|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
Thread Tools |
12-27-2007, 04:31 PM
|
#1 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 21
OS: Win XP Pro (SP2)
|
AV Alerts: esentpr.dll
Straight to the point.
Norton Antivirus is popping up periodically telling me it's found a trojan horse here: C:\\WINDOWS\system32\esentpr.dll It cannot heal, quarantine or delete said file and now I don't know what to do. I am running XP Pro (SP2) on my new iMac, I run Windows on Bootcamp (natively) so it (in theory) acts as if was an actual PC machine. I look forward to any help you can give me. ---------- I have done the "5 Steps" Step 1: No 'suspect' programs or programs listed were found. Step 2: I could not complete the online scan, my PC froze before the scan was complete. I retried 3 times over. Step 3: Installed Spyware Blaster and IE-Spyad successfully. Step 4: I am already running XP SP2 Step 5: I could not run DSS.exe without my PC crashing so I just ran HijackThis and saved a log which can be found below. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21:49, on 27/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\VMware\VMware Tools\vmacthlp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\IRW.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe C:\Program Files\Boot Camp\KbdMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\AppleOSSMgr.exe C:\WINDOWS\system32\AppleTimeSrv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Parallels\Parallels Tools\toolsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {7F6B0FFF-45C4-413A-B257-B411C8C8D0EB} - C:\WINDOWS\system32\esentpr.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197119252155 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- End of file - 8460 bytes |
|
     |
|
12-30-2007, 08:39 PM
|
#2 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Posts: 3,045
OS: XP
|
Re: AV Alerts: esentpr.dll
Hi, welcome to TSF!
Make sure DSS is in your desktop. Click start > run > copy and paste: "%userprofile%\desktop\dss.exe" /config When the DSS configuration window comes out, make sure everything is checked except for "Temp Cleanup" and "Event Logs" After that, click the "Scan!" button Post main.txt and extra.txt please.
__________________
Proud member of UNITE and ASAP since 2006  If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
12-31-2007, 05:24 AM
|
#3 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 21
OS: Win XP Pro (SP2)
|
Re: AV Alerts: esentpr.dll
Thank you for replying to my thread, I run DSS under your configuration and it worked.
The main results are below and the "extra.txt." has been attached. ** Deckard's System Scanner v20071014.68 Run by Owner on 2007-12-31 12:19:56 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- -- Last 4 Restore Point(s) -- 4: 2007-12-31 12:18:31 UTC - RP4 - Deckard's System Scanner Restore Point 3: 2007-12-30 00:40:43 UTC - RP3 - System Checkpoint 2: 2007-12-27 23:18:22 UTC - RP2 - Deckard's System Scanner Restore Point 1: 2007-12-27 23:14:02 UTC - RP1 - System Checkpoint Backed up registry hives. -- HijackThis (run as Owner.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:20:15, on 31/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\VMware\VMware Tools\vmacthlp.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\AppleOSSMgr.exe C:\WINDOWS\system32\AppleTimeSrv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\perfs.exe C:\WINDOWS\system32\routing.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Parallels\Parallels Tools\toolsrv.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\IRW.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe C:\program files\powerstrip\pstrip.exe C:\Program Files\Boot Camp\KbdMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Owner\desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {7F6B0FFF-45C4-413A-B257-B411C8C8D0EB} - C:\WINDOWS\system32\esentpr.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IRW] C:\WINDOWS\system32\IRW.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\KbdMgr.exe O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1197119252155 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\WINDOWS\system32\AppleOSSMgr.exe O23 - Service: Apple Time Service (AppleTimeSrv) - Apple Inc. - C:\WINDOWS\system32\AppleTimeSrv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe O23 - Service: VMware Physical Disk Helper Service - VMware, Inc. - C:\Program Files\VMware\VMware Tools\vmacthlp.exe -- End of file - 8568 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 npaoelux - c:\windows\system32\drivers\ykxahxda.dat R0 Vax347b - c:\windows\system32\drivers\vax347b.sys R0 Vax347s - c:\windows\system32\drivers\vax347s.sys R2 KeyAgent - c:\windows\system32\drivers\keyagent.sys <Not Verified; Apple Inc.; Boot Camp> R2 MacHALDriver (Mac HAL) - c:\windows\system32\drivers\machaldriver.sys <Not Verified; Apple Inc.; > R2 PrlTime (Parallels Time Synchronization Driver) - c:\windows\system32\drivers\prltime.sys S1 PrlNP - c:\windows\system32\drivers\prlfs.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> S2 prl_paravirt_32 (Parallels Paravirtualization Driver) - c:\windows\system32\drivers\prl_paravirt_32.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 3.0> S3 PCITG - c:\windows\system32\drivers\pcitg.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> S3 prleth (Parallels Network Adapter) - c:\windows\system32\drivers\prleth.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 3.0> S3 PrlMouse (Parallels Mouse Synchronization Tool) - c:\windows\system32\drivers\prlmouse.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> S3 PrlVideo - c:\windows\system32\drivers\prlvideo.