spyware protect 2009 - ericshin

View previous topic View next topic Go down

spyware protect 2009 - ericshin

Post by ericshin on 28th February 2009, 4:15 am

hey,

I turned on my computer an hour ago and this thing popped up telling me to buy this program, and also this windows security alert warning comes up telling me to scam my computer and if i click on it the the spyware protect scan opens. Also i'm not sure if this is related but every hour or so this google installer message pops up. this only started happening when i got this the day before this spyware protect popped up. when i googled geek police and tried to click on the link to this site, it opened another tab and it was labelled redirect but it never loads so i have to use another computer. I have malwarebytes' anti-malware but when i try to open it it doesn't run. I've also got this bankerfox.a alert too.

this is the hijack this log. I put the log in a flash drive and put it on here. thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:10:54 p.m., on 28/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\system32\devldr32.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Andrew\Desktop\TZG\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9876a894a61ea) (gupdate1c9876a894a61ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6656 bytes


Last edited by ericshin on 28th February 2009, 4:17 am; edited 1 time in total (Reason for editing : had wordwrap on with notepad)

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 28th February 2009, 2:35 pm

Hello again.

I understand you want help, but you don't have any protection running.

Actually, this doesn't suprise me at all...
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: [You must be registered and logged in to see this link.]
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 1st March 2009, 1:58 am

It scanned my computer the second i had it installed but after the reboot it says "last complete system scan" and next to it says "not performed" but it deleted 3 objects. Also when i installed it, there was a error message about C:/WINDOWS/ something something. I'm now updating it and then performing a full complete scan. the pop up messages are gone, but when i click on a link on google it still opens another tab in the browser labelled redirect but it doesn't load the page. And also this "google installer has encountered a problem" still pops up and tells me to either "send error report" to microsoft or "don't send" I don't think this is a virus tho. Here is the report with the avira updated and the not updated one and also the hijack this:

not updated avira scan report done automatically once installed:


Avira AntiVir Personal
Report file date: Sunday, 1 March 2009 13:48

Scanning for 1038808 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: Andrew
Computer name: ANDREW-UX8YV5KH

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/17/2008 20:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 19:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 00:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 19:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 23:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 04:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 11/16/2008 04:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 11/17/2008 04:38:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/13/2008 22:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 02:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 03:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 01:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/10/2008 21:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/7/2008 03:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/7/2008 03:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/7/2008 03:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/7/2008 03:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/13/2008 22:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 11/7/2008 03:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 10/13/2008 22:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/8/2008 20:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/15/2008 21:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 00:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/8/2008 23:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/11/2008 20:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 00:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 05:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 00:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 00:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 01:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 01:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: D:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, 1 March 2009 13:48

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'sysguard.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\sysguard.exe'
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'sysguard.exe' has been terminated
C:\WINDOWS\sysguard.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!

42 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\mcenspc.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd9053.sys
[WARNING] The file could not be opened!


End of the scan: Sunday, 1 March 2009 13:51
Used time: 02:54 Minute(s)

The scan has been done completely.

169 Scanning directories
6292 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
6286 Files not concerned
29 Archives were scanned
3 Warnings
2 Notes

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 1st March 2009, 1:58 am

The avira scan report done by clicking on "scan system now":



Avira AntiVir Personal
Report file date: Sunday, 1 March 2009 14:12

Scanning for 1271369 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANDREW-UX8YV5KH

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/17/2008 20:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 19:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 00:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 19:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 23:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:02:19
ANTIVIR2.VDF : 7.1.2.55 248832 Bytes 2/20/2009 01:02:22
ANTIVIR3.VDF : 7.1.2.96 190976 Bytes 2/28/2009 01:02:24
Engineversion : 8.2.0.98
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/1/2009 01:02:44
AESCRIPT.DLL : 8.1.1.56 352634 Bytes 3/1/2009 01:02:43
AESCN.DLL : 8.1.1.7 127347 Bytes 3/1/2009 01:02:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 01:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 3/1/2009 01:02:39
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/1/2009 01:02:36
AEHEUR.DLL : 8.1.0.100 1618295 Bytes 3/1/2009 01:02:35
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/1/2009 01:02:29
AEGEN.DLL : 8.1.1.22 336245 Bytes 3/1/2009 01:02:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/13/2008 22:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/1/2009 01:02:26
AEBB.DLL : 8.1.0.3 53618 Bytes 10/13/2008 22:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/8/2008 20:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/15/2008 21:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 00:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/8/2008 23:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/11/2008 20:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 00:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 05:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 00:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 00:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 01:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 01:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, 1 March 2009 14:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Andrew\Desktop\TZG\ComboFix.exe
[DETECTION] Is the TR/Murdak.A.47 Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Andrew\Desktop\TZG\OTMoveIt3.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Subseven.asu back-door program
[NOTE] The file was deleted!
C:\Documents and Settings\Andrew\Local Settings\temp\OWrVyTDT.exe
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
[NOTE] The file was deleted!
C:\Documents and Settings\Andrew\Local Settings\temp\WyDnlswv.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\iehelper.dll
[DETECTION] Is the TR/BHO.9216 Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd9053.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Program Files\GRETECH\GomPlayer\Dodge.dll
[DETECTION] Is the TR/Agent.22096 Trojan
[NOTE] The file was deleted!


End of the scan: Sunday, 1 March 2009 14:48
Used time: 36:16 Minute(s)

The scan has been done completely.

4146 Scanning directories
199383 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
6 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
199373 Files not concerned
1562 Archives were scanned
5 Warnings
6 Notes

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 1st March 2009, 1:59 am

The new Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:01 p.m., on 1/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\devldr32.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrew\Desktop\TZG\Hijack(GP)This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [nTrayFw] D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Update Service (gupdate1c9876a894a61ea) (gupdate1c9876a894a61ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7314 bytes

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 1st March 2009, 2:02 am

Hmm.
Avast! doesn't like OTMoveIt, that's puts a new twist on things.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
    O2 - BHO: BHO - {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - C:\WINDOWS\system32\iehelper.dll (file missing)
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe


  • Press "Fix Checked"
  • Close Hijack This.

Lets have a look around.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 1st March 2009, 3:36 am

i can't download that from my computer (the one thats got this virus) because it won't load any new webpages. Should i download it onto this computer and then, put it on a flash drive and transfer onto the desktop of my computer with the virus? or does it have to be downloaded?

thanks

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 1st March 2009, 7:49 am

DDS (Ver_09-02-01.01) - NTFSx86
Run by Andrew at 20:46:07.10 on Sun 01/03/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.629 [GMT 13:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: NVIDIA Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\DAEMON Tools\daemon.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\devldr32.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
D:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Andrew\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - d:\program files\realplayer\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [WinampAgent] "d:\program files\winamp\winampa.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DAEMON Tools] "d:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [nTrayFw] d:\progra~1\nvidia~1\networ~1\bin\nTrayFw.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "d:\program files\avira\antivir personaledition classic\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\andrew\applic~1\mozilla\firefox\profiles\0d6ybm7f.default\
FF - component: d:\program files\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: d:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: d:\program files\realplayer\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir personaledition classic\avgio.sys [2009-3-1 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;d:\program files\avira\antivir personaledition classic\sched.exe [2009-3-1 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;d:\program files\avira\antivir personaledition classic\avguard.exe [2009-3-1 151297]
R3 avgntflt;avgntflt;d:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-3-1 52032]
S2 gupdate1c9876a894a61ea;Google Update Service (gupdate1c9876a894a61ea);c:\program files\google\update\GoogleUpdate.exe [2009-2-5 133104]
S3 cpuz130;cpuz130;\??\c:\docume~1\andrew\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\andrew\locals~1\temp\cpuz130\cpuz_x32.sys [?]

=============== Created Last 30 ================

2009-03-01 13:47 --d----- c:\docume~1\alluse~1\applic~1\Avira

==================== Find3M ====================

2009-01-04 21:12 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-01-04 16:40 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-01-04 16:40 17,212 a------t c:\windows\system32\SIntf32.dll
2009-01-04 16:40 12,067 a------t c:\windows\system32\SIntf16.dll
2008-12-31 17:44 22,328 a------- c:\docume~1\andrew\applic~1\PnkBstrK.sys
2008-12-31 17:44 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-30 02:33 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-09 18:36 70,691 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-07 23:51 60,416 a------- c:\windows\ALCFDRTM.EXE
2008-12-07 22:56 499,712 a------- c:\windows\system32\msvcp71.dll
2008-12-07 15:19 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 20:46:48.23 ===============

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 1st March 2009, 2:15 pm

Hello.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :services
    cpuz130

    :files
    C:\WINDOWS\sysguard.exe

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 2nd March 2009, 2:56 am

========== SERVICES/DRIVERS ==========
Service cpuz130 stopped successfully.
Service cpuz130 deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\sysguard.exe not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03022009_155513

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 2nd March 2009, 2:07 pm

Hello.
How is the machine now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 3rd March 2009, 2:57 am

not too good. i still can't open malwarebytes' anti malware, and when ever i try to go to a website by using google it opens up a new tab thats got nothing to do with the webpage i wanted to load and the original tab doesn't load it either. for example, i search cars in google. and i click on the first link thats there but when i do a new tab loads and its labelled redirect but the new tab has nothing to do with what i wanted to see and sometimes it just stays blank. Also i used to see a warning about having automatic updates turned off but thats not there anymore. is that a bad sign? and also that google installer error message keeps popping up but i don't think thats a virus, maybe the virus interfered with it?

thanks

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 3rd March 2009, 6:13 pm

Yes, it's a bad sign.
Does it look anything like this?

[You must be registered and logged in to see this link.]

This is a common Google search engine hijacker, we can fix it, but I need to know if I'm right first before I take any action


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 4th March 2009, 2:52 am

hey, i don't know if that s whats happening to my computer so i uploaded some pictures to help me describe it

this is the google error i was talking about



this is what it looks like when i just pressed enter after typing something into google ( that scroll bar on the bottom appeared)



So now that the page has loaded, the scroll bar is gone and what i click next is the wikipedia link, the second link.





and now this is what happens a new tab is created and called redirect





the original page with all the links showing doesn't load like it should





thanks for your help by the way that spyware protect 2009 thing was the worst and you got rid of it. thanks

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 4th March 2009, 2:34 pm

Ah, okay, lets see what this finds.


