Thread: Pop ups,new web pages - trojandropper
View Single Post
Old 05-14-2008, 02:15 PM   #7 (permalink)
hodge5975
Registered User
 
Join Date: May 2008
Posts: 6
OS: Vista


Re: Pop ups,new web pages - trojandropper
Hi,

I have run the 3 new logs and pasted below. Everything seems to be running normally at the moment.

ComboFix 08-05-11.1 - Emma 2008-05-14 18:30:36.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.286 [GMT 1:00]
Running from: C:\Users\Emma\Desktop\ComboFix.exe
Command switches used :: C:\Users\Emma\Desktop\CFScript.txt

FILE ::
C:\Users\Emma\AppData\Local\Temp\awTJbXpP.dll
C:\Users\Emma\AppData\Local\Temp\yafjwbnu.dll
C:\Users\Emma\svchost.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Emma\AppData\Local\Temp\awTJbXpP.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 17:29 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-13 20:19 --------- d-----w C:\Users\Emma\AppData\Roaming\McAfee
2008-05-13 20:18 --------- d-----w C:\ProgramData\McAfee
2008-05-10 07:13 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-09 20:46 --------- d-----w C:\Program Files\Panda Security
2008-05-09 14:46 --------- d-----w C:\Program Files\McAfee
2008-05-08 20:49 --------- d-----w C:\Users\Emma\AppData\Roaming\SiteAdvisor
2008-05-08 19:26 --------- d-----w C:\Program Files\Common Files\McAfee
2008-05-07 20:14 --------- d-----w C:\Program Files\Java
2008-04-24 18:42 --------- d-----w C:\Program Files\iTunes
2008-04-24 18:42 --------- d-----w C:\Program Files\iPod
2008-04-24 18:39 --------- d-----w C:\Program Files\QuickTime
2008-04-24 18:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-17 21:05 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 20:52 0 ----a-w C:\Users\Emma\AppData\Roaming\wklnhst.dat
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 20:50 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 20:47 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-14 20:47 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-14 20:47 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-14 20:47 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-14 20:47 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-14 20:47 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-14 20:42 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 20:42 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 20:41 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 20:41 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 20:41 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 20:40 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 20:40 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 20:40 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 20:40 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 20:40 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 20:40 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 20:40 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-08-29 17:23 174 --sha-w C:\Program Files\desktop.ini
2008-01-20 16:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-20 16:44 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-20 16:44 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-13_19.48.39.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-13 20:13:24 7,680 ----a-w C:\Windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-05-13 20:18:53 16,384 ----a-w C:\Windows\assembly\GAC\Arbus.Interfacing.Library\1.0.0.27362__2be3a081d8c94867\Arbus.Interfacing.Library.dll
+ 2008-05-13 20:18:51 16,384 ----a-w C:\Windows\assembly\GAC\ArbusApplicationController\1.0.2563.27362__da57d5d39b1d6dd8\ArbusApplicationController.dll
+ 2008-05-13 20:13:16 12,288 ----a-w C:\Windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-05-13 20:13:25 33,792 ----a-w C:\Windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-05-13 20:13:34 7,168 ----a-w C:\Windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-05-13 20:13:25 32,768 ----a-w C:\Windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-05-13 20:13:25 4,608 ----a-w C:\Windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-05-13 20:13:25 26,112 ----a-w C:\Windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-05-13 20:13:16 716,800 ----a-w C:\Windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-05-13 20:13:15 28,672 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-05-13 20:13:17 299,008 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-05-13 20:13:17 6,144 ----a-w C:\Windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-05-13 20:13:15 11,264 ----a-w C:\Windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-05-13 20:13:15 32,768 ----a-w C:\Windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-05-13 20:13:15 6,656 ----a-w C:\Windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-05-13 20:13:26 1,564,672 ----a-w C:\Windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-05-13 20:13:35 32,768 ----a-w C:\Windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-05-13 20:13:26 77,824 ----a-w C:\Windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-05-13 20:13:37 299,008 ----a-w C:\Windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2008-05-13 20:13:26 1,290,240 ----a-w C:\Windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2008-05-13 20:13:27 1,699,840 ----a-w C:\Windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-05-13 20:13:28 86,016 ----a-w C:\Windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-05-13 20:13:28 65,536 ----a-w C:\Windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-05-13 20:13:29 466,944 ----a-w C:\Windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-05-13 20:13:28 241,664 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-05-13 20:13:28 64,000 ----a-w C:\Windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-05-13 20:13:30 368,640 ----a-w C:\Windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-05-13 20:13:30 241,664 ----a-w C:\Windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-05-13 20:13:30 323,584 ----a-w C:\Windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-05-13 20:13:30 131,072 ----a-w C:\Windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-05-13 20:13:31 77,824 ----a-w C:\Windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-05-13 20:13:31 126,976 ----a-w C:\Windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-05-13 20:13:35 819,200 ----a-w C:\Windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2008-05-13 20:13:32 57,344 ----a-w C:\Windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-05-13 20:13:32 569,344 ----a-w C:\Windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-05-13 20:13:31 1,245,184 ----a-w C:\Windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-05-13 20:13:33 2,039,808 ----a-w C:\Windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-05-13 20:13:34 1,335,296 ----a-w C:\Windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2008-05-13 20:13:28 1,216,512 ----a-w C:\Windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2008-05-13 20:14:31 61,440 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_9bda1b13\CustomMarshalers.dll
+ 2008-05-13 20:14:38 3,289,088 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_6ddbe14e\mscorlib.dll
+ 2008-05-13 20:14:48 1,462,272 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_6caf964d\System.Design.dll
+ 2008-05-13 20:15:02 90,112 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_66091ae3\System.Drawing.Design.dll
+ 2008-05-13 20:15:04 835,584 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_41b91aa9\System.Drawing.dll
+ 2008-05-13 20:15:09 2,994,176 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_b3f36722\System.Windows.Forms.dll
+ 2008-05-13 20:15:12 2,076,672 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_2ba1018c\System.Xml.dll
