new notebook ...

Right...there's nothing else I can do. This object doesn't exist and it's just some wscript.
Could you tell me do you have some problems with your PC at the moment?
 
well not with my pc , but the pc i first used with my thumbdrive , whenever i turn on the pc that sairulfaizan.js script thing will come up ... and whenever i want to open my thumbdrive from my computer , that script will pop up again and it won't let me open .......and also on the internet explorer top bar thing , there will be this weird sentence on it .. i can't remember what it is - but the word internet explorer won't be there anymore .. and also on my thumdrive there are these 3 files that i got when i got the virus that i can't get rid off.
 
It would help us if you tell us the file names and file path ( your thumbdrive name and the file's name ). I think we should fix it easily once I know what do you have on your thumbdrive.
 
the files are not there anymore ... but when i try to open it on my computer ... this window script host comes up ( cannot find script file "C:"\saifulfaizan.js" )
 
Last edited:
Cool. That means only that file still exists! And now you told me the file path of the program it should be easy to delete it.
Go to My Computer and on C: you will find that file that creates the trouble. If it's a Trojan, I doubt it will be removable by just clicking delete. Could you run the Avenger again, but in the script field copy:
Files to delete:
C:\saifulfaizan.js
Click to expand...
Do exactly as the last time. I hope that'll do it.
 
still can't find it ....... i closed the notepad and forgotten to copy ...
but it is the same as the previous log ... the file path can't be found
and also in C: , i can't find that file
 
Means that it doesn't exist.
Please take the time to do this for me:
Go to Start>Run>type msconfig>go to Startup tab and post all the files that start up with your computer! Hopefully, we'll now find it.
 
i just found that in the quarentine of my antivirus there is a WIN32/Trojan.downloader and a WMA/Trojan.Downloader.
Does that mean that the virus is still around ?
 
Please I asked you to provide the startup files.
Yea it looks like the virus is still around, but it's not active at the moment sine it's quarantined.
 
I did a scan with this program call RemoveIT Pro v4 and it found 4 viruses at this locations:
10:05:32 PM: Infected file (Sys32.fdsv) C:\Windows\fdsv.exe
10:05:33 PM: Infected file (Sys32.grep) C:\Windows\grep.exe
10:05:39 PM: Infected file (Sys32.sed) C:\Windows\sed.exe
10:05:39 PM: Infected file (Sys32.swxcacls) C:\Windows\swxcacls.exe

so how do i get rid of that?
 
GameMaster said:
Please I asked you to provide the startup files.
Yea it looks like the virus is still around, but it's not active at the moment sine it's quarantined.
Click to expand...

RtHDVCpl.exe
NDSTray.exe
C:\WIndows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
%PrgramFiles%\TOSHIBA\PowerSaver\TPwrMain.EXE
%PrgramFiles%\TOSHIBA\TBS\HSON.exe
%PrgramFiles%\Toshiba\SMoothView\Smoothview.exe
%PrgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
"C:\Program Files\Camera Assistant SOftware for Toshiba\traybar.exe"
"C:\Program Files\Eset\nod32kui.exe"/WAITSERVICE
"C:\Program Files\QuickTIme\QTTask.exe"-atboottime
"C:\Program Files\iTunes\iTunesHelper.exe"
"C:\Program Files\Adobe/Reader 8.0\ Reader\Reader_sl.exe"
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE- startup
C:\Program File\ Windows sidebar\sidebar.exe./ autorun
runll32.exe oobefldr.dll, ShowWelcomeCenter
TOSCDSPD.EXE
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe"/background
C:\Program Files\Spybot - search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\NOkia PC SUite 6\PcSync2.exe/NoDialog
"C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe"
"C:\Program Files\Ares\Ares.exe"-h
C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe
C:\PROGRA~1\LimeWire\LimeWire.exe-startup
 
The startup is OK, there are no bad files starting with your PC.
But you're keeping Ares and LimeWire on startup, why? You can always run them when needed to download something, they really slow down your startup.

The logs were clean, this looks fine... one more scan.

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Also "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.
 