  • Now open a new notepad file.
  • Input this into the notepad file:

    regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"
    start notepad C:\look.txt

  • Save this as look.bat, save it to your desktop.
  • Double click look.bat to run it.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 5th March 2009, 3:05 am

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"midi"="wdmaud.drv"
"wave"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="ctwdm32.dll"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\System32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\System32\\l3codeca.acm"
"wave1"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"msacm.divxa32"="msaud32_divx.acm"
"vidc.VP60"="C:\\WINDOWS\\system32\\vp6vfw.dll"
"vidc.VP61"="C:\\WINDOWS\\system32\\vp6vfw.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 5th March 2009, 9:21 am

Okay, that's not it.

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 6th March 2009, 2:56 am

GooredFix v1.91 by jpshortstuff
Log created at 15:55 on 06/03/2009 running Option #1 (Andrew)
Firefox version 3.0.6 (en-GB)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="D:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="D:\Program Files\RealPlayer\browserrecord"

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 6th March 2009, 10:13 am

Okay, not there either.
I'll review this when I get home from college.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 7th March 2009, 6:07 am

ok cool

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 7th March 2009, 2:18 pm


  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) See [You must be registered and logged in to see this link.] for how to disable your AV. (Avira)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 12:50 am

It won't let me run combo fix

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 8th March 2009, 1:13 am

Hello.
Something might be blocking it.

If you are using Firefox, make sure that your download settings are as follows:

Tools->Options->Main tab
Set to "Always ask me where to Save the files".

During the download, rename Combofix to Combo-Fix as follows:





It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 6:47 am

hey there, sorry the log is way too big for one post so i split it and its it the log that popped up after the scan was finished. I don't know where c:/combofix.txt is so i assumed you're talking about this one. also when combo fix was running it warned me to write down some stuff about rootkit. they are:

c:\windows\system32\drivers\UACppjwswur.sys
c:\windows\system32\UACbgejpxdq.dll
c:\windows\system32\UACefavbrpn.dll
c:\windows\system32\UACpmuyvtbp.dll
c:\windows\system32\UACqlaixtxt.log
c:\windows\system32\UACrqroyqjd.log
c:\windows\system32\UACsboyyejy.log
c:\windows\system32\UACwtnkrobo.dll
c:\windows\system32\UACxjixudjo.dat

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 7:01 am

ComboFix 09-03-06.02 - Andrew 2009-03-08 19:26:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.711 [GMT 13:00]
Running from: c:\documents and settings\Andrew\Desktop\Combo-Fix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
FW: NVIDIA Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Andrew\Application Data\Google\T-Scan
c:\documents and settings\Andrew\Application Data\Google\T-Scan\n.gif
c:\documents and settings\Andrew\Application Data\Google\T-Scan\t.gif
c:\documents and settings\Andrew\Application Data\Google\T-Scan\y.gif
c:\windows\system32\drivers\UACppjwswur.sys
c:\windows\system32\UACbgejpxdq.dll
c:\windows\system32\UACefavbrpn.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpmuyvtbp.dll
c:\windows\system32\UACqlaixtxt.log
c:\windows\system32\UACrqroyqjd.log
c:\windows\system32\UACsboyyejy.log
c:\windows\system32\UACwtnkrobo.dll
c:\windows\system32\UACxjixudjo.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-05 16:03 . 2009-03-05 16:03 d-------- c:\program files\Common Files\Windows Live
2009-03-01 13:47 . 2009-03-01 13:47 d-------- c:\documents and settings\All Users\Application Data\Avira
2009-02-18 20:53 . 2009-02-18 20:53 d-------- c:\documents and settings\Andrew\Application Data\EPSON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 00:39 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-06 01:09 --------- d-----w c:\program files\Google
2009-02-05 02:44 --------- d-----w c:\documents and settings\Andrew\Application Data\ArcSoft
2009-01-27 09:30 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-18 01:28 --------- d-----w c:\program files\Common Files\ArcSoft
2009-01-18 01:27 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-18 01:25 --------- d-----w c:\program files\Philips
2009-01-04 08:12 103,736 ----a-w c:\windows\system32\PnkBstrB.exe
2009-01-04 03:40 21,840 ----atw c:\windows\system32\SIntfNT.dll
2009-01-04 03:40 17,212 ----atw c:\windows\system32\SIntf32.dll
2009-01-04 03:40 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-12-31 04:44 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-12-31 04:44 22,328 ----a-w c:\documents and settings\Andrew\Application Data\PnkBstrK.sys
2008-12-29 13:33 410,984 ----a-w c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-08-28 12:33:20 50,560 -c----w c:\windows\$NtServicePackUninstall$\1394bus.sys
+ 2002-08-28 12:33:22 46,080 -c----w c:\windows\$NtServicePackUninstall$\61883.sys
- 2001-08-18 12:00:00 35,840 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2002-08-28 14:40:48 59,392 -c----w c:\windows\$NtServicePackUninstall$\6to4svc.dll
+ 2001-08-18 12:00:00 179,200 -c----w c:\windows\$NtServicePackUninstall$\accwiz.exe
- 2001-08-18 12:00:00 1,229,312 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2002-08-28 14:40:48 1,818,624 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll
+ 2002-08-28 14:40:48 1,818,624 -c----w c:\windows\$NtServicePackUninstall$\acgenral.dll.000
- 2001-08-18 12:00:00 370,688 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2002-08-28 14:40:48 406,528 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll
+ 2002-08-28 14:40:48 406,528 -c----w c:\windows\$NtServicePackUninstall$\aclayers.dll.000
- 2001-08-18 12:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2002-08-28 14:40:48 125,440 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll
+ 2002-08-28 14:40:48 125,440 -c----w c:\windows\$NtServicePackUninstall$\aclua.dll.000
+ 2001-08-18 12:00:00 107,008 -c----w c:\windows\$NtServicePackUninstall$\aclui.dll
- 2001-08-18 12:00:00 179,200 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
+ 2002-08-28 12:09:06 179,328 -c----w c:\windows\$NtServicePackUninstall$\acpi.sys
- 2001-08-18 12:00:00 204,288 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2002-08-28 14:40:48 219,136 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll
+ 2002-08-28 14:40:48 219,136 -c----w c:\windows\$NtServicePackUninstall$\acspecfc.dll.000
+ 2001-08-18 12:00:00 181,760 -c----w c:\windows\$NtServicePackUninstall$\activeds.dll
+ 2001-08-18 12:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\actmovie.exe
+ 2001-08-18 12:00:00 98,304 -c----w c:\windows\$NtServicePackUninstall$\actxprxy.dll
- 2001-08-18 12:00:00 148,480 -c----w c:\windows\$NtServicePackUninstall$\acverfyr.dll
+ 2002-08-28 14:40:48 255,488 -c----w c:\windows\$NtServicePackUninstall$\acverfyr.dll
+ 2002-08-28 14:40:48 255,488 -c----w c:\windows\$NtServicePackUninstall$\acverfyr.dll.000
- 2001-08-18 12:00:00 105,472 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2002-08-28 14:40:48 107,520 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll
+ 2002-08-28 14:40:48 107,520 -c----w c:\windows\$NtServicePackUninstall$\acxtrnal.dll.000
- 2001-05-22 08:15:08 20,540 -c----w c:\windows\$NtServicePackUninstall$\admin.dll
+ 2002-08-28 14:40:48 20,540 -c----w c:\windows\$NtServicePackUninstall$\admin.dll
- 2001-05-22 08:15:08 16,439 -c----w c:\windows\$NtServicePackUninstall$\admin.exe
+ 2002-08-28 14:41:20 16,439 -c----w c:\windows\$NtServicePackUninstall$\admin.exe
+ 2001-08-18 12:00:00 57,344 -c----w c:\windows\$NtServicePackUninstall$\admparse.dll
- 2001-08-18 12:00:00 160,768 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
+ 2002-08-28 14:40:48 162,816 -c----w c:\windows\$NtServicePackUninstall$\adsldp.dll
- 2001-08-18 12:00:00 139,264 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
+ 2002-08-28 14:40:48 139,776 -c----w c:\windows\$NtServicePackUninstall$\adsldpc.dll
- 2001-08-18 12:00:00 62,464 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
+ 2002-08-28 14:40:48 62,464 -c----w c:\windows\$NtServicePackUninstall$\adsmsext.dll
- 2001-08-18 12:00:00 239,616 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
+ 2002-08-28 14:40:48 239,616 -c----w c:\windows\$NtServicePackUninstall$\adsnt.dll
- 2001-08-18 12:00:00 549,888 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
+ 2002-08-28 14:40:48 558,080 -c----w c:\windows\$NtServicePackUninstall$\advapi32.dll
- 2001-08-18 12:00:00 91,136 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
+ 2002-08-28 14:40:48 91,136 -c----w c:\windows\$NtServicePackUninstall$\advpack.dll
- 2001-07-23 17:25:14 122,472 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
+ 2002-08-28 10:16:38 142,208 -c----w c:\windows\$NtServicePackUninstall$\aec.sys
- 2001-08-18 12:00:00 130,688 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2002-08-28 13:01:14 131,968 -c----w c:\windows\$NtServicePackUninstall$\afd.sys
+ 2001-08-18 12:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\agentanm.dll
+ 2001-08-18 12:00:00 204,288 -c----w c:\windows\$NtServicePackUninstall$\agentctl.dll
+ 2001-08-18 12:00:00 35,840 -c----w c:\windows\$NtServicePackUninstall$\agentdp2.dll
+ 2001-08-18 12:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\agentdpv.dll
+ 2001-08-18 12:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\agentmpx.dll
+ 2001-08-18 12:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agentpsh.dll
+ 2001-08-18 12:00:00 39,936 -c----w c:\windows\$NtServicePackUninstall$\agentsr.dll
+ 2001-08-18 12:00:00 235,008 -c----w c:\windows\$NtServicePackUninstall$\agentsvr.exe
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0401.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0404.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0405.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0406.dll
+ 2001-08-18 12:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt0407.dll
+ 2001-08-18 12:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\agt0408.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0409.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040b.dll
+ 2001-08-18 12:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agt040c.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt040d.dll
+ 2001-08-18 12:00:00 19,968 -c----w c:\windows\$NtServicePackUninstall$\agt040e.dll
+ 2001-08-18 12:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0410.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0411.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0412.dll
+ 2001-08-18 12:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0413.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0414.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0415.dll
+ 2001-08-18 12:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0416.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0419.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041d.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt041f.dll
+ 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\agt0804.dll
+ 2001-08-18 12:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\agt0816.dll
+ 2001-08-18 12:00:00 20,480 -c----w c:\windows\$NtServicePackUninstall$\agt0c0a.dll
+ 2001-08-18 12:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\agtintl.dll
- 2001-08-18 12:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
+ 2002-08-28 14:41:20 91,648 -c----w c:\windows\$NtServicePackUninstall$\ahui.exe
- 2001-08-18 12:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2002-08-28 14:41:20 41,984 -c----w c:\windows\$NtServicePackUninstall$\alg.exe
+ 2001-08-18 12:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\alrsvc.dll
- 2001-08-18 12:00:00 32,000 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2002-08-28 12:05:06 32,000 -c----w c:\windows\$NtServicePackUninstall$\amdk6.sys
+ 2002-08-28 12:05:08 32,512 -c----w c:\windows\$NtServicePackUninstall$\amdk7.sys
+ 2002-12-11 11:14:32 64,512 -c----w c:\windows\$NtServicePackUninstall$\amstream.dll
- 2001-08-18 12:00:00 104,448 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
+ 2002-08-28 14:40:48 115,712 -c----w c:\windows\$NtServicePackUninstall$\apphelp.dll
- 2001-08-18 12:00:00 54,016 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
+ 2002-08-28 12:33:30 57,344 -c----w c:\windows\$NtServicePackUninstall$\arp1394.sys
- 2001-08-18 12:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\asferror.dll
+ 2002-08-28 14:40:06 5,120 -c----w c:\windows\$NtServicePackUninstall$\asferror.dll
- 2001-08-18 12:00:00 14,366 -c----w c:\windows\$NtServicePackUninstall$\asfsipc.dll
+ 2002-08-28 14:40:48 14,366 -c----w c:\windows\$NtServicePackUninstall$\asfsipc.dll
+ 2001-08-18 12:00:00 77,824 -c----w c:\windows\$NtServicePackUninstall$\asycfilt.dll

