\hpoins12.dat
2007-09-17 18:01:43 1493 --a------ C:\WINDOWS\ipconfig.dat
2007-09-17 18:00:19 1490 --a------ C:\WINDOWS\checkip.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
11/27/2007 03:40 PM 38912 --a------ C:\WINDOWS\system32\rqrrqnl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE6C2349-407C-4987-8BF0-7B4B697B73D8}]
11/29/2007 09:55 PM 324192 --a------ C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/07/2003 07:40 PM]
"AGRSMMSG"="AGRSMMSG.exe" [10/30/2003 05:40 AM C:\WINDOWS\AGRSMMSG.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [03/01/2004 09:05 AM]
"CamMonitor"="C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe" [10/06/2002 11:23 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 AM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [01/13/2004 08:21 AM]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 12:01 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [05/22/2003 06:55 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/09/2004 04:31 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [08/02/2004 03:36 PM]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [01/12/2005 10:54 AM]
"ATIModeChange"="Ati2mdxx.exe" [04/01/2004 11:16 PM C:\WINDOWS\system32\Ati2mdxx.exe]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [02/16/2005 07:11 PM]
"CmFlywaveName"="C:\WINDOWS\System\CmFlywav.exe" [10/05/2005 10:38 AM]
"Linksys WMB54G Utility"="C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe" [11/22/2005 10:26 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 03:58 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 06:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [11/09/2004 12:29 AM]
"Aim6"="" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 01:45 PM]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [10/05/2007 11:33 AM]
"Aaou"="C:\PROGRA~1\COMMON~1\CROSOF~1.NET\notepad.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]

C:\Documents and Settings\Mr. Cunow\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 3:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 7:05:26 PM]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [12/4/2004 11:08:28 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 3:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [11/4/2004 3:50:52 PM]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [7/29/2003 8:49:48 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\rqrrqnl.dll [11/27/2007 03:40 PM 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrrqnl]
rqrrqnl.dll 11/27/2007 03:40 PM 38912 C:\WINDOWS\system32\rqrrqnl.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03804255-705b-11dc-9a6e-000fb009b67c}]
1\Command- .\System\Memory\autorun.exe
2\Command- .\System\Memory\autorun.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\System\Memory\autorun.exe




-- End of Deckard's System Scanner: finished at 2007-11-29 22:02:17 ------------
scunow is offline