mdm.exe virus

To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

Reply to Discussion

Options

burevestnik

Icrontic Regular

27 Posts

20 Jun 2009, 7:27pm

Dear all,
lately, I started to receive several notifications a day about detected virus mdm.exe (see attached) from Symantec AntiVirus v 10.1.8.8000.
It happens every day usually. I ran HijackThis and have a log (attached).
Any help would be greatly appreciated!
Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:02 PM, on 6/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winlogon.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\dllhst3g.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - d:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] d:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\spoolsv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\Papa\LOCALS~1\Temp\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\Papa\APPLIC~1\mqtgsvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\System\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1220945662-1532298954-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anna')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\Papa\APPLIC~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\Papa\APPLIC~1\spoolsv.exe /waitservice (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - d:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - d:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11571 bytes

Attached Thumbnails

Click image for larger version

Name: autoprotect.JPG
Views: 19
Size: 212.7 KB
ID: 27166

Attached Files

hijackthis.txt (11.3 KB, 10 views)

Katana edited : 22 Jun 2009 at 11:46am . Reason: added HJT log

Katana

MRU Expert

1,682 Posts

22 Jun 2009, 11:51am

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

You appear to have a well known infection.
Is your Antivirus software up to date ?

Download and Run RSIT

Please download Random's System Information Tool by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
- log.txt will be opened maximized.
- info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.

burevestnik

Icrontic Regular

27 Posts

23 Jun 2009, 3:05am

Katana,
Thank you very much for your kind help!
I am attaching 2 log files for your review.
Thanks!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Papa at 2009-06-22 22:04:46
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (72%) free of 40 GB
Total RAM: 3326 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:47 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\ge security supra\syncservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\wuauclt.exe
F:\Documents\Papa\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\Papa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=C:\WINDOWS\dllhst3g.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - d:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] d:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Spool] C:\WINDOWS\spoolsv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [rsvp] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\DOCUME~1\Papa\LOCALS~1\Temp\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MqtgSVC] C:\DOCUME~1\Papa\APPLIC~1\mqtgsvc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [SessMgr] C:\WINDOWS\sessmgr.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\mstinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\WINDOWS\System32\drivers\clipsrv.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\mstsc.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [IEudinit] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\esentutl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\WINDOWS\System\comrepl.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\WINDOWS\System\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1220945662-1532298954-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anna')
O4 - HKUS\S-1-5-21-1220945662-1532298954-839522115-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Rachel')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\Papa\APPLIC~1\spoolsv.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Spool] C:\DOCUME~1\Papa\APPLIC~1\spoolsv.exe /waitservice (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - d:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - d:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12039 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\SyncToy 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - d:\Program Files\IEPro\iepro.dll [2009-02-04 752744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-27 13684736]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-27 86016]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-06-24 53096]
"vptray"=D:\PROGRA~1\SYMANT~1\VPTray.exe [2008-09-30 125368]
"Windows Defender"=D:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-01-07 1468296]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"SetDefPrt"=d:\Program Files\Brother\Brmfl04g\BrStDvPt.exe [2004-11-11 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-01-07 864256]
""= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CmSTP"=C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe [2009-05-08 61440]
"Spool"=C:\WINDOWS\spoolsv.exe [2009-05-08 61440]
"rsvp"=C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\rsvp.exe [2009-05-08 61440]
"DllHst"=C:\DOCUME~1\Papa\LOCALS~1\Temp\dllhst3g.exe [2009-05-08 61440]
"MqtgSVC"=C:\DOCUME~1\Papa\APPLIC~1\mqtgsvc.exe [2009-05-08 61440]
"SessMgr"=C:\WINDOWS\sessmgr.exe [2009-05-08 61440]
"MstInit"=C:\WINDOWS\mstinit.exe [2009-05-08 61440]
"ClipSrv"=C:\WINDOWS\System32\drivers\clipsrv.exe [2009-05-08 61440]
"Mstsc"=C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\mstsc.exe [2009-05-08 61440]
"IEudinit"=C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\ieudinit.exe [2009-05-08 61440]
"Logman"=C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\MICROS~1\logman.exe [2009-05-08 61440]
"Esent Utl"=C:\WINDOWS\esentutl.exe [2009-05-08 61440]
"ComRepl"=C:\WINDOWS\System\comrepl.exe [2009-05-08 61440]
"Cisvc"=C:\WINDOWS\System\cisvc.exe [2009-05-08 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-08-03 202024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ClipSrv"=C:\DOCUME~1\Papa\LOCALS~1\APPLIC~1\clipsrv.exe [2009-05-08 61440]
"Cisvc"=C:\WINDOWS\System\cisvc.exe [2009-05-08 61440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
DisplayKEY eSYNC Info.lnk - C:\Program Files\GE Security Supra\SyncInfoApp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify]
C:\WINDOWS\system32\ckpNotify.dll [2007-05-24 24665]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2008-09-30 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=D:\PROGRA~1\WINDOW~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"d:\Program Files\IEPro\MiniDM.exe"="d:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImage.exe"="D:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImage.exe:*:Enabled:Acronis True Image"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp03\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp03\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp08\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp08\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp09\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp09\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp10\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp10\mdm.exe:*:Enabled:UpdateWizzard"
"C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp10\mdm.exe"="C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp10\mdm.exe:*

isabled:mdm"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"D:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp11\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp11\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp12\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp12\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp13\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp13\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp16\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp16\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp18\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp18\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp19\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp19\mdm.exe:*:Enabled:UpdateWizzard"
"C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp20\mdm.exe"="C:\DOCUME~1\Papa\LOCALS~1\Temp\~temp\mlp20\mdm.exe:*:Enabled:UpdateWizzard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"D:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"D:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="D:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FW1;SecuRemote Miniport; C:\WINDOWS\system32\DRIVERS\fw.sys [2007-05-24 2234800]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SAVRT;SAVRT; \??\D:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\D:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-20 188808]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 CP_OMDRV;Check Point Office Mode Module; C:\WINDOWS\System32\drivers\omdrv.sys [2007-05-24 36368]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient; C:\WINDOWS\system32\DRIVERS\vnasc.sys [2007-05-24 110032]
R2 VPN-1;VPN-1 Module; C:\WINDOWS\System32\drivers\vpn.sys [2007-05-24 673456]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-12-29 4026112]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-01-18 53248]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-01-19 11904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090619.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090619.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-27 6280416]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2009-01-07 27784]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 slabbus

isplayKEY USB Cradle driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2006-09-07 55312]
R3 slabser;CP210x USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2006-09-07 89808]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-20 23944]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-06-24 191848]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-06-24 169320]
R2 DefWatch;Symantec AntiVirus Definition Watcher; D:\Program Files\Symantec AntiVirus\DefWatch.exe [2008-09-30 31160]
R2 DkeySync

keySync; c:\program files\ge security supra\syncservice.exe [2006-09-07 53248]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-27 163908]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
R2 SR_Service;Check Point VPN-1 Securemote service; D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2007-05-24 106586]
R2 SR_Watchdog;Check Point VPN-1 Securemote watchdog; D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe [2007-05-24 36955]
R2 Symantec AntiVirus;Symantec AntiVirus; D:\Program Files\Symantec AntiVirus\Rtvscan.exe [2008-09-30 1956792]
R2 WinDefend;Windows Defender; D:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-02 655624]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; D:\Program Files\Symantec AntiVirus\SavRoam.exe [2008-09-30 116664]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2008-08-20 214408]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Attached Files

	info.txt (23.2 KB, 2 views)
	log.txt (66.8 KB, 1 views)

Katana edited : 23 Jun 2009 at 11:31am . Reason: posted logs for ease

Katana

MRU Expert

1,682 Posts

23 Jun 2009, 12:42pm

Information

IMPORTANT
I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

eMule
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
Please note: you must NOT use any P2P whilst we are cleaning your machine.

----------------------------------------------------------------------------------------
Step 1

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Step 2

Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply

MalwareBytes Log
Combofix Log
How are things running now ?

burevestnik

Icrontic Regular

27 Posts

24 Jun 2009, 4:24am

Katana,
please review the Malwarebytes log:
Malwarebytes' Anti-Malware 1.38
Database version: 2327
Windows 5.1.2600 Service Pack 3
6/23/2009 11:23:59 PM
mbam-log-2009-06-23 (23-23-53).txt
Scan type: Full Scan (C:\|)
Objects scanned: 162242
Time elapsed: 18 minute(s), 9 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 13
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18
Memory Processes Infected:
C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Heuristics.Reserved.Word.Exploit) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Papa\Local Settings\Application Data\ieudinit.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\cmstp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mstinit.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Papa\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Papa\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\spoolsv.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system\cisvc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system\comrepl.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\rsvp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\esentutl.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Anna\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mqtgsvc.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Papa\Application Data\mqtgsvc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\spoolsv.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\logman.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system\spoolsv.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Papa\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
c:\documents and settings\Papa\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

The rest I can try to do tomorrow...
Thanks a lot!

Katana

MRU Expert

1,682 Posts

24 Jun 2009, 11:41am

-> No action taken

Did you allow MBAM to remove these ?

burevestnik

Icrontic Regular

27 Posts

24 Jun 2009, 4:58pm

Not yet. I'll do it today and let you know.

burevestnik

Icrontic Regular

27 Posts

25 Jun 2009, 3:37am

Just removed Malwarebytes findings:
Malwarebytes' Anti-Malware 1.38
Database version: 2327
Windows 5.1.2600 Service Pack 3
6/24/2009 10:38:34 PM
mbam-log-2009-06-24 (22-38-34).txt
Scan type: Full Scan (C:\|)
Objects scanned: 162973
Time elapsed: 22 minute(s), 38 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 13
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 18
Memory Processes Infected:
C:\WINDOWS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\IEudinit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\CmSTP (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\MstInit (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\comrepl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rsvp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\esent utl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\mqtgsvc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\logman (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\Papa\Local Settings\Application Data\ieudinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\cmstp.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\mstinit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Papa\Local Settings\Application Data\Microsoft\sessmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Papa\Local Settings\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\spoolsv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system\cisvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\rsvp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\esentutl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Anna\Application Data\Microsoft\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mqtgsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa\Application Data\mqtgsvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\logman.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system\spoolsv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Papa\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
c:\documents and settings\Papa\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Katana

MRU Expert

1,682 Posts

25 Jun 2009, 9:16am

Do you have the Combofix log ?