+ 2008-05-13 20:15:00 1,929,216 ----a-w C:\Windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_0ac4c29d\System.dll
- 2008-05-13 17:48:51 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-14 17:17:21 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2007-09-06 18:03:02 4,280,176 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 00:07:58 24,928 ----a-r C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
- 2008-04-17 21:05:15 1,165,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-14 17:29:12 1,165,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-04-17 21:05:15 20,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 17:29:14 20,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-17 21:05:15 159,504 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-14 17:29:13 159,504 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-04-17 21:05:15 217,864 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 17:29:14 217,864 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-17 21:05:15 18,704 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 17:29:14 18,704 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-17 21:05:16 35,088 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 17:29:14 35,088 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-17 21:05:15 845,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-14 17:29:13 845,584 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-04-17 21:05:15 922,384 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 17:29:14 922,384 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-17 21:05:15 272,648 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-14 17:29:14 272,648 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-04-17 21:05:16 888,080 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 17:29:14 888,080 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-17 21:05:15 1,172,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 17:29:13 1,172,240 ----a-r C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-04-17 21:04:38 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 17:27:40 20,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-17 21:04:37 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-14 17:27:38 184,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-17 21:04:38 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 17:27:40 217,864 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-17 21:04:38 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 17:27:40 18,704 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-04-17 21:04:38 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-14 17:27:41 35,088 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-04-17 21:04:38 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-14 17:27:39 922,384 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2008-04-17 21:04:38 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-14 17:27:41 888,080 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-04-17 21:04:37 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-14 17:27:37 1,172,240 ----a-r C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2003-02-21 01:59:44 16,896 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 02:55:06 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 02:02:16 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-21 04:04:20 155,648 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 06:24:08 7,680 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 04:00:36 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-20 18:19:42 24,576 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-20 18:19:32 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-20 18:19:22 40,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 18:19:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 18:19:38 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 18:19:36 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2002-07-29 10:11:50 219,136 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-21 06:24:10 94,208 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-21 06:24:32 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-20 18:09:08 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 09:20:44 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-21 09:21:00 626,688 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2003-02-21 06:24:34 12,288 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 06:24:36 33,792 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 03:12:24 28,672 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 09:21:40 524,288 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-20 18:16:32 798,720 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-20 1820 282,624 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 06:24:38 7,680 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 06:24:38 7,168 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 06:24:40 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 06:24:40 4,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-20 18:09:40 196,608 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-21 06:24:42 15,872 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-20 18:22:24 40,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 06:24:44 26,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 06:24:52 40,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 06:26:36 716,800 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-21 06:26:38 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 06:24:54 28,672 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 06:25:02 6,144 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 06:24:58 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 06:25:06 11,264 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 06:25:02 6,656 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 06:25:04 49,152 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 06:25:06 1,564,672 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2003-02-20 18:09:12 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-20 18:09:12 233,472 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-20 18:09:14 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 1832 311,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 18:09:16 98,304 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-21 06:26:34 2,088,960 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-20 17:43:52 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 1834 65,536 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 18:09:18 143,360 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 18:09:18 81,920 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 18:09:18 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 18:07:34 2,494,464 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-20 18:09:24 9,216 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-20 18:08:32 2,482,176 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-21 03:42:22 348,160 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 18:18:34 20,480 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 17:43:36 22,528 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 18:09:46 73,728 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 18:09:30 90,112 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 06:25:24 28,672 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-21 06:26:46 32,768 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 06:25:30 12,288 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-20 18:09:34 253,952 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-20 18:09:34 122,880 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 18:09:34 319,488 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 