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 7:06 am

+ 2001-08-18 12:00:00 13,568 -c----w c:\windows\$NtServicePackUninstall$\asyncmac.sys
- 2001-08-18 12:00:00 22,528 -c----w c:\windows\$NtServicePackUninstall$\at.exe
+ 2002-08-28 14:41:20 22,528 -c----w c:\windows\$NtServicePackUninstall$\at.exe
- 2001-08-18 12:00:00 86,656 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2002-08-28 12:27:50 86,912 -c----w c:\windows\$NtServicePackUninstall$\atapi.sys
+ 2002-08-28 14:40:48 377,984 -c----w c:\windows\$NtServicePackUninstall$\ati2dvaa.dll
+ 2002-08-28 14:40:48 202,496 -c----w c:\windows\$NtServicePackUninstall$\ati2dvag.dll
+ 2002-08-28 10:16:18 327,040 -c----w c:\windows\$NtServicePackUninstall$\ati2mtaa.sys
+ 2002-08-28 10:16:16 450,176 -c----w c:\windows\$NtServicePackUninstall$\ati2mtag.sys
+ 2002-08-28 14:40:48 844,675 -c----w c:\windows\$NtServicePackUninstall$\ati3d1ag.dll
+ 2002-08-28 14:40:50 921,475 -c----w c:\windows\$NtServicePackUninstall$\ati3d2ag.dll
+ 2002-08-28 10:16:24 56,591 -c----w c:\windows\$NtServicePackUninstall$\atinbtxx.sys
+ 2002-08-28 10:16:24 11,615 -c----w c:\windows\$NtServicePackUninstall$\atinmdxx.sys
+ 2002-08-28 10:16:26 12,047 -c----w c:\windows\$NtServicePackUninstall$\atinpdxx.sys
+ 2002-08-28 10:16:26 30,671 -c----w c:\windows\$NtServicePackUninstall$\atinraxx.sys
+ 2002-08-28 10:16:26 63,663 -c----w c:\windows\$NtServicePackUninstall$\atinrvxx.sys
+ 2002-08-28 10:16:28 26,367 -c----w c:\windows\$NtServicePackUninstall$\atinsnxx.sys
+ 2002-08-28 10:16:28 21,343 -c----w c:\windows\$NtServicePackUninstall$\atinttxx.sys
+ 2002-08-28 10:16:28 36,463 -c----w c:\windows\$NtServicePackUninstall$\atintuxx.sys
+ 2002-08-28 10:16:30 29,455 -c----w c:\windows\$NtServicePackUninstall$\atinxbxx.sys
+ 2002-08-28 10:16:30 34,735 -c----w c:\windows\$NtServicePackUninstall$\atinxsxx.sys
- 2001-08-18 12:00:00 74,802 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2002-08-28 14:40:50 74,810 -c----w c:\windows\$NtServicePackUninstall$\atl.dll
+ 2001-08-18 12:00:00 10,240 -c----w c:\windows\$NtServicePackUninstall$\atmadm.exe
+ 2001-08-18 12:00:00 57,216 -c----w c:\windows\$NtServicePackUninstall$\atmarpc.sys
+ 2001-08-18 12:00:00 272,768 -c----w c:\windows\$NtServicePackUninstall$\atmfd.dll
- 2001-08-18 12:00:00 53,888 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2002-08-28 12:33:36 53,888 -c----w c:\windows\$NtServicePackUninstall$\atmlane.sys
+ 2001-08-18 12:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\atmlib.dll
+ 2001-08-18 12:00:00 11,264 -c----w c:\windows\$NtServicePackUninstall$\attrib.exe
- 2001-08-18 12:00:00 37,888 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
+ 2002-08-28 14:40:50 38,912 -c----w c:\windows\$NtServicePackUninstall$\audiosrv.dll
- 2001-05-22 08:15:08 20,540 -c----w c:\windows\$NtServicePackUninstall$\author.dll
+ 2002-08-28 14:40:50 20,540 -c----w c:\windows\$NtServicePackUninstall$\author.dll
- 2001-05-22 08:15:08 16,439 -c----w c:\windows\$NtServicePackUninstall$\author.exe
+ 2002-08-28 14:41:20 16,439 -c----w c:\windows\$NtServicePackUninstall$\author.exe
+ 2001-08-18 12:00:00 51,200 -c----w c:\windows\$NtServicePackUninstall$\authz.dll
- 2001-08-18 12:00:00 565,760 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2002-08-28 14:41:20 565,760 -c----w c:\windows\$NtServicePackUninstall$\autochk.exe
+ 2001-08-18 12:00:00 578,560 -c----w c:\windows\$NtServicePackUninstall$\autoconv.exe
+ 2001-08-18 12:00:00 558,592 -c----w c:\windows\$NtServicePackUninstall$\autofmt.exe
- 2001-08-18 12:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2002-08-28 14:41:20 8,192 -c----w c:\windows\$NtServicePackUninstall$\autolfn.exe
+ 2002-08-28 12:33:22 36,224 -c----w c:\windows\$NtServicePackUninstall$\avc.sys
- 2001-08-18 12:00:00 76,288 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
+ 2002-08-28 14:40:50 76,288 -c----w c:\windows\$NtServicePackUninstall$\avifil32.dll
- 2001-08-18 12:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2002-08-28 14:40:50 44,032 -c----w c:\windows\$NtServicePackUninstall$\basesrv.dll
+ 2001-08-18 12:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\batmeter.dll
- 2001-08-18 12:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2002-08-28 14:40:50 6,656 -c----w c:\windows\$NtServicePackUninstall$\batt.dll
+ 2004-07-08 15:26:38 11,392 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys
+ 2004-07-08 15:26:38 11,392 -c----w c:\windows\$NtServicePackUninstall$\bdasup.sys.000
+ 2001-08-18 12:00:00 14,848 -c----w c:\windows\$NtServicePackUninstall$\bidispl.dll
- 2001-08-18 12:00:00 53,376 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
+ 2002-08-28 12:34:42 68,864 -c----w c:\windows\$NtServicePackUninstall$\bridge.sys
- 2001-08-18 12:00:00 62,976 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
+ 2002-08-28 14:40:10 62,976 -c----w c:\windows\$NtServicePackUninstall$\browselc.dll
- 2001-08-18 12:00:00 49,152 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
+ 2002-08-28 14:40:50 49,152 -c----w c:\windows\$NtServicePackUninstall$\browser.dll
- 2001-08-18 12:00:00 1,020,416 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
+ 2002-08-28 14:40:50 1,021,952 -c----w c:\windows\$NtServicePackUninstall$\browseui.dll
- 2001-08-18 12:00:00 71,680 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2002-08-28 14:40:50 71,680 -c----w c:\windows\$NtServicePackUninstall$\browsewm.dll
+ 2001-08-18 12:00:00 218,112 -c----w c:\windows\$NtServicePackUninstall$\c_g18030.dll
- 2001-08-18 12:00:00 58,880 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2002-08-28 14:40:50 59,904 -c----w c:\windows\$NtServicePackUninstall$\cabinet.dll
+ 2001-08-18 12:00:00 80,384 -c----w c:\windows\$NtServicePackUninstall$\cabview.dll
+ 2001-08-18 12:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\cacls.exe
- 2001-08-18 12:00:00 360,448 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2002-08-28 14:40:50 360,448 -c----w c:\windows\$NtServicePackUninstall$\callcont.dll
+ 2001-08-18 12:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\camocx.dll
+ 2001-08-18 12:00:00 142,848 -c----w c:\windows\$NtServicePackUninstall$\capesnpn.dll
+ 2001-08-18 12:00:00 215,040 -c----w c:\windows\$NtServicePackUninstall$\catsrv.dll
+ 2001-08-18 12:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\catsrvps.dll
- 2001-08-18 12:00:00 583,168 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2002-08-28 14:40:50 582,656 -c----w c:\windows\$NtServicePackUninstall$\catsrvut.dll
+ 2004-07-08 15:26:38 16,384 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys
+ 2004-07-08 15:26:38 16,384 -c----w c:\windows\$NtServicePackUninstall$\ccdecode.sys.001
- 2001-08-18 12:00:00 62,208 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2002-08-28 12:58:52 59,648 -c----w c:\windows\$NtServicePackUninstall$\cdfs.sys
+ 2001-08-18 12:00:00 142,336 -c----w c:\windows\$NtServicePackUninstall$\cdfview.dll
- 2001-08-18 12:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\cdm.dll
+ 2002-08-28 14:40:50 14,848 -c----w c:\windows\$NtServicePackUninstall$\cdm.dll
+ 2001-08-18 12:00:00 2,028,032 -c----w c:\windows\$NtServicePackUninstall$\cdosys.dll
- 2001-08-18 12:00:00 47,488 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
+ 2002-08-28 12:27:56 47,488 -c----w c:\windows\$NtServicePackUninstall$\cdrom.sys
- 2001-08-18 12:00:00 184,320 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2002-08-28 14:40:50 186,880 -c----w c:\windows\$NtServicePackUninstall$\certcli.dll
+ 2001-08-18 12:00:00 436,736 -c----w c:\windows\$NtServicePackUninstall$\certmgr.dll
- 2001-08-18 12:00:00 32,768 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2002-08-28 14:40:50 32,768 -c----w c:\windows\$NtServicePackUninstall$\cfgbkend.dll
+ 2001-08-18 12:00:00 16,896 -c----w c:\windows\$NtServicePackUninstall$\cfgmgr32.dll
- 2001-05-22 08:15:08 188,480 -c----w c:\windows\$NtServicePackUninstall$\cfgwiz.exe
+ 2002-08-28 14:41:20 188,480 -c----w c:\windows\$NtServicePackUninstall$\cfgwiz.exe
- 2001-08-18 12:00:00 204,861 -c----w c:\windows\$NtServicePackUninstall$\chtmbx.dll
+ 2002-08-28 08:39:42 97,792 -c----w c:\windows\$NtServicePackUninstall$\chtmbx.dll
- 2001-08-18 12:00:00 131,134 -c----w c:\windows\$NtServicePackUninstall$\chtskdic.dll
+ 2002-08-28 08:39:42 56,320 -c----w c:\windows\$NtServicePackUninstall$\chtskdic.dll
- 2001-08-18 12:00:00 299,069 -c----w c:\windows\$NtServicePackUninstall$\chtskf.dll
+ 2002-08-28 08:39:42 173,568 -c----w c:\windows\$NtServicePackUninstall$\chtskf.dll
+ 2001-08-18 12:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\cic.dll
- 2001-08-18 12:00:00 1,266,688 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
+ 2002-08-28 14:40:50 1,267,712 -c----w c:\windows\$NtServicePackUninstall$\cimwin32.dll
- 2001-08-18 12:00:00 344,127 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
+ 2002-08-28 08:39:42 201,216 -c----w c:\windows\$NtServicePackUninstall$\cintime.dll
- 2001-08-18 12:00:00 540,745 -c----w c:\windows\$NtServicePackUninstall$\cintsetp.exe
+ 2002-08-28 08:39:44 480,256 -c----w c:\windows\$NtServicePackUninstall$\cintsetp.exe
- 2001-08-18 12:00:00 62,976 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2002-08-28 14:40:50 64,512 -c----w c:\windows\$NtServicePackUninstall$\ciodm.dll
+ 2001-08-18 12:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\cisvc.exe
- 2001-08-18 12:00:00 44,928 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2002-08-28 13:08:44 46,336 -c----w c:\windows\$NtServicePackUninstall$\classpnp.sys
+ 2001-08-18 12:00:00 100,864 -c----w c:\windows\$NtServicePackUninstall$\clbcatex.dll
+ 2001-08-18 12:00:00 468,480 -c----w c:\windows\$NtServicePackUninstall$\clbcatq.dll
+ 2001-08-18 12:00:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\cleanmgr.exe
+ 2001-08-18 12:00:00 127,552 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.dll
+ 2001-08-18 12:00:00 45,632 -c----w c:\windows\$NtServicePackUninstall$\cliconfg.exe
- 2001-08-18 12:00:00 98,816 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2002-08-28 14:41:20 98,816 -c----w c:\windows\$NtServicePackUninstall$\clipbrd.exe
+ 2001-08-18 12:00:00 30,720 -c----w c:\windows\$NtServicePackUninstall$\clipsrv.exe
- 2001-08-18 12:00:00 53,248 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2002-08-28 14:40:50 54,272 -c----w c:\windows\$NtServicePackUninstall$\clusapi.dll
+ 2002-08-28 12:09:06 13,184 -c----w c:\windows\$NtServicePackUninstall$\cmbatt.sys
+ 2001-08-18 12:00:00 12,288 -c----w c:\windows\$NtServicePackUninstall$\cmcfg32.dll
+ 2001-08-18 12:00:00 375,808 -c----w c:\windows\$NtServicePackUninstall$\cmd.exe
- 2001-08-18 12:00:00 314,880 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
+ 2002-08-28 14:40:50 324,608 -c----w c:\windows\$NtServicePackUninstall$\cmdial32.dll
- 2001-08-18 12:00:00 41,472 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2002-08-28 14:41:22 41,472 -c----w c:\windows\$NtServicePackUninstall$\cmdl32.exe
+ 2001-08-18 12:00:00 35,840 -c----w c:\windows\$NtServicePackUninstall$\cmmon32.exe
+ 2001-08-18 12:00:00 174,592 -c----w c:\windows\$NtServicePackUninstall$\cmprops.dll
+ 2001-08-18 12:00:00 54,784 -c----w c:\windows\$NtServicePackUninstall$\cmstp.exe
+ 2001-08-18 12:00:00 36,352 -c----w c:\windows\$NtServicePackUninstall$\cmutil.dll
+ 2001-08-18 12:00:00 45,568 -c----w c:\windows\$NtServicePackUninstall$\cnbjmon.dll
+ 2001-08-18 12:00:00 56,832 -c----w c:\windows\$NtServicePackUninstall$\colbact.dll
+ 2001-08-18 12:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\comaddin.dll
- 2001-08-18 12:00:00 186,880 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
+ 2002-08-28 14:40:50 186,880 -c----w c:\windows\$NtServicePackUninstall$\comadmin.dll
- 2001-08-18 12:00:00 557,568 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
+ 2002-08-28 14:40:50 557,056 -c----w c:\windows\$NtServicePackUninstall$\comctl32.dll
- 2001-08-18 12:00:00 258,048 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
+ 2002-08-28 14:40:50 258,048 -c----w c:\windows\$NtServicePackUninstall$\comdlg32.dll
- 2001-08-18 12:00:00 238,592 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2002-08-28 14:40:50 238,592 -c----w c:\windows\$NtServicePackUninstall$\compatui.dll
+ 2001-08-18 12:00:00 222,208 -c----w c:\windows\$NtServicePackUninstall$\compstui.dll
+ 2001-08-18 12:00:00 82,432 -c----w c:\windows\$NtServicePackUninstall$\comrepl.dll
+ 2001-08-18 12:00:00 8,192 -c----w c:\windows\$NtServicePackUninstall$\comrepl.exe
+ 2001-08-18 12:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\comrereg.exe
+ 2001-08-18 12:00:00 792,064 -c----w c:\windows\$NtServicePackUninstall$\comres.dll
+ 2001-08-18 12:00:00 259,584 -c----w c:\windows\$NtServicePackUninstall$\comsetup.dll
+ 2001-08-18 12:00:00 147,456 -c----w c:\windows\$NtServicePackUninstall$\comsnap.dll
- 2001-08-18 12:00:00 1,139,200 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2002-08-28 14:40:50 1,172,992 -c----w c:\windows\$NtServicePackUninstall$\comsvcs.dll
+ 2001-08-18 12:00:00 495,616 -c----w c:\windows\$NtServicePackUninstall$\comuid.dll
- 2001-08-18 12:00:00 995,328 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2002-08-28 14:41:22 995,328 -c----w c:\windows\$NtServicePackUninstall$\conf.exe
+ 2001-08-18 12:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\confmrsl.dll
+ 2001-08-18 12:00:00 345,600 -c----w c:\windows\$NtServicePackUninstall$\confmsp.dll
- 2001-08-18 12:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2002-08-28 14:41:22 24,576 -c----w c:\windows\$NtServicePackUninstall$\conime.exe
+ 2001-08-18 12:00:00 14,877 -c----w c:\windows\$NtServicePackUninstall$\corpol.dll

