Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Post from 25 Sept - Probably overlooked - Plz help Post from 25 Sept - Probably overlooked - Plz help
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 09-24-2008, 07:38 PM   #1 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Question Post from 25 Sept - Probably overlooked - Plz help
Firstly, I would like to thank you for your time and effort you put in this forum and to request your valuable help.
I'll try to outline my problem, sorry if I become very talkative.

Previous Infection:
It is about three monthes ago that my Dell XPS 1730 started to act peculiar. Initial scans show nothing from
ZoneAlarm Pro, Norton Symantec Corporate AV, Spywareblaster, Ad-aware, etc. When Norton actually found
an irrelevant worm, all things suggested that I have been infected by Vundo. I tried to clean the system myself
following suggestions from various forums (including yours) using Vundofix, HijackThis, Malwarebyte's Anti-Malware
and Combofix WITHOUT posting an actual thread, so it is me to blame that my system became unstable
and I had to set it up again. I have a triple partition HD so I format the boot partition with the installed Win XP
and kept the other two partitions that they have my files.

Current problems:
It seems that reformatting the booting partition and re-installing XP didn't solve my problem. Gradually, some problems
seem to return while others were never solved.
In case that gives you any idea I cannot see wanted (meaning popups I actually click on them) pop up windows
from two browsers (Firefox 3 & IE 7) when Java seems to be involved, flash buttons (which link to a new window)
dont seem to work too for most sites.

Preparation:
I followed your instructions before posting but I was unable to scan from Panda Active Scan because
initially the link button didnt seem to work (as usual). So, I installed Opera in order to avoid this problem (because
I have read that Opera is unaffected by Vundo). This worked in downloading the active scan but when I actually
tried to scan Panda refused to scan trhough Opera so I copied the link in IE and that finally worked.
I may bore you but I just try to explain what usually happens, when I surf.

All AV and Anti-malware programmes I,ve used show my pc clean. But what blocks my links then in 3 browsers?
Java is not working properly and ActiveX and Flash objects too.

I am really sorry for the lengthy introduction.


PANDA ANTIVIRUS RESULTS:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-25 00:14:11
PROTECTIONS: 3
MALWARE: 2
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Symantec Antivirus Corporate Edition 8.0 No Yes
Windows Defender 1.1.3903.0 No No
Norton Antivirus Edition 7.5 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00002005 WM/CAP.A Virus No 0 Yes No προσωπικοί φάκελοι(translation:personal folders)\outlook express 4.x, 5 επαφέσ(translation: contacts)\cv\curriculum vitae.doc
03738686 Generic Malware Virus/Trojan No 0 No No E:\System Volume Information\_restore{E9C45A30-1034-4191-B461-A556E746848D}\RP168\A0016977.exe[327882R2FWJFW\catchme.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location |
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description |
;===================================================================================================================================================================================
;===================================================================================================================================================================================


NOTES:
-the WM/CAP.A infection was removed by Panda. Although I doubt this was my problem. It seems like a really old file which I havent use in ages.
-The "Generic Malware" seems to be a left-over from the previous infection. Is it possible the old restore files to have re-infect me? Btw I havent use them to restore my system.
-It really surprises me the fact that Panda says that Win Defender is not active nor updated although Defender says the opposite. No active Norton too???? What is this???


I took the liberty to do an online Kaspersky scan too. Here the results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, September 25, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, September 24, 2008 16:26:54
Records in database: 1255995
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 62944
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:55:02


File name / Threat name / Threats count
E:\Programs\Players-Codecs\install_BS.Player_.exe Infected: Trojan.Win32.Shutdowner.api 1

The selected area was scanned.
--------------------------------------------------------------------------------

NOTE: I deleted the infected file and btw I have not installed BSplayer after the format.