Umm , so how do i not have them at starup? by disabling it?

and for this 4 infected files ,can you show me how to get rid of it?
10:05:32 PM: Infected file (Sys32.fdsv) C:\Windows\fdsv.exe
10:05:33 PM: Infected file (Sys32.grep) C:\Windows\grep.exe
10:05:39 PM: Infected file (Sys32.sed) C:\Windows\sed.exe
10:05:39 PM: Infected file (Sys32.swxcacls) C:\Windows\swxcacls.exe

So far my computer is fine ... nothing unusual with it's behaviour.

Malwarebytes' Anti-Malware 1.12
Database version: 797

Scan type: Quick Scan
Objects scanned: 36094
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
I bet if we run Avenger again and try to delete those files, they wouldn't exist. Let's try though :P

Even Malwarebites Anti-Malware didn't find anything.

Download Avenger, and unzip it to your desktop or somewhere you can find it. (Do not run it yet).

Note: This program is for use on Windows XP 32 bit systems only, and must be run from an Administrator account.

  • Open a Notepad file by clicking Start > Run and typing Notepad.exe in the box, click OK.
  • Click Format, and ensure Word Wrap is unchecked.
  • Copy and Paste the text in the box below into Notepad.
  • Now save the file as RemoveFiles.txt in a location where you can find it.

Files to delete:
C:\Windows\fdsv.exe
C:\Windows\grep.exe
C:\Windows\sed.exe
C:\Windows\swxcacls.exe
Click to expand...

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Start Avenger by double clicking on Avenger.exe.
  • Check Load script from file:
  • Click on the folder symbol below and to the right, and browse to RemoveFiles.txt.
  • Double click it to enter it into Avenger.
  • Click the green traffic light symbol.
  • You will be asked if you want to execute the script, answer Yes.
  • At this point you may get prompts from your protection systems, allow them please.
  • Avenger will set itself up to run the next time you re-boot, and will prompt you to re-start immediately.
  • Answer Yes, and allow your computer to re-boot.
  • Upon re-boot a command window will briefly appear on screen (this is normal).
  • A Notepad text file will be created C:\avenger.txt.
  • Copy and Paste it into your next post please.
 
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\fdsv.exe" deleted successfully.
File "C:\Windows\grep.exe" deleted successfully.
File "C:\Windows\sed.exe" deleted successfully.
File "C:\Windows\swxcacls.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
 
GameMaster said:
Rofl. Avenger found and deleted all the files :D
Anymore problems with your computer?
Click to expand...

Yea that's cool .... thanks for the help :) .. appreciate it!

actually now i'm experiencing come problems with my comp ...
my firefox tends to hang more often now .. and when i start my itune .. sometimes it shows up black coloured than after a while it will return to its original form . and also my msn keeps logging off.
 
Last edited:
Superb.
Could you please run a scan with ComboFix?
Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
oFix 08-05-29.1 - TOSHIBA 2008-05-31 18:50:03.3 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.903 [GMT 8:00]
Running from: C:\Users\TOSHIBA\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.