06:26:38 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 06:26:38 1,290,240 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-21 06:25:42 299,008 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-21 06:26:42 1,699,840 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 06:26:44 86,016 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 06:26:46 1,216,512 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 06:26:48 65,536 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 06:26:50 466,944 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 06:26:50 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-20 18:09:36 64,000 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 06:26:52 368,640 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 06:26:54 241,664 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 06:26:56 323,584 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 06:26:56 131,072 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 06:26:58 77,824 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-21 06:27:00 126,976 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 06:27:02 1,245,184 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 06:27:06 819,200 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 06:24:18 57,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 06:27:06 569,344 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 06:27:08 2,039,808 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 06:27:10 1,335,296 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 09:20:38 737,280 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 04:04:18 1,032,192 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-20 19:10:40 31,744 ----a-w C:\Windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
- 2008-05-13 17:48:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-14 17:17:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-13 17:48:52 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-14 17:17:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-13 17:51:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-14 17:19:47 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-14 17:19:47 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-13 17:51:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 17:19:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-14 17:19:42 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-13 17:59:11 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-14 17:28:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-13 17:59:11 163,840 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-14 17:28:25 163,840 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-13 17:59:11 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-14 17:28:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2003-02-20 17:43:36 4,096 ----a-w C:\Windows\System32\MUI\0409\mscoreer.dll
- 2008-05-13 17:55:56 108,526 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-14 17:25:01 112,216 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-13 17:55:56 623,342 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-14 17:25:01 631,670 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-13 17:59:49 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-13 20:00:43 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2003-02-21 04:16:08 49,152 ----a-w C:\Windows\System32\URTTEMP\regtlib.exe
- 2008-05-13 17:51:07 9,626 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-42124295-637047048-247919113-1000_UserData.bin
+ 2008-05-14 17:20:20 9,642 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-42124295-637047048-247919113-1000_UserData.bin
- 2008-05-13 17:51:07 56,536 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 17:20:20 56,662 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-13 17:51:03 46,658 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-14 17:20:17 47,318 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Host Process"="C:\Users\Emma\svchost.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-24 14:26 1006264]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 21:39 151552]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 03:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 03:03 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 03:02 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 06:58 815104]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-03-06 13:31 240640]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 07:34 634880]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-17 01:04 2348584]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-10-18 17:14 35928]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-08-15 17:59 374688]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AntiSpywareMaster"="C:\Program Files\AntiSpywareMaster\asm.exe" [ ]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59 4838952]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22 20480]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 0158 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-42124295-637047048-247919113-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-42124295-637047048-247919113-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB11A2F2-3669-4DC9-A3EF-DF51510E8D8A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{11743E25-D469-44E0-BC6A-C2FA93ACB9C4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7A42C88E-C6FA-4338-813A-F92065443DE0}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{30EADC9C-1C4D-4071-9299-F6ABBAA81ECC}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{EB8B1639-462D-4ACF-8826-4C5B08651C75}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{6160161A-2690-45EB-9CB7-998A9F2EFA13}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{8E489C5D-C236-4CC6-B75A-0A4478607A87}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{9F84CC5F-6EF1-4AA4-8367-6211F0A337C7}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{08253D84-DF84-438E-903C-A1D67244D967}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B629DE1D-9D72-41E4-B609-4787659B4064}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{71504505-4038-42D6-B407-E88E43CA9CB7}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{51CA7FF0-1C84-44AE-910B-CC74296CF99B}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= UDP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup
"UDP Query User{E8D72660-1700-4131-B92D-0B7C1752BB25}C:\\program files\\mcafee\\mbk\\mcafeedatabackup.exe"= TCP:C:\program files\mcafee\mbk\mcafeedatabackup.exe:McAfee Data Backup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-08-17 16:03]
R2 VaultClientSRV;BT Auto Backup Service;C:\Program Files\BT Auto Backup\VaultClientSRV.exe [2007-07-04 22:01]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 03:49]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 08:30]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 08:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8854107f-9a05-11dc-bb65-00e0b8c51fc1}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-12 20:11:09 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-03-12 20:11:09 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-05-09 14:45:44 C:\Windows\Tasks\Quick_Clean.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 18:35:44
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AntiSpywareMaster = C:\Program Files\AntiSpywareMaster\asm.exe?ws\Temporary Internet Files\Content.IE5\ACI3JWUI\install_asm_en[1].exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
McAfee Backup = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe?????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-14 18:38:21
ComboFix-quarantined-files.txt 2008-05-14 17:37:33
ComboFix2.txt 2008-05-13 18:49:46