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 perfmons (perfmons Service) - c:\windows\system32\perfs.exe R2 Routing (Routing Service) - c:\windows\system32\routing.exe R2 toolsrv (Parallels Tools Utility Service) - c:\program files\parallels\parallels tools\toolsrv.exe <Not Verified; Parallels Software International, Inc.; Parallels Tools> S2 cohrence (Parallels Coherence Service) - "c:\program files\parallels\parallels tools\cohrence.exe" <Not Verified; Parallels Software International, Inc.; Parallels Tools> S3 TPAutoConnSvc (TP AutoConnect Service) - "c:\program files\vmware\vmware tools\tpautoconnsvc.exe" <Not Verified; ThinPrint GmbH; TPAutoConnect> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Process Modules ------------------------------------------------------------- C:\WINDOWS\explorer.exe (pid 484) 2007-11-15 13:11:04 43008 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll <Not Verified; Apple Inc.; iTunes> 2007-11-15 13:11:04 129536 --a------ C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll <Not Verified; Apple Inc.; iTunes> 2007-04-07 21:20:36 22776 --a------ C:\Program Files\PowerStrip\PShook.dll <Not Verified; EnTech Taiwan; PowerStrip> 2007-12-03 15:04:42 78848 --a------ C:\WINDOWS\system32\PRLNP.DLL 2007-09-20 18:34:58 129024 --a------ C:\Program Files\WinRAR\RarExt.dll 2007-12-03 15:02:18 434176 --a------ C:\Program Files\Parallels\Parallels Tools\PrlSAShellExt.dll <Not Verified; Parallels Software International, Inc.; Parallels Shared Applications Shell Extension> -- Scheduled Tasks ------------------------------------------------------------- 2007-12-31 12:14:08 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2007-12-08 13:05:26 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-11-30 and 2007-12-31 ----------------------------- 2007-12-28 21:50:03 0 d-------- C:\Program Files\Rapget 2007-12-27 23:15:09 0 d-------- C:\Program Files\Trend Micro 2007-12-26 15:17:45 0 d-------- C:\Program Files\SopCast 2007-12-25 17:13:02 0 d-------- C:\Documents and Settings\Owner\Contacts 2007-12-25 17:10:17 0 d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-25 17:10:09 0 d-------- C:\Program Files\Windows Live 2007-12-25 17:10:04 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-25 13:35:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-25 13:35:37 0 d-------- C:\Documents and Settings\Owner\Application Data\Azureus 2007-12-25 13:34:32 0 d-------- C:\Program Files\Azureus 2007-12-20 19:44:18 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2007-12-20 19:43:51 8576 --a------ C:\WINDOWS\system32\drivers\rvsvtnmrjrcn.sys <Not Verified; Panda Software International; RKPavProc Driver> 2007-12-20 19:43:05 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library> 2007-12-20 19:43:04 0 d-------- C:\Program Files\SpywareBlaster 2007-12-20 19:30:21 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-12-20 18:39:04 0 d-------- C:\Program Files\Maxis 2007-12-20 18:37:03 535 --a------ C:\WINDOWS\eReg.dat 2007-12-20 15:17:21 0 d-------- C:\Program Files\SymNetDrv 2007-12-20 15:16:37 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec 2007-12-20 14:39:58 0 d-------- C:\Program Files\Norton Personal Firewall 2007-12-20 14:15:55 2397 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-12-20 14:15:52 0 d-------- C:\Program Files\Norton AntiVirus 2007-12-20 14:15:38 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec 2007-12-20 14:15:36 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-12-20 14:15:24 0 d-------- C:\Program Files\Symantec 2007-12-20 14:15:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-20 13:55:04 0 d-------- C:\Documents and Settings\LocalService\Application Data\VMware 2007-12-20 13:54:59 0 d-------- C:\Documents and Settings\Owner\Application Data\VMware 2007-12-19 13:00:18 0 d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-12-19 13:00:10 0 d-------- C:\Program Files\Lavasoft 2007-12-19 12:48:42 0 d-------- C:\Documents and Settings\All Users\Application Data\VMware 2007-12-19 12:48:08 0 d-------- C:\Program Files\VMware 2007-12-19 12:47:18 364544 -ra------ C:\WINDOWS\system32\TPSvc.dll <Not Verified; ThinPrint GmbH; TPSvc> 2007-12-18 22:16:43 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-18 22:13:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-18 00:18:58 0 d-------- C:\WINDOWS\system32\config 2007-12-13 16:24:09 32768 --a------ C:\WINDOWS\system32\routing.exe 2007-12-10 22:25:07 520192 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart> 2007-12-10 21:24:53 0 d-------- C:\Documents and Settings\Owner\Application Data\ATI 2007-12-10 21:23:55 0 d-------- C:\Program Files\ATI Technologies 2007-12-10 21:23:44 0 d-------- C:\AMD 2007-12-10 21:20:52 0 d--hs---- C:\WINDOWS\CSC 2007-12-10 21:14:32 0 d-------- C:\Program Files\PowerStrip 2007-12-10 17:08:13 0 d-------- C:\Desktop 2007-12-10 17:08:13 0 d--h----- C:\.TemporaryItems 2007-12-09 18:34:24 0 d-------- C:\Documents and Settings\Owner\Application Data\WinRAR 2007-12-09 12:10:20 0 d-------- C:\Program Files\EA GAMES 2007-12-09 12:10:19 442368 -ra------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6> 2007-12-09 11:51:59 5248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2007-12-09 11:51:59 159616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2007-12-09 11:51:58 0 d-------- C:\Program Files\Alcohol Soft 2007-12-09 11:46:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia 2007-12-09 11:46:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe 2007-12-09 11:45:51 1158 --a------ C:\WINDOWS\mozver.dat 2007-12-09 11:42:48 0 d-------- C:\WINDOWS\network diagnostic 2007-12-09 11:40:54 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-09 11:40:53 0 d-------- C:\Documents and Settings\Owner\Application Data\Mozilla 