========================================================
AND HERE IS THE LOG FILE:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:13 πμ, on 25/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LockStatusTray.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
E:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LockStatusTray] C:\WINDOWS\LockStatusTray.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1220134444890
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8496 bytes


Thanks you very much for your trouble and effort.
Toxotis is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 09-30-2008, 02:33 PM   #2 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Re: Vundo back to life?
BUMP, please
Toxotis is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 10-14-2008, 07:18 AM   #3 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Re: Vundo back to life?
BUMP
please help. I understand there is a flooding of msgs to you, but I am really helpless here.
Thanks
Toxotis is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-02-2008, 06:18 AM   #4 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Post from 25 Sept - Probably overlooked - Plz help
Original post from 25 Sept 2008
i understand it has probably being overlooked
problems still persisting
computer and net getting slower
really desperate -please help

ready to post new logs whenever you ask for them

Thank you in advance

Link to original post:
http://www.techsupportforum.com/secu...back-life.html
Toxotis is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-07-2008, 05:50 AM   #5 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Re: Post from 25 Sept - Probably overlooked - Plz help
BUMP

i probably will be ignored again...
right?
is there any possible reason?
Take care, Chris
Toxotis is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-07-2008, 07:02 AM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 19,747
OS: WinXP and Vista


Re: Post from 25 Sept - Probably overlooked - Plz help
Hello Chris and our apologies for the oversight of your thread. It is as you suspect--there are so many more people across the world wide web, posting here for help, and only so many of us. Unfortunately, we can't get to everyone all the time.

Thank you for posting the link to the previous thread, I've merged it with this one for continuity.

What I'd like you to do now is provide me with a current look at the system. Please follow the instructions in our sticky topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply so we can continue.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-08-2008, 12:39 PM   #7 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Re: Post from 25 Sept - Probably overlooked - Plz help
I am really grateful for your answer. Sorry if I sounded a bit bitter, I know you do what you can, I guess it was just frustration talking...

GMER results:
================

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-08 19:21:18
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB60DB8D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB60D86E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB60E5490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB60DBE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB60E2C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB60E2E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB60E6D50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB60DBF80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB60D8C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xB60E5D10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xB60E5AC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB60E2600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xB60D53B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xB60E6230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB60E62B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB60E6FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB60D8AD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB60E44F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB60E42B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB60E6970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xB60E63D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB60DB4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xB60E67C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB60DBAA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB60D8EA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xB60D5190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xB60E5800]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB60E3580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB60E3400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xB60D55D0]

INT 0x20 srescan.sys BA60DCA0

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [ 90, BE, 0D, B6, 80, 2C, 0E, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D48 805045E4 12 Bytes [ B0, 53, 0D, B6, 30, 62, 0E, ... ]
? srescan.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[940] ntdll.dll!KiFastSystemCall + 2 7C90E4F2 2 Bytes [ CD, 20 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B60DE780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B60DE780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B60DE780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B60DE780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B60DE780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B60E0410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B60DE780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B60E0B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B60E0220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Ntfs \Ntfs srescan.sys

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- EOF - GMER 1.0.14 ----
Toxotis is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-08-2008, 12:46 PM   #8 (permalink)
Registered User
 
Toxotis's Avatar
 
Join Date: Sep 2008
Location: London
Posts: 13
OS: Win XP


Re: Post from 25 Sept - Probably overlooked - Plz help
RSIT results
sorry to post them as an attachment but it supposed to have 37 icons (probably smilies) and the limit of 25 blocks posting.

Thanks again.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Christos at 2008-11-08 19:23:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (85%) free of 60 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:29 μμ, on 8/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\LockStatusTray.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Christos\Desktop\RSIT.exe
E:\Programs\Security\Christos.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LockStatusTray] C:\WINDOWS\LockStatusTray.exe
O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1220134444890
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8670 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-11 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-11 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0 CE\Acrobat\AcroIEFavClient.dll [2003-05-11 147456]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-09-06 8491008]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2007-09-06 81920]
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-09-06 81920]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1024000]
"LockStatusTray"=C:\WINDOWS\LockStatusTray.exe [2008-02-19 192512]
"Launch LgDevAgt"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2007-12-13 346648]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe [2003-05-20 90112]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"NeroFilterCheck"=C:\WINDOWS\System32\NeroCheck.exe [2005-09-25 155648]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2008-08-22 1234160]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-09-25 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\System32\NavLogon.dll [2003-05-20 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoRecentDocsNetHood"=01000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 3 months======

