View Full Version : PC infected
vkarthikiit
10-25-2007, 01:54 AM
Logfile of HijackThis v1.99.1
Scan saved at 1:54:30 AM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\command.ex e
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CA.EXE
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: BndDrive2 BHO Class - {8FB5B012-E8CB-46cd-B6D2-ED428FAE9043} - C:\Program Files\ISM\BndDrive5.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{4B-B7-70-00-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [mege] C:\Program Files\Common Files\mege22011.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WD NetCenter EasyLink] C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe -s
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [url]http://dl.tvunetworks.com/TVUAx.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
vkarthikiit
10-25-2007, 01:54 AM
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178414357046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178431984046
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\command.ex e
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
classicsoftware
10-25-2007, 07:33 AM
Please do the following:
Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe) to your desktop.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.
Note:
Do not mouseclick Combofix's window while it is running. That may cause the program to stall...
Then:
Re-boot the system
Post the Combofix Log
Post a new HJT log
Tell us how the system is running.
vkarthikiit
10-25-2007, 01:53 PM
I am not able to open combofix.exe for some reason
vkarthikiit
10-25-2007, 02:16 PM
ComboFix 07-10-25.4 - Owner 2007-10-25 14:00:06.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.108 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
vkarthikiit
10-25-2007, 02:17 PM
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\install.dat
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk
C:\Program Files\bravesentry
C:\Program Files\bravesentry\BraveSentry.lic
C:\Program Files\bravesentry\BraveSentry0.bs
C:\Program Files\bravesentry\BraveSentry1.bs
C:\Program Files\bravesentry\Uninstall.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\asappsrv.d ll
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\command.ex e
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\dllh8jkd1q1.exe
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q5.exe
C:\WINDOWS\system32\dllh8jkd1q6.exe
C:\WINDOWS\system32\dllh8jkd1q7.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\kernelwind32.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\max1d11643v.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\uninstall_nmon.vbs
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Driver
-------\Network Monitor
((((((((((((((((((((((((( Files Created from 2007-09-25 to 2007-10-25 )))))))))))))))))))))))))))))))
.
2007-10-25 01:38 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-25 01:37 294,668 --a------ C:\WINDOWS\frexup3.exe
2007-10-25 01:37 13,824 --a------ C:\WINDOWS\plite731.exe
2007-10-15 18:42 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-10-15 18:42 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-10-15 18:42 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-10-15 18:42 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2007-10-15 18:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-10-15 18:41 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2007-10-12 16:14 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-12 16:14 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-12 16:14 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-10-12 16:14 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-10-12 15:43 <DIR> d-------- C:\EPSONREG
2007-10-12 15:34 79,679 --a------ C:\WINDOWS\system32\E_FLMACA.DLL
2007-10-12 15:34 64,000 --a------ C:\WINDOWS\system32\E_FBCBACA.DLL
2007-10-12 15:34 34,304 --a------ C:\WINDOWS\system32\E_FBCHACA.DLL
2007-10-12 15:33 <DIR> d-------- C:\Program Files\epson
2007-10-12 15:33 46,080 --a------ C:\WINDOWS\system32\escimgd.dll
2007-10-12 15:33 29,696 --a------ C:\WINDOWS\system32\escwiad.dll
2007-10-12 15:33 22,016 --a------ C:\WINDOWS\system32\esccmd.dll
2007-10-10 04:53 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 22:40 <DIR> d-------- C:\temp
2007-10-03 00:50 <DIR> d-------- C:\Program Files\GenoPro
2007-09-27 16:53 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-27 16:45 <DIR> d-------- C:\Program Files\HJT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-10-24 23:23 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2007-10-12 23:05 --------- d-----w C:\Documents and Settings\Owner\Application Data\ArcSoft
2007-10-12 19:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-03 19:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2007-08-28 15:38 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2007-08-27 00:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Nokia Multimedia Player
2007-08-26 20:29 --------- d-----w C:\Program Files\Creative
2007-08-25 06:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-03-15 17:52 36,544 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2004-05-23 13:22 7,708,404 -c--a-w C:\Program Files\SETUP.EXE
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\mZIVx31DuV 1qtqcOsrl1sZ11v3IQ.vbs
2004-07-01 06:20:40 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2007-05-03 04:24:10 32,768 -csha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
2007-04-27 04:42:00 65,536 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007042320070 430\index.dat
2007-04-27 04:42:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007050120070 502\index.dat
2007-05-03 04:24:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007050220070 503\index.dat
2007-04-27 04:42:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007050320070 504\index.dat
2007-04-27 04:42:00 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007050420070 505\index.dat
.