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 7:07 am

- 2001-08-18 12:00:00 61,492 -c----w c:\windows\$NtServicePackUninstall$\cplexe.exe
+ 2002-08-28 08:38:26 57,400 -c----w c:\windows\$NtServicePackUninstall$\cplexe.exe
- 2001-08-18 12:00:00 161,792 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
+ 2002-08-28 14:40:50 158,720 -c----w c:\windows\$NtServicePackUninstall$\credui.dll
- 2001-08-18 12:00:00 31,360 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
+ 2002-08-28 12:05:08 31,488 -c----w c:\windows\$NtServicePackUninstall$\crusoe.sys
- 2001-08-18 12:00:00 554,496 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
+ 2002-08-28 14:40:50 557,568 -c----w c:\windows\$NtServicePackUninstall$\crypt32.dll
- 2001-08-18 12:00:00 70,144 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2002-08-28 14:40:50 70,144 -c----w c:\windows\$NtServicePackUninstall$\cryptdlg.dll
+ 2001-08-18 12:00:00 29,184 -c----w c:\windows\$NtServicePackUninstall$\cryptdll.dll
+ 2001-08-18 12:00:00 48,640 -c----w c:\windows\$NtServicePackUninstall$\cryptext.dll
+ 2001-08-18 12:00:00 53,248 -c----w c:\windows\$NtServicePackUninstall$\cryptnet.dll
- 2001-08-18 12:00:00 51,200 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
+ 2002-08-28 14:40:50 53,248 -c----w c:\windows\$NtServicePackUninstall$\cryptsvc.dll
- 2001-08-18 12:00:00 470,016 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2002-08-28 14:40:50 471,040 -c----w c:\windows\$NtServicePackUninstall$\cryptui.dll
+ 2001-08-18 12:00:00 89,600 -c----w c:\windows\$NtServicePackUninstall$\cscdll.dll
+ 2001-08-18 12:00:00 102,450 -c----w c:\windows\$NtServicePackUninstall$\cscript.exe
- 2001-08-18 12:00:00 305,664 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
+ 2002-08-28 14:40:50 307,712 -c----w c:\windows\$NtServicePackUninstall$\cscui.dll
- 2001-08-18 12:00:00 29,184 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2002-08-28 14:40:50 29,184 -c----w c:\windows\$NtServicePackUninstall$\csrsrv.dll
+ 2001-08-18 12:00:00 4,096 -c----w c:\windows\$NtServicePackUninstall$\csrss.exe
- 2001-08-18 12:00:00 13,312 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2002-08-28 14:41:22 13,312 -c----w c:\windows\$NtServicePackUninstall$\ctfmon.exe
+ 2004-07-08 15:27:28 1,201,152 -c----w c:\windows\$NtServicePackUninstall$\d3d8.dll
+ 2002-12-11 11:14:32 8,192 -c----w c:\windows\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-07-08 15:27:28 1,703,936 -c----w c:\windows\$NtServicePackUninstall$\d3d9.dll
+ 2003-05-29 20:00:02 797,184 -c----w c:\windows\$NtServicePackUninstall$\d3dim700.dll
- 2001-08-18 12:00:00 986,112 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2002-08-28 14:40:50 986,112 -c----w c:\windows\$NtServicePackUninstall$\danim.dll
+ 2001-08-18 12:00:00 557,128 -c----w c:\windows\$NtServicePackUninstall$\dao360.dll
+ 2001-08-18 12:00:00 51,712 -c----w c:\windows\$NtServicePackUninstall$\dataclen.dll
+ 2001-08-18 12:00:00 152,064 -c----w c:\windows\$NtServicePackUninstall$\datime.dll
+ 2001-08-18 12:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\davclnt.dll
- 2001-08-18 12:00:00 486,400 -c----w c:\windows\$NtServicePackUninstall$\dbghelp.dll
+ 2002-08-28 14:40:50 489,984 -c----w c:\windows\$NtServicePackUninstall$\dbghelp.dll
- 2001-08-18 12:00:00 24,576 -c----w c:\windows\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2002-08-28 11:36:06 24,576 -c----w c:\windows\$NtServicePackUninstall$\dbmsrpcn.dll
- 2001-08-18 12:00:00 65,536 -c----w c:\windows\$NtServicePackUninstall$\dbnetlib.dll
+ 2002-08-28 14:40:00 61,440 -c----w c:\windows\$NtServicePackUninstall$\dbnetlib.dll
- 2001-08-18 12:00:00 28,672 -c----w c:\windows\$NtServicePackUninstall$\dbnmpntw.dll
+ 2002-08-28 11:34:36 28,672 -c----w c:\windows\$NtServicePackUninstall$\dbnmpntw.dll
+ 2002-08-28 14:57:58 1,740 -c----w c:\windows\$NtServicePackUninstall$\dcache.bin
- 2001-08-18 12:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\dcap32.dll
+ 2002-08-28 14:40:50 40,960 -c----w c:\windows\$NtServicePackUninstall$\dcap32.dll
+ 2001-08-18 12:00:00 7,680 -c----w c:\windows\$NtServicePackUninstall$\dciman32.dll
+ 2001-08-18 12:00:00 5,120 -c----w c:\windows\$NtServicePackUninstall$\dcomcnfg.exe
+ 2001-08-18 12:00:00 27,136 -c----w c:\windows\$NtServicePackUninstall$\ddeshare.exe
+ 2004-07-08 15:27:28 292,864 -c----w c:\windows\$NtServicePackUninstall$\ddraw.dll
+ 2002-12-11 11:14:32 24,064 -c----w c:\windows\$NtServicePackUninstall$\ddrawex.dll
- 2001-08-18 12:00:00 109,568 -c----w c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2002-08-28 14:41:22 70,656 -c----w c:\windows\$NtServicePackUninstall$\defrag.exe
+ 2003-05-29 20:00:02 132,608 -c----w c:\windows\$NtServicePackUninstall$\devenum.dll
- 2001-08-18 12:00:00 263,680 -c----w c:\windows\$NtServicePackUninstall$\devmgr.dll
+ 2002-08-28 14:40:50 263,168 -c----w c:\windows\$NtServicePackUninstall$\devmgr.dll
- 2001-08-18 12:00:00 73,216 -c----w c:\windows\$NtServicePackUninstall$\dfrgfat.exe
+ 2002-08-28 14:41:22 76,288 -c----w c:\windows\$NtServicePackUninstall$\dfrgfat.exe
- 2001-08-18 12:00:00 85,504 -c----w c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
+ 2002-08-28 14:41:22 99,328 -c----w c:\windows\$NtServicePackUninstall$\dfrgntfs.exe
- 2001-08-18 12:00:00 41,984 -c----w c:\windows\$NtServicePackUninstall$\dfrgsnap.dll
+ 2002-08-28 14:40:50 35,328 -c----w c:\windows\$NtServicePackUninstall$\dfrgsnap.dll
- 2001-08-18 12:00:00 124,928 -c----w c:\windows\$NtServicePackUninstall$\dfrgui.dll
+ 2002-08-28 14:40:50 113,152 -c----w c:\windows\$NtServicePackUninstall$\dfrgui.dll
- 2001-08-18 12:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\dfsshlex.dll
+ 2002-08-28 14:40:50 25,600 -c----w c:\windows\$NtServicePackUninstall$\dfsshlex.dll
- 2001-08-18 12:00:00 103,424 -c----w c:\windows\$NtServicePackUninstall$\dgnet.dll
+ 2002-08-28 14:40:50 103,424 -c----w c:\windows\$NtServicePackUninstall$\dgnet.dll
- 2001-08-18 12:00:00 98,816 -c----w c:\windows\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2002-08-28 14:40:50 99,840 -c----w c:\windows\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2001-08-18 12:00:00 370,176 -c----w c:\windows\$NtServicePackUninstall$\dhcpmon.dll
+ 2001-08-18 12:00:00 522,240 -c----w c:\windows\$NtServicePackUninstall$\dialer.exe
+ 2001-08-18 12:00:00 79,360 -c----w c:\windows\$NtServicePackUninstall$\diantz.exe
- 2001-08-18 12:00:00 55,808 -c----w c:\windows\$NtServicePackUninstall$\digest.dll
+ 2002-08-28 14:40:50 55,296 -c----w c:\windows\$NtServicePackUninstall$\digest.dll
- 2002-08-28 14:40:00 648,704 -c----w c:\windows\$NtServicePackUninstall$\dinput.dll
+ 2002-08-28 14:40:50 151,552 -c----w c:\windows\$NtServicePackUninstall$\dinput.dll
- 2002-08-28 14:40:00 667,648 -c----w c:\windows\$NtServicePackUninstall$\dinput8.dll
+ 2002-08-28 14:40:50 168,960 -c----w c:\windows\$NtServicePackUninstall$\dinput8.dll
+ 2001-08-18 12:00:00 76,288 -c----w c:\windows\$NtServicePackUninstall$\directdb.dll
- 2001-08-18 12:00:00 33,664 -c----w c:\windows\$NtServicePackUninstall$\disk.sys
+ 2002-08-28 12:27:58 33,792 -c----w c:\windows\$NtServicePackUninstall$\disk.sys
+ 2001-08-18 12:00:00 1,501,696 -c----w c:\windows\$NtServicePackUninstall$\diskcopy.dll