2008-11-08 19:23:05 ----D---- C:\rsit
2008-11-08 08:59:10 ----A---- C:\WINDOWS\gmer.ini
2008-11-08 08:59:08 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-08 08:59:08 ----A---- C:\WINDOWS\gmer.exe
2008-11-08 08:59:08 ----A---- C:\WINDOWS\gmer.dll
2008-11-07 12:56:02 ----D---- C:\fsaua.data
2008-11-04 10:35:30 ----A---- C:\WINDOWS\system32\zpeng25.dll
2008-11-02 19:34:19 ----D---- C:\Documents and Settings\Christos\Application Data\Media Player Classic
2008-11-01 23:04:18 ----D---- C:\Program Files\XP Codec Pack
2008-10-15 22:05:13 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-15 15:52:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-15 15:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-04 19:22:04 ----D---- C:\Documents and Settings\Christos\Application Data\teamspeak2
2008-10-04 19:21:03 ----D---- C:\Program Files\Teamspeak2_RC2
2008-10-01 12:23:27 ----D---- C:\WINDOWS\Minidump
2008-09-28 20:06:01 ----D---- C:\Program Files\Trillian
2008-09-28 20:04:45 ----D---- C:\Program Files\MSECache
2008-09-25 15:45:57 ----D---- C:\Program Files\AC3File
2008-09-25 15:34:21 ----D---- C:\Program Files\FDRLab
2008-09-24 21:42:24 ----A---- C:\WINDOWS\choice.exe
2008-09-24 21:42:08 ----D---- C:\Temp
2008-09-24 15:48:24 ----D---- C:\Program Files\Panda Security
2008-09-24 14:49:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-24 14:47:20 ----D---- C:\Program Files\SpywareBlaster
2008-09-24 13:47:12 ----D---- C:\Documents and Settings\Christos\Application Data\Opera
2008-09-24 13:45:46 ----D---- C:\Program Files\Opera
2008-09-23 00:50:36 ----D---- C:\Logs
2008-09-22 16:42:00 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-09-22 15:36:58 ----D---- C:\Program Files\Gabest
2008-09-22 14:48:21 ----D---- C:\Program Files\MSXML 4.0
2008-09-21 19:04:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-09-21 19:04:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-09-21 19:04:08 ----A---- C:\WINDOWS\system32\java.exe
2008-09-21 19:03:01 ----D---- C:\Program Files\Java
2008-09-21 18:59:55 ----D---- C:\Program Files\Common Files\Java
2008-09-12 14:56:30 ----D---- C:\Games
2008-09-04 10:32:54 ----D---- C:\Documents and Settings\Christos\Application Data\Malwarebytes
2008-09-04 10:32:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-04 10:32:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-04 09:02:18 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2008-09-04 08:59:59 ----D---- C:\Program Files\Huawei technologies
2008-08-31 16:05:41 ----RA---- C:\WINDOWS\system32\MSXML4r.dll
2008-08-31 16:05:41 ----RA---- C:\WINDOWS\system32\MSXML4a.dll
2008-08-31 16:05:41 ----RA---- C:\WINDOWS\system32\hpvaut32.dll
2008-08-31 16:05:40 ----RA---- C:\WINDOWS\system32\hpvcr70.dll
2008-08-31 16:05:40 ----RA---- C:\WINDOWS\system32\hpvcp70.dll
2008-08-31 14:48:35 ----A---- C:\WINDOWS\IsUninst.exe
2008-08-31 14:48:15 ----D---- C:\Program Files\HP
2008-08-31 14:48:08 ----D---- C:\Program Files\Hewlett-Packard
2008-08-31 14:47:37 ----A---- C:\WINDOWS\hpdj3500.ini
2008-08-31 14:46:37 ----A---- C:\WINDOWS\hpbvspst.ini
2008-08-31 14:45:08 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-08-31 14:45:08 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-08-31 02:41:29 ----D---- C:\Program Files\Google
2008-08-31 02:40:17 ----D---- C:\WINDOWS\system32\appmgmt
2008-08-31 02:36:51 ----D---- C:\Documents and Settings\Christos\Application Data\Google
2008-08-31 00:45:20 ----D---- C:\WINDOWS\Sun
2008-08-31 00:45:20 ----D---- C:\Documents and Settings\Christos\Application Data\Sun
2008-08-30 22:22:24 ----D---- C:\Documents and Settings\Christos\Application Data\Adobe
2008-08-30 22:21:45 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-08-30 22:21:36 ----D---- C:\Program Files\Common Files\Adobe
2008-08-30 22:21:10 ----D---- C:\Program Files\Adobe
2008-08-30 22:18:18 ----A---- C:\WINDOWS\Lexicon.ini
2008-08-30 21:43:22 ----D---- C:\WINDOWS\Downloaded Installations
2008-08-29 12:34:03 ----D---- C:\Program Files\Windows Defender
2008-08-29 12:32:49 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-08-29 12:16:20 ----D---- C:\Documents and Settings\Christos\Application Data\WinRAR