2007-12-09 11:40:49 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia 2007-12-09 11:27:12 0 d-------- C:\Program Files\MSXML 6.0 2007-12-09 11:23:48 19456 --a------ C:\WINDOWS\system32\drivers\ykxahxda.dat 2007-12-09 00:23:20 0 d-------- C:\Program Files\MSBuild 2007-12-09 00:21:19 0 d-------- C:\WINDOWS\system32\XPSViewer 2007-12-09 00:20:58 0 d-------- C:\Program Files\Reference Assemblies 2007-12-09 00:20:15 0 d-------- C:\c87d1ed0ff7c4f3bae 2007-12-09 00:17:02 0 d-------- C:\Program Files\Windows Media Connect 2 2007-12-09 00:16:24 0 d-------- C:\WINDOWS\system32\LogFiles 2007-12-09 00:16:24 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2007-12-09 00:15:47 84992 --a------ C:\WINDOWS\system32\esentpr.dll 2007-12-09 00:13:15 0 d-------- C:\WINDOWS\RegisteredPackages 2007-12-09 00:11:07 0 d-------- C:\WINDOWS\system32\URTTemp 2007-12-08 23:59:07 40 --a------ C:\WINDOWS\system32\drmgs.sys 2007-12-08 23:59:06 45056 --a------ C:\WINDOWS\system32\Indt2.sys <Not Verified; a; Microsoft Internet Explorer> 2007-12-08 23:59:04 253440 --a------ C:\WINDOWS\system32\ndt2.sys 2007-12-08 23:58:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2007-12-08 13:43:09 0 d-a------ C:\File Transfer 2007-12-08 13:39:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2007-12-08 13:32:48 0 d--h----- C:\WINDOWS\system32\GroupPolicy 2007-12-08 13:32:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Parallels 2007-12-08 13:32:29 274519 --a------ C:\WINDOWS\system32\wined3d.dll 2007-12-08 13:32:29 27136 --a------ C:\WINDOWS\system32\PrlVideo.dll <Not Verified; Parallels Software International, Inc.; Parallels Tools> 2007-12-08 13:32:29 143360 --a------ C:\WINDOWS\system32\PrlIcd32.dll <Not Verified; Parallels Software International, Inc.; Parallels Tools> 2007-12-08 13:32:29 53332 --a------ C:\WINDOWS\system32\PrlD3d9.dll <Not Verified; Microsoft Corporation; Wine> 2007-12-08 13:32:29 49236 --a------ C:\WINDOWS\system32\PrlD3d8.dll <Not Verified; Microsoft Corporation; Wine> 2007-12-08 13:32:29 16384 --a------ C:\WINDOWS\system32\drivers\PrlVideo.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> 2007-12-08 13:32:29 2546 --a------ C:\WINDOWS\system32\drivers\prltime.sys 2007-12-08 13:32:29 14953 --a------ C:\WINDOWS\system32\drivers\prl_paravirt_32.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 3.0> 2007-12-08 13:32:29 15232 --a------ C:\WINDOWS\system32\drivers\pcitg.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> 2007-12-08 13:32:28 78848 --a------ C:\WINDOWS\system32\PRLNP.DLL 2007-12-08 13:32:28 5337 --a------ C:\WINDOWS\system32\drivers\PrlMouse.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools> 2007-12-08 13:32:28 138368 --a------ C:\WINDOWS\system32\drivers\PRLFS.SYS <Not Verified; Parallels Software International, Inc.; Parallels Tools> 2007-12-08 13:32:28 6112 --a------ C:\WINDOWS\system32\drivers\prleth.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 3.0> 2007-12-08 13:32:26 0 d-------- C:\Program Files\Parallels 2007-12-08 13:29:40 49152 -----n--- C:\WINDOWS\igt.exe 2007-12-08 13:15:37 0 d--h----- C:\.Spotlight-V100 2007-12-08 13:15:35 0 d--h----- C:\.Trashes 2007-12-08 13:12:05 0 d-------- C:\WINDOWS\system32\PreInstall 2007-12-08 13:12:04 0 d--h----- C:\WINDOWS\$hf_mig$ 2007-12-08 13:10:43 0 d--hs---- C:\Recycled 2007-12-08 13:08:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer 2007-12-08 13:08:05 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-12-08 13:07:59 0 d-------- C:\Program Files\iPod 2007-12-08 13:07:56 0 d-------- C:\Program Files\iTunes 2007-12-08 13:07:38 0 d-------- C:\Program Files\QuickTime 2007-12-08 13:07:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-12-08 13:07:17 0 d--hs---- C:\Documents and Settings\Owner\UserData 2007-12-08 13  58 0 d-------- C:\Program Files\Common Files\Apple2007-12-08 13:05:57 0 d-------- C:\WINDOWS\pss 2007-12-08 13:05:22 0 d-------- C:\Program Files\Apple Software Update 2007-12-08 13:02:35 0 d-------- C:\WINDOWS\system32\Lang 2007-12-08 13:01:16 12 --a------ C:\WINDOWS\bthservsdp.dat 2007-12-08 13:00:08 0 d-------- C:\Program Files\Intel 2007-12-08 12:59:48 0 d-------- C:\Program Files\Boot Camp 2007-12-08 12:59:07 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-12-08 12:58:28 0 d-------- C:\Program Files\Motorola 2007-12-08 12:58:24 49152 --a------ C:\WINDOWS\system32\ChCfg.exe 2007-12-08 12:58:09 0 d-------- C:\WINDOWS\system32\RTCOM 2007-12-08 12:58:04 0 d-------- C:\Program Files\Realtek 2007-12-08 12:58:03 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2007-12-08 12:58:03 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2007-12-08 12:57:37 0 d-------- C:\Program Files\SigmaTel 2007-12-08 12:57:05 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-12-08 12:56:48 0 d-------- C:\Program Files\Common Files\InstallShield 2007-12-08 12:56:30 0 d-------- C:\Intel 2007-12-08 12:56:03 0 d-------- C:\Program Files\DIFX 2007-12-08 12:56:02 0 d-------- C:\WINDOWS\system32\DRVSTORE 2007-12-08 12:55:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-08 00:12:01 0 d-------- C:\Documents and Settings\Owner\Application Data\Identities 2007-12-08 00:11:56 0 d--h----- C:\Documents and Settings\Owner\Templates 2007-12-08 00:11:56 0 dr------- C:\Documents and Settings\Owner\Start Menu 2007-12-08 00:11:56 0 dr-h----- C:\Documents and Settings\Owner\SendTo 2007-12-08 00:11:56 0 dr-h----- C:\Documents and Settings\Owner\Recent 2007-12-08 00:11:56 0 d--h----- C:\Documents and Settings\Owner\PrintHood 2007-12-08 00:11:56 0 d--h----- C:\Documents and Settings\Owner\NetHood 2007-12-08 00:11:56 0 dr------- C:\Documents and Settings\Owner\My Documents 2007-12-08 00:11:56 0 dr------- C:\Documents and Settings\Owner\Favorites 2007-12-08 