2008-05-31 16:20 . 2008-05-31 16:20 <DIR> d-------- C:\Program Files\iTunes
2008-05-31 16:20 . 2008-05-31 16:20 <DIR> d-------- C:\Program Files\iPod
2008-05-31 15:11 . 2008-05-31 15:12 274,589,438 --a------ C:\Windows\MEMORY.DMP
2008-05-31 10:43 . 2008-05-31 10:43 <DIR> d-------- C:\Users\All Users\CheckPoint
2008-05-31 10:43 . 2008-05-31 10:43 <DIR> d-------- C:\ProgramData\CheckPoint
2008-05-31 10:43 . 2008-05-31 10:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-31 10:43 . 2008-03-03 14:05 1,086,952 --a------ C:\Windows\System32\zpeng24.dll
2008-05-31 10:43 . 2008-03-03 14:06 279,440 --a------ C:\Windows\System32\drivers\~GLH0014.TMP
2008-05-31 10:42 . 2008-05-31 10:44 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-05-31 10:42 . 2008-05-31 18:56 <DIR> d-------- C:\Windows\Internet Logs
2008-05-31 10:42 . 2008-05-31 16:14 352,615 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-05-31 10:42 . 2008-03-03 14:06 279,440 --------- C:\Windows\System32\drivers\vsdatant.sys
2008-05-31 10:23 . 2008-05-31 10:23 <DIR> d-------- C:\Users\All Users\Avira
2008-05-31 10:23 . 2008-05-31 10:23 <DIR> d-------- C:\ProgramData\Avira
2008-05-31 10:23 . 2008-05-31 10:23 <DIR> d-------- C:\Program Files\Avira
2008-05-29 21:40 . 2008-05-29 21:40 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Malwarebytes
2008-05-29 21:40 . 2008-05-29 21:40 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-05-29 21:40 . 2008-05-29 21:40 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-05-29 21:33 . 2008-03-08 08:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-29 21:33 . 2008-03-08 12:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-28 21:59 . 2008-05-28 21:59 <DIR> d-------- C:\Program Files\InCode Solutions
2008-05-25 23:09 . 2008-05-25 23:09 <DIR> d-------- C:\sUBs
2008-05-25 20:46 . 2008-05-25 20:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-25 18:11 . 2008-05-25 18:15 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\AVG7
2008-05-25 18:11 . 2008-05-25 23:21 <DIR> d-------- C:\Users\All Users\avg7
2008-05-25 18:11 . 2008-05-25 23:21 <DIR> d-------- C:\ProgramData\avg7
2008-05-25 15:28 . 2008-05-25 15:28 <DIR> d-------- C:\Program Files\Red Kawa
2008-05-25 15:28 . 2008-05-29 21:35 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-05-25 14:56 . 2008-05-31 16:16 <DIR> d-------- C:\Users\TOSHIBA\Incomplete
2008-05-25 00:49 . 2007-08-08 12:07 101,504 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-05-25 00:49 . 2007-08-08 12:06 23,424 --a------ C:\Windows\System32\drivers\ewdcsc.sys
2008-05-25 00:47 . 2008-05-25 00:47 <DIR> d-------- C:\Program Files\Huawei technologies
2008-05-24 00:13 . 2008-05-24 00:14 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Media Player Classic
2008-05-23 22:35 . 2008-05-23 22:35 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Datalayer
2008-05-23 22:06 . 2008-05-23 22:41 <DIR> d-------- C:\Users\TOSHIBA\Phone Browser
2008-05-23 22:06 . 2008-05-23 22:06 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Nokia N73
2008-05-23 22:06 . 2008-05-23 22:06 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Nokia Multimedia Player
2008-05-23 22:05 . 2008-05-23 23:02 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Nokia
2008-05-23 22:00 . 2008-05-23 22:01 <DIR> d-------- C:\Windows\Downloaded Installations
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\PC Suite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Users\All Users\PC Suite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\ProgramData\PC Suite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-05-23 21:58 . 2008-05-23 21:59 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-05-23 21:57 . 2008-05-23 21:57 <DIR> d-------- C:\Users\All Users\Downloaded Installations
2008-05-23 21:57 . 2008-05-23 21:57 <DIR> d-------- C:\ProgramData\Downloaded Installations
2008-05-23 21:57 . 2008-05-23 22:01 <DIR> d-------- C:\Program Files\Nokia
2008-05-23 21:57 . 2006-05-29 08:26 50,688 --a------ C:\Windows\System32\nmwcdcls.dll
2008-05-22 15:02 . 2008-05-23 23:03 <DIR> d-------- C:\Users\TOSHIBA\Ipod Wallie
2008-05-19 14:03 . 2008-05-19 14:03 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-05-19 14:03 . 2008-05-19 14:03 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-05-19 14:03 . 2008-05-19 14:03 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-05-19 14:03 . 2008-05-19 14:03 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-05-19 14:03 . 2008-05-19 14:03 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-05-18 19:43 . 2008-05-31 18:50 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\uTorrent
2008-05-18 19:43 . 2008-05-18 19:43 <DIR> d-------- C:\Program Files\uTorrent