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

385 --- E O F --- 2008-05-06 19:29:52


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 14, 2008 8:17:27 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/05/2008
Kaspersky Anti-Virus database records: 773040
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 100217
Number of viruses found: 1
Number of infected objects: 7
Number of suspicious objects: 0
Duration of the scan process: 01:18:58

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Deckard\System Scanner\backup\Users\Emma\AppData\Local\Temp\agsmfxtw.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\Users\Emma\AppData\Local\Temp\khfGwVNh.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\Users\Emma\AppData\Local\Temp\miigtlmx.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\Users\Emma\AppData\Local\Temp\syitxqvs.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\Users\Emma\AppData\Local\Temp\tmp0000d22c Infected: Trojan.Win32.Monder.gen skipped
C:\Deckard\System Scanner\backup\Users\Emma\AppData\Local\Temp\tnqhmukc.dll Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_Vista_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Other.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{96C75EFD-A41F-4BF7-8074-0CB50932E29A}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\Logs\{E6FE0F6A-C453-4347-9CB5-3E0E387AB114}.log Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Data\TFRDB70.tmp Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5b7f094f58fd8c5cc155e7e5825f7b7c_3bafe969-7b74-4794-9a20-7a9a832cf0e0 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9d5a26fe4a776878104a2a087f58adcf_3bafe969-7b74-4794-9a20-7a9a832cf0e0 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Philip.dat Object is locked skipped
C:\QooBox\Quarantine\C\Users\Emma\AppData\Local\Temp\awTJbXpP.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbc2e.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbdam Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbdao Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbeam Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbeao Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbm Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbu2d.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbvm.cf1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\dbvmh.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\fii.cf1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\fiih.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\hp Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\hpt2i.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\rpm.cf1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\rpm1m.cf1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\rpm1mh.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Google\Google Desktop\3ce7b83455db\rpmh.ht1 Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\UsrClass.dat{8be6b641-3219-11dc-877f-0019d28de7d2}.TM.blf Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\UsrClass.dat{8be6b641-3219-11dc-877f-0019d28de7d2}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Windows\UsrClass.dat{8be6b641-3219-11dc-877f-0019d28de7d2}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Emma\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Emma\AppData\Local\ApplicationHistory\McAfeeDataBackup.exe.e548c4c.ini.inuse Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\fb_4732.lck Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\Low\~DF4E08.tmp Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\Low\~DF4E23.tmp Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\Low\~DFE07D.tmp Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\sqlite_C0BL9QczOrHapIx Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\~DF573E.tmp Object is locked skipped
C:\Users\Emma\AppData\Local\Temp\~DFDB9E.tmp Object is locked skipped
C:\Users\Emma\AppData\Roaming\McAfee\MBK\ARBUSFILE.GDB Object is locked skipped
C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Emma\NTUSER.DAT Object is locked skipped
C:\Users\Emma\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Emma\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Emma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\Emma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Emma\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\bthservsdp.dat Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\2B8B1A8B0ACD3EE28B421D3918DC1F29.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\McDefragTask.job Object is locked skipped
C:\Windows\Tasks\McQcTask.job Object is locked skipped
C:\Windows\Tasks\Quick_Clean.job Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\fb_2612.lck Object is locked skipped
C:\Windows\Temp\mcafee_AjrlHOmaBXC5gcj Object is locked skipped
C:\Windows\Temp\mcmsc_3aOTjpYM0I8vzWc Object is locked skipped
C:\Windows\Temp\mcmsc_f2mZF448oMjLiZ1 Object is locked skipped
C:\Windows\Temp\mcmsc_fhSNGF3gxa7c4PA Object is locked skipped
C:\Windows\Temp\mcmsc_RzgAVhR1ipWTSog Object is locked skipped
C:\Windows\Temp\mcmsc_Zlk2b2e43w9SwP0 Object is locked skipped
C:\Windows\Temp\sqlite_7g7Vkgz2zM7HUyH Object is locked skipped
C:\Windows\Temp\sqlite_A8zhiNBkrOWMBM2 Object is locked skipped
C:\Windows\Temp\sqlite_ZYqPZ1gtUk4NUVx Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:08, on 14/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Users\Emma\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.h...=PTB&M=MT6833B
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1210403819466
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: BT Auto Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\BT Auto Backup\VaultClientSRV.exe

--
End of file - 8214 bytes



Thanks.
hodge5975 is offline