vkarthikiit
10-25-2007, 02:21 PM
((((((((((((((((((((((((((((( snapshot_2007-09-27_170718.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-20 10:02:09 124,928 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\advpack.dll
+ 2007-08-20 10:02:11 214,528 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\dxtrans.dll
+ 2007-08-20 10:02:09 132,608 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\extmgr.dll
+ 2007-08-20 10:02:09 63,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\icardie.dll
+ 2007-08-17 10:12:34 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ie4uinit.exe
+ 2007-08-20 10:02:09 153,088 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakeng.dll
+ 2007-08-20 10:02:09 230,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieaksie.dll
+ 2007-08-17 07:29:55 161,792 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieakui.dll
+ 2007-04-17 09:28:12 2,455,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dat
+ 2007-08-20 10:02:09 383,488 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieapfltr.dll
+ 2007-08-20 10:02:09 387,584 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iedkcs32.dll
+ 2007-08-20 10:02:10 6,066,176 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieframe.dll
+ 2007-08-20 10:02:10 44,544 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iernonce.dll
+ 2007-08-20 10:02:10 267,776 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iertutil.dll
+ 2007-08-17 10:12:35 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\ieudinit.exe
+ 2007-08-17 10:12:49 625,152 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe
+ 2007-08-20 10:02:10 27,648 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\jsproxy.dll
+ 2007-08-20 10:02:10 459,264 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeeds.dll
+ 2007-08-20 10:02:10 52,224 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msfeedsbs.dll
+ 2007-08-20 10:02:11 3,592,192 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
+ 2007-08-20 10:02:11 478,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mshtmled.dll
+ 2007-08-20 10:02:11 193,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\msrating.dll
+ 2007-08-20 10:02:11 671,232 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\mstime.dll
+ 2007-08-20 10:02:11 102,400 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\occache.dll
+ 2007-08-20 10:02:11 105,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\url.dll
+ 2007-08-20 10:02:11 1,161,728 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\urlmon.dll
+ 2007-08-20 10:02:11 232,960 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\webcheck.dll
+ 2007-08-20 10:02:11 825,344 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653-IE7\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
- 2007-07-20 04:47:22 109,056 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-20 10:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2006-10-17 15:57:50 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-06-27 14:34:51 132,608 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2006-10-17 15:58:20 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-06-27 07:00:33 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-06-27 14:34:56 27,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-07-19 06:59:59 3,583,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-06-27 14:34:57 477,696 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-06-27 14:34:58 193,024 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-06-27 14:34:58 671,232 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-06-27 14:34:58 102,400 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-06-27 14:34:58 1,152,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-06-27 14:34:59 823,808 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
- 2007-08-15 07:09:24 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2007-10-11 07:03:19 593,920 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-08-15 07:09:24 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-10-11 07:03:20 12,288 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2007-08-15 07:09:24 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-10-11 07:03:20 86,016 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-08-15 07:09:24 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-10-11 07:03:15 135,168 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2007-08-15 07:09:24 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-10-11 07:03:21 11,264 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-08-15 07:09:24 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2007-10-11 07:03:21 27,136 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-08-15 07:09:24 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2007-10-11 07:03:21 4,096 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-08-15 07:09:24 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-10-11 07:03:22 794,624 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-08-15 07:09:24 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2007-10-11 07:03:17 249,856 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-08-15 07:09:24 61,440 ----a-r
vkarthikiit
10-25-2007, 02:22 PM