- 2001-08-18 12:00:00 13,184 -c----w c:\windows\$NtServicePackUninstall$\diskdump.sys
+ 2002-08-28 12:27:56 13,184 -c----w c:\windows\$NtServicePackUninstall$\diskdump.sys
+ 2001-08-18 12:00:00 145,920 -c----w c:\windows\$NtServicePackUninstall$\diskpart.exe
+ 2001-08-18 12:00:00 45,083 -c----w c:\windows\$NtServicePackUninstall$\dispex.dll
- 2001-08-18 12:00:00 294,912 -c----w c:\windows\$NtServicePackUninstall$\dlimport.exe
+ 2002-08-28 14:41:22 294,912 -c----w c:\windows\$NtServicePackUninstall$\dlimport.exe
+ 2001-08-18 12:00:00 4,608 -c----w c:\windows\$NtServicePackUninstall$\dllhost.exe
+ 2001-08-18 12:00:00 204,800 -c----w c:\windows\$NtServicePackUninstall$\dmadmin.exe
+ 2002-12-11 11:14:32 27,136 -c----w c:\windows\$NtServicePackUninstall$\dmband.dll
+ 2001-08-18 12:00:00 780,928 -c----w c:\windows\$NtServicePackUninstall$\dmboot.sys
+ 2002-12-11 11:14:32 58,368 -c----w c:\windows\$NtServicePackUninstall$\dmcompos.dll
+ 2001-08-18 12:00:00 273,920 -c----w c:\windows\$NtServicePackUninstall$\dmdlgs.dll
+ 2001-08-18 12:00:00 184,320 -c----w c:\windows\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-07-08 15:27:28 181,248 -c----w c:\windows\$NtServicePackUninstall$\dmime.dll
+ 2001-08-18 12:00:00 146,304 -c----w c:\windows\$NtServicePackUninstall$\dmio.sys
+ 2002-12-11 11:14:32 33,280 -c----w c:\windows\$NtServicePackUninstall$\dmloader.dll
+ 2001-08-18 12:00:00 14,336 -c----w c:\windows\$NtServicePackUninstall$\dmremote.exe
+ 2002-12-11 11:14:32 76,800 -c----w c:\windows\$NtServicePackUninstall$\dmscript.dll
+ 2001-08-18 12:00:00 21,504 -c----w c:\windows\$NtServicePackUninstall$\dmserver.dll
+ 2002-12-11 11:14:32 98,816 -c----w c:\windows\$NtServicePackUninstall$\dmstyle.dll
+ 2002-12-11 11:14:32 100,864 -c----w c:\windows\$NtServicePackUninstall$\dmsynth.dll
+ 2004-07-08 15:27:28 122,880 -c----w c:\windows\$NtServicePackUninstall$\dmusic.dll
+ 2001-08-17 13:59:58 50,048 -c----w c:\windows\$NtServicePackUninstall$\dmusic.sys
+ 2001-08-18 12:00:00 50,688 -c----w c:\windows\$NtServicePackUninstall$\dmutil.dll
- 2001-08-18 12:00:00 139,264 -c----w c:\windows\$NtServicePackUninstall$\dnsapi.dll
+ 2002-08-28 14:40:50 139,264 -c----w c:\windows\$NtServicePackUninstall$\dnsapi.dll
+ 2001-08-18 12:00:00 44,032 -c----w c:\windows\$NtServicePackUninstall$\dnsrslvr.dll
- 2001-08-18 12:00:00 45,056 -c----w c:\windows\$NtServicePackUninstall$\docprop2.dll
+ 2002-08-28 14:40:50 45,568 -c----w c:\windows\$NtServicePackUninstall$\docprop2.dll
+ 2001-08-18 12:00:00 53,840 -c----w c:\windows\$NtServicePackUninstall$\dosx.exe
- 2001-08-18 12:00:00 116,736 -c----w c:\windows\$NtServicePackUninstall$\dpcdll.dll
+ 2002-08-28 13:20:28 115,200 -c----w c:\windows\$NtServicePackUninstall$\dpcdll.dll
+ 2002-12-11 11:14:32 28,160 -c----w c:\windows\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-07-08 15:27:28 230,400 -c----w c:\windows\$NtServicePackUninstall$\dplayx.dll
+ 2002-12-11 11:14:32 77,824 -c----w c:\windows\$NtServicePackUninstall$\dpmodemx.dll
+ 2002-12-11 11:14:32 3,072 -c----w c:\windows\$NtServicePackUninstall$\dpnaddr.dll
+ 2002-12-11 11:14:32 723,968 -c----w c:\windows\$NtServicePackUninstall$\dpnet.dll
+ 2003-03-23 20:00:02 32,768 -c----w c:\windows\$NtServicePackUninstall$\dpnhpast.dll
+ 2003-03-23 20:00:02 68,096 -c----w c:\windows\$NtServicePackUninstall$\dpnhupnp.dll
+ 2002-12-11 11:14:32 3,072 -c----w c:\windows\$NtServicePackUninstall$\dpnlobby.dll
+ 2002-12-11 11:14:32 16,896 -c----w c:\windows\$NtServicePackUninstall$\dpnsvr.exe
+ 2002-12-11 11:14:32 19,968 -c----w c:\windows\$NtServicePackUninstall$\dpvacm.dll
+ 2002-12-11 11:14:32 381,952 -c----w c:\windows\$NtServicePackUninstall$\dpvoice.dll
+ 2002-12-11 11:14:32 80,896 -c----w c:\windows\$NtServicePackUninstall$\dpvsetup.exe
+ 2002-12-11 11:14:32 112,128 -c----w c:\windows\$NtServicePackUninstall$\dpvvox.dll
+ 2004-07-08 15:27:28 79,360 -c----w c:\windows\$NtServicePackUninstall$\dpwsockx.dll
- 2001-08-17 01:01:20 57,344 -c----w c:\windows\$NtServicePackUninstall$\drmk.sys
+ 2002-08-28 12:32:34 57,856 -c----w c:\windows\$NtServicePackUninstall$\drmk.sys
- 2001-08-17 14:01:16 2,816 -c----w c:\windows\$NtServicePackUninstall$\drmkaud.sys
+ 2002-08-28 12:32:34 2,816 -c----w c:\windows\$NtServicePackUninstall$\drmkaud.sys
+ 2001-08-18 12:00:00 11,776 -c----w c:\windows\$NtServicePackUninstall$\drprov.dll
- 2001-08-18 12:00:00 16,384 -c----w c:\windows\$NtServicePackUninstall$\ds32gt.dll
+ 2002-08-28 14:40:50 16,384 -c----w c:\windows\$NtServicePackUninstall$\ds32gt.dll
+ 2002-12-11 11:14:32 186,880 -c----w c:\windows\$NtServicePackUninstall$\dsdmo.dll
+ 2002-12-11 11:14:32 491,520 -c----w c:\windows\$NtServicePackUninstall$\dsdmoprp.dll
+ 2001-08-18 12:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\dskquota.dll
+ 2001-08-18 12:00:00 144,384 -c----w c:\windows\$NtServicePackUninstall$\dskquoui.dll
+ 2004-07-08 15:27:28 381,952 -c----w c:\windows\$NtServicePackUninstall$\dsound.dll
+ 2002-12-11 11:14:32 1,294,336 -c----w c:\windows\$NtServicePackUninstall$\dsound3d.dll
- 2001-08-18 12:00:00 131,072 -c----w c:\windows\$NtServicePackUninstall$\dsprop.dll
+ 2002-08-28 14:40:50 135,680 -c----w c:\windows\$NtServicePackUninstall$\dsprop.dll
+ 2002-08-28 12:14:26 3,584 -c----w c:\windows\$NtServicePackUninstall$\dsprpres.dll
- 2001-08-18 12:00:00 227,840 -c----w c:\windows\$NtServicePackUninstall$\dsquery.dll
+ 2002-08-28 14:40:52 227,840 -c----w c:\windows\$NtServicePackUninstall$\dsquery.dll
+ 2001-08-18 12:00:00 47,104 -c----w c:\windows\$NtServicePackUninstall$\dssec.dll
- 2001-08-18 12:00:00 122,880 -c----w c:\windows\$NtServicePackUninstall$\dssenh.dll
+ 2002-08-28 09:27:32 124,928 -c----w c:\windows\$NtServicePackUninstall$\dssenh.dll
+ 2001-08-18 12:00:00 106,496 -c----w c:\windows\$NtServicePackUninstall$\dsuiext.dll
+ 2002-12-11 11:14:32 18,432 -c----w c:\windows\$NtServicePackUninstall$\dswave.dll
- 2001-08-18 12:00:00 30,208 -c----w c:\windows\$NtServicePackUninstall$\dumprep.exe
+ 2002-08-28 14:41:22 9,216 -c----w c:\windows\$NtServicePackUninstall$\dumprep.exe
- 2001-08-18 12:00:00 261,120 -c----w c:\windows\$NtServicePackUninstall$\duser.dll
+ 2002-08-28 14:40:52 263,680 -c----w c:\windows\$NtServicePackUninstall$\duser.dll
+ 2001-08-18 12:00:00 15,872 -c----w c:\windows\$NtServicePackUninstall$\dvdupgrd.exe
- 2001-08-18 12:00:00 162,128 -c----w c:\windows\$NtServicePackUninstall$\dwwin.exe
+ 2002-08-28 14:41:22 180,224 -c----w c:\windows\$NtServicePackUninstall$\dwwin.exe
+ 2002-12-11 11:14:32 602,624 -c----w c:\windows\$NtServicePackUninstall$\dx7vb.dll
+ 2003-05-29 20:00:02 1,189,888 -c----w c:\windows\$NtServicePackUninstall$\dx8vb.dll
+ 2004-07-08 15:27:28 974,848 -c----w c:\windows\$NtServicePackUninstall$\dxdiag.exe
+ 2004-07-08 15:27:28 1,769,472 -c----w c:\windows\$NtServicePackUninstall$\dxdiagn.dll
- 2001-08-18 12:00:00 68,224 -c----w c:\windows\$NtServicePackUninstall$\dxg.sys
+ 2002-08-28 14:40:44 68,992 -c----w c:\windows\$NtServicePackUninstall$\dxg.sys
- 2001-08-18 12:00:00 498,205 -c----w c:\windows\$NtServicePackUninstall$\dxmasf.dll
+ 2002-08-28 14:40:52 498,205 -c----w c:\windows\$NtServicePackUninstall$\dxmasf.dll