2008-08-29 12:14:34 ----D---- C:\Program Files\WinRAR
2008-08-29 12:09:40 ----D---- C:\Program Files\WinZip
2008-08-29 11:20:39 ----D---- C:\Documents and Settings\Christos\Application Data\Macromedia
2008-08-28 18:26:07 ----A---- C:\WINDOWS\ODBC.INI
2008-08-28 18:26:01 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-08-28 18:25:17 ----D---- C:\Program Files\Microsoft.NET
2008-08-28 18:24:51 ----D---- C:\Program Files\Common Files\DESIGNER
2008-08-28 18:24:48 ----D---- C:\Program Files\Microsoft Works
2008-08-28 18:24:43 ----D---- C:\Program Files\Microsoft Visual Studio
2008-08-28 18:24:30 ----D---- C:\WINDOWS\SHELLNEW
2008-08-28 18:23:27 ----D---- C:\Program Files\Microsoft Office
2008-08-28 17:47:43 ----D---- C:\WINDOWS\Prefetch
2008-08-28 17:39:36 ----D---- C:\WINDOWS\system32\scripting
2008-08-28 17:39:35 ----D---- C:\WINDOWS\l2schemas
2008-08-28 17:39:34 ----D---- C:\WINDOWS\system32\en
2008-08-28 17:39:34 ----D---- C:\Program Files\msn
2008-08-28 17:14:07 ----D---- C:\Program Files\MSXML 6.0
2008-08-28 17:07:24 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-28 17:07:23 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-28 17:07:22 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-28 17:07:22 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-28 17:07:19 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-28 17:07:19 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-28 17:07:15 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-28 17:07:13 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-28 17:07:13 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-28 17:07:13 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-28 17:07:13 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-28 17:07:12 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-28 17:07:12 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-28 17:07:11 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-28 17:07:09 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-28 17:07:06 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-28 17:07:06 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-28 17:07:06 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-28 17:07:05 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-28 17:07:05 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-28 17:06:58 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-28 17:06:58 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-28 17:06:58 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-28 17:06:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-28 17:06:53 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-28 17:06:53 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-28 17:06:52 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-28 17:06:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-28 17:06:52 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-28 17:06:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-28 17:06:46 ----D---- C:\Documents and Settings\Christos\Application Data\Mozilla
2008-08-28 17:06:42 ----A---- C:\WINDOWS\005891_.tmp
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-28 17:06:41 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-28 17:06:40 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-28 17:06:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-28 17:06:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-28 17:06:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-28 17:06:38 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-28 17:06:35 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-28 17:06:35 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-28 17:06:35 ----D---- C:\Program Files\Mozilla Firefox
2008-08-28 17:06:31 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-08-28 17:01:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-08-28 16:35:54 ----D---- C:\WINDOWS\ie7updates
2008-08-28 16:35:21 ----D---- C:\WINDOWS\WBEM
2008-08-28 16:35:19 ----D---- C:\WINDOWS\system32\en-US