00:11:56 0 d-------- C:\Documents and Settings\Owner\Desktop 2007-12-08 00:11:56 0 d--hs---- C:\Documents and Settings\Owner\Cookies 2007-12-08 00:11:56 0 dr-h----- C:\Documents and Settings\Owner\Application Data 2007-12-08 00:11:55 3407872 --ah----- C:\Documents and Settings\Owner\NTUSER.DAT 2007-12-08 00:11:55 0 d--h----- C:\Documents and Settings\Owner\Local Settings 2007-12-08 00:10:56 0 d--hs---- C:\System Volume Information 2007-12-08 00:10:55 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-12-08 00:10:54 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-12-08 00:10:54 0 d-------- C:\WINDOWS\Prefetch 2007-12-08 00:10:53 1572864 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT 2007-12-08 00:10:53 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-12-08 00:10:53 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2007-12-08 00:10:53 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-12-08 00:10:53 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-12-08 00:10:41 1572864 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-12-08 00:10:41 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-12-08 00:10:41 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2007-12-08 00:10:41 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-12-08 00:10:41 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-12-08 00:07:49 0 d-------- C:\WINDOWS\system32\xircom 2007-12-08 00:07:49 0 d-------- C:\Program Files\microsoft frontpage 2007-12-08 00:07:43 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-12-08 00:07:39 0 -rahs---- C:\MSDOS.SYS 2007-12-08 00:07:39 0 -rahs---- C:\IO.SYS 2007-12-08 00:07:39 0 --a------ C:\CONFIG.SYS 2007-12-08 00:07:39 0 --a------ C:\AUTOEXEC.BAT 2007-12-08 00:07:02 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-12-08 00 55 0 dr------- C:\WINDOWS\Offline Web Pages2007-12-08 00 55 0 d---s---- C:\WINDOWS\Downloaded Program Files2007-12-08 00 48 0 d--h----- C:\Program Files\WindowsUpdate2007-12-08 00 28 0 d-------- C:\WINDOWS\system32\DirectX2007-12-08 00:05:30 0 d---s---- C:\WINDOWS\Tasks 2007-12-08 00:05:28 0 d-------- C:\Program Files\Common Files\MSSoap 2007-12-08 00:05:22 0 d-------- C:\WINDOWS\srchasst 2007-12-08 00:05:21 0 d-------- C:\WINDOWS\system32\Macromed 2007-12-08 00:05:10 0 d-------- C:\Program Files\Movie Maker 2007-12-08 00:04:56 0 d-------- C:\WINDOWS\system32\Restore 2007-12-08 00:04:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-12-08 00:04:01 0 d-------- C:\WINDOWS\Registration 2007-12-08 00:03:57 0 d-------- C:\Program Files\Online Services 2007-12-08 00:03:51 0 d-------- C:\Program Files\Messenger 2007-12-08 00:03:46 0 d-------- C:\Program Files\MSN Gaming Zone 2007-12-08 00:02:38 0 d-------- C:\Program Files\Windows NT 2007-12-08 00:02:33 0 d-------- C:\WINDOWS\system32\MsDtc 2007-12-08 00:02:30 0 d-------- C:\WINDOWS\system32\Com 2007-12-07 23:54:20 0 d--hs---- C:\WINDOWS\Installer 2007-12-07 23:54:20 0 d-------- C:\Program Files\Common Files\ODBC 2007-12-07 23:54:16 0 dr------- C:\Program Files 2007-12-07 23:54:16 0 d-------- C:\Program Files\Common Files 2007-12-07 23:54:16 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-12-07 23:53:44 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-12-07 23:53:44 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-12-07 23:53:44 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-12-07 23:53:44 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-12-07 23:53:44 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-12-07 23:53:44 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-12-07 23:53:44 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-12-07 23:53:44 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-12-07 23:53:44 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-12-07 23:53:44 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-12-07 23:53:44 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-12-07 23:53:44 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-12-07 23:53:44 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-12-07 23:53:44 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-12-07 23:53:44 0 dr------- C:\Documents and Settings\All Users\Documents 2007-12-07 23:53:44 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-12-07 23:53:31 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-12-07 23:53:31 0 d-------- C:\WINDOWS\system32\CatRoot 2007-12-07 23:53:26 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-12-07 23:53:26 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-12-07 23:53:25 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-12-07 23:53:25 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-12-07 23:53:04 0 d-------- C:\Documents and Settings 2007-12-07 23:44:24 0 d-------- C:\WINDOWS 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\WinSxS 2007-12-07 23:44:24 0 dr------- C:\WINDOWS\Web 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\twain_32 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\wins 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\wbem 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\usmt 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\spool 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\ShellExt 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\Setup 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\ras 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\oobe 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\npp 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\mui 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\inetsrv 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\IME 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\icsxml 