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 7:07 am

- 2001-08-18 12:00:00 802,816 -c----w c:\windows\$NtServicePackUninstall$\dxmrtp.dll
+ 2002-08-28 14:40:52 802,304 -c----w c:\windows\$NtServicePackUninstall$\dxmrtp.dll
- 2001-08-18 12:00:00 337,920 -c----w c:\windows\$NtServicePackUninstall$\dxtmsft.dll
+ 2002-08-28 14:40:52 337,920 -c----w c:\windows\$NtServicePackUninstall$\dxtmsft.dll
- 2001-08-18 12:00:00 194,560 -c----w c:\windows\$NtServicePackUninstall$\dxtrans.dll
+ 2002-08-28 14:40:52 194,560 -c----w c:\windows\$NtServicePackUninstall$\dxtrans.dll
- 2001-08-18 12:00:00 173,568 -c----w c:\windows\$NtServicePackUninstall$\els.dll
+ 2002-08-28 14:40:52 165,376 -c----w c:\windows\$NtServicePackUninstall$\els.dll
+ 2002-08-28 14:40:52 12,288 -c----w c:\windows\$NtServicePackUninstall$\encapi.dll
+ 2002-08-28 14:40:52 155,648 -c----w c:\windows\$NtServicePackUninstall$\encdec.dll
- 2001-08-18 12:00:00 17,408 -c----w c:\windows\$NtServicePackUninstall$\ersvc.dll
+ 2002-08-28 14:40:52 19,456 -c----w c:\windows\$NtServicePackUninstall$\ersvc.dll
- 2001-08-18 12:00:00 224,768 -c----w c:\windows\$NtServicePackUninstall$\es.dll
+ 2002-08-28 14:40:52 225,280 -c----w c:\windows\$NtServicePackUninstall$\es.dll
+ 2001-08-18 12:00:00 1,018,368 -c----w c:\windows\$NtServicePackUninstall$\esent.dll
- 2001-08-18 12:00:00 235,520 -c----w c:\windows\$NtServicePackUninstall$\esscli.dll
+ 2002-08-28 14:40:52 235,520 -c----w c:\windows\$NtServicePackUninstall$\esscli.dll
- 2001-08-18 12:00:00 178,688 -c----w c:\windows\$NtServicePackUninstall$\eudcedit.exe
+ 2002-08-28 14:41:24 178,688 -c----w c:\windows\$NtServicePackUninstall$\eudcedit.exe
- 2001-08-18 12:00:00 47,616 -c----w c:\windows\$NtServicePackUninstall$\eventlog.dll
+ 2002-08-28 14:40:52 49,152 -c----w c:\windows\$NtServicePackUninstall$\eventlog.dll
+ 2001-08-18 12:00:00 96,256 -c----w c:\windows\$NtServicePackUninstall$\evntagnt.dll
+ 2001-08-18 12:00:00 22,528 -c----w c:\windows\$NtServicePackUninstall$\evntcmd.exe
- 2001-08-18 12:00:00 19,456 -c----w c:\windows\$NtServicePackUninstall$\evntrprv.dll
+ 2002-08-28 14:40:52 19,456 -c----w c:\windows\$NtServicePackUninstall$\evntrprv.dll
+ 2001-08-18 12:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\evntwin.exe
- 2001-08-18 12:00:00 1,000,960 -c----w c:\windows\$NtServicePackUninstall$\explorer.exe
+ 2002-08-28 14:41:24 1,004,032 -c----w c:\windows\$NtServicePackUninstall$\explorer.exe
- 2001-08-18 12:00:00 379,152 -c----w c:\windows\$NtServicePackUninstall$\expsrv.dll
+ 2002-08-28 14:40:54 380,445 -c----w c:\windows\$NtServicePackUninstall$\expsrv.dll
+ 2001-08-18 12:00:00 40,960 -c----w c:\windows\$NtServicePackUninstall$\extrac32.exe
+ 2001-08-18 12:00:00 121,856 -c----w c:\windows\$NtServicePackUninstall$\exts.dll
+ 2001-08-18 12:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\f3ahvoas.dll
- 2001-08-18 12:00:00 144,768 -c----w c:\windows\$NtServicePackUninstall$\fastfat.sys
+ 2002-08-28 13:12:46 145,152 -c----w c:\windows\$NtServicePackUninstall$\fastfat.sys
- 2001-08-18 12:00:00 585,216 -c----w c:\windows\$NtServicePackUninstall$\fastprox.dll
+ 2002-08-28 14:40:54 565,248 -c----w c:\windows\$NtServicePackUninstall$\fastprox.dll
- 2001-08-18 12:00:00 61,952 -c----w c:\windows\$NtServicePackUninstall$\faultrep.dll
+ 2002-08-28 14:40:54 66,560 -c----w c:\windows\$NtServicePackUninstall$\faultrep.dll
+ 2002-08-28 14:41:24 18,944 -c----w c:\windows\$NtServicePackUninstall$\faxpatch.exe
+ 2001-08-18 12:00:00 26,240 -c----w c:\windows\$NtServicePackUninstall$\fdc.sys
+ 2001-08-18 12:00:00 18,432 -c----w c:\windows\$NtServicePackUninstall$\feclient.dll
+ 2001-08-18 12:00:00 323,072 -c----w c:\windows\$NtServicePackUninstall$\filemgmt.dll
+ 2001-08-18 12:00:00 25,088 -c----w c:\windows\$NtServicePackUninstall$\findstr.exe
+ 2001-08-18 12:00:00 34,944 -c----w c:\windows\$NtServicePackUninstall$\fips.sys
- 2001-08-18 12:00:00 84,992 -c----w c:\windows\$NtServicePackUninstall$\fldrclnr.dll
+ 2002-08-28 14:40:54 82,432 -c----w c:\windows\$NtServicePackUninstall$\fldrclnr.dll
- 2001-08-18 12:00:00 19,712 -c----w c:\windows\$NtServicePackUninstall$\flpydisk.sys
+ 2002-08-28 12:27:44 19,712 -c----w c:\windows\$NtServicePackUninstall$\flpydisk.sys
+ 2001-08-18 12:00:00 361,472 -c----w c:\windows\$NtServicePackUninstall$\fontext.dll
+ 2001-08-18 12:00:00 79,360 -c----w c:\windows\$NtServicePackUninstall$\fontsub.dll
- 2001-08-18 12:00:00 18,944 -c----w c:\windows\$NtServicePackUninstall$\fontview.exe
+ 2002-08-28 14:41:24 19,456 -c----w c:\windows\$NtServicePackUninstall$\fontview.exe
+ 2001-08-18 12:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\forcedos.exe
+ 2001-08-18 12:00:00 25,600 -c----w c:\windows\$NtServicePackUninstall$\format.com
- 2001-08-18 12:00:00 32,828 -c----w c:\windows\$NtServicePackUninstall$\fp40ext.dll
+ 2002-08-28 14:40:54 32,828 -c----w c:\windows\$NtServicePackUninstall$\fp40ext.dll
- 2001-05-22 08:15:08 184,435 -c----w c:\windows\$NtServicePackUninstall$\fp4amsft.dll
+ 2002-08-28 14:40:54 184,435 -c----w c:\windows\$NtServicePackUninstall$\fp4amsft.dll
- 2001-05-22 08:15:08 82,035 -c----w c:\windows\$NtServicePackUninstall$\fp4anscp.dll
+ 2002-08-28 14:40:54 82,035 -c----w c:\windows\$NtServicePackUninstall$\fp4anscp.dll
- 2001-05-22 08:15:08 147,513 -c----w c:\windows\$NtServicePackUninstall$\fp4apws.dll
+ 2002-08-28 14:40:54 147,513 -c----w c:\windows\$NtServicePackUninstall$\fp4apws.dll
- 2001-05-22 08:15:08 94,208 -c----w c:\windows\$NtServicePackUninstall$\fp4areg.dll
+ 2002-08-28 14:40:54 127,034 -c----w c:\windows\$NtServicePackUninstall$\fp4areg.dll
- 2001-05-22 08:15:08 102,509 -c----w c:\windows\$NtServicePackUninstall$\fp4atxt.dll
+ 2002-08-28 14:40:54 102,509 -c----w c:\windows\$NtServicePackUninstall$\fp4atxt.dll
- 2001-05-22 08:15:08 618,605 -c----w c:\windows\$NtServicePackUninstall$\fp4autl.dll
+ 2002-08-28 14:40:54 618,605 -c----w c:\windows\$NtServicePackUninstall$\fp4autl.dll
- 2001-05-22 08:15:08 41,020 -c----w c:\windows\$NtServicePackUninstall$\fp4avnb.dll
+ 2002-08-28 14:40:54 41,020 -c----w c:\windows\$NtServicePackUninstall$\fp4avnb.dll
- 2001-05-22 08:15:08 32,826 -c----w c:\windows\$NtServicePackUninstall$\fp4avss.dll
+ 2002-08-28 14:40:54 32,826 -c----w c:\windows\$NtServicePackUninstall$\fp4avss.dll
- 2001-05-22 08:15:08 49,212 -c----w c:\windows\$NtServicePackUninstall$\fp4awebs.dll
+ 2002-08-28 14:40:54 49,212 -c----w c:\windows\$NtServicePackUninstall$\fp4awebs.dll
- 2001-05-22 08:15:08 872,557 -c----w c:\windows\$NtServicePackUninstall$\fp4awel.dll
+ 2002-08-28 14:40:56 872,557 -c----w c:\windows\$NtServicePackUninstall$\fp4awel.dll