2008-08-28 16:34:14 ----HDC---- C:\WINDOWS\ie7
2008-08-28 16:34:01 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-08-28 16:33:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-08-28 16:33:01 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-28 16:32:12 ----D---- C:\WINDOWS\network diagnostic
2008-08-28 16:01:38 ----D---- C:\Documents and Settings\Christos\Application Data\Intel
2008-08-28 16:01:35 ----A---- C:\WINDOWS\system32\results.txt
2008-08-28 16:00:56 ----D---- C:\Documents and Settings\All Users\Application Data\Intel
2008-08-28 16:00:30 ----A---- C:\WINDOWS\system32\NETw4r32.dll
2008-08-28 16:00:30 ----A---- C:\WINDOWS\system32\NETw4c32.dll
2008-08-28 15:22:41 ----D---- C:\WINDOWS\provisioning
2008-08-28 15:22:41 ----D---- C:\WINDOWS\peernet
2008-08-28 15:21:42 ----D---- C:\WINDOWS\ServicePackFiles
2008-08-28 15:19:18 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-08-28 15:19:15 ----D---- C:\WINDOWS\EHome
2008-08-28 15:06:44 ----A---- C:\WINDOWS\system32\MRT.exe
2008-08-28 15:04:47 ----A---- C:\WINDOWS\system32\jit.dll
2008-08-28 15:04:47 ----A---- C:\WINDOWS\system32\javaee.dll
2008-08-28 15:04:47 ----A---- C:\WINDOWS\system32\dx3j.dll
2008-08-28 15:04:47 ----A---- C:\WINDOWS\setdebug.exe
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\wjview.exe
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\vmhelper.dll
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\msjdbc10.dll
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\msjava.dll
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\msawt.dll
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\jview.exe
2008-08-28 15:04:44 ----A---- C:\WINDOWS\system32\jdbgmgr.exe
2008-08-28 15:04:43 ----A---- C:\WINDOWS\system32\javart.dll
2008-08-28 15:04:43 ----A---- C:\WINDOWS\system32\javaprxy.dll
2008-08-28 15:04:43 ----A---- C:\WINDOWS\system32\javacypt.dll
2008-08-28 15:04:43 ----A---- C:\WINDOWS\system32\clspack.exe
2008-08-28 14:56:41 ----D---- C:\dell
2008-08-28 14:56:23 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-08-28 14:26:33 ----D---- C:\Documents and Settings\Christos\Application Data\Ahead
2008-08-28 14:24:21 ----D---- C:\Program Files\Nero
2008-08-28 14:24:21 ----D---- C:\Program Files\Common Files\Ahead
2008-08-28 14:07:30 ----A---- C:\WINDOWS\system32\esent.dll
2008-08-28 13:53:59 ----D---- C:\WINDOWS\system32\bits
2008-08-28 13:53:29 ----D---- C:\WINDOWS\system32\PreInstall
2008-08-28 13:53:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-08-28 13:53:27 ----HD---- C:\WINDOWS\$hf_mig$
2008-08-28 13:49:37 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-08-28 13:49:37 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-08-28 13:49:37 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-08-28 13:49:37 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-08-28 13:43:00 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-08-28 13:39:39 ----D---- C:\WINDOWS\SoftwareDistribution
2008-08-28 13:39:37 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-08-28 13:39:37 ----A---- C:\WINDOWS\system32\wups.dll
2008-08-28 13:39:37 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-08-28 13:39:37 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-08-28 13:39:37 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-08-28 13:39:37 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-08-28 13:39:11 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-08-28 13:38:59 ----A---- C:\WINDOWS\VPC32.INI
2008-08-28 13:38:05 ----A---- C:\WINDOWS\system32\xpsp1hfm.exe
2008-08-28 13:38:05 ----A---- C:\WINDOWS\system32\crypt32.dll
2008-08-28 13:38:05 ----A---- C:\WINDOWS\hh.exe
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\osk.exe
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\narrator.exe
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\magnify.exe
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\locator.exe
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\cryptsvc.dll
2008-08-28 13:38:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-08-28 13:38:03 ----A---- C:\WINDOWS\system32\shmedia.dll
2008-08-28 13:38:03 ----A---- C:\WINDOWS\system32\itircl.dll
2008-08-28 13:38:02 ----A---- C:\WINDOWS\system32\zipfldr.dll
2008-08-28 13:38:02 ----A---- C:\WINDOWS\system32\newdev.dll
2008-08-28 13:38:02 ----A---- C:\WINDOWS\system32\itss.dll
2008-08-28 13:38:02 ----A---- C:\WINDOWS\system32\hhsetup.dll
2008-08-28 12:41:56 ----A---- C:\WINDOWS\frontpg.ini
2008-08-28 12:29:48 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2008-08-28 12:29:39 ----D---- C:\WINDOWS\system32\Cache
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\snprfdll.dll
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\smtpctrs.ini
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\smtpctrs.dll
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\regtrace.exe
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\ntfsdrct.ini
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\fcachdll.dll
2008-08-28 12:28:49 ----A---- C:\WINDOWS\system32\adsiisex.dll
2008-08-28 12:28:33 ----D---- C:\Inetpub
2008-08-28 12:28:32 ----A---- C:\WINDOWS\system32\ftpctrs2.dll
2008-08-28 12:28:32 ----A---- C:\WINDOWS\system32\ftpctrs.ini
2008-08-28 12:28:28 ----A---- C:\WINDOWS\system32\w3svapi.dll
2008-08-28 12:28:28 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2008-08-28 12:28:28 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2008-08-28 12:28:28 ----A---- C:\WINDOWS\system32\axperf.ini
2008-08-28 12:28:28 ----A---- C:\WINDOWS\system32\aspperf.dll
2008-08-28 12:28:26 ----A---- C:\WINDOWS\system32\iisrstap.dll
2008-08-28 12:28:26 ----A---- C:\WINDOWS\system32\iisreset.exe
2008-08-28 12:28:26 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\wamregps.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\infoadmn.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\inetsloc.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\iismui.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\iismap.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\iisext.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\exstrace.dll
2008-08-28 12:28:25 ----A---- C:\WINDOWS\system32\admwprox.dll
2008-08-28 12:28:24 ----A---- C:\WINDOWS\system32\iisrtl.dll
2008-08-28 12:28:21 ----A---- C:\WINDOWS\system32\staxmem.dll
2008-08-28 12:28:21 ----A---- C:\WINDOWS\system32\infoctrs.ini
2008-08-28 12:28:21 ----A---- C:\WINDOWS\system32\infoctrs.dll
2008-08-28 12:28:21 ----A---- C:\WINDOWS\system32\convlog.exe
2008-08-28 12:28:21 ----A---- C:\WINDOWS\system32\admxprox.dll
2008-08-28 12:28:15 ----A---- C:\WINDOWS\system32\adsiis.dll
2008-08-28 12:27:30 ----D---- C:\WINDOWS\system32\msmq
2008-08-28 12:27:30 ----D---- C:\WINDOWS\system32\Logfiles
2008-08-28 03:28:27 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-08-28 03:28:27 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-08-28 03:28:27 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-08-28 03:28:27 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-08-28 03:28:27 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-08-28 03:28:26 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-08-28 03:28:25 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-08-28 03:28:24 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-08-28 03:28:24 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-08-28 03:28:24 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-08-28 03:28:24 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-08-28 03:28:23 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-08-28 03:28:23 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-08-28 03:28:23 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-08-28 03:28:23 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-08-28 03:28:23 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-08-28 03:28:22 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-08-28 03:28:22 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-08-28 03:28:22 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-08-28 03:28:22 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-08-28 03:28:22 ----A---- C:\WINDOWS\system32\d3