C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-10-11 07:03:17 61,440 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-08-15 07:09:24 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-10-11 07:03:22 23,040 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2007-08-15 07:09:23 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-10-11 07:03:14 286,720 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-08-15 07:09:23 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-10-11 07:03:14 409,600 ----a-r C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2007-06-27 14:34:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2007-06-27 14:34:51 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2007-08-20 10:04:34 124,928 -c----w C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-10-17 15:57:50 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-27 14:34:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-20 10:04:34 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll
- 2007-06-27 08:27:04 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 -c----w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 -c----w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2007-06-27 14:34:51 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 -c----w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2007-06-27 07:00:33 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2007-08-17 07:34:25 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2007-06-27 14:34:51 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 -c----w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2007-06-27 14:34:55 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04:38 44,544 -c----w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2007-06-27 14:34:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2007-08-20 10:04:38 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2007-06-27 08:27:05 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2007-06-27 08:27:30 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2007-08-17 10:21:21 625,152 -c----w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-27 14:34:56 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2007-06-27 14:34:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2007-06-27 14:34:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-27 14:34:57 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-27 14:34:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-20 10:04:41 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-27 14:34:58 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-20 10:04:42 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-06-27 14:34:58 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
+ 2007-08-20 10:04:42 102,400 -c----w C:\WINDOWS\system32\dllcache\occache.dll
- 2007-06-27 14:34:58 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
+ 2007-08-20 10:04:42 105,984 -c----w C:\WINDOWS\system32\dllcache\url.dll
- 2007-06-27 14:34:58 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2007-06-27 14:34:59 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2007-08-20 10:04:42 232,960 -c----w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2007-06-27 14:34:59 823,808 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-20 10:04:43 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2002-10-01 13:22:32 9,856 ----a-w
vkarthikiit
10-25-2007, 02:23 PM
C:\WINDOWS\system32\drivers\pfc.sys
+ 2003-09-19 19:45:48 21,248 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
- 2006-10-17 15:57:50 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2004-03-03 04:10:00 45,056 ----a-w C:\WINDOWS\system32\EpPicMgr.dll
+ 2004-03-03 04:10:00 29,114 ----a-w C:\WINDOWS\system32\EPPICPattern1.dat
+ 2004-03-03 04:10:00 13,280 ----a-w C:\WINDOWS\system32\EPPICPattern2.dat
+ 2004-03-03 04:10:00 21,021 ----a-w C:\WINDOWS\system32\EPPICPattern3.dat
+ 2004-03-03 04:10:00 10,673 ----a-w C:\WINDOWS\system32\EPPICPattern4.dat
+ 2004-03-03 04:10:00 15,670 ----a-w C:\WINDOWS\system32\EPPICPattern5.dat
+ 2004-03-03 04:10:00 4,943 ----a-w C:\WINDOWS\system32\EPPICPattern6.dat
+ 2004-03-03 04:10:00 60,565 ----a-w C:\WINDOWS\system32\EPPICPrinterDB.dat
+ 2004-03-03 04:10:00 45,056 ----a-w C:\WINDOWS\system32\EpPicPrt.dll
- 2007-06-27 14:34:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2006-10-17 15:58:20 61,952 ------w C:\WINDOWS\system32\icardie.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2007-06-27 08:27:04 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2007-06-27 14:34:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2007-06-27 14:34:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2007-06-27 07:00:33 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2007-06-27 14:34:51 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2007-06-27 14:34:51 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2007-06-27 14:34:55 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-06-27 14:34:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2007-06-27 14:34:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2007-06-27 08:27:05 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-27 14:34:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-09-06 02:50:42 17,474,680 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-06-27 14:34:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2007-06-27 14:34:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2007-07-19 06:59:59 3,583,488 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 10:04:41 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-27 14:34:57 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-27 14:34:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-27 14:34:58 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2007-06-27 14:34:58 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ----a-w C:\WINDOWS\system32\occache.dll
+ 2004-03-03 04:10:00 483,328 ----a-w C:\WINDOWS\system32\PICSDK.dll
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2005-02-24 16:01:00 59,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAIRA CA.DLL
+ 2005-03-07 19:00:00 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMDA CA.EXE
+ 2005-02-01 19:00:00 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAMTA CA.EXE
+ 2005-03-15 19:00:00 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FAPRA CA.DLL
+ 2005-01-23 19:00:00 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FARNA CA.EXE
+ 2004-02-18 18:02:00 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASKA CA.DLL
+ 2005-03-15 19:00:00 438,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FASRA CA.DLL
+ 2005-02-07 19:00:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIA CA.EXE
+ 2004-02-17 16:10:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBAGA CA.DLL
+ 2004-11-24 20:02:02 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBAPA CA.DLL
+ 2004-03-02 19:20:00 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBINA CA.EXE
+ 2004-12-15 20:06:00 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBLPA CA.DLL
+ 2002-07-15 21:00:00 29,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FBSRA CA.EXE
+ 2004-05-31 21:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FCONA CA.DLL
+ 2005-01-23 20:00:00 55,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FDSPA CA.DLL
+ 2004-04-26 19:01:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FGRCA CA.DLL
+ 2005-03-16 16:00:00 461,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHBRA CA.DLL
+ 2005-01-27 19:10:00 258,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHM0A CA.DLL
+ 2005-03-16 16:00:00 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHSRA CA.DLL
+ 2004-04-07 21:10:00 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHT0A CA.DLL
+ 2005-03-16 23:00:12 165,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTA CA.DLL
+ 2005-03-16 23:00:12 20,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FHUTA CA.EXE
+ 2005-03-06 19:00:00 329,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FJBCA CA.DLL
+ 2005-01-23 20:00:00 72,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMAIA CA.DLL
+ 2005-02-15 19:10:00 102,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FMW0A CA.DLL
+ 2004-01-28 19:00:00 145,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPREA CA.EXE
+ 2005-02-03 19:00:00 511,488 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FPRUA CA.DLL
+ 2005-04-10 21:10:00 1,032,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FSR0A CA.DLL
+ 2005-03-16 20:00:00 521,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUICA CA.DLL
+ 2005-02-16 18:01:00 921,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FUIRA CA.DLL
+ 2004-02-18 17:03:00 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S00RP 1.EXE
+ 2003-11-11 16:02:00 81,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EBPSHRE 4.DLL
+ 2005-02-13 16:09:00 53,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPSET32 .DLL
+ 2004-04-20 17:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDAT E.DAT
+ 2005-02-24 21:15:00 761,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\EPUPDAT E.EXE
+ 2004-04-29 18:07:00 122,880 ----a-w
vkarthikiit
10-25-2007, 02:23 PM
C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4 .EXE
+ 2005-02-24 16:01:00 59,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FAIRACA.DLL
+ 2005-03-07 19:00:00 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FAMDACA.EXE
+ 2005-02-01 19:00:00 110,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FAMTACA.EXE
+ 2005-03-15 19:00:00 397,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FAPRACA.DLL
+ 2005-01-23 19:00:00 86,016 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FARNACA.EXE
+ 2004-02-18 18:02:00 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FASKACA.DLL
+ 2005-03-15 19:00:00 438,272 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FASRACA.DLL
+ 2005-02-07 19:00:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FATIACA.EXE
+ 2004-02-17 16:10:00 98,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FBAGACA.DLL
+ 2004-11-24 20:02:02 159,744 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FBAPACA.DLL
+ 2004-03-02 19:20:00 155,648 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FBINACA.EXE
+ 2004-12-15 20:06:00 192,512 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FBLPACA.DLL
+ 2002-07-15 21:00:00 29,184 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FBSRACA.EXE
+ 2004-05-31 21:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FCONACA.DLL
+ 2005-01-23 20:00:00 55,296 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FDSPACA.DLL
+ 2004-04-26 19:01:00 77,824 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FGRCACA.DLL
+ 2005-03-16 16:00:00 461,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FHBRACA.DLL
+ 2005-01-27 19:10:00 258,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FHM0ACA.DLL
+ 2005-03-16 16:00:00 73,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FHSRACA.DLL
+ 2004-04-07 21:10:00 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FHT0ACA.DLL
+ 2005-03-16 23:00:12 165,376 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FHUTACA.DLL
+ 2005-03-16 23:00:12 20,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FHUTACA.EXE
+ 2005-03-06 19:00:00 329,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FJBCACA.DLL
+ 2005-01-23 20:00:00 72,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FMAIACA.DLL
+ 2005-02-15 19:10:00 102,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FMW0ACA.DLL
+ 2004-01-28 19:00:00 145,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FPREACA.EXE
+ 2005-02-03 19:00:00 511,488 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FPRUACA.DLL
+ 2005-04-10 21:10:00 1,032,192 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FSR0ACA.DLL
+ 2005-03-16 20:00:00 521,728 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FUICACA.DLL
+ 2005-02-16 18:01:00 921,088 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_FUIRACA.DLL
+ 2004-02-18 17:03:00 65,536 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\E_S00RP1.EXE
+ 2003-11-11 16:02:00 81,920 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\EBPSHRE4.DLL
+ 2005-02-13 16:09:00 53,248 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\EPSET32.DLL
+ 2004-04-20 17:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\EPUPDATE.DAT
+ 2005-02-24 21:15:00 761,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\EPUPDATE.EXE
+ 2004-04-29 18:07:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstyl us_cx380080bf\SAGENT4.EXE
+ 2004-04-20 17:00:00 5,729 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE. DAT
+ 2005-02-24 21:15:00 761,856 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE. EXE
- 2007-06-27 14:34:58 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-06-27 14:34:58 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-06-27 14:34:59 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2007-06-27 14:34:59 823,808 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
- 2007-04-18 09:51:25 115,200 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-06-13 06:53:14 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2005-02-23 04:00:00 180,224 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esdevcl.dll
+ 2005-02-22 04:00:00 131,072 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esdevif.dll
+ 2005-02-22 04:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esdscl.dll
+ 2005-03-08 04:00:00 315,392 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esdtr.dll
+ 2005-01-20 04:00:00 143,360 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esfit.dll
+ 2000-10-11 04:00:00 53,248 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esicm.dll
+ 2005-03-09 04:00:00 278,528 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esimfl.dll
+ 2005-02-22 04:00:00 208,896 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esimgctl.dll
+ 2005-02-22 04:00:00 294,976 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esmps.dll
+ 2005-02-22 04:00:00 561,235 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esmpsres.dll
+ 2005-03-07 04:00:00 2,371,584 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esres.dll
+ 2005-02-22 04:00:00 290,816 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esscncl.dll
+ 2005-02-22 04:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\es0057\estwm.exe
+ 2005-02-22 04:00:00 229,376 ----a-w C:\WINDOWS\twain_32\escndv\es0057\estwpmg.dll
+ 2005-03-04 04:00:00 634,880 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esui.dll
+ 2005-02-22 04:00:00 118,784 ----a-w C:\WINDOWS\twain_32\escndv\es0057\esutwb.dll
+ 2005-02-22 04:00:00 69,632 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epbmp.dll
+ 2005-02-22 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epbmpres.dl l
+ 2005-02-22 04:00:00 94,208 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epipd.dll
+ 2005-02-22 04:00:00 147,456 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epjpg.dll
+ 2005-02-22 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epjpgres.dl l
+ 2005-02-22 04:00:00 90,112 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epmtf.dll
+ 2005-02-22 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\epmtfres.dl l
+ 2005-02-22 04:00:00 94,208 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eppdf.dll
+ 2005-02-22 04:00:00 49,152 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eppdfres.dl l
+ 2005-02-22 04:00:00 86,016 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eppij.dll
+ 2005-02-22 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eppijres.dl l
+ 2005-02-22 04:00:00 81,920 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eppit.dll
+ 2005-02-22 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eppitres.dl l
+ 2005-02-22 04:00:00 90,112 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eptif.dll
+ 2005-02-22 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\eptifres.dl l
+ 2004-07-09 06:50:00 143,360 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\esexf.dll
+ 2004-06-29 06:50:00 98,304 ----a-w C:\WINDOWS\twain_32\escndv\es0057\ffmt\espimtif.dl l
+ 2005-02-22 04:00:00 114,688 ----a-w C:\WINDOWS\twain_32\escndv\escndv.exe
+ 2005-03-04 04:00:00 45,056 ----a-w C:\WINDOWS\twain_32\escndv\escndvrs.dll
+ 2005-02-22 04:00:00 40,960 ----a-w C:\WINDOWS\twain_32\escndv\estwm.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
vkarthikiit
10-25-2007, 02:24 PM
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 10:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 10:23]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-14 02:53]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 06:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 05:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 22:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 00:42]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 02:19]
"nwiz"="nwiz.exe" [2003-05-03 02:19 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 12:27]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 19:57]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 20:50]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 23:13]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"{4B-B7-70-00-ZN}"="C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe" []
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 03:56 C:\WINDOWS\system32\bthprops.cpl]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"mege"="C:\Program Files\Common Files\mege22011.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59]
"WD NetCenter EasyLink"="C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe" [2005-06-08 11:26]
"EPSON Stylus CX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CA.exe" [2005-02-07 15:00]
"plite731"="C:\WINDOWS\plite731.exe" [2007-10-25 01:37]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-23 00:25]
"NVIEW"="nview.dll" [2003-05-03 02:19 C:\WINDOWS\system32\nview.dll]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 12:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2007-04-03 16:25]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 15:17]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 10:59]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 22:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14]
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-08-28 23:19:10]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-19 18:27:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 07:08:16]
Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe [2002-09-20 22:20:02]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 23:34:35]
R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R3 mfeapfk;McAfee Inc.;C:\WINDOWS\system32\drivers\mfeapfk.sys
S3 300E;300E;\??\C:\WINDOWS\system32\300E.sys
S3 dc228;dc228;\??\C:\WINDOWS\system32\dc228.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a4206870-feb3-11db-89a1-000c6e7c9214}]
AutoRun\command - K:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{fac26c02-08ce-11dc-89aa-000c6e7c9214}]
AutoRun\command - K:\JDSecure\Windows\JDSecure20.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-10-25 18:06:26 C:\WINDOWS\Tasks\QIC Messenger Bkup.job"
- C:\Program Files\Insight\BBClient\Programs\QICMessenger.exe
"2007-10-25 16:29:00 C:\WINDOWS\Tasks\QIC Messenger Periodic.job"
- C:\Program Files\Insight\BBClient\Programs\QICMessenger.exe
.
************************************************** ************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-10-25 14:07:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
Completion time: 2007-10-25 14:12:17 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 14:32
C:\ComboFix2.txt ... 2007-09-29 14:33
C:\ComboFix3.txt ... 2007-09-27 17:07
.
--- E O F ---
vkarthikiit
10-25-2007, 02:26 PM
Logfile of HijackThis v1.99.1
Scan saved at 2:26:44 PM, on 10/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CA.EXE
C:\WINDOWS\plite731.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
vkarthikiit
10-25-2007, 02:26 PM
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{4B-B7-70-00-ZN}] C:\Documents and Settings\Owner\Local Settings\Temp\T0CHD001.exe CHD001
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [mege] C:\Program Files\Common Files\mege22011.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [WD NetCenter EasyLink] C:\Program Files\Western Digital Technologies\NetCenter EasyLink\WDEzLink.exe -s
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA CA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [url]http://dl.tvunetworks.com/TVUAx.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178414357046[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178431984046[/url]
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
classicsoftware
10-25-2007, 05:49 PM
So, how is the system running???????
vkarthikiit
10-25-2007, 10:35 PM
its fast now. thanks
classicsoftware
10-25-2007, 10:52 PM
You are not clean yet:
* Click here (http://support.f-secure.com/enu/home/ols3.shtml) to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then click the F-Secure Online Scanner Next Generation Beta link.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.
vkarthikiit
10-29-2007, 09:26 PM
Scanning Report
Monday, October 29, 2007 19:14:22 - 21:24:32
Computer name: SK
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 4 malware found
Exploit.VBS.Phel.dp (virus)
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\HJ4MG4LI\IN[1].HTM (Renamed & Submitted)
Trojan-Downloader.Win32.Small.buy (virus)
* C:\WINDOWS\SYSTEM32\TEMPSZ11\BBS001DD.EXE (Renamed & Submitted)
W32/Agent.AMZU (virus)
* C:\PROGRAM FILES\WILDTANGENT\APPS\WEBDRIVERINSTALL.EXE (Submitted)
W32/Zlob.gen61 (virus)
* C:\PROGRAM FILES\HEWLETT-PACKARD\HP ORGANIZE\BIN\DISPLAYAGENT.EXE (Submitted)
Statistics
Scanned:
* Files: 91180
* System: 0
* Not scanned: 14
Actions:
* Disinfected: 0
* Renamed: 2
* Deleted: 0
* None: 2
* Submitted: 4
Files not scanned:
* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\$NTUNINSTALLQ828026$\MSDXM.OCX
* C:\WINDOWS\$NTUNINSTALLQ828026$\WMP.DLL
* C:\WINDOWS\$NTUNINSTALLKB839645$\FLDRCLNR.DLL
* C:\WINDOWS\$NTUNINSTALLKB837001$\DAO360.DLL
* C:\WINDOWS\$NTUNINSTALLKB828741$\CATSRV.DLL
* C:\WINDOWS\$NTUNINSTALLKB828035$\MSGSVC.DLL
* C:\WINDOWS\$NTUNINSTALLKB828028$\MSASN1.DLL
* C:\WINDOWS\$NTUNINSTALLKB826939$\ACCWIZ.EXE
* C:\WINDOWS\$NTUNINSTALLKB826939$\SHELL32.DLL
* C:\WINDOWS\$NTUNINSTALLKB824141$\USER32.DLL
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EA563F5ED0B8 EA72081A19B9B561DD25_1D451A97-9A19-48D8-B7A3-B8F7B4D0FD64
Options
Scanning engines:
* F-Secure AVP: 7.0.171, 2007-10-29
* F-Secure Blacklight: 1.0.64
* F-Secure Libra: 2.4.2, 2007-10-29
* F-Secure Orion: 1.2.37, 2007-10-29
* F-Secure Pegasus: 1.19.0, 2007-09-18
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT WMF NWS TAR
* Use Advanced heuristics
Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
classicsoftware
11-03-2007, 12:14 PM
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the Registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the Desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your Desktop icons.
Finally open the SDFix folder on your Desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log.
vkarthikiit
11-13-2007, 02:26 PM
SDFix: Version 1.114
Run by Owner on Tue 11/13/2007 at 01:58 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
cmdService
Network Monitor
Path:
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\command.ex e
C:\Program Files\Network Monitor\netmon.exe service
cmdService - Deleted
Network Monitor - Deleted
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Resetting AppInit_DLLs value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\asappsrv.d ll - Deleted
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\command.ex e - Deleted
C:\WINDOWS\S2FydGhpayBWZW5rYXRhY2hhbGFt\mZIVx31DuV 1qtqcOsrl1sZ11v3IQ.vbs - Deleted
C:\WINDOWS\SYSTEM32\IALMCOIN.DLL - Deleted
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe - Deleted
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe - Deleted
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk - Deleted
C:\Program Files\Setup.exe - Deleted
C:\Program Files\Network Monitor\netmon.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\cmdinst.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\MTE3MDk6ODoxNg.exe - Deleted
C:\DOCUME~1\Owner\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\ldcore.dll - Deleted
C:\WINDOWS\system32\ldinfo.ldr - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
Folder C:\Program Files\Network Monitor - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 14:14:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000272b00026]
"00152a684380"=hex:a8,08,7a,1b,ba,6f,8f,fd,9a,12,98,82,44,3d,57, bb
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000272b00026.REN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000272b00026.REN.REN]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000272b00026.REN.REN.RE N]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\BTHPORT\Parameters\Keys\000272b00026.REN.REN.RE N.REN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\000272b00026]
"00152a684380"=hex:a8,08,7a,1b,ba,6f,8f,fd,9a,12,98,82,44,3d,57, bb
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\000272b00026.REN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\000272b00026.REN.REN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\000272b00026.REN.REN.REN]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\B THPORT\Parameters\Keys\000272b00026.REN.REN.REN.RE N]
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\Owner\Local Settings\Temp\~DF775.tmp
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"="C:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Sat 5 May 2007 196 A.SHR --- "C:\BOOT.BAK"
Mon 19 Mar 2007 5,355,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 1 Jul 2004 0 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Tue 13 Nov 2007 20,640 ..SH. --- "C:\WINDOWS\system32\vxvpbrgz.dllbox"
Fri 13 May 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 5 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\ico1.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\ico2.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\ico3.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\ico4.tmp"
Tue 13 Nov 2007 4,286 A..H. --- "C:\Documents and Settings\Owner\Local Settings\Temp\ico5.tmp"
Wed 3 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e7 0c80a1e476f1abf49afecb1\BIT1.tmp"
Finished!
vBulletin v3.6.1, Copyright ©2000-2012, Jelsoft Enterprises Ltd.