- 2001-05-22 08:15:08 14,608 -c----w c:\windows\$NtServicePackUninstall$\fp98sadm.exe
+ 2002-08-28 14:41:24 15,120 -c----w c:\windows\$NtServicePackUninstall$\fp98sadm.exe
- 2001-05-22 08:15:08 109,328 -c----w c:\windows\$NtServicePackUninstall$\fp98swin.exe
+ 2002-08-28 14:41:24 109,840 -c----w c:\windows\$NtServicePackUninstall$\fp98swin.exe
- 2001-05-22 08:15:08 24,632 -c----w c:\windows\$NtServicePackUninstall$\fpadmcgi.exe
+ 2002-08-28 14:41:24 24,632 -c----w c:\windows\$NtServicePackUninstall$\fpadmcgi.exe
- 2001-05-22 08:15:08 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpadmdll.dll
+ 2002-08-28 14:40:56 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpadmdll.dll
- 2001-05-22 08:15:08 94,208 -c----w c:\windows\$NtServicePackUninstall$\fpcount.exe
+ 2002-08-28 14:41:24 188,494 -c----w c:\windows\$NtServicePackUninstall$\fpcount.exe
- 2001-05-22 08:15:08 94,208 -c----w c:\windows\$NtServicePackUninstall$\fpencode.dll
+ 2002-08-28 14:40:56 94,208 -c----w c:\windows\$NtServicePackUninstall$\fpencode.dll
- 2001-05-22 08:15:08 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpexedll.dll
+ 2002-08-28 14:40:56 20,541 -c----w c:\windows\$NtServicePackUninstall$\fpexedll.dll
- 2001-05-22 08:15:08 598,071 -c----w c:\windows\$NtServicePackUninstall$\fpmmc.dll
+ 2002-08-28 14:40:56 598,071 -c----w c:\windows\$NtServicePackUninstall$\fpmmc.dll
- 2001-05-22 08:15:10 208,896 -c----w c:\windows\$NtServicePackUninstall$\fpmmcsat.dll
+ 2002-05-14 05:16:22 208,896 -c----w c:\windows\$NtServicePackUninstall$\fpmmcsat.dll
- 2001-05-22 08:15:08 20,538 -c----w c:\windows\$NtServicePackUninstall$\fpremadm.exe
+ 2002-08-28 14:41:24 20,538 -c----w c:\windows\$NtServicePackUninstall$\fpremadm.exe
+ 2002-08-28 14:41:24 28,728 -c----w c:\windows\$NtServicePackUninstall$\fpsrvadm.exe
- 2001-08-18 12:00:00 8,832 -c----w c:\windows\$NtServicePackUninstall$\framebuf.dll
+ 2002-08-28 14:40:44 8,832 -c----w c:\windows\$NtServicePackUninstall$\framebuf.dll
+ 2001-08-18 12:00:00 174,592 -c----w c:\windows\$NtServicePackUninstall$\framedyn.dll
- 2001-08-18 12:00:00 40,448 -c----w c:\windows\$NtServicePackUninstall$\[You must be registered and logged in to see this link.]
+ 2002-08-28 14:41:24 40,448 -c----w c:\windows\$NtServicePackUninstall$\[You must be registered and logged in to see this link.]
- 2001-08-18 12:00:00 442,880 -c----w c:\windows\$NtServicePackUninstall$\fxsapi.dll
+ 2002-08-28 14:40:56 443,392 -c----w c:\windows\$NtServicePackUninstall$\fxsapi.dll
- 2001-08-18 12:00:00 131,584 -c----w c:\windows\$NtServicePackUninstall$\fxsclnt.exe
+ 2002-08-28 14:41:24 130,048 -c----w c:\windows\$NtServicePackUninstall$\fxsclnt.exe
+ 2001-08-18 12:00:00 68,096 -c----w c:\windows\$NtServicePackUninstall$\fxscom.dll
- 2001-08-18 12:00:00 271,872 -c----w c:\windows\$NtServicePackUninstall$\fxscomex.dll
+ 2002-08-28 14:40:56 271,360 -c----w c:\windows\$NtServicePackUninstall$\fxscomex.dll
- 2001-08-18 12:00:00 216,064 -c----w c:\windows\$NtServicePackUninstall$\fxscover.exe
+ 2002-08-28 14:41:24 216,064 -c----w c:\windows\$NtServicePackUninstall$\fxscover.exe
- 2001-08-18 12:00:00 24,064 -c----w c:\windows\$NtServicePackUninstall$\fxsdrv.dll
+ 2002-08-28 14:40:56 24,064 -c----w c:\windows\$NtServicePackUninstall$\fxsdrv.dll
+ 2001-08-18 12:00:00 53,760 -c----w c:\windows\$NtServicePackUninstall$\fxsevent.dll
- 2001-08-18 12:00:00 20,992 -c----w c:\windows\$NtServicePackUninstall$\fxsext32.dll
+ 2002-08-28 14:40:56 20,992 -c----w c:\windows\$NtServicePackUninstall$\fxsext32.dll
+ 2001-08-18 12:00:00 22,016 -c----w c:\windows\$NtServicePackUninstall$\fxsmon.dll
- 2001-08-18 12:00:00 122,368 -c----w c:\windows\$NtServicePackUninstall$\fxsocm.dll
+ 2002-08-28 14:40:56 122,880 -c----w c:\windows\$NtServicePackUninstall$\fxsocm.dll
- 2001-08-18 12:00:00 7,168 -c----w c:\windows\$NtServicePackUninstall$\fxsperf.dll
+ 2002-08-28 14:40:56 7,168 -c----w c:\windows\$NtServicePackUninstall$\fxsperf.dll
- 2001-08-18 12:00:00 6,656 -c----w c:\windows\$NtServicePackUninstall$\fxsres.dll
+ 2002-08-28 14:39:56 6,656 -c----w c:\windows\$NtServicePackUninstall$\fxsres.dll
- 2001-08-18 12:00:00 559,616 -c----w c:\windows\$NtServicePackUninstall$\fxsst.dll
+ 2002-08-28 14:40:56 559,616 -c----w c:\windows\$NtServicePackUninstall$\fxsst.dll
- 2001-08-18 12:00:00 249,344 -c----w c:\windows\$NtServicePackUninstall$\fxssvc.exe
+ 2002-08-28 14:41:24 250,368 -c----w c:\windows\$NtServicePackUninstall$\fxssvc.exe
- 2001-08-18 12:00:00 236,032 -c----w c:\windows\$NtServicePackUninstall$\fxst30.dll
+ 2002-08-28 14:40:56 236,032 -c----w c:\windows\$NtServicePackUninstall$\fxst30.dll
- 2001-08-18 12:00:00 391,168 -c----w c:\windows\$NtServicePackUninstall$\fxstiff.dll
+ 2002-08-28 14:40:56 391,168 -c----w c:\windows\$NtServicePackUninstall$\fxstiff.dll
- 2001-08-18 12:00:00 149,504 -c----w c:\windows\$NtServicePackUninstall$\fxsui.dll
+ 2002-08-28 14:40:56 149,504 -c----w c:\windows\$NtServicePackUninstall$\fxsui.dll
- 2001-08-18 12:00:00 186,368 -c----w c:\windows\$NtServicePackUninstall$\fxswzrd.dll
+ 2002-08-28 14:40:56 185,856 -c----w c:\windows\$NtServicePackUninstall$\fxswzrd.dll
- 2001-08-18 12:00:00 395,264 -c----w c:\windows\$NtServicePackUninstall$\fxsxp32.dll
+ 2002-08-28 14:40:56 395,264 -c----w c:\windows\$NtServicePackUninstall$\fxsxp32.dll
- 2001-08-17 14:02:32 9,728 -c----w c:\windows\$NtServicePackUninstall$\gameenum.sys
+ 2002-08-28 12:32:44 9,856 -c----w c:\windows\$NtServicePackUninstall$\gameenum.sys
+ 2002-08-28 12:32:48 54,144 -c----w c:\windows\$NtServicePackUninstall$\gckernel.sys
- 2001-08-18 12:00:00 250,880 -c----w c:\windows\$NtServicePackUninstall$\gdi32.dll
+ 2002-08-28 14:40:56 250,368 -c----w c:\windows\$NtServicePackUninstall$\gdi32.dll
+ 2001-08-18 12:00:00 116,736 -c----w c:\windows\$NtServicePackUninstall$\glu32.dll
+ 2001-08-18 12:00:00 9,728 -c----w c:\windows\$NtServicePackUninstall$\gpkrsrc.dll
+ 2001-08-18 12:00:00 37,888 -c----w c:\windows\$NtServicePackUninstall$\grpconv.exe
- 2001-08-18 12:00:00 113,664 -c----w c:\windows\$NtServicePackUninstall$\guitrn.dll
+ 2002-08-28 14:40:56 114,688 -c----w c:\windows\$NtServicePackUninstall$\guitrn.dll
- 2001-08-18 12:00:00 53,248 -c----w c:\windows\$NtServicePackUninstall$\h323cc.dll
+ 2002-08-28 14:40:56 53,248 -c----w c:\windows\$NtServicePackUninstall$\h323cc.dll
+ 2001-08-18 12:00:00 592,896 -c----w c:\windows\$NtServicePackUninstall$\h323msp.dll
- 2001-08-18 12:00:00 128,768 -c----w c:\windows\$NtServicePackUninstall$\hal.dll
+ 2002-08-28 12:05:04 127,872 -c----w c:\windows\$NtServicePackUninstall$\hal.dll
+ 2002-08-28 12:05:04 127,872 -c----w c:\windows\$NtServicePackUninstall$\halaacpi.dll