2008-05-18 17:29 . 2008-05-18 17:29 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-18 14:12 . 2008-05-18 14:12 0 --a------ C:\Windows\nsreg.dat
2008-05-18 12:52 . 2008-05-18 16:27 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\Apple Computer
2008-05-18 12:51 . 2008-05-18 12:52 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-05-18 12:51 . 2008-05-18 12:52 <DIR> d-------- C:\ProgramData\Apple Computer
2008-05-18 12:51 . 2008-05-18 12:51 <DIR> d-------- C:\Program Files\QuickTime
2008-05-18 12:51 . 2008-05-18 12:51 <DIR> d-------- C:\Program Files\Bonjour
2008-05-18 12:50 . 2008-05-18 12:50 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-18 12:49 . 2008-05-18 12:49 <DIR> d-------- C:\Users\All Users\Apple
2008-05-18 12:49 . 2008-05-18 12:49 <DIR> d-------- C:\ProgramData\Apple
2008-05-18 12:49 . 2008-05-18 12:49 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-18 12:25 . 2008-05-25 18:14 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-18 12:25 . 2008-05-25 18:14 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-18 12:25 . 2008-05-18 12:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-18 12:11 . 2008-05-18 12:11 704,000 --a------ C:\Windows\System32\PhotoScreensaver.scr
2008-05-18 12:09 . 2008-05-18 12:09 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-05-18 12:09 . 2008-05-18 12:09 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-05-18 12:09 . 2008-05-18 12:09 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-05-18 12:09 . 2008-05-18 12:09 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-05-18 12:09 . 2008-05-18 12:09 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-05-18 12:09 . 2008-05-18 12:09 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-05-18 12:09 . 2008-05-18 12:09 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-05-18 12:09 . 2008-05-18 12:09 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-05-18 12:09 . 2008-05-18 12:09 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-05-18 12:09 . 2008-05-18 12:09 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-05-18 12:08 . 2008-05-18 12:08 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-05-18 12:08 . 2008-05-18 12:08 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-05-18 12:08 . 2008-05-18 12:08 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-05-18 12:08 . 2008-05-18 12:08 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-05-18 12:08 . 2008-05-18 12:08 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-05-18 12:08 . 2008-05-18 12:08 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-05-18 12:06 . 2008-05-18 12:06 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-05-18 12:06 . 2008-05-18 12:06 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-05-18 12:06 . 2008-05-18 12:06 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-05-18 12:06 . 2008-05-18 12:06 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-05-18 12:06 . 2008-05-18 12:06 2,048 --a------ C:\Windows\System32\asferror.dll
2008-05-18 12:05 . 2008-05-18 12:05 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-05-18 12:05 . 2008-05-18 12:05 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-05-18 12:05 . 2008-05-18 12:05 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-05-18 12:04 . 2008-05-18 12:04 148,992 --a------ C:\Windows\System32\drivers\ks.sys
2008-05-18 12:04 . 2008-05-18 12:04 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-05-18 12:04 . 2008-05-18 12:04 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-05-18 12:04 . 2008-05-18 12:04 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys
2008-05-18 12:04 . 2008-05-18 12:04 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-05-18 12:04 . 2008-05-18 12:04 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys
2008-05-18 12:04 . 2008-05-18 12:04 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
2008-05-18 12:03 . 2008-05-18 12:03 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-05-18 12:01 . 2008-05-18 12:01 2,048 --a------ C:\Windows\System32\tzres.dll
2008-05-18 12:00 . 2008-05-18 12:00 750,080 --a------ C:\Windows\System32\qmgr.dll
2008-05-17 10:38 . 2008-05-31 16:16 <DIR> d-------- C:\Users\TOSHIBA\AppData\Roaming\LimeWire
2008-05-17 10:35 . 2008-05-17 10:35 <DIR> d-------- C:\Program Files\LimeWire
2008-05-17 10:20 . 2008-05-17 10:20 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-05-17 10:20 . 2008-05-17 10:20 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-05-17 10:09 . 2008-05-17 10:18 <DIR> d-------- C:\Program Files\Windows Live
2008-05-17 10:09 . 2008-05-17 10:18 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-17 10:08 . 2008-05-17 10:08 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-05-17 10:08 . 2008-05-17 10:08 <DIR> d-------- C:\ProgramData\WLInstaller
2008-05-17 10:08 . 2008-05-17 10:08 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
2008-05-17 10:08 . 2008-05-17 10:08 1,524,224 --a------ C:\Windows\System32\wucltux.dll
2008-05-17 10:08 . 2008-05-17 10:08 549,720 --a------ C:\Windows\System32\wuapi.dll
2008-05-17 10:08 . 2008-05-17 10:08 163,000 --a------ C:\Windows\System32\wuwebv.dll
2008-05-17 10:08 . 2008-05-17 10:08 80,896 --a------ C:\Windows\System32\wudriver.dll
2008-05-17 10:08 . 2008-05-17 10:08 53,080 --a------ C:\Windows\System32\wuauclt.exe
2008-05-17 10:08 . 2008-05-17 10:08 43,352 --a------ C:\Windows\System32\wups2.dll
2008-05-17 10:08 . 2008-05-17 10:08 33,624 --a------ C:\Windows\System32\wups.dll
2008-05-17 10:08 . 2008-05-17 10:08 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-05-17 02:27 . 2008-05-17 02:27 <DIR> d-------- C:\Program Files\ltmoh
2008-05-17 02:27 . 2006-10-18 16:39 487,424 --a------ C:\Windows\System32\cselect.exe
2008-05-17 02:27 . 2003-02-25 15:42 128,113 --a------ C:\Windows\System32\csellang.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-24 16:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 10:15 174 --sha-w C:\Program Files\desktop.ini
2008-05-19 07:29 --------- d-----w C:\Program Files\Windows Calendar
2008-05-19 06:02 944,184 ----a-w C:\Windows\System32\winload.exe
2008-05-19 05:59 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-05-18 04:38 --------- d-----w C:\Program Files\Windows Mail
2008-05-18 04:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-18 04:10 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-18 04:10 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-18 04:10 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-18 04:10 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-18 04:10 299,008 ----a-w C:\Windows\System32\wlansec.dll
2008-05-18 04:10 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-18 04:10 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2008-05-18 04:10 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-18 04:10 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-18 04:10 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2008-05-18 04:10 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-18 04:10 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2008-05-18 04:02 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-05-18 04:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-05-18 04:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-18 04:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-05-16 03:38 --------- d-----w C:\ProgramData\Toshiba
2008-05-16 03:38 --------- d-----w C:\Program Files\Toshiba
2008-05-16 03:34 --------- d-----w C:\Program Files\Intel
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((( snapshot@2008-05-25_23.17.07.03 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-25 12:44:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-31 08:13:56 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-24 16:49:24 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-05-31 02:43:23 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-05-24 16:49:23 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-05-31 02:43:21 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-05-24 16:49:24 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-05-31 02:43:22 86,016 ----a-w C:\Windows\inf\infstrng.dat
- 2008-05-18 04:52:50 102,400 ----a-r C:\Windows\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
+ 2008-05-31 08:21:19 102,400 ----a-r C:\Windows\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe
- 2008-05-25 12:43:17 229,264 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-05-31 08:13:05 229,264 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-05-25 12:44:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-31 08:13:57 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-25 12:44:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-31 08:13:57 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-31 07:43:44 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-25 12:45:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-31 08:16:05 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-31 07:44:38 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-25 12:45:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-31 08:16:11 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-31 08:10:45 3,396 ----a-w C:\Windows\SoftwareDistribution\EventCache\{E9F6DC3C-9444-4A13-BDA7-5120C0ED66D6}.bin
- 2008-05-25 07:28:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-31 08:14:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-25 07:28:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-31 08:14:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-25 07:28:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-31 08:14:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-25 15:14:12 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-31 10:49:59 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-05-31 02:32:42 79,424 ----a-w C:\Windows\System32\drivers\avipbb.sys
+ 2007-03-01 02:34:36 28,352 ----a-w C:\Windows\System32\drivers\ssmdrv.sys
+ 2008-03-03 06:06:04 279,440 ----a-w C:\Windows\System32\DriverStore\FileRepository\vsdatant.inf_52bc6cc9\vsdatant.sys
- 2008-05-18 04:08:19 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll
+ 2008-05-18 04:08:18 49,152 ----a-w C:\Windows\System32\migration\netiomig.dll
- 2008-05-25 13:56:33 104,024 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-31 08:21:04 104,024 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-25 13:56:33 618,648 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-31 08:21:04 618,648 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-23 14:36:56 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-31 02:50:48 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-03-03 06:04:54 95,720 ----a-w C:\Windows\System32\vsdata.dll
+ 2008-03-03 06:04:54 165,352 ----a-w C:\Windows\System32\vsinit.dll
+ 2008-03-03 06:04:54 103,912 ----a-w C:\Windows\System32\vsmonapi.dll
+ 2008-03-03 06:04:54 275,944 ----a-w C:\Windows\System32\vspubapi.dll
+ 2008-03-03 06:04:54 71,144 ----a-w C:\Windows\System32\vsregexp.dll
+ 2008-03-03 06:04:56 493,032 ----a-w C:\Windows\System32\vsutil.dll
+ 2008-03-03 06:04:56 46,568 ----a-w C:\Windows\System32\vswmi.dll
+ 2008-03-03 06:04:56 99,816 ----a-w C:\Windows\System32\vsxml.dll
- 2008-05-25 12:46:00 4,718 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069671701-3476945987-2273482261-1000_UserData.bin
+ 2008-05-31 08:16:28 5,730 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2069671701-3476945987-2273482261-1000_UserData.bin
- 2008-05-25 12:46:00 58,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 08:16:28 62,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-25 12:45:58 33,586 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 08:16:26 37,858 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-03 06:04:56 83,432 ----a-w C:\Windows\System32\zlcomm.dll
+ 2008-03-03 06:04:56 71,144 ----a-w C:\Windows\System32\zlcommdb.dll
+ 2008-03-03 06:04:52 99,816 ----a-w C:\Windows\System32\ZoneLabs\camupd.dll
+ 2004-01-30 04:35:08 813,568 ----a-w C:\Windows\System32\ZoneLabs\dbghelp.dll
+ 2008-03-03 06:04:52 136,680 ----a-w C:\Windows\System32\ZoneLabs\fbl.dll
+ 2008-03-03 06:04:52 50,672 ----a-w C:\Windows\System32\ZoneLabs\featuremap.dll
+ 2008-03-03 06:05:08 288,144 ----a-w C:\Windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2008-03-03 06:05:08 152,976 ----a-w C:\Windows\System32\ZoneLabs\lib\licenseui.zip.dll
+ 2008-03-03 06:05:08 54,672 ----a-w C:\Windows\System32\ZoneLabs\lib\welcomeui.zip.dll
+ 2008-03-03 06:05:08 26,000 ----a-w C:\Windows\System32\ZoneLabs\lib\zlsvc.zip.dll
+ 2008-03-03 06:05:08 1,361,296 ----a-w C:\Windows\System32\ZoneLabs\lib\zpy.zip.dll
+ 2008-03-03 06:05:08 71,056 ----a-w C:\Windows\System32\ZoneLabs\lib\zui.zip.dll
+ 2008-03-03 06:06:06 30,192 ----a-w C:\Windows\System32\ZoneLabs\plugins\rpc_server\rpc_server.dll
+ 2008-03-03 06:06:06 30,216 ----a-w C:\Windows\System32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll
+ 2007-12-11 11:58:04 714,208 ----a-w C:\Windows\System32\ZoneLabs\qrbase.dll
+ 2007-12-11 11:58:04 792,032 ----a-w C:\Windows\System32\ZoneLabs\qrsrecl.dll
+ 2008-03-03 06:04:52 173,544 ----a-w C:\Windows\System32\ZoneLabs\scheduler.dll
+ 2008-01-21 00:25:00 7,603,688 ----a-w C:\Windows\System32\ZoneLabs\spyware.dat
+ 2007-12-11 11:58:06 1,504,736 ----a-w C:\Windows\System32\ZoneLabs\srescan.dll
+ 2008-03-03 06:04:54 456,168 ----a-w C:\Windows\System32\ZoneLabs\ssleay32.dll
+ 2007-04-19 20:44:28 833,248 ----a-w C:\Windows\System32\ZoneLabs\updating.dll
+ 2008-03-03 06:05:02 169,512 ----a-w C:\Windows\System32\ZoneLabs\updclient.exe
+ 2008-03-03 06:04:54 112,104 ----a-w C:\Windows\System32\ZoneLabs\vsavpro.dll
+ 2008-03-03 06:06:04 279,440 ----a-w C:\Windows\System32\ZoneLabs\vsdatant.sys
+ 2008-03-03 06:04:54 75,240 ----a-w C:\Windows\System32\ZoneLabs\vsdb.dll
+ 2008-03-03 06:05:02 64,912 ----a-w C:\Windows\System32\ZoneLabs\vsdrinst.exe
+ 2008-03-03 06:05:02 79,400 ----a-w C:\Windows\System32\ZoneLabs\vsmon.exe
+ 2008-03-03 06:04:54 2,086,376 ----a-w C:\Windows\System32\ZoneLabs\vsmondll.dll
+ 2008-03-03 06:04:56 1,361,384 ----a-w C:\Windows\System32\ZoneLabs\vsruledb.dll
+ 2008-03-03 06:04:56 243,176 ----a-w C:\Windows\System32\ZoneLabs\vsvault.dll
+ 2008-01-21 00:25:00 7,603,688 ----a-w C:\Windows\System32\ZoneLabs\zlasdbup.dat
+ 2008-03-03 06:04:56 177,640 ----a-w C:\Windows\System32\ZoneLabs\zlparser.dll
+ 2008-03-03 06:04:56 79,344 ----a-w C:\Windows\System32\ZoneLabs\zlquarantine.dll
+ 2008-03-03 06:04:58 398,824 ----a-w C:\Windows\System32\ZoneLabs\zlsre.dll
+ 2008-03-03 06:04:58 120,296 ----a-w C:\Windows\System32\ZoneLabs\zlupdate.dll
+ 2008-05-31 02:50:22 1,063,338 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll
+ 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll
+ 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll
+ 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll
+ 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll
+ 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll
+ 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll
+ 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll
+ 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll
+ 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll
+ 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll
+ 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll
+ 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll
+ 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll
+ 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll
+ 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll
+ 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll
+ 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll
+ 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll
+ 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll
+ 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll
+ 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll
+ 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll
+ 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll
+ 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll
+ 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll
+ 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll
+ 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll
+ 2007-04-20 10:50:15 217,272 ----a-w C:\Windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20582_none_54ea4862d183ae20\netio.sys
+ 2007-04-20 10:41:33 49,152 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179\netiomig.dll
+ 2007-04-20 09:55:13 22,016 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179\netiougc.exe
+ 2007-04-20 09:55:56 803,840 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179\tcpip.sys
+ 2007-04-20 10:42:16 167,424 ----a-w C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20582_none_5fd47169ab8fd179\tcpipcfg.dll
.
-- Snapshot reset to current date --
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-18 12:05 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 20:34 2159104 C:\Windows\System32\oobefldr.dll]
"TOSCDSPD"="TOSCDSPD.EXE" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"HuaWeiEVDO.exe"="C:\Program Files\Huawei technologies\Mobile Connect\Mobile Connect.exe" [2007-10-09 11:58 925696]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"RemoveIT Pro XT"="C:\Program Files\InCode Solutions\RemoveIT Pro v4-Trial\removeit.exe" [2008-05-27 23:05 580096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-14 15:50 4399104 C:\Windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" []
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-09-20 11:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-09-20 11:07 154136]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-09-20 11:07 129560]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 13:36 835584]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 23:16 411768]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 11:46 448632]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-03-23 14:41 538744]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-03-21 17:23 413696]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-16 11:51 949376]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36 229376]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-31 10:32 262401]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 14:05 959976]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Users\TOSHIBA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-19 03:21:09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C902BB4C-47D3-4F0C-8D16-C4F19F126686}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{57714F56-E0CC-4A60-B926-00DE69F5F56F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{488B65FD-EEEF-48F7-9633-FD68B5ADCD5C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{8C8B1178-3CD6-446E-B31D-51C9F9BB6A6B}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{6A420FCC-F3A3-47B1-858E-4702BD3B087E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4DB7550B-1C9F-40FA-A163-24BF84A7B229}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{18B1B8B1-4E35-4A12-B1CA-944B00BAF1FD}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{171F1DD0-1514-4347-A37A-B7655367A0E4}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{BFCDE734-DAC6-4B3F-B1DD-1177934F7EA4}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{80F1A701-BF14-4F4B-B139-4D831F5390C3}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9F69B517-F7E3-4F8F-8AF9-034AF0FC63CF}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{231FD8B2-47D6-4D5B-8619-A8A05C7FF3C7}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{1A4FD322-25F3-4A2A-9032-E2D5D2FA6900}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{11BB9531-E527-41C3-9C4F-171D12424A73}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{7A3F7380-DD18-4275-BE1F-E8CB7BAF553A}C:\\program files\\incode solutions\\removeit pro v4-trial\\removeit.exe"= UDP:C:\program files\incode solutions\removeit pro v4-trial\removeit.exe:removeit
"UDP Query User{69ED6CA7-E059-4D23-997F-E2AADA5694E8}C:\\program files\\incode solutions\\removeit pro v4-trial\\removeit.exe"= TCP:C:\program files\incode solutions\removeit pro v4-trial\removeit.exe:removeit
"{003E26EA-F7D4-492D-9872-397E9C586BCF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{203DC79D-B8C4-4445-BB88-5B4E035153CB}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-09-19 10:59]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-09-19 11:01]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 12:55]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 13:11]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-13 15:23]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-19 02:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\DRIVERS\UVCFTR_S.SYS [2007-03-12 21:47]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-10 01:00]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 15:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60f6bbee-27c7-11dd-9af7-001cbfcdd3e3}]
\shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ebe81b2-2ae8-11dd-bcd6-001cbfcdd3e3}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c7f661-2b14-11dd-b374-001cbfcdd3e3}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74c7f66e-2b14-11dd-b374-001cbfcdd3e3}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c58070d-2a17-11dd-bbf6-001e3331441a}]
\shell\AutoPlay\command - wscript.exe \saifulfaizan.js
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \saifulfaizan.js
\shell\Explore\command - wscript.exe \saifulfaizan.js -Clicked
\shell\Open\command - wscript.exe \saifulfaizan.js
\shell\Scan for Viruses\command - wscript.exe \saifulfaizan.js
\shell\Scan with AVG\command - wscript.exe \saifulfaizan.js
\shell\Scan with Norton AntiVirus\command - wscript.exe \saifulfaizan.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d50ed21-29ab-11dd-a1c0-001cbfcdd3e3}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d50ed4c-29ab-11dd-a1c0-001e3331441a}]
\shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db2532ca-272a-11dd-ba7a-001cbfcdd3e3}]
\shell\AutoPlay\command - wscript.exe \saifulfaizan.js
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \saifulfaizan.js
\shell\Explore\command - wscript.exe \saifulfaizan.js -Clicked
\shell\Open\command - wscript.exe \saifulfaizan.js
\shell\Scan for Viruses\command - wscript.exe \saifulfaizan.js
\shell\Scan with AVG\command - wscript.exe \saifulfaizan.js
\shell\Scan with Norton AntiVirus\command - wscript.exe \saifulfaizan.js

.
Contents of the 'Scheduled Tasks' folder
"2008-05-17 02:20:35 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-30 12:20:35 C:\Windows\Tasks\User_Feed_Synchronization-{11EA8DFC-B6F5-4624-B338-034E421E2214}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 18:57:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Users\TOSHIBA\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_9EE4_636C_E463_461D\$db_clean$ 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2008-05-31 18:59:09
ComboFix-quarantined-files.txt 2008-05-31 10:58:38
ComboFix2.txt 2008-05-26 06:14:08
ComboFix3.txt 2008-05-25 15:17:42

Pre-Run: 91,136,757,760 bytes free
Post-Run: 91,445,297,152 bytes free

437 --- E O F --- 2008-05-31 08:09:20
 
You must log in or register to reply here.
Back
Top