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\ias 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\export 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\drivers 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-12-07 23:44:24 0 dr-hs---- C:\WINDOWS\system32\dllcache 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\dhcp 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\3076 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\2052 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1054 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1042 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1041 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1037 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1033 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1031 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1028 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system32\1025 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\system 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\security 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Resources 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\repair 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Provisioning 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\PeerNet 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\pchealth 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\mui 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\msapps 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\msagent 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Media 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\java 2007-12-07 23:44:24 0 d--h----- C:\WINDOWS\inf 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\ime 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Help 2007-12-07 23:44:24 0 dr--s---- C:\WINDOWS\Fonts 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\ehome 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Driver Cache 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Debug 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Cursors 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Connection Wizard 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\Config 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\AppPatch 2007-12-07 23:44:24 0 d-------- C:\WINDOWS\addins -- Find3M Report --------------------------------------------------------------- 2007-12-07 23:53:46 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini 2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework> 2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System> 2007-10-08 20:56:38 6656 --a------ C:\WINDOWS\system32\SwissA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\SwedishA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6656 --a------ C:\WINDOWS\system32\SpanishA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 5632 --a------ C:\WINDOWS\system32\RussianA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\PortuguA.dll <Not Verified; Apple; > 2007-10-08 20:56:38 7168 --a------ C:\WINDOWS\system32\PolishA.dll <Not Verified; Apple; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\NorwayA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 5632 --a------ C:\WINDOWS\system32\ItalianA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\GermanA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\FrenchA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\FinnishA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6656 --a------ C:\WINDOWS\system32\DutchA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6144 --a------ C:\WINDOWS\system32\DanishA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 6656 --a------ C:\WINDOWS\system32\CanadaA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 5632 --a------ C:\WINDOWS\system32\BritishA.dll <Not Verified; Apple Inc.; > 2007-10-08 20:56:38 7168 --a------ C:\WINDOWS\system32\BelgiumA.dll <Not Verified; Apple Inc.; > -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F6B0FFF-45C4-413A-B257-B411C8C8D0EB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 12:00 C:\WINDOWS\system32\bthprops.cpl] "IRW"="C:\WINDOWS\system32\IRW.exe" [08/10/2007 20:56] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [14/11/2007 23:43] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [15/11/2007 13:11] "Parallels Tools"="C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe" [03/12/2007 15:02] "SharedInternetApplication"="C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" [03/12/2007 15:00] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [14/07/2007 09:35] "Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [08/10/2007 22:06] "VMware Tools"="C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [19/12/2007 12:47] "VMware User Process"="C:\Program Files\VMware\VMware Tools\VMwareUser.exe" [19/12/2007 12:47] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/09/2003 07:20] "RTHDCPL"="RTHDCPL.EXE" [06/11/2007 10:50 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:00] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc] TPSvc.dll 19/12/2007 12:47 364544 C:\WINDOWS\system32\TPSvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ -- Hosts ----------------------------------------------------------------------- 127.0.0.1 .psf 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 010402.com 127.0.0.1 032439.com 7695 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-12-31 12:20:58 ------------ |
|
|
|
|
12-31-2007, 06:15 AM
|
#4 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Posts: 3,045
OS: XP
|
Re: AV Alerts: esentpr.dll
Hi, I see that VMwareTools is installed in the system.. Is this machine inside a VM environment?
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
12-31-2007, 03:11 PM
|
#5 (permalink) | |
|
Registered User
Join Date: Dec 2006
Posts: 21
OS: Win XP Pro (SP2)
|
Re: AV Alerts: esentpr.dll
Quote:
In fact I only had my problem after both Paralells and VM Ware trials ran out. Now I only run Windows natively. |
|
|
|
|
|
12-31-2007, 07:33 PM
|
#6 (permalink) |
|
Moderator/Analyst, Security Team ; Rangemaster, TSF Academy
Join Date: Oct 2006
Posts: 3,045
OS: XP
|
Re: AV Alerts: esentpr.dll
Hi,
You have a stubborn delf variant on-board.. Download combofix.exe
__________________
Proud member of UNITE and ASAP since 2006 If we have helped you, please consider donating. The past won't be able to hurt you unless you keep on looking back at it. |
|
|
|
|
01-01-2008, 07:49 AM
|
#7 (permalink) |
|
Registered User
Join Date: Dec 2006
Posts: 21
OS: Win XP Pro (SP2)
|
Re: AV Alerts: esentpr.dll
ComboFix log ComboFix 07-12-31.4 - Owner 2008-01-01 14:35:14.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.570 [GMT 0:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\ykxaahxda.dat C:\WINDOWS\system32\esentpr.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NPAOELUX -------\npaoelux ((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 ))))))))))))))))))))))))))))))) . 2008-01-01 14:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-12-31 12:18 . 2007-12-31 12:18 <DIR> d-------- C:\Deckard 2007-12-28 21:50 . 2007-12-28 21:50 <DIR> d-------- C:\Program Files\Rapget 2007-12-28 21:49 . 2007-12-28 22:07 754 --a------ C:\WINDOWS\WORDPAD.INI 2007-12-27 23:15 . 2007-12-27 23:15 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-26 15:17 . 2007-12-26 15:17 <DIR> d-------- C:\Program Files\SopCast 2007-12-26 15:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2007-12-26 15:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2007-12-26 15:03 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2007-12-25 17:13 . 2007-12-25 17:13 <DIR> d-------- C:\Documents and Settings\Owner\Contacts 2007-12-25 17:10 . 2007-12-25 17:10 <DIR> d-------- C:\Program Files\Windows Live 2007-12-25 17:10 . 2007-12-25 17:10 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-25 17:10 . 2007-12-25 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-25 13:35 . 2007-12-25 13:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Azureus 2007-12-25 13:35 . 2007-12-25 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus 2007-12-25 13:34 . 2007-12-25 13:34 <DIR> d-------- C:\Program Files\Azureus 2007-12-20 19:44 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2007-12-20 19:43 . 2007-12-20 19:43 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-20 19:43 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL 2007-12-20 19:43 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX 2007-12-20 19:43 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\rvsvtnmrjrcn.sys 2007-12-20 19:30 . 2007-12-20 19:30 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-20 19:30 . 2007-12-20 19:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-20 19:30 . 2007-12-20 19:30 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-20 19:30 . 2007-12-20 19:30 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-20 18:39 . 2007-12-20 18:39 <DIR> d-------- C:\Program Files\Maxis 2007-12-20 18:37 . 2007-12-20 18:39 535 --a------ C:\WINDOWS\eReg.dat 2007-12-20 15:17 . 2007-12-20 15:17 <DIR> d-------- C:\Program Files\SymNetDrv 2007-12-20 15:16 . 2007-12-20 15:16 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Symantec 2007-12-20 14:39 . 2007-12-20 14:40 <DIR> d-------- C:\Program Files\Norton Personal Firewall 2007-12-20 14:15 . 2007-12-20 14:15 <DIR> d-------- C:\Program Files\Symantec 2007-12-20 14:15 . 2007-12-20 14:15 <DIR> d-------- C:\Program Files\Norton AntiVirus 2007-12-20 14:15 . 2007-12-20 14:15 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2007-12-20 14:15 . 2007-12-20 14:15 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Symantec 2007-12-20 14:15 . 2007-12-20 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2007-12-20 14:15 . 2003-08-16 07:22 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-12-20 14:15 . 2003-08-16 07:22 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-12-20 14:15 . 2,397 C:\WINDOWS\system32\drivers\symlcbrd.sys 2007-12-20 13:55 . 2007-12-20 13:55 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\VMware 2007-12-20 13:54 . 2007-12-20 13:55 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\VMware 2007-12-19 13:00 . 2007-12-19 13:00 <DIR> d-------- C:\Program Files\Lavasoft 2007-12-19 13:00 . 2007-12-19 13:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft 2007-12-19 12:50 . 2007-12-19 12:47 103,088 --a------ C:\WINDOWS\system32\drivers\hgfs.sys 2007-12-19 12:50 . 2007-12-19 12:47 92,720 --a------ C:\WINDOWS\system32\hgfs.dll 2007-12-19 12:50 . 2004-08-03 23:07 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS 2007-12-19 12:50 . 2004-08-03 23:07 42,368 --a------ C:\WINDOWS\system32\dllcache\agp440.sys 2007-12-19 12:50 . 2007-12-19 12:47 36,400 --a------ C:\WINDOWS\system32\drivers\lgtosync.sys 2007-12-19 12:50 . 2007-12-19 12:47 36,016 -ra------ C:\WINDOWS\system32\drivers\vmxnet.sys 2007-12-19 12:50 . 2007-12-19 12:47 17,968 -ra------ C:\WINDOWS\system32\drivers\vmscsi.sys 2007-12-19 12:50 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-12-19 12:50 . 2004-08-03 23:08 10,624 --a------ C:\WINDOWS\system32\dllcache\gameenum.sys 2007-12-19 12:49 . 2007-12-19 12:47 98,480 -ra------ C:\WINDOWS\system32\vmx_fb.dll 2007-12-19 12:49 . 2007-12-19 12:47 62,768 -ra------ C:\WINDOWS\system32\drivers\vmx_svga.sys 2007-12-19 12:49 . 2001-08-17 12:19 40,704 --a------ C:\WINDOWS\system32\drivers\es1371mp.sys 2007-12-19 12:49 . 2001-08-17 12:19 40,704 --a------ C:\WINDOWS\system32\dllcache\es1371mp.sys 2007-12-19 12:49 . 2007-12-19 12:47 16,432 -ra------ C:\WINDOWS\system32\vmx_mode.dll 2007-12-19 12:49 . 2007-12-19 12:47 11,696 -ra------ C:\WINDOWS\system32\drivers\vmmouse.sys 2007-12-19 12:48 . 2007-12-19 12:48 <DIR> d-------- C:\Program Files\VMware 2007-12-19 12:48 . 2007-12-19 12:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VMware 2007-12-19 12:48 . 2001-08-17 12:11 35,328 --a------ C:\WINDOWS\system32\drivers\pcntpci5.sys 2007-12-19 12:48 . 2001-08-17 12:11 35,328 --a------ C:\WINDOWS\system32\dllcache\pcntpci5.sys 2007-12-18 22:16 . 2007-12-18 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-18 22:13 . 2007-12-18 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-18 00:18 . 2007-12-18 00:18 <DIR> d-------- C:\WINDOWS\system32\config 2007-12-13 16:24 . 2007-12-13 16:24 32,768 --a------ C:\WINDOWS\system32\routing.exe 2007-12-10 22:25 . 2007-06-14 21:05 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-12-10 21:45 . 2007-12-10 21:45 10 --a------ C:\WINDOWS\WININIT.INI 2007-12-10 21:24 . 2007-12-10 21:24 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ATI 2007-12-10 21:23 . 2007-12-10 21:23 <DIR> d-------- C:\Program Files\ATI Technologies 2007-12-10 21:23 . 2007-12-10 21:23 <DIR> d-------- C:\AMD 2007-12-10 21:14 . 2007-12-10 21:14 <DIR> d-------- C:\Program Files\PowerStrip 2007-12-10 17:08 . 2007-12-10 17:08 <DIR> d-------- C:\Desktop 2007-12-10 17:08 . 2007-12-10 17:08 <DIR> d--h----- C:\.TemporaryItems 2007-12-10 17:08 . 2007-12-10 17:08 4,096 --ah----- C:\._.TemporaryItems 2007-12-09 12:23 . 2005-05-03 18:43 69,632 --a------ C:\WINDOWS\Alcmtr.exe 2007-12-09 12:23 . 2007-11-14 15:18 553 --a------ C:\WINDOWS\USetup.iss 2007-12-09 12:10 . 2007-12-09 12:10 <DIR> d-------- C:\Program Files\EA GAMES 2007-12-09 12:10 . 2004-08-18 08:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll 2007-12-09 12:05 . 2007-12-09 12:05 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-12-09 12:05 . 2007-12-09 12:05 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-12-09 11:51 . 2007-12-09 11:52 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-12-09 11:51 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2007-12-09 11:51 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2007-12-09 11:45 . 2007-12-09 11:45 1,158 --a------ C:\WINDOWS\mozver.dat 2007-12-09 11:44 . 2007-10-10 23:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-12-09 11:44 . 2007-04-17 09:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-12-09 11:44 . 2007-03-08 05:10 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2007-12-09 11:44 . 2007-10-10 23:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-12-09 11:44 . 2007-10-10 23:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-12-09 11:44 . 2007-10-10 23:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-12-09 11:44 . 2007-10-10 23:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2007-12-09 11:44 . 2007-10-10 23:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-12-09 11:44 . 2007-10-10 10:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-12-09 11:40 . 2007-12-09 11:40 0 --a------ C:\WINDOWS\nsreg.dat 2007-12-09 11:27 . 2007-12-09 11:27 <DIR> d-------- C:\Program Files\MSXML 6.0 2007-12-09 00:23 . 2007-12-09 00:23 <DIR> d-------- C:\Program Files\MSBuild 2007-12-09 00:21 . 2007-12-09 00:21 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-12-09 00:20 . 2007-12-09 00:21 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-12-09 00:20 . 2007-12-09 00:20 <DIR> d-------- C:\c87d1ed0ff7c4f3bae 2007-12-09 00:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-19 12:47 89,088 ----a-w C:\WINDOWS\system32\atl71.dll 2007-12-19 12:47 67,184 ----a-r C:\WINDOWS\system32\TPVMMonUI.dll 2007-12-19 12:47 364,544 ----a-r C:\WINDOWS\system32\TPSvc.dll 2007-12-19 12:47 34,352 ----a-w C:\WINDOWS\system32\vmGuestLib.dll 2007-12-19 12:47 284,280 ----a-r C:\WINDOWS\system32\TPVMMon.dll 2007-12-19 12:47 21,552 ----a-w C:\WINDOWS\system32\vmGuestLibJava.dll 2007-12-19 12:47 112,200 ----a-r C:\WINDOWS\system32\TPVMW32.dll 2007-12-19 12:47 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll 2007-12-19 12:47 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll 2007-12-13 16:25 96,768 ----a-w C:\WINDOWS\system32\dpcdll.dll 2007-12-13 16:25 423,936 ----a-w C:\WINDOWS\system32\licdll.dll 2007-12-13 16:25 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll 2007-12-13 16:25 2,136,064 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2007-12-13 16:25 2,015,744 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2007-12-13 16:25 13,107,200 ----a-w C:\WINDOWS\system32\oembios.bin 2007-12-08 12:58 315,392 ----a-w C:\WINDOWS\HideWin.exe 2007-12-08 12:58 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2007-12-08 00:07 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-03 15:04 78,848 ----a-w C:\WINDOWS\system32\PRLNP.DLL 2007-12-03 15:04 53,332 ----a-w C:\WINDOWS\system32\PrlD3d9.dll 2007-12-03 15:04 5,337 ----a-w C:\WINDOWS\system32\drivers\PrlMouse.sys 2007-12-03 15:04 49,236 ----a-w C:\WINDOWS\system32\PrlD3d8.dll 2007-12-03 15:04 274,519 ----a-w C:\WINDOWS\system32\wined3d.dll 2007-12-03 15:04 27,136 ----a-w C:\WINDOWS\system32\PrlVideo.dll 2007-12-03 15:04 2,546 ----a-w C:\WINDOWS\system32\drivers\prltime.sys 2007-12-03 15:04 16,384 ----a-w C:\WINDOWS\system32\drivers\PrlVideo.sys 2007-12-03 15:04 15,232 ----a-w C:\WINDOWS\system32\drivers\pcitg.sys 2007-12-03 15:04 143,360 ----a-w C:\WINDOWS\system32\PrlIcd32.dll 2007-12-03 15:04 138,368 ----a-w C:\WINDOWS\system32\drivers\PRLFS.SYS 2007-12-03 15:03 6,112 ----a-w C:\WINDOWS\system32\drivers\prleth.sys 2007-12-03 15:03 14,953 ----a-w C:\WINDOWS\system32\drivers\prl_paravirt_32.sys 2007-11-14 17:14 4,625,408 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-07 17:31 1,191,936 ----a-w C:\WINDOWS\RtlUpd.exe 2007-11-06 10:50 16,855,552 ----a-w C:\WINDOWS\RTHDCPL.exe 2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll 2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll 2007-10-24 01:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 01:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 01:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 01:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll 2007-10-11 11:04 1,826,816 ----a-w C:\WINDOWS\SkyTel.exe 2007-10-11 09:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll 2007-10-11 09:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe 2007-10-11 09:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll 2007-10-10 23:56 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2007-10-10 23:56 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll 2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll 2007-10-10 23:56 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll 2007-10-10 23:56 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll 2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\system32\dllcache\urlmon.dll 2007-10-10 23:55 478,208 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll 2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll 2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll 2007-10-10 23:55 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll 2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll 2007-10-10 23:55 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll 2007-10-10 23:55 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll 2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll 2007-10-10 23:55 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll 2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll 2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2007-10-09 13:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll 2007-10-09 13:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll 2007-10-09 13:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll 2007-10-09 13:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe 2007-10-09 13:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll 2007-10-09 13:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll 2007-10-09 13:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2007-10-09 13:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll 2007-10-09 12:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe 2007-10-08 22:06 1,213,744 ----a-w C:\WINDOWS\system32\AppleControlPanel.exe 2007-10-08 22:05 99,632 ----a-w C:\WINDOWS\system32\AppleTimeSrv.exe 2007-10-08 22:04 140,592 ----a-w C:\WINDOWS\system32\AppleOSSMgr.exe 2007-10-08 20:59 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll 2007-10-08 20:56 8,097,792 ----a-w C:\WINDOWS\system32\atioglx2.dll 2007-10-08 20:56 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2007-10-08 20:56 7,168 ----a-w C:\WINDOWS\system32\PolishA.dll 2007-10-08 20:56 7,168 ----a-w C:\WINDOWS\system32\BelgiumA.dll 2007-10-08 20:56 6,656 ----a-w C:\WINDOWS\system32\SwissA.dll 2007-10-08 20:56 6,656 ----a-w C:\WINDOWS\system32\SpanishA.dll 2007-10-08 20:56 6,656 ----a-w C:\WINDOWS\system32\DutchA.dll 2007-10-08 20:56 6,656 ----a-w C:\WINDOWS\system32\CanadaA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\SwedishA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\PortuguA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\NorwayA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\GermanA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\FrenchA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\FinnishA.dll 2007-10-08 20:56 6,144 ----a-w C:\WINDOWS\system32\DanishA.dll 2007-10-08 20:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2007-10-08 20:56 50,176 ----a-w C:\WINDOWS\system32\atiok3x2.dll 2007-10-08 20:56 5,632 ----a-w C:\WINDOWS\system32\RussianA.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl] "IRW"="C:\WINDOWS\system32\IRW.exe" [2007-10-08 20:56 147456] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048] "Parallels Tools"="C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe" [2007-12-03 15:02 1064960] "SharedInternetApplication"="C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" [2007-12-03 15:00 77824] "PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-07-14 09:35 730360] "Apple_KbdMgr"="C:\Program Files\Boot Camp\KbdMgr.exe" [2007-10-08 22:06 419120] "VMware Tools"="C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [2007-12-19 12:47 117296] "VMware User Process"="C:\Program Files\VMware\VMware Tools\VMwareUser.exe" [2007-12-19 12:47 375344] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-09-06 07:20 70816] "RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 16855552 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 12:00 15360] "Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [2004-10-29 08:52 218232] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc] TPSvc.dll 2007-12-19 12:47 364544 C:\WINDOWS\system32\TPSvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\ |