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 8th March 2009, 7:13 am

There is too much too paste and i don't think this was what you asked for so i'm just gonna skip to the end from here. and also i mentioned something important above in the post after your latest post

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2003-02-20 2185800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-11-04 7307264]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-11-04 86016]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2005-11-09 128920]
"nTrayFw"="d:\progra~1\NVIDIA~1\NETWOR~1\bin\nTrayFw.exe" [2005-04-29 266240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-07 185872]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-30 136600]
"avgnt"="d:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2005-11-04 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

S2 gupdate1c9876a894a61ea;Google Update Service (gupdate1c9876a894a61ea);c:\program files\Google\Update\GoogleUpdate.exe [2/5/2009 9:19:07 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-03-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-05 21:17]

2009-03-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 21:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Andrew\Application Data\Mozilla\Firefox\Profiles\0d6ybm7f.default\
FF - component: d:\program files\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: d:\program files\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: d:\program files\RealPlayer\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-03-08 19:28:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2009-03-08 19:29:32
ComboFix-quarantined-files.txt 2009-03-08 06:29:23
ComboFix2.txt 2008-12-08 23:43:38

Pre-Run: 4,490,534,912 bytes free
Post-Run: 4,549,611,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
7692

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 8th March 2009, 3:25 pm

Hello.
How is it now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 9th March 2009, 2:51 am

yeah its awesome everythings fixed. mbams working too.

thanks a ton.

*edit* i just did an avira scan and it found that rootkit virus thing. I saw the word quarantine when they were found so i'm assumming its nothing but just in case heres th log report



Avira AntiVir Personal
Report file date: Monday, 9 March 2009 16:28

Scanning for 1289201 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANDREW-UX8YV5KH

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/17/2008 20:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 19:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 00:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 19:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 23:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:02:19
ANTIVIR2.VDF : 7.1.2.105 513536 Bytes 3/3/2009 02:52:14
ANTIVIR3.VDF : 7.1.2.137 172032 Bytes 3/8/2009 02:55:14
Engineversion : 8.2.0.105
AEVDF.DLL : 8.1.1.0 106868 Bytes 3/1/2009 01:02:44
AESCRIPT.DLL : 8.1.1.57 356729 Bytes 3/6/2009 07:48:10
AESCN.DLL : 8.1.1.8 127346 Bytes 3/6/2009 07:48:08
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 01:58:38
AEPACK.DLL : 8.1.3.10 397686 Bytes 3/5/2009 03:01:23
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 3/1/2009 01:02:36
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 3/6/2009 07:48:06
AEHELP.DLL : 8.1.2.2 119158 Bytes 3/1/2009 01:02:29
AEGEN.DLL : 8.1.1.25 336243 Bytes 3/6/2009 07:48:01
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/13/2008 22:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 3/1/2009 01:02:26
AEBB.DLL : 8.1.0.3 53618 Bytes 10/13/2008 22:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/8/2008 20:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/15/2008 21:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 00:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/8/2008 23:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/11/2008 20:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 00:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 05:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 00:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 00:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 01:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 01:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, 9 March 2009 16:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACbgejpxdq.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.65 root kit
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACefavbrpn.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.66 root kit
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpmuyvtbp.dll.vir
[DETECTION] Is the TR/PCK.Tdss.F.135 Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwtnkrobo.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACppjwswur_.sys.zip
[0] Archive type: ZIP
--> UACppjwswur.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017031.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017032.dll
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.66 root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017033.dll
[DETECTION] Contains recognition pattern of the RKIT/TDss.eyj.65 root kit
[NOTE] The file was deleted!
C:\System Volume Information\_restore{DFAC1D38-F60A-49EE-A8BD-012BC55B399C}\RP64\A0017034.dll
[DETECTION] Is the TR/PCK.Tdss.F.135 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd9053.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: Monday, 9 March 2009 16:55
Used time: 27:18 Minute(s)

The scan has been done completely.

4151 Scanning directories
193215 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
9 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
193202 Files not concerned
1159 Archives were scanned
4 Warnings
9 Notes

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 9th March 2009, 2:46 pm

All it found was system restore points and Combofix's quarantine.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 10th March 2009, 2:51 am

ok done a billion thanks. you are god

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by Belahzur on 10th March 2009, 9:31 am

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: spyware protect 2009 - ericshin

Post by ericshin on 11th March 2009, 1:46 am

ok will do that

ericshin
Intermediate
Intermediate

Posts Posts : 80
Joined Joined : 2008-12-08
Gender Gender : Male
OS OS : microsoft windows xp
Points Points : 29554
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum