ComboFix 08-01-31.1 - Lance Norwood Jr 2008-01-30 19:09:58.1 - NTFSx86
Running from: C:\Documents and Settings\Lance Norwood Jr\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\SystemDoctor Free
C:\Documents and Settings\Guest\Application Data\Starware316
C:\Documents and Settings\Guest\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\ConfiguratorOptions.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Configurator\ConfiguratorOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Games\Games0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\PreferencesLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\PreferencesLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\WeatherLayout.xml
C:\Documents and Settings\Guest\Application Data\Starware316\Layouts\WeatherLayout.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\Movies0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Reference\ReferenceOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\Guest\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Guest\Application Data\Starware316\Weather\WeatherOptions.xml.backup
C:\Documents and Settings\Lance Norwood Jr\Application Data\CURITY~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\ECURIT~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\ICROSO~1.NET
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\#SharedObjects\LT4PMRND\www.broadcaster.com
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Lance Norwood Jr\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Lance Norwood Jr\Application Data\MANTEC~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\MANTEC~1\javaw.exe
C:\Documents and Settings\Lance Norwood Jr\Application Data\MCROSO~1.NET
C:\Documents and Settings\Lance Norwood Jr\Application Data\RACLE~1
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlocker
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico
C:\Documents and Settings\Lance Norwood Jr\Application Data\STEM~1
C:\Documents and Settings\Lance Norwood Jr\ResErrors.log
C:\Program Files\Common Files\asks~1
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\mantec~1
C:\Program Files\Common Files\mbols~1
C:\Program Files\Common Files\racle~1
C:\Program Files\Common Files\scurit~1
C:\Program Files\Common Files\smbols~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\sstem3~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\wnsxs~1
C:\Program Files\Common Files\ystem3~1
C:\Program Files\dobe~1
C:\Program Files\icroso~1.net
C:\Program Files\pppatc~1
C:\Program Files\sks~1
C:\Program Files\sks~2
C:\Program Files\smbols~1
C:\Program Files\tsks~1
C:\Redemption.ECF
C:\WINDOWS\ggkxy.dat
C:\WINDOWS\pppatc~1
C:\WINDOWS\racle~1
C:\WINDOWS\sks~1
C:\WINDOWS\system32\crosof~1
C:\WINDOWS\system32\crosof~1.net
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\ecurit~1
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\lxwlr.dat
C:\WINDOWS\system32\nhqwx.dat
C:\WINDOWS\system32\qcatv.dat
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\ymante~1
C:\WINDOWS\ystem3~1
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-27 20:36 . 2008-01-27 21:44 23,392 --a------ C:\WINDOWS\SYSTEM32\nscompat.tlb
2008-01-27 20:36 . 2008-01-27 21:44 16,832 --a------ C:\WINDOWS\SYSTEM32\amcompat.tlb
2008-01-24 23:58 . 2008-01-24 23:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-24 23:56 . 2008-01-24 23:57 <DIR> d-------- C:\Program Files\Dell Support Center
2008-01-24 23:56 . 2008-01-24 23:56 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-01-22 19:14 . 2008-01-29 17:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-22 19:14 . 2008-01-22 19:14 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-22 19:10 . 2008-01-22 19:11 <DIR> d-------- C:\Program Files\iTunes
2008-01-22 19:04 . 2008-01-22 19:06 <DIR> d-------- C:\Program Files\QuickTime
2008-01-18 15:08 . 2008-01-20 10:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-16 21:34 . 2008-01-18 15:00 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
2007-12-23 10:35 . 2007-12-23 10:35 1,024 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\1B645C6A-2D66-4072-AB64-898FA1E402D9.cxv
2007-12-12 19:27 . 2008-01-17 23:31 58,880 --ahs---- C:\WINDOWS\Thumbs.db
2007-12-12 19:27 . 2008-01-17 23:46 9,216 --ahs---- C:\WINDOWS\SYSTEM32\Thumbs.db
2007-12-10 19:13 . 2007-12-10 19:13 <DIR> d--h----- C:\WINDOWS\PIF
2007-12-10 18:16 . 2007-12-22 03:00 <DIR> d-------- C:\Documents and Settings\Lance Norwood Jr\Application Data\SpywareBot
2007-12-09 22:29 . 2007-12-09 22:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 13:13 . 2007-12-02 13:13 <DIR> d-------- C:\Documents and Settings\Lance Norwood Jr\Application Data\MSN6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 01:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-31 00:43 --------- d-----w C:\Program Files\XoftSpySE
2008-01-30 03:48 --------- d-----w C:\Documents and Settings\Lance Norwood Jr\Application Data\LimeWire
2008-01-25 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-23 01:11 --------- d-----w C:\Program Files\iPod
2008-01-18 08:00 --------- d-----w C:\Documents and Settings\Lance Norwood Jr\Application Data\U3
2008-01-18 06:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-20 04:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-20 04:46 --------- d-----w C:\Program Files\Philips
2007-12-20 04:24 --------- d-----w C:\Program Files\Modem On Hold
2007-12-20 04:24 --------- d-----w C:\Program Files\Modem Helper
2007-12-20 04:24 --------- d-----w C:\Program Files\AdwareFilter
2007-12-13 01:29 --------- d-----w C:\Program Files\LimeWire
2007-12-13 01:12 --------- d-----w C:\Program Files\downloads
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-10-30 23:42 3,590,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-10-10 23:56 824,832 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-10-10 23:56 1,159,680 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-10-10 23:55 671,232 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-10-10 23:55 478,208 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-10-10 23:55 27,648 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-10-10 23:55 214,528 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-10-10 23:55 193,024 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-10-10 23:55 132,608 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2005-01-21 00:53 45,056 ------r C:\Program Files\SetAttrib.exe
2004-11-30 07:23 40,960 ------r C:\Program Files\delete.exe
2004-10-16 10:19 11,591 --sha-w C:\WINDOWS\abghx.dat
2004-08-09 07:16 0 --sha-w C:\WINDOWS\appfe.exe
2004-10-27 03:42 11,591 --sha-w C:\WINDOWS\apsyx.dat
2004-08-24 03:53 3,063 --sha-w C:\WINDOWS\blanf.dat
2004-11-24 12:53 3,347 --sha-w C:\WINDOWS\bnada.dat
2004-11-04 15:15 3,362 --sha-w C:\WINDOWS\bvduv.dat
2004-09-12 17:02 11,591 --sha-w C:\WINDOWS\bwtfp.dat
2006-02-22 10:24 3,347 --sha-w C:\WINDOWS\byxvu.dat
2004-08-15 09:37 3,063 --sha-w C:\WINDOWS\caghx.dat
2004-09-14 16:36 11,591 --sha-w C:\WINDOWS\ckqol.dat
2004-08-15 10:18 11,591 --sha-w C:\WINDOWS\corxr.dat
2004-09-21 12:21 11,591 --sha-w C:\WINDOWS\cswqb.dat
2004-11-07 17:29 11,591 --sha-w C:\WINDOWS\ctppm.dat
2004-10-20 14:09 11,591 --sha-w C:\WINDOWS\cuevg.dat
2004-09-11 19:59 11,591 --sha-w C:\WINDOWS\cxhrg.dat
2004-08-31 17:43 0 --sha-w C:\WINDOWS\czdgp.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\diexz.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\dlmuu.dat
2004-11-16 16:31 11,591 --sha-w C:\WINDOWS\dprcu.dat
2004-09-20 15:36 3,063 --sha-w C:\WINDOWS\dskub.dat
2004-11-13 16:46 3,347 --sha-w C:\WINDOWS\ehvfa.dat
2004-09-19 19:37 0 --sha-w C:\WINDOWS\etlds.dll
2004-10-31 13:12 3,362 --sha-w C:\WINDOWS\exbqr.dat
2004-09-11 06:55 11,591 --sha-w C:\WINDOWS\fapud.dat
2004-09-25 23:08 11,591 --sha-w C:\WINDOWS\fjufv.dat
2004-11-10 03:52 3,347 --sha-w C:\WINDOWS\fqbus.dat
2004-10-03 18:05 3,063 --sha-w C:\WINDOWS\gjzvl.dat
2004-09-09 14:06 3,063 --sha-w C:\WINDOWS\gkdcr.dat
2004-12-03 20:04 11,591 --sha-w C:\WINDOWS\gntyh.dat
2004-11-21 02:10 11,591 --sha-w C:\WINDOWS\gumfc.dat
2004-10-27 01:33 11,591 --sha-w C:\WINDOWS\gyozc.dat
2004-09-12 12:17 3,063 --sha-w C:\WINDOWS\hcacy.dat
2004-11-28 11:54 3,347 --sha-w C:\WINDOWS\hcqms.dat
2004-10-05 01:18 3,063 --sha-w C:\WINDOWS\hreae.dat
2004-11-09 20:40 3,347 --sha-w C:\WINDOWS\huhwa.dat
2004-11-27 06:52 11,591 --sha-w C:\WINDOWS\hzugm.dat
2004-08-05 09:55 3,063 --sha-w C:\WINDOWS\iagav.dat
2004-08-15 16:30 11,591 --sha-w C:\WINDOWS\ibxma.dat
2004-09-28 07:04 11,591 --sha-w C:\WINDOWS\ihfrl.dat
2004-11-30 15:51 11,591 --sha-w C:\WINDOWS\infxh.dat
2004-09-08 09:23 11,591 --sha-w C:\WINDOWS\irkvq.dat
2004-09-10 06:02 11,591 --sha-w C:\WINDOWS\irqne.dat
2004-10-31 21:35 3,362 --sha-w C:\WINDOWS\ivybk.dat
2005-05-06 20:34 238,709 --sh--r C:\WINDOWS\iyfyn7.sys
2004-10-04 07:58 11,591 --sha-w C:\WINDOWS\jfuac.dat
2004-11-04 17:40 11,591 --sha-w C:\WINDOWS\jrlxs.dat
2004-11-29 13:59 11,591 --sha-w C:\WINDOWS\jznfx.dat
2004-09-21 14:17 11,591 --sha-w C:\WINDOWS\kgipx.dat
2004-10-05 03:05 11,591 --sha-w C:\WINDOWS\kjxhe.dat
2004-11-10 14:22 11,591 --sha-w C:\WINDOWS\kohyw.dat
2004-11-16 09:44 3,347 --sha-w C:\WINDOWS\kvkzg.dat
2004-10-01 22:24 11,591 --sha-w C:\WINDOWS\lcmvd.dat
2004-09-01 02:33 3,063 --sha-w C:\WINDOWS\liagg.dat
2005-01-15 11:42 11,591 --sha-w C:\WINDOWS\lksxz.dat
2004-11-18 02:11 11,591 --sha-w C:\WINDOWS\lluxy.dat
2004-10-08 22:52 3,063 --sha-w C:\WINDOWS\lvtyw.dat
2004-09-21 20:16 3,063 --sha-w C:\WINDOWS\lwkke.dat
2004-09-29 03:31 11,591 --sha-w C:\WINDOWS\lyfir.dat
2004-11-20 21:06 11,591 --sha-w C:\WINDOWS\maeny.dat
2004-09-19 10:35 3,063 --sha-w C:\WINDOWS\mciip.dat
2004-09-02 17:56 11,591 --sha-w C:\WINDOWS\mcmzj.dat
2004-08-23 10:46 3,063 --sha-w C:\WINDOWS\mghel.dat
2004-11-25 02:56 3,347 --sha-w C:\WINDOWS\mkbmk.dat
2004-08-02 07:21 11,591 --sha-w C:\WINDOWS\mknro.dat
2004-08-02 16:46 10,240 --sha-w C:\WINDOWS\msls32.exe
2006-03-03 03:38 11,591 --sha-w C:\WINDOWS\muyis.dat
2004-11-20 22:57 3,347 --sha-w C:\WINDOWS\mxnvu.dat
2004-09-20 15:51 3,063 --sha-w C:\WINDOWS\njmcy.dat
2004-12-19 06:31 3,347 --sha-w C:\WINDOWS\nqyvt.dat
2004-10-12 22:07 0 --sha-w C:\WINDOWS\nzugr.dll
2004-10-06 23:59 0 --sha-w C:\WINDOWS\n_eenhay.dat
2004-09-26 06:24 0 --sha-w C:\WINDOWS\n_miiwbb.dat
2004-08-26 03:12 0 --sha-w C:\WINDOWS\n_vpuxgs.dat
2004-09-19 19:36 0 --sha-w C:\WINDOWS\n_vvhitd.dat
2004-11-18 06:38 0 --sha-w C:\WINDOWS\n_wphjwr.dat
2004-10-23 16:56 3,063 --sha-w C:\WINDOWS\ogkvb.dat
2004-10-07 16:13 11,591 --sha-w C:\WINDOWS\oivli.dat
2004-12-12 21:20 3,347 --sha-w C:\WINDOWS\pvuut.dat
2004-10-22 08:17 11,591 --sha-w C:\WINDOWS\pxvdr.dat
2004-10-31 22:16 3,347 --sha-w C:\WINDOWS\qeopo.dat
2004-10-02 19:24 11,591 --sha-w C:\WINDOWS\rbocc.dat
2004-08-31 02:43 0 --sha-w C:\WINDOWS\rlygs.dat
2004-11-07 18:30 3,362 --sha-w C:\WINDOWS\rscbr.dat
2004-10-09 00:04 3,362 --sha-w C:\WINDOWS\siqbc.dat
2004-11-17 03:13 3,362 --sha-w C:\WINDOWS\tpduc.dat
2004-08-21 05:52 3,063 --sha-w C:\WINDOWS\tqzey.dat
2004-08-26 17:47 11,591 --sha-w C:\WINDOWS\twnyj.dat
2004-10-27 19:14 11,591 --sha-w C:\WINDOWS\ubtdd.dat
2004-09-20 20:09 3,063 --sha-w C:\WINDOWS\ukdem.dat
2004-09-27 01:18 3,063 --sha-w C:\WINDOWS\umqvx.dat
2005-01-03 23:52 11,591 --sha-w C:\WINDOWS\uqevp.dat
2004-11-23 08:05 11,591 --sha-w C:\WINDOWS\usxrw.dat
2004-12-29 11:11 11,591 --sha-w C:\WINDOWS\uwgrd.dat
2004-09-15 14:03 11,591 --sha-w C:\WINDOWS\uyhgt.dat
2004-10-22 20:33 3,063 --sha-w C:\WINDOWS\viphx.dat
2004-11-09 22:47 11,591 --sha-w C:\WINDOWS\vlzgf.dat
2004-08-27 02:28 3,063 --sha-w C:\WINDOWS\vngqi.dat
2004-08-13 22:42 11,591 --sha-w C:\WINDOWS\vsrba.dat
2004-10-30 04:19 11,591 --sha-w C:\WINDOWS\vturt.dat
2004-11-10 21:19 11,591 --sha-w C:\WINDOWS\wdefk.dat
2004-10-16 06:17 11,591 --sha-w C:\WINDOWS\wlddy.dat
2004-10-06 21:50 11,591 --sha-w C:\WINDOWS\wrzvv.dat
2004-12-01 03:07 3,347 --sha-w C:\WINDOWS\wsdoj.dat
2004-10-02 21:33 3,362 --sha-w C:\WINDOWS\wwdxj.dat
2004-10-04 06:04 11,591 --sha-w C:\WINDOWS\xbfuu.dat
2004-11-07 10:09 3,362 --sha-w C:\WINDOWS\xckma.dat
2004-11-10 17:52 3,347 --sha-w C:\WINDOWS\xivjz.dat
2004-08-12 18:57 11,591 --sha-w C:\WINDOWS\xiyip.dat
2004-11-03 00:24 11,591 --sha-w C:\WINDOWS\xldmf.dat
2005-04-18 13:22 3,347 --sha-w C:\WINDOWS\xqdxz.dat
2004-10-26 20:01 3,362 --sha-w C:\WINDOWS\xtcwr.dat
2005-04-18 13:22 3,063 --sha-w C:\WINDOWS\ycmdg.dat
2004-10-30 00:17 3,362 --sha-w C:\WINDOWS\yiwgt.dat
2004-10-20 14:41 3,063 --sha-w C:\WINDOWS\yvlrj.dat
2004-09-27 16:17 11,591 --sha-w C:\WINDOWS\yzczv.dat
2004-09-28 08:50 11,591 --sha-w C:\WINDOWS\yzguh.dat
2004-11-18 06:55 0 --sha-w C:\WINDOWS\yzuis.dll
2004-11-14 15:37 3,362 --sha-w C:\WINDOWS\ztpsx.dat
2004-11-26 08:23 11,591 --sha-w C:\WINDOWS\SYSTEM32\agjnc.dat
2004-11-07 20:05 0 --sha-w C:\WINDOWS\SYSTEM32\apmll.dat
2004-11-20 17:25 11,591 --sha-w C:\WINDOWS\SYSTEM32\athzo.dat
2004-10-22 14:06 0 --sha-w C:\WINDOWS\SYSTEM32\azslr.dll
2004-09-06 17:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\bkcei.dat
2004-10-03 03:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\bmfga.dat
2004-08-22 16:23 3,063 --sha-w C:\WINDOWS\SYSTEM32\bncae.dat
2004-08-06 02:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\bvfic.dat
2004-08-20 21:34 11,591 --sha-w C:\WINDOWS\SYSTEM32\chnqd.dat
2004-09-29 08:26 11,591 --sha-w C:\WINDOWS\SYSTEM32\cjocs.dat
2004-08-20 17:59 3,063 --sha-w C:\WINDOWS\SYSTEM32\cxvqd.dat
2005-01-13 23:52 4,354 --sha-w C:\WINDOWS\SYSTEM32\dahmc.dat
2004-10-10 06:25 3,063 --sha-w C:\WINDOWS\SYSTEM32\drxbd.dat
2004-09-11 23:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\ebhei.dat
2004-11-15 16:37 3,347 --sha-w C:\WINDOWS\SYSTEM32\eqzcl.dat
2004-12-07 16:42 3,347 --sha-w C:\WINDOWS\SYSTEM32\erqwg.dat
2004-10-01 09:31 3,063 --sha-w C:\WINDOWS\SYSTEM32\exyik.dat
2004-10-03 03:39 3,063 --sha-w C:\WINDOWS\SYSTEM32\fbden.dat
2004-12-05 08:27 11,591 --sha-w C:\WINDOWS\SYSTEM32\fbefy.dat
2004-08-26 16:32 3,063 --sha-w C:\WINDOWS\SYSTEM32\fdywf.dat
2004-11-04 05:42 3,362 --sha-w C:\WINDOWS\SYSTEM32\fenhx.dat
2004-11-09 23:53 3,347 --sha-w C:\WINDOWS\SYSTEM32\fhbxg.dat
2004-10-27 06:45 3,362 --sha-w C:\WINDOWS\SYSTEM32\fqked.dat
2004-10-24 13:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\fuexe.dat
2004-11-25 14:16 3,347 --sha-w C:\WINDOWS\SYSTEM32\fxghm.dat
2004-08-20 02:57 11,591 --sha-w C:\WINDOWS\SYSTEM32\fyaeh.dat
2004-10-22 02:07 3,362 --sha-w C:\WINDOWS\SYSTEM32\fzthc.dat
2004-11-13 20:32 11,591 --sha-w C:\WINDOWS\SYSTEM32\gikah.dat
2005-01-08 09:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\gjqpz.dat
2004-10-16 18:11 3,362 --sha-w C:\WINDOWS\SYSTEM32\guvju.dat
2004-12-19 19:24 11,591 --sha-w C:\WINDOWS\SYSTEM32\gvlyw.dat
2004-12-06 05:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\gwtzw.dat
2004-10-05 17:06 3,063 --sha-w C:\WINDOWS\SYSTEM32\haolt.dat
2004-10-15 12:35 3,362 --sha-w C:\WINDOWS\SYSTEM32\hefnd.dat
2004-09-25 13:56 11,591 --sha-w C:\WINDOWS\SYSTEM32\heiwr.dat
2004-11-26 22:25 3,347 --sha-w C:\WINDOWS\SYSTEM32\iaffb.dat
2004-11-07 01:23 3,362 --sha-w C:\WINDOWS\SYSTEM32\ihfjp.dat
2004-11-17 11:06 3,347 --sha-w C:\WINDOWS\SYSTEM32\ikvvq.dat
2004-10-28 14:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\imlqg.dat
2004-11-10 17:54 3,347 --sha-w C:\WINDOWS\SYSTEM32\imxdk.dat
2005-05-06 20:34 278,250 --sh--r C:\WINDOWS\SYSTEM32\iyfyn7.sys
2004-10-31 11:26 11,591 --sha-w C:\WINDOWS\SYSTEM32\jknlr.dat
2004-10-31 22:08 3,362 --sha-w C:\WINDOWS\SYSTEM32\jvuyz.dat
2004-08-06 14:18 11,591 --sha-w C:\WINDOWS\SYSTEM32\kdxnh.dat
2004-08-26 18:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\kfvlv.dat
2004-08-30 18:33 3,063 --sha-w C:\WINDOWS\SYSTEM32\krvsq.dat
2004-11-22 18:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\ktfgk.dat
2004-10-26 22:39 3,362 --sha-w C:\WINDOWS\SYSTEM32\kuetb.dat
2004-09-10 02:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\kzicj.dat
2004-10-21 11:53 11,591 --sha-w C:\WINDOWS\SYSTEM32\lekmp.dat
2004-10-23 00:27 3,362 --sha-w C:\WINDOWS\SYSTEM32\lqbww.dat
2004-10-24 03:26 3,362 --sha-w C:\WINDOWS\SYSTEM32\lrgkv.dat
2004-08-24 18:37 11,591 --sha-w C:\WINDOWS\SYSTEM32\mmkyb.dat
2004-11-17 00:12 3,347 --sha-w C:\WINDOWS\SYSTEM32\ngnwg.dat
2004-10-16 03:52 3,362 --sha-w C:\WINDOWS\SYSTEM32\nkhij.dat
2004-10-24 01:19 11,591 --sha-w C:\WINDOWS\SYSTEM32\odrhi.dat
2004-09-18 00:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\ohjlf.dat
2004-08-31 17:48 0 --sha-w C:\WINDOWS\SYSTEM32\oravi.dat
2004-10-27 11:57 11,591 --sha-w C:\WINDOWS\SYSTEM32\ozkvb.dat
2004-12-12 14:59 3,347 --sha-w C:\WINDOWS\SYSTEM32\pzsnb.dat
2004-09-18 10:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\qabtd.dat
2004-09-25 18:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\qbwrr.dat
2004-09-18 17:09 11,591 --sha-w C:\WINDOWS\SYSTEM32\qggti.dat
2004-09-25 05:47 3,063 --sha-w C:\WINDOWS\SYSTEM32\qkpzj.dat
2004-09-25 07:51 3,063 --sha-w C:\WINDOWS\SYSTEM32\qmkvb.dat
2004-11-08 20:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\qnpzg.dat
2004-11-24 04:08 3,347 --sha-w C:\WINDOWS\SYSTEM32\qqscx.dat
2004-07-29 02:21 3,063 --sha-w C:\WINDOWS\SYSTEM32\qvdyq.dat
2004-10-24 09:15 3,362 --sha-w C:\WINDOWS\SYSTEM32\rlbie.dat
2004-09-25 23:46 3,063 --sha-w C:\WINDOWS\SYSTEM32\rpdno.dat
2004-11-20 08:44 11,591 --sha-w C:\WINDOWS\SYSTEM32\rprpm.dat
2004-10-31 16:31 11,591 --sha-w C:\WINDOWS\SYSTEM32\ruxga.dat
2004-10-26 18:43 3,362 --sha-w C:\WINDOWS\SYSTEM32\rwnhy.dat
2004-08-23 12:20 3,063 --sha-w C:\WINDOWS\SYSTEM32\rxrua.dat
2004-08-29 16:45 11,591 --sha-w C:\WINDOWS\SYSTEM32\scgoj.dat
2004-09-07 14:38 11,591 --sha-w C:\WINDOWS\SYSTEM32\sinwl.dat
2004-09-25 02:12 11,591 --sha-w C:\WINDOWS\SYSTEM32\slriz.dat
2004-08-29 21:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\snrjk.dat
2004-11-05 10:21 11,591 --sha-w C:\WINDOWS\SYSTEM32\sqyua.dat
2004-11-15 02:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\szrkb.dat
2004-11-13 07:05 11,591 --sha-w C:\WINDOWS\SYSTEM32\tdqee.dat
2004-10-20 20:33 11,591 --sha-w C:\WINDOWS\SYSTEM32\tdxec.dat
2004-11-07 02:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\tiisi.dat
2004-11-14 21:16 11,591 --sha-w C:\WINDOWS\SYSTEM32\tomrq.dat
2004-11-18 06:56 0 --sha-w C:\WINDOWS\SYSTEM32\tslyv.dll
2004-10-12 05:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\ttyea.dat
2004-09-12 06:49 3,063 --sha-w C:\WINDOWS\SYSTEM32\tuhlc.dat
2004-11-13 22:55 11,591 --sha-w C:\WINDOWS\SYSTEM32\txivz.dat
2004-09-01 19:51 11,591 --sha-w C:\WINDOWS\SYSTEM32\tylbz.dat
2004-11-15 04:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\ufzsd.dat
2004-08-20 03:40 3,063 --sha-w C:\WINDOWS\SYSTEM32\ukhlg.dat
2004-09-30 10:21 3,063 --sha-w C:\WINDOWS\SYSTEM32\unoyz.dat
2004-09-23 03:42 3,063 --sha-w C:\WINDOWS\SYSTEM32\uoump.dat
2004-10-13 10:55 3,063 --sha-w C:\WINDOWS\SYSTEM32\vbhcw.dat
2004-08-11 02:46 11,591 --sha-w C:\WINDOWS\SYSTEM32\vbncx.dat
2005-01-28 16:00 3,547 --sha-w C:\WINDOWS\SYSTEM32\vbpxm.dat
2004-10-24 11:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\vcjpk.dat
2004-09-23 07:16 3,063 --sha-w C:\WINDOWS\SYSTEM32\vjhel.dat
2004-08-15 04:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\vvfuk.dat
2005-01-10 08:45 3,347 --sha-w C:\WINDOWS\SYSTEM32\wcbul.dat
2004-11-09 16:49 3,347 --sha-w C:\WINDOWS\SYSTEM32\wknmh.dat
2004-10-15 01:51 3,362 --sha-w C:\WINDOWS\SYSTEM32\wpycp.dat
2004-10-24 10:18 3,362 --sha-w C:\WINDOWS\SYSTEM32\wrucs.dat
2004-09-29 10:52 3,063 --sha-w C:\WINDOWS\SYSTEM32\wtkrw.dat
2004-12-13 03:17 11,591 --sha-w C:\WINDOWS\SYSTEM32\wwgpr.dat
2004-11-06 23:20 3,362 --sha-w C:\WINDOWS\SYSTEM32\wzchs.dat
2007-03-19 18:31 228,864 --sh--r C:\WINDOWS\SYSTEM32\w?nlogon.exe
2004-12-02 09:40 11,591 --sha-w C:\WINDOWS\SYSTEM32\xcebx.dat
2004-08-23 19:45 3,063 --sha-w C:\WINDOWS\SYSTEM32\xdogs.dat
2004-08-29 04:08 11,591 --sha-w C:\WINDOWS\SYSTEM32\xeyhz.dat
2004-08-06 17:13 3,063 --sha-w C:\WINDOWS\SYSTEM32\xkomt.dat
2004-08-01 07:11 11,591 --sha-w C:\WINDOWS\SYSTEM32\xnken.dat
2004-08-21 20:53 3,063 --sha-w C:\WINDOWS\SYSTEM32\xucje.dat
2004-09-17 09:48 11,591 --sha-w C:\WINDOWS\SYSTEM32\yhwpg.dat
2004-08-24 07:50 11,591 --sha-w C:\WINDOWS\SYSTEM32\ynnpz.dat
2004-08-24 06:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\ynpuj.dat
2004-12-02 11:01 11,591 --sha-w C:\WINDOWS\SYSTEM32\ytmae.dat
2004-11-10 15:35 3,347 --sha-w C:\WINDOWS\SYSTEM32\ytxoq.dat
2004-10-27 22:07 11,591 --sha-w C:\WINDOWS\SYSTEM32\yyoyt.dat
2004-09-27 18:24 3,063 --sha-w C:\WINDOWS\SYSTEM32\zhomm.dat
2004-10-27 13:38 11,591 --sha-w C:\WINDOWS\SYSTEM32\zhpsx.dat
2004-10-05 01:39 11,591 --sha-w C:\WINDOWS\SYSTEM32\zjkkh.dat
2004-10-23 19:35 11,591 --sha-w C:\WINDOWS\SYSTEM32\zmkom.dat
2004-10-12 14:26 3,362 --sha-w C:\WINDOWS\SYSTEM32\ztvaw.dat
2004-11-05 04:41 11,591 --sha-w C:\WINDOWS\SYSTEM32\zvkab.dat
2004-11-14 23:17 3,362 --sha-w C:\WINDOWS\SYSTEM32\zwtvd.dat
2004-08-17 08:54 3,063 --sha-w C:\WINDOWS\SYSTEM32\zyvpq.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6BD4ABBD-3523-C873-457D-313BA77F97C0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{875AD120-1EB1-626C-EEAE-638488E049C0}]
C:\WINDOWS\system32\kroopux.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B779A875-36BF-453E-BAC6-45B6AB927B90}]
C:\WINDOWS\system32\vvbmnuwl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ModemOnHold"="C:\PROGRA~1\MODEMO~1\MOH.exe" [2003-11-17 09:10 86016]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
C:\Program Files\Altnet\Points Manager\Points Manager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bxxs5]
C:\WINDOWS\bxxs5.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClrSchLoader]
C:\Program Files\ClearSearch\Loader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMESys]
C:\Program Files\Common Files\CMEII\CMESys.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\d3dl32.exe]
C:\WINDOWS\system32\d3dl32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell AIO Printer A940]
--a------ 2003-02-08 16:42 86102 C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 C:\WINDOWS\System32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 C:\WINDOWS\System32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a------ 2003-09-03 19:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
--a------ 2006-01-17 12:03 53248 c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2006-01-17 12:03 135168 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-08-26 18:47 204800 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLL]
C:\WINDOWS\Downloaded Program Files\bridge.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-02 14:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updmgr]
C:\Program Files\Common files\updmgr\updmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e63fee76-278d-11dc-a8fb-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e63fee7b-278d-11dc-a8fb-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f49407cf-2845-11dc-a8fe-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffb8fe60-8d31-11dc-a9cd-000d566b1619}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 13:19:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 21:41:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-01-30 09:00:02 C:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- C:\Program Files\SpywareBot\SpywareBot.ex
- C:\Program Files\SpywareBot
"2008-01-31 00:36:10 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-01-31 00:36:08 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 19:16:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\Rhododendron.bmp:ywgymn 64000 bytes executable
C:\WINDOWS\muyis.dat:iwhlq 36155 bytes executable
C:\WINDOWS\nsreg.dat:bfligm 11394 bytes executable
C:\WINDOWS\nsw.log:vvoyy 10240 bytes executable
C:\WINDOWS\BOOTSTAT.DAT:ugbzip 11394 bytes executable
C:\WINDOWS\Q329909.LOG:fhoun 10240 bytes executable
C:\WINDOWS\IIS6.LOG:gjxfk 90624 bytes executable
C:\WINDOWS\dprcu.dat:srvfi 56320 bytes executable
C:\WINDOWS\n_ujakxn.dat:taanlv 68608 bytes executable
C:\WINDOWS\ycmdg.dat:skzvhd 66560 bytes executable
C:\WINDOWS\SchedLgU.Txt:ilkqq 10240 bytes executable
C:\WINDOWS\d3as32.dll:lvejt 11401 bytes executable
C:\WINDOWS\n_mpjuni.dat:cphqnk 68096 bytes executable
C:\WINDOWS\appfe.exe:aoobf 56832 bytes executable
C:\WINDOWS\ztpsx.dat:jhszk 11401 bytes executable
C:\WINDOWS\_DEFAULT.PIF:ehxlse 11401 bytes executable
C:\WINDOWS\_DEFAULT.PIF:eovbyy 114362 bytes executable
C:\WINDOWS\_DEFAULT.PIF:fjohxm 30264 bytes executable
C:\WINDOWS\_DEFAULT.PIF:nivcdc 11394 bytes executable
C:\WINDOWS\_DEFAULT.PIF:ppguvl 11394 bytes executable
C:\WINDOWS\_DEFAULT.PIF:xiqqvo 30264 bytes executable
C:\WINDOWS\WINHELP.EXE:sitqi 27102 bytes executable
C:\WINDOWS\q812415.log:diexz 10240 bytes executable
C:\WINDOWS\q812415.log:pbfnj 10240 bytes executable
C:\WINDOWS\q812415.log:xiyip 26763 bytes executable
C:\WINDOWS\Q813862.LOG:xaqeau 30264 bytes executable
C:\WINDOWS\Q816486.LOG:cwceg 56832 bytes executable
C:\WINDOWS\Q816981.LOG:ibxtd 26763 bytes executable
C:\WINDOWS\Q816981.LOG:vjxlc 26763 bytes executable
C:\WINDOWS\ORUN32.ISU:jxrwfk 11394 bytes executable
C:\WINDOWS\byxvu.dat:fzmsfc 36155 bytes executable
C:\WINDOWS\cdzzs.txt:ypfaqe 66560 bytes executable
C:\WINDOWS\WMSysPrx.prx:zhpus 103867 bytes executable
C:\WINDOWS\sysry.dll:fclyfj 11401 bytes executable
C:\WINDOWS\upwzyk.dat:cssyj 114362 bytes executable
C:\WINDOWS\gcnwz.txt:qkmkrv 30264 bytes executable
C:\WINDOWS\IsUninst.exe:jkapg 27102 bytes executable
C:\WINDOWS\lksxz.dat:xxdvu 90624 bytes executable
scan completed successfully
hidden files: 38
**************************************************************************
.
Completion time: 2008-01-30 19:19:12
ComboFix-quarantined-files.txt 2008-01-31 01:18:55
.
2008-01-29 05:34:16 --- E O F ---