burevestnik

Icrontic Regular

27 Posts

25 Jun 2009, 11:28am

Here you go:
ComboFix 09-06-24.05 - Papa 06/25/2009 6:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2650 [GMT -4:00]
Running from: c:\documents and settings\Papa\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Leah\Local Settings\Application Data\clipsrv.exe
c:\documents and settings\Papa\Application Data\Microsoft\ieudinit.exe
c:\documents and settings\Papa\Local Settings\Application Data\clipsrv.exe
c:\documents and settings\Papa\Local Settings\Application Data\mstinit.exe
c:\documents and settings\Papa\Local Settings\Application Data\mstsc.exe
c:\documents and settings\Papa\Local Settings\Application Data\sessmgr.exe
c:\documents and settings\Rachel\Application Data\Microsoft\cmstp.exe
c:\windows\dllhst3g.exe
c:\windows\ieudinit.exe
c:\windows\system\dllhst3g.exe
c:\windows\system\logman.exe
c:\windows\system\mqtgsvc.exe
c:\windows\system32\drivers\clipsrv.exe
H:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.
2009-06-24 02:35 . 2009-06-24 02:35 -------- d-----w- c:\documents and settings\Papa\Application Data\Malwarebytes
2009-06-24 02:35 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 02:35 . 2009-06-24 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 02:35 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 02:04 . 2009-06-23 02:04 -------- d-----w- C:\rsit
2009-06-21 15:54 . 2009-06-21 15:54 -------- d-----w- c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft Help
2009-06-13 19:29 . 2009-06-13 19:29 -------- d-----w- c:\documents and settings\Papa\Application Data\Nero
2009-06-12 02:32 . 2009-06-12 02:32 -------- d-----w- c:\documents and settings\Papa\Application Data\Apple Computer
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Apple
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\program files\Apple Software Update
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-12 02:29 . 2009-06-12 02:29 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Apple Computer
2009-06-12 02:04 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-12 02:04 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-06 02:55 . 2009-06-06 02:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-03 10:19 . 2009-06-03 10:19 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-06-02 22:29 . 2009-06-02 22:29 -------- d-----r- c:\documents and settings\Rachel\Application Data\Brother
2009-06-02 14:33 . 2009-05-09 00:20 61440 ----a-w- c:\windows\sessmgr.exe
2009-05-31 21:29 . 2009-05-31 22:28 -------- d-----w- c:\documents and settings\Anna\Local Settings\Application Data\Microsoft Help
2009-05-27 23:05 . 2009-05-27 23:05 -------- d-----w- c:\documents and settings\Rachel\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 02:43 . 2009-05-15 18:06 -------- d-----w- c:\program files\GE Security Supra
2009-06-15 10:20 . 2009-05-02 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 02:23 . 2009-05-02 14:27 -------- d-----w- c:\documents and settings\Papa\Application Data\IEPro
2009-06-03 10:19 . 2009-05-12 02:34 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-05-15 18:07 . 2009-05-15 18:07 159744 ----a-w- c:\windows\system32\libssl32.dll
2009-05-15 18:07 . 2009-05-15 18:07 -------- d-----w- c:\program files\SiLabs
2009-05-15 11:51 . 2009-05-15 11:51 -------- d-----w- c:\documents and settings\Papa\Application Data\ICAClient
2009-05-15 11:50 . 2009-05-15 11:50 -------- d-----w- c:\program files\Citrix
2009-05-15 11:39 . 2009-05-15 11:39 -------- d-----w- c:\program files\CheckPoint
2009-05-15 11:32 . 2009-05-15 11:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-15 02:16 . 2009-05-03 16:55 71192 ----a-w- c:\documents and settings\Leah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 01:12 . 2009-05-02 22:25 71192 ----a-w- c:\documents and settings\Anna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 00:43 . 2009-05-02 19:03 71192 ----a-w- c:\documents and settings\Rachel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 02:34 . 2009-05-12 02:34 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
2009-05-12 02:34 . 2009-05-12 02:34 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
2009-05-12 02:34 . 2009-05-12 02:34 1007616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
2009-05-12 02:34 . 2009-05-12 02:34 811008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
2009-05-12 02:34 . 2009-05-12 02:34 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-05-12 02:34 . 2009-05-12 02:34 997 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2009-05-12 02:34 . 2009-05-02 13:20 71192 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 02:33 . 2009-05-12 02:33 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-05-12 02:33 . 2009-05-04 01:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 02:32 . 2009-05-12 02:32 -------- d-----w- c:\documents and settings\Papa\Application Data\Intuit
2009-05-12 02:32 . 2009-05-12 02:32 -------- d-----w- c:\program files\Common Files\Intuit
2009-05-12 02:30 . 2009-05-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-05-10 23:26 . 2009-05-10 23:26 -------- d-----w- c:\documents and settings\Rachel\Application Data\MiniDm
2009-05-07 23:22 . 2009-05-02 15:53 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-07 23:17 . 2009-05-02 15:54 65 ----a-w- c:\windows\system32\BD7820N.dat
2009-05-07 23:16 . 2009-05-07 23:16 -------- d-----w- c:\program files\Brother
2009-05-07 23:16 . 2009-05-04 01:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 12:17 . 2009-05-03 11:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-07 02:12 . 2009-05-07 02:12 -------- d-----w- c:\program files\MSXML 4.0
2009-05-04 02:10 . 2009-05-04 02:10 -------- d-----w- c:\program files\Qimage
2009-05-04 02:02 . 2009-05-04 02:02 -------- d-----w- c:\documents and settings\Papa\Application Data\ACD Systems
2009-05-04 02:02 . 2009-05-04 02:01 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-04 02:02 . 2009-05-04 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-04 01:42 . 2009-05-04 01:42 -------- d-----w- c:\program files\Realtek AC97
2009-05-03 18:11 . 2009-05-03 17:35 -------- d-----w- c:\documents and settings\Leah\Application Data\MiniDm
2009-05-03 16:59 . 2009-05-03 16:59 -------- d-----w- c:\documents and settings\Leah\Application Data\IEPro
2009-05-03 13:31 . 2009-05-03 13:31 10134 ----a-r- c:\documents and settings\Papa\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-05-03 13:31 . 2009-05-03 13:31 -------- d-----w- c:\program files\HP
2009-05-03 11:15 . 2009-05-02 22:26 -------- d-----w- c:\documents and settings\Anna\Application Data\IEPro
2009-05-03 11:12 . 2009-05-02 22:27 -------- d-----w- c:\documents and settings\Anna\Application Data\MiniDm
2009-05-03 11:11 . 2009-05-03 11:11 -------- d-----w- c:\program files\Microsoft
2009-05-03 11:11 . 2009-05-03 11:10 -------- d-----w- c:\program files\Windows Live
2009-05-03 11:10 . 2009-05-03 11:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-03 11:08 . 2009-05-03 11:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-03 10:19 . 2009-05-03 10:19 0 ----a-w- c:\windows\nsreg.dat
2009-05-02 19:14 . 2009-05-02 19:14 -------- d-----w- c:\documents and settings\Rachel\Application Data\IEPro
2009-05-02 17:47 . 2009-05-02 17:47 -------- d-----w- c:\program files\Common Files\Nero
2009-05-02 17:47 . 2009-05-02 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-02 17:05 . 2009-05-02 17:05 -------- d-----w- c:\documents and settings\Papa\Application Data\InstallShield
2009-05-02 17:01 . 2009-05-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-05-02 17:00 . 2009-05-02 17:00 -------- d-----w- c:\program files\EPSON
2009-05-02 16:49 . 2009-05-02 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-02 16:48 . 2009-05-02 16:48 1915520 ----a-w- c:\documents and settings\Papa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-02 16:44 . 2009-05-02 15:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-02 16:35 . 2009-05-02 16:36 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-02 16:35 . 2009-05-02 16:36 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-02 16:35 . 2009-05-02 16:36 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-02 16:35 . 2009-05-02 16:36 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-02 16:35 . 2009-05-02 16:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-02 16:35 . 2009-05-02 16:36 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-02 15:53 . 2009-05-02 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-02 15:51 . 2009-05-02 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-02 15:43 . 2009-05-02 15:43 -------- d-----w- c:\program files\Adobe Media Player
2009-05-02 15:41 . 2009-05-02 15:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-02 15:38 . 2009-05-02 15:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-02 15:33 . 2009-05-02 15:33 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-05-02 15:22 . 2009-05-02 15:22 454688 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-02 15:22 . 2009-05-02 15:22 43008 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-02 15:22 . 2009-05-02 15:22 132352 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-02 14:56 . 2009-05-02 14:45 -------- d-----w- c:\program files\Microsoft Works
2009-05-02 14:35 . 2009-05-02 14:33 -------- d-----w- c:\documents and settings\Papa\Application Data\MiniDm
2009-05-02 14:31 . 2009-05-02 14:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w- c:\program files\Symantec
2009-05-02 14:30 . 2009-05-02 14:30 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-02 14:30 . 2009-05-02 14:30 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-02 14:30 . 2009-05-02 14:30 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-02 14:30 . 2009-05-02 14:30 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-02 13:58 . 2009-05-02 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-02 12:41 . 2009-05-02 12:41 -------- d-----w- c:\program files\microsoft frontpage
2009-05-02 12:38 . 2009-05-02 12:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-27 12:14 . 2009-05-02 13:20 453152 ----a-w- c:\windows\system32\NVUNINST.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"vptray"="d:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SetDefPrt"="d:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"="c:\windows\sessmgr.exe" [2009-05-09 61440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-5-11 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-15 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2007-05-24 14:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\IEPro\\MiniDM.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/24/2007 10:13 AM 2234800]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [5/24/2007 10:13 AM 36368]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [5/24/2007 10:13 AM 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/24/2007 10:13 AM 673456]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/8/2009 8:03 PM 101936]
S3 SavRoam;SAVRoam;d:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 5:41 PM 116664]
.
Contents of the 'Scheduled Tasks' folder
2009-06-25 c:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-06-25 c:\windows\Tasks\SyncToy 2.job
- d:\program files\SyncToy 2.0\SyncToyCmd.exe [2008-08-12 18:07]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Explorer_Run-ClipSrv - c:\windows\System32\drivers\clipsrv.exe
HKLM-Explorer_Run-Mstsc - c:\docume~1\Papa\LOCALS~1\APPLIC~1\mstsc.exe
HKCU-Explorer_Run-ClipSrv - c:\docume~1\Papa\LOCALS~1\APPLIC~1\clipsrv.exe
HKU-Default-Explorer_Run-IEudinit - c:\docume~1\Papa\APPLIC~1\MICROS~1\ieudinit.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 06:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-25 6:28
ComboFix-quarantined-files.txt 2009-06-25 10:28
Pre-Run: 30,010,101,760 bytes free
Post-Run: 30,472,835,072 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
243 --- E O F --- 2009-06-15 10:20

Katana

MRU Expert

1,682 Posts

25 Jun 2009, 11:52am

Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
c:\windows\sessmgr.exe
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

----------------------------------------------------------------------------------------
Step 2

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Virus Total Results
Kaspersky Log
How are things running now ?

burevestnik

Icrontic Regular

27 Posts

26 Jun 2009, 11:21am

Katana,
I submitted file to Virustotal, but I really do not know how to get the results back...
Here is log from Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 26, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 26, 2009 01:22:45
Records in database: 2389637
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
V:\
W:\
X:\
Y:\
Z:\
Scan statistics:
Files scanned: 229052
Threat name: 21
Infected objects: 169
Suspicious objects: 0
Duration of the scan: 05:25:33

File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01300000.VBN Infected: Trojan-Downloader.Win32.Calac.dfo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01300003.VBN Infected: Rootkit.Win32.Agent.ajn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01300004.VBN Infected: Rootkit.Win32.Agent.ajn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700000\4B7D59AC.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700001\4B7E47A6.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700002\4B7EAAC1.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700003\4B7EAE12.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700004\4B7EB183.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700005\4B7EBB60.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700006\4B7EC1EE.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700007\4B7EDC40.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700008\4B7EE99E.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700009\4B7F1E17.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970000A\4B7F24AC.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970000B\4B7F3544.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970000C\4B7F4C22.VBN Infected: Backdoor.Win32.Agent.ahwi 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970000D\4B7191E4.VBN Infected: Trojan-Mailfinder.Win32.Blen.il 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970000E\4B7191F0.VBN Infected: Trojan-Downloader.Win32.Elly.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970000F\4B7191FA.VBN Infected: Trojan-Downloader.Win32.Elly.m 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700010\4B719209.VBN Infected: Trojan-Mailfinder.Win32.Blen.io 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700011\4B71921A.VBN Infected: Trojan-Mailfinder.Win32.Blen.ir 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700012\4B71922A.VBN Infected: Trojan-Mailfinder.Win32.Blen.iw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700013\4B71923C.VBN Infected: Trojan-Mailfinder.Win32.Blen.ie 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700014\4B719250.VBN Infected: Trojan-Mailfinder.Win32.Blen.in 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700015\4B719262.VBN Infected: Trojan-Mailfinder.Win32.Blen.ie 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700016\4B719272.VBN Infected: Trojan-Mailfinder.Win32.Blen.il 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700017\4B719280.VBN Infected: Trojan-Downloader.Win32.Elly.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700018\4B71928D.VBN Infected: Trojan-Downloader.Win32.Elly.m 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700019\4B71929E.VBN Infected: Trojan-Mailfinder.Win32.Blen.ip 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970001A\4B7192AE.VBN Infected: Trojan-Mailfinder.Win32.Blen.ir 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970001B\4B7192BE.VBN Infected: Trojan-Mailfinder.Win32.Blen.iw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970001C\4B7192CD.VBN Infected: Trojan-Mailfinder.Win32.Blen.ie 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970001D\4B7192DC.VBN Infected: Trojan-Mailfinder.Win32.Blen.in 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970001E\4B7192E7.VBN Infected: Trojan-Downloader.Win32.Elly.m 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0970001F\4B7192F6.VBN Infected: Trojan-Mailfinder.Win32.Blen.is 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700020\4B719304.VBN Infected: Trojan-Mailfinder.Win32.Blen.ip 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700021\4B719313.VBN Infected: Trojan-Mailfinder.Win32.Blen.iw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700022\4B719323.VBN Infected: Trojan-Mailfinder.Win32.Blen.ie 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700023\4B719332.VBN Infected: Trojan-Mailfinder.Win32.Blen.il 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700024\4B719340.VBN Infected: Trojan-Mailfinder.Win32.Blen.in 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0000\4E3D07C5.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0001\4E3DC60F.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0002\4E3DD34A.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0003\4E3DD7AE.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0004\4E3E165C.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0005\4E3E2032.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0006\4E3E26C6.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0007\4E3E6E9E.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0008\4E3EADD7.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0009\4E3ED1E5.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C000A\4E3EF8F8.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C000B\4E3F1DE3.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C000C\4E3F3B8E.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C000D\4E3F48F2.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C000E\4E3F5BE0.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C000F\4E3F8009.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0010\4E3FAB6B.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0011\4E3FC5E1.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0012\4E3C1E2A.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0013\4E3C328C.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0014\4E3C3C83.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0015\4E3C5D1E.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0016\4E3C6405.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0017\4E3C8108.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C3C0018\4E3C81AA.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740000\4E754882.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740001\4E75488C.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740002\4E754950.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740003\4E75672A.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740004\4E756733.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740005\4E757374.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740006\4E758EBD.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740007\4E75920E.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740008\4E759F3B.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740009\4E75E049.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74000A\4E75E7B4.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74000B\4E75EE48.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74000C\4E75F410.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74000D\4E75F4E1.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74000E\4E75F82B.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74000F\4E75FEC5.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740010\4E760146.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740011\4E760561.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740012\4E760BF4.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740013\4E760E7E.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740014\4E760F52.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740015\4E761291.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740016\4E76192D.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740017\4E761942.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740018\4E76339E.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740019\4E76512D.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74001A\4E7657DF.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74001B\4E76651F.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74001C\4E766854.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74001D\4E76724E.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74001E\4E76AA58.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74001F\4E76ADA2.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740020\4E76DB59.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740021\4E7734E2.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740022\4E777061.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740023\4E7776EB.VBN Infected: Backdoor.Win32.Agent.ahgj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740024\4E77C424.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740025\4E744F53.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740026\4E74536D.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740027\4E745D49.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740028\4E746092.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C740029\4E746D55.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C74002A\4E748B7A.VBN Infected: Backdoor.Win32.Agent.ahkd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40000\4EB57B5A.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40001\4EB59B32.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40002\4EB5A1C4.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40003\4EB5ABAF.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40004\4EB5ACCD.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40005\4EB5AEFF.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40006\4EB5B76F.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40007\4EB5C986.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40008\4EB5CA5E.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA40009\4EB5D891.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA4000A\4EB5E4AB.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA4000B\4EB60059.VBN Infected: Backdoor.Win32.Agent.ahva 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA4000C\4EB6178F.VBN Infected: Backdoor.Win32.Agent.ahtc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CA4000D\4EB61C58.VBN Infected: Backdoor.Win32.Agent.ahtc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80000\4EF9191A.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80001\4EF992FD.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80002\4EF9A166.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80003\4EF9A6C8.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80004\4EF9AC55.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80005\4EF9BBE8.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80006\4EF9BDD5.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80007\4EF9D30C.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80008\4EF9D823.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80009\4EF9FAB9.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8000A\4EFA5525.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8000B\4EFAD3CE.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8000C\4EFAE117.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8000D\4EFAFF86.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8000E\4EFB2075.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8000F\4EFB29FC.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80010\4EFB4133.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80011\4EFB763D.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80012\4EFB9A22.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80013\4EFC1A92.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80014\4EFC32DE.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80015\4EFC3836.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80016\4EFCA008.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80017\4EFCA832.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80018\4EFCBBF5.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80019\4EFCBDBF.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8001A\4EFCBF3D.VBN Infected: Backdoor.Win32.Agent.ahoe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8001C\4EFCFA76.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8001D\4EFD00FD.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8001E\4EFD21E4.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8001F\4EFD9EEC.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80020\4EFDE0C3.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80021\4EFDF136.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80022\4EFDF7CD.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80024\4EFE0B8A.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80025\4EFE0BE2.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80026\4EFE2294.VBN Infected: Backdoor.Win32.Agent.ahpp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80027\4EFE67B4.VBN Infected: Backdoor.Win32.Agent.ahrd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80028\4EFE89A6.VBN Infected: Backdoor.Win32.Agent.ahrd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF80029\4EFE8CF7.VBN Infected: Backdoor.Win32.Agent.ahrd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8002A\4EFE96E0.VBN Infected: Backdoor.Win32.Agent.ahrd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8002B\4EFEB49C.VBN Infected: Backdoor.Win32.Agent.ahrd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8002C\4EFF08FB.VBN Infected: Backdoor.Win32.Agent.ahrd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CF8002D\4EFF57F4.VBN Infected: Backdoor.Win32.Agent.ahrd 1
E:\20090429_000000_MainToM\E\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
F:\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
H:\Backup\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
The selected area was scanned.

Meanwhile, I continue to have notifications from Symantec about mdm.exe Trojan...

Katana

MRU Expert

1,682 Posts

26 Jun 2009, 12:42pm

Information

I submitted file to Virustotal, but I really do not know how to get the results back.

Don't worry, I'll grab a copy and check it

----------------------------------------------------------------------------------------
Step 1

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

http://icrontic.com/forum/showthread.php?p=693514#post693514
Suspect::[4]
c:\windows\sessmgr.exe
File::
c:\windows\sessmgr.exe
E:\20090429_000000_MainToM\E\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3
F:\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3
H:\Backup\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"SessMgr"=-
ADS::

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
- Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply

Combofix Log
Where does Symantec say it is finding the file now ?
A fresh HJT log

burevestnik

Icrontic Regular

27 Posts

26 Jun 2009, 2:28pm

I'll do it either tonight or tomorrow morning.
Thanks!

burevestnik

Icrontic Regular

27 Posts

27 Jun 2009, 3:44am

Katana,
Here is the log from ComboFix:

ComboFix 09-06-26.02 - Papa 06/26/2009 22:00.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2688 [GMT -4:00]
Running from: c:\documents and settings\Papa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Papa\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FILE ::
"c:\windows\sessmgr.exe"
"e:\20090429_000000_maintom\E\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3"
"f:\documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3"
"h:\backup\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3"
file zipped: c:\windows\Suspect_sessmgr.exe.vir
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Rachel\Application Data\Microsoft\cmstp.exe
c:\windows\sessmgr.exe
e:\20090429_000000_maintom\E\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3
f:\documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3
h:\backup\Documents\Papa\LimeWire\downloads\glamorous indie rock and roll.mp3
.
((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.
2009-06-26 00:09 . 2009-06-26 00:09 -------- d-----w- c:\windows\Sun
2009-06-26 00:09 . 2009-06-26 00:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-26 00:08 . 2009-06-26 00:08 152576 ----a-w- c:\documents and settings\Papa\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-25 10:28 . 2009-06-25 10:28 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-24 02:35 . 2009-06-24 02:35 -------- d-----w- c:\documents and settings\Papa\Application Data\Malwarebytes
2009-06-24 02:35 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-24 02:35 . 2009-06-24 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-24 02:35 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-23 02:04 . 2009-06-23 02:04 -------- d-----w- C:\rsit
2009-06-21 15:54 . 2009-06-21 15:54 -------- d-----w- c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft Help
2009-06-13 19:29 . 2009-06-13 19:29 -------- d-----w- c:\documents and settings\Papa\Application Data\Nero
2009-06-12 02:32 . 2009-06-12 02:32 -------- d-----w- c:\documents and settings\Papa\Application Data\Apple Computer
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Apple
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\program files\Apple Software Update
2009-06-12 02:30 . 2009-06-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-12 02:29 . 2009-06-12 02:29 -------- d-----w- c:\documents and settings\Papa\Local Settings\Application Data\Apple Computer
2009-06-12 02:04 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-12 02:04 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-06 02:55 . 2009-06-06 02:55 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-03 10:19 . 2009-06-03 10:19 2904064 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\18154-181625.dll
2009-06-02 22:29 . 2009-06-02 22:29 -------- d-----r- c:\documents and settings\Rachel\Application Data\Brother
2009-05-31 21:29 . 2009-05-31 22:28 -------- d-----w- c:\documents and settings\Anna\Local Settings\Application Data\Microsoft Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 11:08 . 2009-05-02 15:27 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 02:43 . 2009-05-15 18:06 -------- d-----w- c:\program files\GE Security Supra
2009-06-15 10:20 . 2009-05-02 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-12 02:23 . 2009-05-02 14:27 -------- d-----w- c:\documents and settings\Papa\Application Data\IEPro
2009-06-03 10:19 . 2009-05-12 02:34 242976 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2009-05-15 18:07 . 2009-05-15 18:07 159744 ----a-w- c:\windows\system32\libssl32.dll
2009-05-15 18:07 . 2009-05-15 18:07 -------- d-----w- c:\program files\SiLabs
2009-05-15 11:51 . 2009-05-15 11:51 -------- d-----w- c:\documents and settings\Papa\Application Data\ICAClient
2009-05-15 11:50 . 2009-05-15 11:50 -------- d-----w- c:\program files\Citrix
2009-05-15 11:39 . 2009-05-15 11:39 -------- d-----w- c:\program files\CheckPoint
2009-05-15 11:32 . 2009-05-15 11:32 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-15 02:16 . 2009-05-03 16:55 71192 ----a-w- c:\documents and settings\Leah\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 01:12 . 2009-05-02 22:25 71192 ----a-w- c:\documents and settings\Anna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 00:43 . 2009-05-02 19:03 71192 ----a-w- c:\documents and settings\Rachel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 02:34 . 2009-05-12 02:34 3616768 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181311-181414.dll
2009-05-12 02:34 . 2009-05-12 02:34 1536000 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181414-18154.dll
2009-05-12 02:34 . 2009-05-12 02:34 1007616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181129-181212.dll
2009-05-12 02:34 . 2009-05-12 02:34 811008 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\181212-181311.dll
2009-05-12 02:34 . 2009-05-12 02:34 223584 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\patchw32.dll
2009-05-12 02:34 . 2009-05-12 02:34 997 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
2009-05-12 02:34 . 2009-05-02 13:20 71192 ----a-w- c:\documents and settings\Papa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 02:33 . 2009-05-12 02:33 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
2009-05-12 02:33 . 2009-05-04 01:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-12 02:32 . 2009-05-12 02:32 -------- d-----w- c:\documents and settings\Papa\Application Data\Intuit
2009-05-12 02:32 . 2009-05-12 02:32 -------- d-----w- c:\program files\Common Files\Intuit
2009-05-12 02:30 . 2009-05-12 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
2009-05-10 23:26 . 2009-05-10 23:26 -------- d-----w- c:\documents and settings\Rachel\Application Data\MiniDm
2009-05-07 23:22 . 2009-05-02 15:53 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-05-07 23:17 . 2009-05-02 15:54 65 ----a-w- c:\windows\system32\BD7820N.dat
2009-05-07 23:16 . 2009-05-07 23:16 -------- d-----w- c:\program files\Brother
2009-05-07 23:16 . 2009-05-04 01:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 12:17 . 2009-05-03 11:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-07 02:12 . 2009-05-07 02:12 -------- d-----w- c:\program files\MSXML 4.0
2009-05-04 02:10 . 2009-05-04 02:10 -------- d-----w- c:\program files\Qimage
2009-05-04 02:02 . 2009-05-04 02:02 -------- d-----w- c:\documents and settings\Papa\Application Data\ACD Systems
2009-05-04 02:02 . 2009-05-04 02:01 -------- d-----w- c:\program files\Common Files\ACD Systems
2009-05-04 02:02 . 2009-05-04 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2009-05-04 01:42 . 2009-05-04 01:42 -------- d-----w- c:\program files\Realtek AC97
2009-05-03 18:11 . 2009-05-03 17:35 -------- d-----w- c:\documents and settings\Leah\Application Data\MiniDm
2009-05-03 16:59 . 2009-05-03 16:59 -------- d-----w- c:\documents and settings\Leah\Application Data\IEPro
2009-05-03 13:31 . 2009-05-03 13:31 10134 ----a-r- c:\documents and settings\Papa\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-05-03 13:31 . 2009-05-03 13:31 -------- d-----w- c:\program files\HP
2009-05-03 11:15 . 2009-05-02 22:26 -------- d-----w- c:\documents and settings\Anna\Application Data\IEPro
2009-05-03 11:12 . 2009-05-02 22:27 -------- d-----w- c:\documents and settings\Anna\Application Data\MiniDm
2009-05-03 11:11 . 2009-05-03 11:11 -------- d-----w- c:\program files\Microsoft
2009-05-03 11:11 . 2009-05-03 11:10 -------- d-----w- c:\program files\Windows Live
2009-05-03 11:10 . 2009-05-03 11:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-05-03 11:08 . 2009-05-03 11:08 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-03 10:19 . 2009-05-03 10:19 0 ----a-w- c:\windows\nsreg.dat
2009-05-02 19:14 . 2009-05-02 19:14 -------- d-----w- c:\documents and settings\Rachel\Application Data\IEPro
2009-05-02 17:47 . 2009-05-02 17:47 -------- d-----w- c:\program files\Common Files\Nero
2009-05-02 17:47 . 2009-05-02 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-05-02 17:05 . 2009-05-02 17:05 -------- d-----w- c:\documents and settings\Papa\Application Data\InstallShield
2009-05-02 17:01 . 2009-05-02 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-05-02 17:00 . 2009-05-02 17:00 -------- d-----w- c:\program files\EPSON
2009-05-02 16:49 . 2009-05-02 16:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-02 16:48 . 2009-05-02 16:48 1915520 ----a-w- c:\documents and settings\Papa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-02 16:35 . 2009-05-02 16:36 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-05-02 16:35 . 2009-05-02 16:36 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-05-02 16:35 . 2009-05-02 16:36 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-02 16:35 . 2009-05-02 16:36 129784 ------w- c:\windows\system32\pxafs.dll
2009-05-02 16:35 . 2009-05-02 16:36 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-02 16:35 . 2009-05-02 16:36 116472 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-02 15:53 . 2009-05-02 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-05-02 15:51 . 2009-05-02 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-02 15:43 . 2009-05-02 15:43 -------- d-----w- c:\program files\Adobe Media Player
2009-05-02 15:41 . 2009-05-02 15:41 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-02 15:38 . 2009-05-02 15:38 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-02 15:33 . 2009-05-02 15:33 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-05-02 15:22 . 2009-05-02 15:22 454688 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-02 15:22 . 2009-05-02 15:22 43008 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-02 15:22 . 2009-05-02 15:22 132352 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-05-02 14:56 . 2009-05-02 14:45 -------- d-----w- c:\program files\Microsoft Works
2009-05-02 14:35 . 2009-05-02 14:33 -------- d-----w- c:\documents and settings\Papa\Application Data\MiniDm
2009-05-02 14:31 . 2009-05-02 14:30 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w- c:\program files\Symantec
2009-05-02 14:30 . 2009-05-02 14:30 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-02 14:30 . 2009-05-02 14:30 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-05-02 14:30 . 2009-05-02 14:30 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-02 14:30 . 2009-05-02 14:30 10671 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-02 13:58 . 2009-05-02 12:40 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-02 12:41 . 2009-05-02 12:41 -------- d-----w- c:\program files\microsoft frontpage
2009-05-02 12:38 . 2009-05-02 12:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-06-25_10.28.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-25 10:28 . 2008-10-16 18:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-25 10:28 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-25 10:28 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-25 10:28 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-25 10:28 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-25 10:28 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-25 10:28 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-25 10:28 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-25 10:28 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-25 10:28 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-26 00:09 . 2009-06-26 00:08 148888 c:\windows\system32\javaws.exe
+ 2009-06-26 00:09 . 2009-06-26 00:08 144792 c:\windows\system32\javaw.exe
+ 2009-06-26 00:09 . 2009-06-26 00:08 144792 c:\windows\system32\java.exe
+ 2009-06-25 10:28 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-25 10:28 . 2009-04-29 04:56 827392 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-25 10:28 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-25 10:28 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-25 10:28 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-25 10:28 . 2009-02-06 11:11 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-25 10:28 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-25 10:28 . 2009-03-21 14:06 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-25 10:28 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-25 10:28 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-25 10:28 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-25 10:28 . 2009-02-06 11:08 2189056 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-25 10:28 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-25 10:28 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-06-24 53096]
"vptray"="d:\progra~1\SYMANT~1\VPTray.exe" [2008-09-30 125368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"SetDefPrt"="d:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-26 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-03-27 1657376]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 577536]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2009-5-11 295606]
Adobe Acrobat Synchronizer.lnk - d:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-15 102400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2007-05-24 14:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\IEPro\\MiniDM.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"d:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/24/2007 10:13 AM 2234800]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [5/24/2007 10:13 AM 36368]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [5/24/2007 10:13 AM 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/24/2007 10:13 AM 673456]
R2 WinDefend;Windows Defender;d:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/8/2009 8:03 PM 101936]
S3 SavRoam;SAVRoam;d:\program files\Symantec AntiVirus\SavRoam.exe [9/30/2008 5:41 PM 116664]
.
Contents of the 'Scheduled Tasks' folder
2009-06-26 c:\windows\Tasks\MP Scheduled Scan.job
- d:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-06-26 c:\windows\Tasks\SyncToy 2.job
- d:\program files\SyncToy 2.0\SyncToyCmd.exe [2008-08-12 18:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Append to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\
FF - plugin: d:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 22:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-27 22:03
ComboFix-quarantined-files.txt 2009-06-27 02:03
ComboFix2.txt 2009-06-25 10:28
Pre-Run: 30,509,608,960 bytes free
Post-Run: 30,650,208,256 bytes free
265 --- E O F --- 2009-06-15 10:20
Upload was successful

*************************************************************
This is where Symantec is finding the issues:
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Rachel\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmunmlcn98\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmunmlcn96\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmunmlcn95\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmunmlcln11\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmunmlcln06\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmunmlcln02\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\hmrg13\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmunmlcn98\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmunmlcn95\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmunmlcln11\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmunmlcln07\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmunmlcln06\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmrg13\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmrg12\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\hmunmlcn96\
C:\Documents and Settings\Leah\Local Settings\Temp\~temp\hmunmlcn95\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmunmlcn98\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmunmlcn95\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmunmlcln11\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmunmlcln07\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmunmlcln04\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmrg13\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmrg12\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\hmunmlcn96\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp27\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp26\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp25\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp24\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp23\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Rachel\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Anna\Local Settings\Temp\~temp\mlp22\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp21\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp21\
C:\Documents and Settings\Papa\Local Settings\Temp\~temp\mlp21\

***************************************************************
Fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:21 PM, on 6/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\program files\ge security supra\syncservice.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\GE Security Supra\ProxyDaemon.exe
C:\SSL\stunnel-4.10.exe
D:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\GE Security Supra\SyncInfoApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - d:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] d:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1220945662-1532298954-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Anna')
O4 - HKUS\S-1-5-21-1220945662-1532298954-839522115-1004\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" (User 'Anna')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - d:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - d:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - d:\Program Files\IEPro\iepro.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn...Detection2.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DkeySync - GE Security Supra - c:\program files\ge security supra\syncservice.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_Watchdog) - Check Point Software Technologies - D:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 9848 bytes
*************************************************************
Thanks!

Katana

MRU Expert

1,682 Posts

27 Jun 2009, 10:26am

Information

This is where Symantec is finding the issues:

I suspect that those are old detections, I doubt that the file is still there.

----------------------------------------------------------------------------------------
Step 1

OTMoveIt
Please download OTM by OldTimer and save it to your desktop

Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )

Code:

:Processes
:Reg
:Files
C:\Documents and Settings\Anna\Local Settings\temp\*.* /s
C:\Documents and Settings\Rachel\Local Settings\temp\*.* /s
C:\Documents and Settings\Papa\Local Settings\Temp\*.* /s
C:\Documents and Settings\Leah\Local Settings\Temp\*.* /s
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\*.*
:Commands
[Purity]
[EmptyTemp]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

----------------------------------------------------------------------------------------
Step 2

Please post the following logs/Information

OTMoveIt Log

----------------------------------------------------------------------------------------
Step 3

Uninstall Combofix

This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

Uninstall OTMoveIt (OTM.exe)

Open OTMoveIt Click Cleanup,
When a box pops up click YES.

----------------------------------------------------------------------------------------
Step 4

Please run a full scan with Norton

Does it still find the problem ?

burevestnik

Icrontic Regular

27 Posts

28 Jun 2009, 4:38am

I am sorry. I forgot to save the log OTMoveIt and uninstalled it...
Should I repeat all the steps?
I wil lrun Symantec now for overnight scan

Katana

MRU Expert

1,682 Posts

28 Jun 2009, 12:52pm

Quoting burevestnik

Should I repeat all the steps?

No need,
just let me know how the Norton scan goes

burevestnik

Icrontic Regular

27 Posts

28 Jun 2009, 3:39pm

Risk Action Count Filename Risk Type Original Location Computer User Status Current Location Primary Action Secondary Action Logged By Action Description Date
?????? Left alone 1 Dh32.zip Compressed file H:\RECYCLER\S-1-5-21-1220945662-1532298954-839522115-1003\ ALPHA ALPHA\Papa No infected items H:\RECYCLER\S-1-5-21-1220945662-1532298954-839522115-1003\ Leave alone (log only) Leave alone (log only) Manual scan The file was left unchanged. 6/28/2009 0:35
W32.IRCBot Cleaned by deletion 1 .Keymaker/keygen.exe File; Compressed file H:\RECYCLER\S-1-5-21-1220945662-1532298954-839522115-1003\Dh32.zip ALPHA ALPHA\Papa Infected H:\RECYCLER\S-1-5-21-1220945662-1532298954-839522115-1003\Dh32.zip Clean security risk Quarantine Manual scan 6/28/2009 0:35
?????? Left alone 1 keygen.zip Compressed file F:\Download\Software\Acronis\ ALPHA ALPHA\Papa No infected items F:\Download\Software\Acronis\ Leave alone (log only) Leave alone (log only) Manual scan The file was left unchanged. 6/28/2009 0:35
W32.IRCBot Cleaned by deletion 1 .Keymaker/keygen.exe File; Compressed file F:\Download\Software\Acronis\keygen.zip ALPHA ALPHA\Papa Infected F:\Download\Software\Acronis\keygen.zip Clean security risk Quarantine Manual scan 6/28/2009 0:35
******************************************************************
This is no risk, I do not use Acronis anymore... It is installtion keygen anyway...

Katana

MRU Expert

1,682 Posts

28 Jun 2009, 6:24pm

1) This is no risk,
2) I do not use Acronis anymore...
3) It is installtion keygen anyway...

1) That's a matter of opinion.
If you ever used this file, then you need to reformat your computer

W32.IRCBot is a back door Trojan horse that connects to an IRC server and awaits commands from a remote attacker,
including spreading through network shares, spam email messages, IRC channels and to other computers.

It allow outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...

2) Then you should uninstall it

3) Cracks, Keygens and Warez

In doing the crack, the 'cracker' has broken the 'End User Licence Agreement' (EULA) of the product.
The distribution and use of cracked copies is illegal in almost every developed country.
They are also one of the biggest causes of infection.

This applies to Cracks, Keygens and Warez

In the future I strongly suggest you stay away from using cracks and/or Keygens.

----------------------------------------------------------------------------------------

The following is some info to help you stay safe and clean.

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/par...avwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details

AntiSpyware

AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy <<< A must have program
- It includes host protection and registry protection
- A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware <<< A New and effective program
a-squared Free <<< A good "realtime" or "on demand" scanner
superantispyware <<< A good "realtime" or "on demand" scanner

Prevention

These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections

Internet Browsers

Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
- Make your Internet Explorer more secure - This can be done by following these simple instructions:
  1. From within Internet Explorer click on the Tools menu and then click on Options.
  2. Click once on the Security tab
  3. Click once on the Internet icon so it becomes highlighted.
  4. Click once on the Custom Level button.
    - Change the Download signed ActiveX controls to Prompt
    - Change the Download unsigned ActiveX controls to Disable
    - Change the Initialise and script ActiveX controls not marked as safe to Disable
    - Change the Installation of desktop items to Prompt
    - Change the Launching programs and files in an IFRAME to Prompt
    - Change the Navigate sub-frames across different domains to Prompt
    - When all these settings have been made, click on the OK button.
    - If it prompts you as to whether or not you want to save the settings, press the Yes button.
  5. Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
- FireFox
  - With many addons available that make customization easy this is a very popular choice
  - NoScript and AdBlockPlus addons are essential
- Opera
  - Another popular alternative
- Netscape
  - Another popular alternative
  - Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner
- Free and very simple to use
CCleaner
- Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

burevestnik

Icrontic Regular

27 Posts

29 Jun 2009, 3:31am

Katana,
Thank you very much for your help!
Unfortunately, the mdm.exe virus is still there...
How about this solution:
http://forum.bullguard.com/forum/10/Trojan-Horse-in-cwindowsmdmexe_43478.html ?

burevestnik

Icrontic Regular

27 Posts

29 Jun 2009, 3:33am

Sorry, forget it. I just read it with more attention. I do not think it is a cure.

Katana

MRU Expert

1,682 Posts

29 Jun 2009, 9:01am

Quoting burevestnik

Unfortunately, the mdm.exe virus is still there...

It doesn't show in your last log ?

What program is finding it, and where ?

burevestnik

Icrontic Regular

27 Posts

29 Jun 2009, 11:31am

This virus was never found during scans.
But Auto-protect from Symantec AntiVirus v 10.1.8.8000 Corporate finds them couple of times a day. In the same folders as described in one of my posts above...
This morning it was 3 notifications from C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28\ folder.

Katana

MRU Expert

1,682 Posts

29 Jun 2009, 11:49am

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

Code:

:dir
C:\Documents and Settings\Anna\Local Settings\temp\~temp /s
:comment

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

burevestnik

Icrontic Regular

27 Posts

30 Jun 2009, 3:09am

SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 22:10 on 29/06/2009 by Papa (Administrator - Elevation successful)
========== dir ==========
C:\Documents and Settings\Anna\Local Settings\temp\~temp - Parameters: "/s"
---Files---
None found.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c04 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 219136 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c04 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c03 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c02 d--hs- [19:11 29/06/2009]
spoolsv.exe --a--- 221184 bytes [19:11 29/06/2009] [19:11 29/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c01 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c01 d--hs- [17:32 29/06/2009]
spoolsv.exe --a--- 221184 bytes [17:32 29/06/2009] [17:32 29/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28 d--hs- [21:42 27/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp29 d--hs- [12:21 29/06/2009]
-=End Of File=-

Katana

MRU Expert

1,682 Posts

30 Jun 2009, 10:07am

Step 1

Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c01\spoolsv.exe
Click Submit/Send File
Please post back, to let me know the results.

If Virustotal is too busy please try Jotti

----------------------------------------------------------------------------------------
Step 2

Eset Online AntiVirus

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
(You may need to disable your resident Anti-Virus.)

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Virus Total results
Nod32 Log

burevestnik

Icrontic Regular

27 Posts

1 Jul 2009, 11:15am

I sent file to VirusTotal. Please pick it up there.
Here is the log from ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16850 (vista_gdr.090423-0018)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=7c06a49d9ed93d4bab01d51a935d775f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-01 04:11:26
# local_time=2009-07-01 12:11:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3585 63 50 0 0
# compatibility_mode=5889 63 259 1 128908950437202280
# scanned=73530
# found=1
# cleaned=0
# scan_time=2223
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\cisvc.exe probably a variant of Win32/Genetik trojan 00000000000000000000000000000000

Katana

MRU Expert

1,682 Posts

1 Jul 2009, 12:56pm

Run SystemLook

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

Code:

:dir
C:\Documents and Settings\Anna\Local Settings\Application Data /s /n*.exe*
c:\documents and settings\Rachel\Local Settings\Application Data /s /n*.exe*
C:\Documents and Settings\Papa\Local Settings\Application Data /s /n*.exe*
c:\documents and settings\Leah\Local Settings\Application Data /s /n*.exe*
C:\Documents and Settings\Anna\Application Data /s /n*.exe*
C:\Documents and Settings\Rachel\Application Data /s /n*.exe*
C:\Documents and Settings\Papa\Application Data /s /n*.exe*
C:\Documents and Settings\Leah\Application Data /s /n*.exe*
C:\Documents and Settings\Anna\Local Settings\temp /s
C:\Documents and Settings\Rachel\Local Settings\temp /s
C:\Documents and Settings\Papa\Local Settings\Temp /s
C:\Documents and Settings\Leah\Local Settings\Temp /s
C:\WINDOWS\System /s
:filefind
spoolsv.exe
ieudinit.exe
cmstp.exe
mstinit.exe
sessmgr.exe
cisvc.exe
comrepl.exe
rsvp.exe
esentutl.exe
:comment

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 1:12am

Part 1
**************************************************************
SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 20:10 on 01/07/2009 by Papa (Administrator - Elevation successful)
========== dir ==========
C:\Documents and Settings\Anna\Local Settings\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
C:\Documents and Settings\Anna\Local Settings\Application Data\Adobe d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Adobe\Acrobat d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Adobe\Acrobat\8.0 d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80 d----- [16:13 27/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Adobe\Color d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Ahead d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Ahead\Nero Home d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Ahead\Nero Home\idx d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\ApplicationHistory d----- [01:25 16/05/2009]
SyncInfoApp.exe.df6d11f9.ini.inuse --a--- 0 bytes [01:25 16/05/2009] [02:08 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft d----- [22:25 02/05/2009]
cisvc.exe --a--- 61440 bytes [23:37 05/06/2009] [00:20 09/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\CD Burning d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Credentials d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1004 d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~ d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds Cache d--hs- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds Cache\77ZQ5SMY d--hs- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds Cache\93Z22R9N d--hs- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds Cache\T0PT74D9 d--hs- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Feeds Cache\V6X2JUWK d--hs- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\FORMS d----- [13:05 25/06/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Internet Explorer d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Media Player d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache d----- [19:17 26/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Messenger d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Office d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Office\12.0 d----- [22:30 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Office\ONetConfig d----- [21:29 31/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Outlook d----- [13:05 25/06/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Portable Devices d----- [01:25 16/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Silverlight d----- [21:20 31/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Contacts d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Contacts\{96628549-6f8d-462b-9578-c3208802183d} d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Contacts\{96628549-6f8d-462b-9578-c3208802183d}\DBStore dr-hs- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Contacts\{96628549-6f8d-462b-9578-c3208802183d}\DBStore\Backup dr-hs- [11:18 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Contacts\{96628549-6f8d-462b-9578-c3208802183d}\DBStore\Backup\new d----- [19:33 30/06/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Contacts\{96628549-6f8d-462b-9578-c3208802183d}\DBStore\LogFiles dr-hs- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Backup d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Backup\new d----- [00:21 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore dr-hs- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\Backup dr-hs- [11:18 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\new d----- [16:22 30/06/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\LogFiles dr-hs- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Microsoft Communities d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Optonline ( b9b d----- [11:17 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Optonline ( b9b\Deleted Items d----- [11:17 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Optonline ( b9b\Drafts d----- [11:17 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Optonline ( b9b\Inbox d----- [11:17 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Optonline ( b9b\Junk E-mail d----- [11:17 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Optonline ( b9b\Sent Items d----- [11:17 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Outbox d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Proof d----- [15:01 10/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Sentinel d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Drafts d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Deleted Items d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823 d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Media d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Media\10.0 d----- [22:32 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\Windows Media\9.0 d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft Help d----- [21:29 31/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Mozilla d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Mozilla\Firefox d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Mozilla\Firefox\Profiles d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Symantec d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs d----- [22:25 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
c:\documents and settings\Rachel\Local Settings\Application Data\Adobe d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Adobe\Acrobat d----- [22:29 02/06/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Adobe\Acrobat\8.0 d----- [22:29 02/06/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache d----- [22:29 02/06/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Adobe\Color d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Ahead d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Ahead\Nero Home d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Ahead\Nero Home\idx d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\ApplicationHistory d----- [21:49 15/05/2009]
SyncInfoApp.exe.df6d11f9.ini.inuse --a--- 0 bytes [21:49 15/05/2009] [17:28 26/06/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\CD Burning d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Credentials d---s- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1006 d---s- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~ d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds Cache d--hs- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds Cache\08UVTT3H d--hs- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds Cache\99I4D8KS d--hs- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds Cache\GM7C8QOP d--hs- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Feeds Cache\TWNT5BW0 d--hs- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\FORMS d----- [19:48 06/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Internet Explorer d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Media Player d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Movie Maker d----- [17:59 10/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Office d----- [19:48 06/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Office\12.0 d----- [19:48 06/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Office\ONetConfig d----- [15:54 21/06/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Outlook d----- [19:48 06/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Portable Devices d----- [21:49 15/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Windows d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Windows Media d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Windows Media\10.0 d----- [19:10 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Windows Media\11.0 d----- [23:08 28/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft\Windows Media\9.0 d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Microsoft Help d----- [15:54 21/06/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Mozilla d----- [23:05 27/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Mozilla\Firefox d----- [23:05 27/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Mozilla\Firefox\Profiles d----- [23:05 27/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Symantec d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs d----- [19:03 02/05/2009]
c:\documents and settings\Rachel\Local Settings\Application Data\WMTools Downloaded Files d----- [17:59 10/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems\Catalogs d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems\Catalogs\25Pro d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems\Catalogs\25Pro\Default d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems\data d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems\ICMCache d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ACD Systems\SavedSearches d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe d----- [15:41 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Acrobat d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Acrobat\8.0 d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache d----- [16:47 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Acrobat\8.0\Cache\Search80 d----- [01:49 06/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Color d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\ESD d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5 d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5\Data d----- [01:48 06/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5\Install d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5\Install\acrobat8pro-EFG d----- [01:48 06/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5\Install\AdobeUpdater d----- [01:48 06/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5\Install\AdobeUpdater\acrobat8pro-EFG d----- [01:48 06/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater5\Install\AdobeUpdater\AdobeUpdater d----- [01:48 06/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater6 d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Adobe\Updater6\Install d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Ahead d----- [17:48 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Ahead\Nero Home d----- [17:48 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Ahead\Nero Home\idx d----- [17:49 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple d----- [02:30 12/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple\Apple Software Update d----- [02:30 12/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple Computer d----- [02:29 12/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple Computer\QuickTime d----- [02:29 12/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple Computer\QuickTime\downloads d----- [19:58 27/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04 d----- [19:58 27/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\09 d----- [19:58 27/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Apple Computer\QuickTime\downloads\04\13 d----- [19:58 27/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\ApplicationHistory d----- [18:07 15/05/2009]
InstallUtil.exe.89c0d2f9.ini --a--- 2089 bytes [18:26 15/05/2009] [18:26 15/05/2009]
ngen.exe.2c05686e.ini --a--- 2872 bytes [13:50 16/05/2009] [13:51 16/05/2009]
PortDiscover.exe.74694571.ini --a--- 2289 bytes [18:26 15/05/2009] [18:26 15/05/2009]
ProxyDetector.exe.f2fa055.ini --a--- 790 bytes [18:07 15/05/2009] [18:07 15/05/2009]
SyncInfoApp.exe.df6d11f9.ini --a--- 1366 bytes [18:36 15/05/2009] [18:36 15/05/2009]
SyncInfoApp.exe.df6d11f9.ini.inuse --a--- 0 bytes [18:36 15/05/2009] [00:04 02/07/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Downloaded Installations d----- [15:13 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Downloaded Installations\{05649068-F4B1-4FDF-AAC4-2E6813EDFD5C} d----- [15:13 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Downloaded Installations\{F6555645-B047-4AB4-BA3D-FDCECAD739AB} d----- [02:00 04/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Identities d----- [23:55 17/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Identities\{0B057171-3AC7-4F0A-9311-2941E358F8C6} d----- [23:55 17/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Identities\{0B057171-3AC7-4F0A-9311-2941E358F8C6}\Microsoft d----- [23:55 17/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Identities\{0B057171-3AC7-4F0A-9311-2941E358F8C6}\Microsoft\Outlook Express d----- [23:55 17/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\CD Burning d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Credentials d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1003 d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds d----- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~ d----- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds Cache d--hs- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds Cache\9856L5KI d--hs- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds Cache\AQF1CSHM d--hs- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds Cache\BBZ5QB4X d--hs- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Feeds Cache\U1SALJFP d--hs- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\FORMS d----- [13:03 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\HelpCtr d----- [03:07 29/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Internet Explorer d----- [13:12 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Media Player d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Media Player\Art Cache d--h-- [11:33 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Media Player\Art Cache\LocalMLS d----- [11:33 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Media Player\Transcoded Files Cache d----- [11:33 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Messenger d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Office d----- [14:51 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Office\12.0 d----- [14:51 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Outlook d----- [13:03 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Portable Devices d----- [11:35 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Silverlight d----- [11:29 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\SkyDrive d----- [10:26 02/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\SkyDrive\RichUpload d----- [10:26 02/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\SyncToy d----- [02:56 06/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\SyncToy\2.0 d----- [02:56 06/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Defender d----- [14:35 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker d----- [14:35 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live d----- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live\SqmApi d----- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Contacts d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Contacts\{48afacb0-3f68-47e0-b6f5-cd619c97241d} d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Contacts\{48afacb0-3f68-47e0-b6f5-cd619c97241d}\DBStore dr-hs- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Contacts\{48afacb0-3f68-47e0-b6f5-cd619c97241d}\DBStore\Backup dr-hs- [11:28 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Contacts\{48afacb0-3f68-47e0-b6f5-cd619c97241d}\DBStore\Backup\new d----- [11:28 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Contacts\{48afacb0-3f68-47e0-b6f5-cd619c97241d}\DBStore\LogFiles dr-hs- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail d----- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Backup d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Backup\new d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars d----- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore dr-hs- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\Backup dr-hs- [11:28 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\Backup\new d----- [11:28 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Calendars\DBStore\LogFiles dr-hs- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Microsoft Communities d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Outbox d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Sentinel d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Deleted Items d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Drafts d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Sent Items d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Deleted Items d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 823 d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Live Mail\Your Feeds\Microsoft Feeds\Microsoft a 8be d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Media d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Media\10.0 d----- [17:46 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Media\11.0 d----- [11:31 15/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft\Windows Media\9.0 d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Microsoft Help d----- [14:41 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default d----- [02:29 29/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\Cache d----- [00:09 02/07/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\OfflineCache d----- [02:30 29/06/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Symantec d----- [14:31 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition d----- [14:31 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 d----- [14:31 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs d----- [14:31 02/05/2009]
C:\Documents and Settings\Papa\Local Settings\Application Data\Zenfolio d----- [02:18 30/06/2009]
c:\documents and settings\Leah\Local Settings\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 1:14am

Part 2
**********************************************************
c:\documents and settings\Leah\Local Settings\Application Data\Adobe d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Adobe\Color d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Ahead d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Ahead\Nero Home d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Ahead\Nero Home\idx d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\ApplicationHistory d----- [16:36 16/05/2009]
SyncInfoApp.exe.df6d11f9.ini.inuse --a--- 0 bytes [16:36 16/05/2009] [21:38 29/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\CD Burning d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Credentials d---s- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1005 d---s- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~ d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds Cache d--hs- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds Cache\5P5IX7JH d--hs- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds Cache\9OKGITG3 d--hs- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds Cache\CXC7G5EP d--hs- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Feeds Cache\GSJJPBT2 d--hs- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Internet Explorer d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Media Player d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Office d----- [17:36 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Office\12.0 d----- [17:36 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Portable Devices d----- [16:36 16/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Windows d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Windows Media d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Windows Media\10.0 d----- [17:38 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Microsoft\Windows Media\9.0 d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Mozilla d----- [16:59 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Mozilla\Firefox d----- [16:59 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Mozilla\Firefox\Profiles d----- [16:59 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Symantec d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5 d----- [16:55 03/05/2009]
c:\documents and settings\Leah\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs d----- [16:55 03/05/2009]
C:\Documents and Settings\Anna\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
C:\Documents and Settings\Anna\Application Data\Adobe d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0 d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0\Collab d----- [00:31 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0\JavaScripts d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0\organizer70 d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0\Preferences d----- [00:31 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0\Synchronizer d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\Distiller 8 d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Acrobat\Distiller 8\Cache d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Adobe PDF d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Adobe PDF\Distiller d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Adobe PDF\Distiller\Data d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Adobe PDF\Distiller\Startup d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Adobe PDF\Settings d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\CS4ServiceManager d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Flash Player d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Flash Player\AssetCache d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Flash Player\AssetCache\5P3KEBTA d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur d----- [00:32 15/05/2009]
C:\Documents and Settings\Anna\Application Data\Identities d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Identities\{64352BA8-71B2-42AA-812B-1E93AB7F8073} d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\IEPro d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\IEPro\adblock d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\IEPro\autoform d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\IEPro\textsaver d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\abcnews.go.com d----- [01:24 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\bankofamerica.com d----- [02:03 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\bankofamerica.com\sas d----- [02:03 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\bankofamerica.com\sas\sas-docs d----- [02:03 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\bankofamerica.com\sas\sas-docs\html d----- [02:03 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\bankofamerica.com\sas\sas-docs\html\pmfso.swf d----- [02:03 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\bin.clearspring.com d----- [23:15 04/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\cdn1.eyewonder.com d----- [19:57 09/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\common.scrippsnetworks.com d----- [21:55 23/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com d----- [12:09 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ht d----- [00:56 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ht\yep d----- [00:56 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ht\yep\vyc_player.swf d----- [00:56 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks d----- [01:48 20/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks\gmy d----- [14:20 29/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks\gmy\AdPlugin.swf d----- [14:20 29/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks\ytv d----- [13:24 20/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks\ytv\AdPlugin.swf d----- [13:24 20/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks\ytv-dint d----- [01:48 20/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\ks\ytv-dint\AdPlugin.swf d----- [01:48 20/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\static.video.yahoo.com d----- [23:38 04/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\static.video.yahoo.com\yep d----- [23:38 04/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\d.yimg.com\static.video.yahoo.com\yep\vyc_player.swf d----- [23:38 04/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\e.blip.tv d----- [22:44 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\flash.quantserve.com d----- [01:24 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\interclick.com d----- [17:01 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com d----- [12:12 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1- d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\bankofamerica d----- [11:43 18/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\bankofamerica\090518 d----- [11:43 18/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\bankofamerica\090518\c d----- [11:43 18/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\discovery d----- [22:09 05/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\discovery\090606 d----- [22:09 05/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\discovery\090606\d d----- [22:09 05/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\discovery\090606\d\e1.swf d----- [22:09 05/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\ford d----- [21:57 14/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\ford\090514 d----- [21:57 14/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\paramount d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\paramount\090508 d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\a\a\1-\java\promotions\paramount\090508\i d----- [15:29 08/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\m d----- [22:48 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\m\ver d----- [22:48 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\m\ver\271.3 d----- [22:48 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329 d----- [22:48 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329\swf d----- [22:48 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329\swf\yup_embed_module.swf d----- [22:48 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\load.tubemogul.com d----- [22:44 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\m1.2mdn.net d----- [02:12 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\mail.google.com d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\publish.vx.roo.com d----- [00:59 08/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\s.ytimg.com d----- [20:00 06/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\static.twitter.com d----- [03:11 05/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\static.twitter.com\flash d----- [03:11 05/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\static.twitter.com\flash\widgets d----- [03:11 05/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\static.twitter.com\flash\widgets\profile d----- [03:11 05/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\static.twitter.com\flash\widgets\profile\TwitterWidget.swf d----- [03:11 05/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\swf.neopets.com d----- [16:57 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\swf.neopets.com\flash_enabled_check.swf d----- [16:57 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\theonion.com d----- [14:02 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com\shared d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com\shared\swf d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com\shared\swf\video-players d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com\shared\swf\video-players\monetized d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com\shared\swf\video-players\monetized\video-asset-page-player.swf d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\tlc.discovery.com\shared\swf\video-players\monetized\video-asset-page-player.swf\#VIDEO d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.applevacations.com d----- [01:06 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.applevacations.com\static d----- [01:06 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.applevacations.com\static\promotions d----- [01:06 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\http://www.applevacations.com\static...ons\lastminute d----- [01:06 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\http://www.applevacations.com\static...nute\index.swf d----- [01:06 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.hulu.com d----- [13:54 19/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.hulu.com\playerembed.swf d----- [13:54 19/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.theonion.com d----- [14:02 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\#SharedObjects\UN64CM5Y\www.weather.com d----- [23:58 10/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#abcnews.go.com d----- [01:24 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com d----- [02:03 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com d----- [23:15 04/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.eyewonder.com d----- [19:57 09/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#common.scrippsnetworks.com d----- [21:55 23/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com d----- [12:09 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#e.blip.tv d----- [22:44 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com d----- [01:24 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com d----- [17:01 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com d----- [12:12 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#load.tubemogul.com d----- [22:44 27/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#m1.2mdn.net d----- [02:12 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com d----- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#publish.vx.roo.com d----- [00:59 08/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com d----- [20:00 06/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.twitter.com d----- [03:11 05/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#swf.neopets.com d----- [16:57 25/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#theonion.com d----- [14:02 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tlc.discovery.com d----- [16:22 29/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.applevacations.com d----- [01:06 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hulu.com d----- [13:54 19/05/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.theonion.com d----- [14:02 12/06/2009]
C:\Documents and Settings\Anna\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.weather.com d----- [23:58 10/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\AddIns d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Address Book d----- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Clip Organizer d----- [02:37 08/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CLR Security Config d----- [01:25 16/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CLR Security Config\v1.1.4322 d----- [01:25 16/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CLView d----- [21:29 31/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CLView\1033 d----- [21:29 31/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Credentials d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1004 d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CryptnetUrlCache d---s- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CryptnetUrlCache\Content d---s- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\CryptnetUrlCache\MetaData d---s- [11:13 03/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Document Building Blocks d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Document Building Blocks\1033 d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\Quick Launch dr---- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\UserData d--hs- [18:02 26/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\UserData\0EXL0717 d--hs- [18:02 26/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\UserData\1Q45Q7ZM d--hs- [18:02 26/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\UserData\45RDDEA1 d--hs- [18:02 26/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Internet Explorer\UserData\IX7Q98X3 d--hs- [18:02 26/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Media Player d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Microsoft IntelliPoint d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Microsoft IntelliPoint\SQM d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Office d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Office\Recent d---s- [22:30 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\PowerPoint d----- [03:04 08/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Proof d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Protect d---s- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Protect\S-1-5-21-1220945662-1532298954-839522115-1004 d---s- [22:26 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\SystemCertificates d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\SystemCertificates\My d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\SystemCertificates\My\Certificates d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\SystemCertificates\My\CRLs d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\SystemCertificates\My\CTLs d---s- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Templates d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Templates\Document Themes d----- [17:44 14/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Templates\Document Themes\Theme Colors d----- [17:44 14/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Templates\Document Themes\Theme Effects d----- [17:44 14/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Templates\Document Themes\Theme Fonts d----- [17:44 14/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Templates\SmartArt Graphics d----- [13:44 11/06/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\UProof d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Windows d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Windows\Themes d----- [22:25 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Word d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Microsoft\Word\STARTUP d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\MiniDm d----- [22:27 02/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Extensions d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Crash Reports d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\p5hkx75p.default d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\p5hkx75p.default\bookmarkbackups d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\p5hkx75p.default\chrome d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\p5hkx75p.default\extensions d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\Mozilla\Firefox\Profiles\p5hkx75p.default\minidumps d----- [14:44 10/05/2009]
C:\Documents and Settings\Anna\Application Data\WinRAR d----- [21:22 31/05/2009]
C:\Documents and Settings\Rachel\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
C:\Documents and Settings\Rachel\Application Data\Adobe d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\8.0 d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\8.0\Collab d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\8.0\JavaScripts d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\8.0\Preferences d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\8.0\Synchronizer d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\Distiller 8 d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Acrobat\Distiller 8\Cache d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Adobe PDF d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Adobe PDF\Distiller d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Adobe PDF\Distiller\Data d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Adobe PDF\Distiller\Startup d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Adobe PDF\Settings d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\CS4ServiceManager d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Flash Player d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Flash Player\AssetCache d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Flash Player\AssetCache\A847MLHV d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng d----- [22:28 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur d----- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11 d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\DswMedia d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\Prefs d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\Prefs\PXFN6PFV d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\DirectSound d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FlashAsset d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FontAsset d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FontXtra d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MacroMix d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MixServices d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\Shockwave3dAsset d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SoundControl d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SWA d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\TextAsset d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\TextXtra d----- [23:20 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\MacromediaInc d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Adobe\Shockwave Player 11\xtras\download\MacromediaInc\Havok d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Brother dr---- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Brother\PrtDrv dr---- [22:29 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Identities d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Identities\{B99E5BA4-12C1-468B-B169-B35254D15E54} d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\IEPro d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\IEPro\adblock d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\IEPro\autoform d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\IEPro\textsaver d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\abcnews.go.com d----- [00:15 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\assets.bunchball.com d----- [19:48 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\bin.clearspring.com d----- [22:10 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\cdn.gigya.com d----- [23:06 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\cdn.visiblemeasures.com d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\cdn.visiblemeasures.com\swf d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\cdn.visiblemeasures.com\swf\as2 d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\cdn.visiblemeasures.com\swf\as2\AS2SOHandler.swf d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\core.mochibot.com d----- [20:22 29/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\core.videoegg.com d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\core.videoegg.com\#com d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\core.videoegg.com\#com\videoegg d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\core.videoegg.com\#ve d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.scribd.com d----- [23:15 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.scribd.com\ScribdViewer.swf d----- [23:15 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com d----- [11:50 07/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ht d----- [00:52 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ht\yep d----- [00:52 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ht\yep\vyc_player.swf d----- [00:52 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ks d----- [11:50 07/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ks\ytv d----- [11:50 07/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ks\ytv\AdPlugin.swf d----- [11:50 07/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ks\ytv-dint d----- [23:08 17/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d.yimg.com\ks\ytv-dint\AdPlugin.swf d----- [23:08 17/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\d2vu12l4y8nfmr.cloudfront.net d----- [00:24 23/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\flash.quantserve.com d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\forbes.com d----- [12:05 04/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\forbes.com\media d----- [12:05 04/06/2009]

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 1:15am

Part 3
**********************************************************
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\forbes.com\media\omniture d----- [12:05 04/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\images.neopets.com d----- [01:13 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\images.neopets.com\games d----- [01:13 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\images.neopets.com\games\g1107_Kraft_Quest_for_Cheese d----- [01:13 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\images.neopets.com\games\g1107_Kraft_Quest_for_Cheese\v3 d----- [01:13 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\images.neopets.com\games\g1107_Kraft_Quest_for_Cheese\v3\main.swf d----- [01:13 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\interclick.com d----- [19:51 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\is1.j.tv2n.net d----- [22:54 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\is2.j.tv2n.net d----- [22:46 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1- d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1-\java d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1-\java\promotions d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1-\java\promotions\discovery d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1-\java\promotions\discovery\090606 d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1-\java\promotions\discovery\090606\d d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\a\a\1-\java\promotions\discovery\090606\d\e1.swf d----- [23:03 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\m d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\m\ver d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\m\ver\271.3 d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329 d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329\swf d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\l.yimg.com\m\ver\271.3\embed-2009-03-26-1329\swf\yup_embed_module.swf d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\lads.myspace.com d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\lads.myspace.com\videos d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\lads.myspace.com\videos\Main.swf d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com\v1 d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com\v1\swf d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com\v1\swf\modules d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com\v1\swf\modules\fuel d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com\v1\swf\modules\fuel\quest d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\macandcheese.kraftfoods.com\v1\swf\modules\fuel\quest\main.swf d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\mail.google.com d----- [23:26 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\mcstatic.com d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\media1.break.com d----- [00:20 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games\fire-storm d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games\fire-storm\en d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games\fire-storm\en\fire_storm.dcr d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games\free-wheels d----- [23:31 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games\free-wheels\en d----- [23:31 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\miniclip.com\games\free-wheels\en\free_wheels.dcr d----- [23:31 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\neopets.com d----- [19:11 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\neopets.com\maps d----- [19:11 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\neopets.com\maps\map_preloader1_v2.swf d----- [19:11 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\pandora.com d----- [22:49 11/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\player.hulu.com d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\player.hulu.com\2.21 d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\player.hulu.com\2.21\fancast4x3_player.swf d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\redir.adap.tv d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\redir.adap.tv\redir d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\redir.adap.tv\redir\client d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\redir.adap.tv\redir\client\AdPlayer8 d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\redir.adap.tv\redir\client\AdPlayer8\AdPlayer8-24.7_017877.swf d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\resources-p1.imeem.com d----- [19:48 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\s.mcstatic.com d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\s.ytimg.com d----- [23:37 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\sodahead.com d----- [23:04 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\static.twitter.com d----- [00:27 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\static.twitter.com\flash d----- [00:27 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\static.twitter.com\flash\widgets d----- [00:27 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\static.twitter.com\flash\widgets\profile d----- [00:27 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\static.twitter.com\flash\widgets\profile\TwitterWidget.swf d----- [00:27 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\swf.neopets.com d----- [19:40 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\swf.neopets.com\flash_enabled_check.swf d----- [19:40 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\twitter.com d----- [23:07 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\twitter.com\flash d----- [23:07 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\twitter.com\flash\twitter_badge.swf d----- [23:07 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\videos.video-loader.com d----- [22:54 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\videos.video-loader.com\rktprl0905 d----- [22:54 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\videos.video-loader.com\rktprl0905\TV2NPlayer.swf d----- [22:54 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.coolmath-games.com d----- [22:05 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.dailymotion.com d----- [00:25 14/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.dailymotion.com\flash d----- [00:25 14/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.dailymotion.com\flash\dmplayer d----- [00:25 14/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.dailymotion.com\flash\dmplayer\dmplayer.swf d----- [00:25 14/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.fancast.com d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.fancast.com\static-19990 d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.fancast.com\static-19990\swf d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\http://www.fancast.com\static-19990\...tainerInit.swf d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.hulu.com d----- [23:12 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.hulu.com\playerembed.swf d----- [23:12 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com d----- [23:19 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games\fire-storm d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games\fire-storm\en d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\http://www.miniclip.com\games\fire-s...fire_storm.dcr d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games\free-wheels d----- [23:31 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games\free-wheels\en d----- [23:31 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\http://www.miniclip.com\games\free-w...ree_wheels.dcr d----- [23:31 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games\monster-trucks-nitro d----- [20:22 29/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\games\monster-trucks-nitro\en d----- [20:22 29/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\http://www.miniclip.com\games\monste...rucksNitro.swf d----- [20:22 29/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\players d----- [23:19 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\players\swf d----- [23:19 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.miniclip.com\players\swf\components d----- [23:19 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\http://www.miniclip.com\players\swf\...s\loginbox.swf d----- [23:19 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.nick.com d----- [00:54 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.nick.com\games d----- [00:54 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.nick.com\games\data d----- [00:54 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.nick.com\games\data\excitebots d----- [00:54 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\http://www.nick.com\games\data\excit...Connection.swf d----- [00:54 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.petpetpark.com d----- [23:50 16/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.petpetpark.com\games d----- [23:50 16/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.petpetpark.com\games\PPP.R15.swf d----- [23:50 16/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\#SharedObjects\3H5KRCPS\www.youtube.com d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys d----- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#abcnews.go.com d----- [00:15 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#assets.bunchball.com d----- [19:48 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com d----- [22:10 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.gigya.com d----- [23:06 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.visiblemeasures.com d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com d----- [20:22 29/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.videoegg.com d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.scribd.com d----- [23:15 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com d----- [11:50 07/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d2vu12l4y8nfmr.cloudfront.net d----- [00:24 23/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.quantserve.com d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#forbes.com d----- [12:05 04/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.neopets.com d----- [01:13 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com d----- [19:51 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net d----- [22:54 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is2.j.tv2n.net d----- [22:46 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com d----- [19:39 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lads.myspace.com d----- [23:10 02/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macandcheese.kraftfoods.com d----- [01:20 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com d----- [23:26 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mcstatic.com d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.break.com d----- [00:20 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#miniclip.com d----- [23:22 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#neopets.com d----- [19:11 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pandora.com d----- [22:49 11/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.hulu.com d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#redir.adap.tv d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resources-p1.imeem.com d----- [19:48 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.mcstatic.com d----- [23:21 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com d----- [23:37 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#sodahead.com d----- [23:04 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.twitter.com d----- [00:27 20/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#swf.neopets.com d----- [19:40 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#twitter.com d----- [23:07 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#videos.video-loader.com d----- [22:54 28/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.coolmath-games.com d----- [22:05 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dailymotion.com d----- [00:25 14/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.fancast.com d----- [19:20 06/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.hulu.com d----- [23:12 05/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.miniclip.com d----- [23:19 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.nick.com d----- [00:54 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.petpetpark.com d----- [23:50 16/06/2009]
C:\Documents and Settings\Rachel\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com d----- [23:22 13/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\AddIns d----- [23:27 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Clip Organizer d----- [15:40 21/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CLR Security Config d----- [21:49 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CLR Security Config\v1.1.4322 d----- [21:49 15/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CLView d----- [15:54 21/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CLView\1033 d----- [15:54 21/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Credentials d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1006 d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CryptnetUrlCache d---s- [21:56 05/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CryptnetUrlCache\Content d---s- [21:56 05/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\CryptnetUrlCache\MetaData d---s- [21:56 05/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Document Building Blocks d----- [20:22 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Document Building Blocks\1033 d----- [20:22 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\HTML Help d----- [15:53 21/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\Quick Launch dr---- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\UserData d--hs- [22:30 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\UserData\6V17ACLA d--hs- [22:30 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\UserData\DD2ZXZ6M d--hs- [22:30 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\UserData\T87IASOS d--hs- [22:30 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Internet Explorer\UserData\XAVW0DU4 d--hs- [22:30 09/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Media Player d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Microsoft IntelliPoint d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Microsoft IntelliPoint\SQM d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Office d----- [19:48 06/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Office\Recent d---s- [20:31 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Outlook d----- [19:48 06/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Proof d----- [20:22 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Protect d---s- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Protect\S-1-5-21-1220945662-1532298954-839522115-1006 d---s- [19:14 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Publisher d----- [15:37 21/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\SystemCertificates d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\SystemCertificates\My d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\SystemCertificates\My\Certificates d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\SystemCertificates\My\CRLs d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\SystemCertificates\My\CTLs d---s- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Templates d----- [20:22 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\UProof d----- [23:27 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Windows d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Windows\Themes d----- [19:03 02/05/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Word d----- [20:22 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\Microsoft\Word\STARTUP d----- [20:22 07/06/2009]
C:\Documents and Settings\Rachel\Application Data\MiniDm d----- [23:26 10/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Extensions d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Crash Reports d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\io0yv0v1.default d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\io0yv0v1.default\bookmarkbackups d----- [23:50 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\io0yv0v1.default\chrome d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\io0yv0v1.default\extensions d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\Mozilla\Firefox\Profiles\io0yv0v1.default\minidumps d----- [23:05 27/05/2009]
C:\Documents and Settings\Rachel\Application Data\WinRAR d----- [18:50 07/06/2009]
C:\Documents and Settings\Papa\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
C:\Documents and Settings\Papa\Application Data\ACD Systems d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Application Data\ACD Systems\ACDSee d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Application Data\ACD Systems\ACDSee\Favorites d----- [02:02 04/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe d----- [15:39 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0 d----- [16:47 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0\Collab d----- [02:29 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0\JavaScripts d----- [02:31 14/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0\organizer70 d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0\Preferences d----- [02:29 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0\Synchronizer d----- [17:39 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata d----- [17:39 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\Distiller 8 d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Acrobat\Distiller 8\Cache d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe PDF d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe PDF\Distiller d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe PDF\Distiller\Data d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe PDF\Distiller\Startup d----- [16:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe PDF\Settings d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4 d----- [15:46 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Actions d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Black and White d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Brushes d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Channel Mixer d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Color Swatches d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Contours d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Curves d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Custom Shapes d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Duotones d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Exposure d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Gradients d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Hue and Saturation d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Keyboard Shortcuts d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Levels d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Lights d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Materials d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Menu Customization d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Patterns d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Render Settings d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Selective Color d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Styles d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Tools d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Adobe Photoshop CS4\Presets\Volumes d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\AIR d----- [15:41 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\AIR\Updater d----- [15:41 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Color d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Color\Proofing d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Color\Settings d----- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Flash Player d----- [15:41 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Flash Player\AssetCache d----- [15:41 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Flash Player\AssetCache\SALMWUV8 d----- [15:41 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\all d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brt d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\brz d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\bul d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\can d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cfr d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\ctl d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\cze d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dan d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\dut d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\eng d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\est d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\fin d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\frn d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\gre d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\grm d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hrv d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\hun d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\itl d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lav d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\lit d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nrw d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\nyn d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\pol d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\prt d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rum d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\rus d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\sgr d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slo d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\slv d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\spn d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\swd d----- [13:21 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Linguistics\Dictionaries\Adobe Custom Dictionary\tur d----- [13:22 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11 d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\DswMedia d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\Prefs d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\Prefs\98YHAPN5 d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\DirectSound d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\FlashAsset d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\MacroMix d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SoundControl d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Adobe\Shockwave Player 11\xtras\download\AdobeSystemsIncorporated\SWA d----- [16:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Apple Computer d----- [02:32 12/06/2009]
C:\Documents and Settings\Papa\Application Data\Apple Computer\QuickTime d----- [02:32 12/06/2009]
C:\Documents and Settings\Papa\Application Data\DivX d----- [01:09 29/06/2009]
C:\Documents and Settings\Papa\Application Data\DivX\DivX Codec d----- [01:09 29/06/2009]
C:\Documents and Settings\Papa\Application Data\ICAClient d----- [11:51 15/05/2009]
C:\Documents and Settings\Papa\Application Data\ICAClient\Cache d----- [11:51 15/05/2009]
C:\Documents and Settings\Papa\Application Data\ICAClient\Cache\zlcache d----- [11:51 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Identities d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Identities\{0B057171-3AC7-4F0A-9311-2941E358F8C6} d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\IEPro d----- [14:27 02/05/2009]
C:\Documents and Settings\Papa\Application Data\IEPro\adblock d----- [14:51 02/05/2009]
C:\Documents and Settings\Papa\Application Data\IEPro\autoform d----- [14:27 02/05/2009]
C:\Documents and Settings\Papa\Application Data\IEPro\textsaver d----- [14:27 02/05/2009]
C:\Documents and Settings\Papa\Application Data\InstallShield d----- [17:05 02/05/2009]
C:\Documents and Settings\Papa\Application Data\InstallShield\ISEngine12.0 d----- [17:05 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Intuit d----- [02:32 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Intuit\Quicken d----- [02:32 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Intuit\Quicken\Config d----- [02:32 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Intuit\Quicken\Data d----- [02:32 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Intuit\Quicken\Log d----- [02:32 12/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\as1.suitesmart.com d----- [01:38 03/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\as1.suitesmart.com\_f5e.swf d----- [01:38 03/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\bankofamerica.com d----- [01:47 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\bankofamerica.com\sas d----- [01:47 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\bankofamerica.com\sas\sas-docs d----- [01:47 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\bankofamerica.com\sas\sas-docs\html d----- [01:47 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\bankofamerica.com\sas\sas-docs\html\pmfso.swf d----- [01:47 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\bin.clearspring.com d----- [10:54 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\buzzword.acrobat.com d----- [02:28 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\buzzword.acrobat.com\Clients d----- [02:28 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\buzzword.acrobat.com\Clients\605212 d----- [02:28 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\buzzword.acrobat.com\Clients\605212\Buzzword.swf d----- [02:28 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\chase.com d----- [02:12 03/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\d.yimg.com d----- [02:24 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\d.yimg.com\ks d----- [02:24 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\d.yimg.com\ks\ytv-dint d----- [02:24 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\d.yimg.com\ks\ytv-dint\AdPlugin.swf d----- [02:24 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\epson.com d----- [16:57 02/05/2009]

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 1:17am

Part 4
**********************************************************
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\flowplayer.org d----- [01:50 19/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\flowplayer.org\swf d----- [01:50 19/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\flowplayer.org\swf\flowplayer-3.1.1.swf d----- [01:50 19/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\home.americanexpress.com d----- [02:00 05/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\home.americanexpress.com\home d----- [02:00 05/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\home.americanexpress.com\home\load_audio_home.swf d----- [02:00 05/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\interclick.com d----- [02:25 21/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1- d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions\bankofamerica d----- [10:25 02/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions\bankofamerica\090518 d----- [10:25 02/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions\bankofamerica\090518\c d----- [10:25 02/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions\paramount d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions\paramount\090508 d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\l.yimg.com\a\a\1-\java\promotions\paramount\090508\i d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\login.yahoo.com d----- [16:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\macromedia.com d----- [16:48 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\mail.google.com d----- [11:42 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\s.ytimg.com d----- [10:57 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\seal.buysafe.com d----- [12:16 07/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\secureinclude.ebaystatic.com d----- [00:03 11/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\share.acrobat.com d----- [02:29 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\share.acrobat.com\adc d----- [02:29 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\share.acrobat.com\adc\flex d----- [02:29 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\share.acrobat.com\adc\flex\adc.swf d----- [02:29 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\spe.atdmt.com d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\spe.atdmt.com\ds d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\spe.atdmt.com\ds\M5NMKQWESQM2 d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\spe.atdmt.com\ds\M5NMKQWESQM2\q209_4_16_qw10997_adroit d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\spe.atdmt.com\ds\M5NMKQWESQM2\q209_4_16_qw10997_adroit\QW10997_Q2_Concepting_bundle_img_160x600_ID705.swf d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\spe.atdmt.com\ds\M5NMKQWESQM2\q209_4_16_qw10997_adroit\QW10997_Q2_Concepting_hsi_noimg_160x600_ID702.swf d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\stg.odnoklassniki.ru d----- [01:37 19/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\tdameritrade.com d----- [03:44 26/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\tdameritrade.com\virtualclient d----- [03:44 26/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\tdameritrade.com\virtualclient\vce.swf d----- [03:44 26/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\udn.specificclick.net d----- [01:45 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\us.mg1.mail.yahoo.com d----- [16:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.guggenheim.org d----- [14:43 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.ikea.com d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.ikea.com\ms d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.ikea.com\ms\flash d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.ikea.com\ms\flash\rooms_ideas d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.ikea.com\ms\flash\rooms_ideas\mpa2 d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.ikea.com\ms\flash\rooms_ideas\mpa2\MPA2.swf d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com d----- [21:44 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com\games d----- [21:45 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com\games\squiggle-squid d----- [21:45 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com\games\squiggle-squid\en d----- [21:45 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\http://www.miniclip.com\games\squigg...n\squiggle.swf d----- [21:45 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com\players d----- [21:44 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com\players\swf d----- [21:44 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.miniclip.com\players\swf\components d----- [21:44 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\http://www.miniclip.com\players\swf\...s\loginbox.swf d----- [21:44 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\#SharedObjects\XL85893N\www.weather.com d----- [02:06 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys d----- [15:43 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#adobe.com d----- [16:48 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com d----- [01:38 03/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bankofamerica.com d----- [01:47 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com d----- [10:54 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#buzzword.acrobat.com d----- [02:28 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#chase.com d----- [02:12 03/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#d.yimg.com d----- [02:24 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#epson.com d----- [16:57 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flowplayer.org d----- [01:50 19/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#home.americanexpress.com d----- [02:00 05/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com d----- [02:25 21/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#l.yimg.com d----- [23:51 08/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#login.yahoo.com d----- [16:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com d----- [16:48 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com d----- [11:42 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com d----- [10:57 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#seal.buysafe.com d----- [12:16 07/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#secureinclude.ebaystatic.com d----- [00:03 11/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#share.acrobat.com d----- [02:29 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#spe.atdmt.com d----- [03:21 01/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stg.odnoklassniki.ru d----- [01:37 19/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tdameritrade.com d----- [03:44 26/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net d----- [01:45 06/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#us.mg1.mail.yahoo.com d----- [16:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.guggenheim.org d----- [14:43 16/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.ikea.com d----- [14:33 28/06/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.miniclip.com d----- [21:44 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.weather.com d----- [02:06 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\www.macromedia.com d----- [16:48 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin d----- [16:48 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax d----- [16:48 02/05/2009]
fpupdateax.exe --a--- 1915520 bytes [16:48 02/05/2009] [16:48 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Malwarebytes d----- [02:35 24/06/2009]
C:\Documents and Settings\Papa\Application Data\Malwarebytes\Malwarebytes' Anti-Malware d----- [02:35 24/06/2009]
C:\Documents and Settings\Papa\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs d----- [02:35 24/06/2009]
C:\Documents and Settings\Papa\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine d----- [02:35 24/06/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\AddIns d----- [11:06 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Address Book d----- [11:12 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\CLR Security Config d----- [18:08 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\CLR Security Config\v1.1.4322 d----- [18:08 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\CLR Security Config\v2.0.50727.42 d----- [02:56 06/06/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Credentials d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1003 d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\CryptnetUrlCache d---s- [13:32 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\CryptnetUrlCache\Content d---s- [13:32 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\CryptnetUrlCache\MetaData d---s- [13:32 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Crypto d---s- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Crypto\RSA d---s- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1220945662-1532298954-839522115-1003 d---s- [15:52 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Document Building Blocks d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Document Building Blocks\1033 d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Excel d----- [11:06 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Excel\XLSTART d----- [11:06 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\HTML Help d----- [03:07 29/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\IdentityCRL d----- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\IdentityCRL\production d----- [11:11 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Installer d----- [13:31 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE} d----- [13:31 03/05/2009]
ARPPRODUCTICON.exe -ra--- 10134 bytes [13:31 03/05/2009] [13:31 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Internet Explorer d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Internet Explorer\Quick Launch dr---- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Media Player d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Microsoft IntelliPoint d----- [15:34 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Microsoft IntelliPoint\SQM d----- [15:34 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\MMC d----- [13:23 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Office d----- [11:06 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Office\Recent d---s- [11:06 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Outlook d----- [13:03 15/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Proof d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Protect d---s- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Protect\S-1-5-21-1220945662-1532298954-839522115-1003 d---s- [13:42 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Publisher d----- [18:26 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\SystemCertificates d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\SystemCertificates\My d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\SystemCertificates\My\Certificates d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\SystemCertificates\My\CRLs d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\SystemCertificates\My\CTLs d---s- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Templates d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\UProof d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Windows d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Windows\Themes d----- [13:11 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Word d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\Microsoft\Word\STARTUP d----- [02:12 05/05/2009]
C:\Documents and Settings\Papa\Application Data\MiniDm d----- [14:33 02/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Extensions d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Crash Reports d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\bookmarkbackups d----- [10:20 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\chrome d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{dc572301-7619-498c-a57d-39143191b318} d----- [10:20 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\chrome d----- [10:20 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\defaults d----- [10:20 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\defaults\preferences d----- [10:20 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0} d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\chrome d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\components d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\Linux_x86-gcc3 d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\Linux_x86-gcc3\components d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\WINNT_x86-msvc d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\platform\WINNT_x86-msvc\components d----- [11:46 25/05/2009]
C:\Documents and Settings\Papa\Application Data\Mozilla\Firefox\Profiles\w1zusv1v.default\minidumps d----- [10:19 03/05/2009]
C:\Documents and Settings\Papa\Application Data\Nero d----- [19:29 13/06/2009]
C:\Documents and Settings\Papa\Application Data\Nero\Nero8 d----- [19:29 13/06/2009]
C:\Documents and Settings\Papa\Application Data\Nero\Nero8\Nero Burning ROM d----- [19:29 13/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun d----- [00:08 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java d----- [00:08 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment d----- [00:09 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache d----- [00:09 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\0 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\1 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\10 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\11 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\12 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\13 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\14 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\15 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\15\58fb3e0f-5a4b3100-n d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\16 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\17 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\18 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\19 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\2 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\20 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\21 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\22 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\23 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\24 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\25 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\26 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\27 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\28 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\29 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\3 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\30 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\31 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\32 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\33 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\34 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\35 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\36 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\37 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\38 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\39 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\4 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\40 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\41 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\42 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\43 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\44 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\45 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-2ca4865b-n d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\46 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\47 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\48 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\49 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\5 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\50 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\51 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\52 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\53 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\54 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\55 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\56 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\57 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\58 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\59 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\6 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\60 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\61 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\62 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5ffdbf40-n d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\63 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\7 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\8 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\9 d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\host d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\cache\6.0\muffin d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\ext d----- [00:09 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\log d----- [00:09 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\security d----- [00:09 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\tmp d----- [00:59 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\Deployment\tmp\si d----- [00:59 26/06/2009]
C:\Documents and Settings\Papa\Application Data\Sun\Java\jre1.6.0_14 d----- [00:08 26/06/2009]
C:\Documents and Settings\Papa\Application Data\WinRAR d----- [01:57 04/05/2009]
C:\Documents and Settings\Leah\Application Data - Parameters: "/s /n*.exe*"
---Files---
None found.
C:\Documents and Settings\Leah\Application Data\Adobe d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Acrobat d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Acrobat\8.0 d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Acrobat\8.0\Synchronizer d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Acrobat\Distiller 8 d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Acrobat\Distiller 8\Cache d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe PDF d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe PDF\Distiller d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe PDF\Distiller\Data d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe PDF\Distiller\Startup d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe PDF\Settings d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe Photoshop CS4 d----- [21:38 29/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Adobe Photoshop CS4\Adobe Photoshop CS4 Settings d----- [21:38 29/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Common d----- [21:40 29/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\CS4ServiceManager d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Flash Player d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Flash Player\AssetCache d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Flash Player\AssetCache\KMAJS36U d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Premiere Elements d----- [21:40 29/05/2009]
C:\Documents and Settings\Leah\Application Data\Adobe\Premiere Elements\4.0 d----- [21:40 29/05/2009]
C:\Documents and Settings\Leah\Application Data\Identities d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Identities\{03C94E14-0157-46CF-81C5-7ACC52EAA30B} d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\IEPro d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\IEPro\adblock d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\IEPro\autoform d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\IEPro\textsaver d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\#SharedObjects d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\#SharedObjects\KZZX77AG d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\#SharedObjects\KZZX77AG\mail.google.com d----- [17:17 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\#SharedObjects\KZZX77AG\pandora.com d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\#SharedObjects\KZZX77AG\s.ytimg.com d----- [17:06 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com\support d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mail.google.com d----- [17:17 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pandora.com d----- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com d----- [17:06 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\AddIns d----- [16:56 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Clip Organizer d----- [17:33 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\CLR Security Config d----- [16:36 16/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\CLR Security Config\v1.1.4322 d----- [16:36 16/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Credentials d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Credentials\S-1-5-21-1220945662-1532298954-839522115-1005 d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\CryptnetUrlCache d---s- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\CryptnetUrlCache\Content d---s- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\CryptnetUrlCache\MetaData d---s- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Document Building Blocks d----- [02:18 15/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Document Building Blocks\1033 d----- [02:18 15/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Internet Explorer d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Internet Explorer\Quick Launch dr---- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Media Player d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Microsoft IntelliPoint d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Microsoft IntelliPoint\SQM d----- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Office d----- [16:56 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Office\Recent d---s- [17:19 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Proof d----- [02:18 15/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Protect d---s- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Protect\S-1-5-21-1220945662-1532298954-839522115-1005 d---s- [17:00 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Publisher d----- [16:56 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\SystemCertificates d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\SystemCertificates\My d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\SystemCertificates\My\Certificates d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\SystemCertificates\My\CRLs d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\SystemCertificates\My\CTLs d---s- [16:55 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Templates d----- [16:56 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\UProof d----- [16:57 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Word d----- [02:18 15/05/2009]
C:\Documents and Settings\Leah\Application Data\Microsoft\Word\STARTUP d----- [02:18 15/05/2009]
C:\Documents and Settings\Leah\Application Data\MiniDm d----- [17:35 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Extensions d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Crash Reports d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Profiles d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Profiles\v4pigdb0.default d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Profiles\v4pigdb0.default\bookmarkbackups d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Profiles\v4pigdb0.default\chrome d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Profiles\v4pigdb0.default\extensions d----- [16:59 03/05/2009]
C:\Documents and Settings\Leah\Application Data\Mozilla\Firefox\Profiles\v4pigdb0.default\minidumps d----- [16:59 03/05/2009]
C:\Documents and Settings\Anna\Local Settings\temp - Parameters: "/s"
---Files---
jusched.log --a--- 888 bytes [17:46 27/06/2009] [02:13 01/07/2009]
lilo2 --a--- 1024 bytes [18:04 28/06/2009] [18:04 28/06/2009]
lilo3 --a--- 1024 bytes [18:04 28/06/2009] [18:04 28/06/2009]
tmp53.tmp --a--- 19407 bytes [17:54 28/06/2009] [17:54 28/06/2009]
wmplog00.sqm --a--- 1416 bytes [14:16 29/06/2009] [14:16 29/06/2009]
zlib1.dll --a--- 59904 bytes [05:54 01/07/2009] [05:54 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\Adobe d----- [17:36 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\Adobe\Acrobat d----- [17:36 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\Adobe\Acrobat\8.0 d----- [17:36 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\DefaultEmoticons d----- [02:09 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\Icons d----- [02:11 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\outlook logging d----- [01:46 28/06/2009]
firstrun.log --a--- 111 bytes [01:46 28/06/2009] [02:09 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\VBE d----- [17:42 27/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\WPDNSE d----- [02:08 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp d--hs- [21:42 27/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c04 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 219136 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c05 d--hs- [17:40 30/06/2009]
spoolsv.exe --a--- 220672 bytes [17:40 30/06/2009] [17:40 30/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c04 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c05 d--hs- [04:29 01/07/2009]
spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c03 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c04 d--hs- [04:29 01/07/2009]
spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c02 d--hs- [19:11 29/06/2009]
spoolsv.exe --a--- 221184 bytes [19:11 29/06/2009] [19:11 29/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c03 d--hs- [04:29 01/07/2009]
spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c01 d--hs- [16:47 28/06/2009]
spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c02 d--hs- [04:29 01/07/2009]
spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c01 d--hs- [17:32 29/06/2009]
spoolsv.exe --a--- 221184 bytes [17:32 29/06/2009] [17:32 29/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c02 d--hs- [04:29 01/07/2009]
spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp28 d--hs- [21:42 27/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp29 d--hs- [12:21 29/06/2009]
C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp30 d--hs- [12:08 30/06/2009]
mdm.exe --a--- 38400 bytes [05:54 01/07/2009] [05:54 01/07/2009]
C:\Documents and Settings\Rachel\Local Settings\temp - Parameters: "/s"
---Files---
None found.
No folders found.
C:\Documents and Settings\Papa\Local Settings\Temp - Parameters: "/s"
---Files---
BCG113A.tmp --a--- 4096 bytes [10:14 30/06/2009] [10:14 30/06/2009]
E_S77.tmp --a--- 146 bytes [02:48 28/06/2009] [02:48 28/06/2009]
java_install_reg.log --a--- 582 bytes [20:19 27/06/2009] [07:19 29/06/2009]
jusched.log --a--- 7569 bytes [17:51 27/06/2009] [00:09 02/07/2009]
NSF7.tmp --a--- 276 bytes [03:33 01/07/2009] [03:33 01/07/2009]
~DFFE27.tmp --a--- 16384 bytes [02:13 30/06/2009] [02:13 30/06/2009]
~DFFE32.tmp --a--- 512 bytes [02:13 30/06/2009] [02:13 30/06/2009]
C:\Documents and Settings\Papa\Local Settings\Temp\hsperfdata_Papa d----- [20:19 27/06/2009]
C:\Documents and Settings\Papa\Local Settings\Temp\VBE d----- [18:55 28/06/2009]
C:\Documents and Settings\Papa\Local Settings\Temp\WPDNSE d----- [00:04 02/07/2009]
C:\Documents and Settings\Leah\Local Settings\Temp - Parameters: "/s"
---Files---
None found.

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 1:17am

Part 5
**********************************************************No folders found.
C:\WINDOWS\System - Parameters: "/s"
---Files---
AVICAP.DLL --a--- 69584 bytes [08:28 02/05/2009] [12:00 04/08/2004]
AVIFILE.DLL --a--- 109456 bytes [08:28 02/05/2009] [12:00 04/08/2004]
COMMDLG.DLL --a--- 32816 bytes [08:28 02/05/2009] [12:00 04/08/2004]
KEYBOARD.DRV --a--- 2000 bytes [08:28 02/05/2009] [12:00 04/08/2004]
LZEXPAND.DLL --a--- 9936 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MCIAVI.DRV --a--- 73376 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MCISEQ.DRV --a--- 25264 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MCIWAVE.DRV --a--- 28160 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MMSYSTEM.DLL --a--- 68768 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MMTASK.TSK --a--- 1152 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MOUSE.DRV --a--- 2032 bytes [08:28 02/05/2009] [12:00 04/08/2004]
MSVIDEO.DLL --a--- 126912 bytes [08:28 02/05/2009] [12:00 04/08/2004]
OLECLI.DLL --a--- 82944 bytes [08:28 02/05/2009] [12:00 04/08/2004]
OLESVR.DLL --a--- 24064 bytes [08:28 02/05/2009] [12:00 04/08/2004]
setup.inf --a--- 59167 bytes [12:00 04/08/2004] [12:00 04/08/2004]
SHELL.DLL --a--- 5120 bytes [08:28 02/05/2009] [12:00 04/08/2004]
SOUND.DRV --a--- 1744 bytes [08:28 02/05/2009] [12:00 04/08/2004]
stdole.tlb --a--- 5532 bytes [12:00 04/08/2004] [12:00 04/08/2004]
SYSTEM.DRV --a--- 3360 bytes [08:28 02/05/2009] [12:00 04/08/2004]
TAPI.DLL --a--- 19200 bytes [08:28 02/05/2009] [12:00 04/08/2004]
TIMER.DRV --a--- 4048 bytes [08:28 02/05/2009] [12:00 04/08/2004]
VER.DLL --a--- 9008 bytes [08:28 02/05/2009] [12:00 04/08/2004]
VGA.DRV --a--- 2176 bytes [08:28 02/05/2009] [12:00 04/08/2004]
WFWNET.DRV --a--- 13600 bytes [08:28 02/05/2009] [12:00 04/08/2004]
winspool.drv --a--- 146432 bytes [08:28 02/05/2009] [00:12 14/04/2008]
No folders found.
========== filefind ==========
Searching for "spoolsv.exe"
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c04\spoolsv.exe --a--- 219136 bytes [16:47 28/06/2009] [16:47 28/06/2009] BFA3A3A816978E6B5A8E6654E16CD31A
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c05\spoolsv.exe --a--- 220672 bytes [17:40 30/06/2009] [17:40 30/06/2009] 996F788D955C99FE9D0FB09DC86B366D
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c04\spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009] 4E19C036979C8E9E0B4748F979560C19
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c05\spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009] 715756FD0D45B25835C2456196BBD145
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c03\spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009] 7F89E1AA9BF2F953FBDE3600ABF510BA
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c04\spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009] A22FA7086E3CC3BEC1E0A8B7BBDCF514
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c02\spoolsv.exe --a--- 221184 bytes [19:11 29/06/2009] [19:11 29/06/2009] B0003A45E191D94D55D0BE84F6900125
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c03\spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009] 483C58278B262F12F4FF7435F4C958AF
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c01\spoolsv.exe --a--- 221184 bytes [16:47 28/06/2009] [16:47 28/06/2009] 2A5DC21599E13EA1A4209857FBA049FC
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c02\spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009] 9EFC007EA6EA82786519BB047155BE73
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c01\spoolsv.exe --a--- 221184 bytes [17:32 29/06/2009] [17:32 29/06/2009] 4C64281A7084B00FB057D1A0F5426630
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c02\spoolsv.exe --a--- 222208 bytes [04:29 01/07/2009] [04:29 01/07/2009] 933F2AEFFFF7E81C3818D2AF6C7C0648
C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe -----c 57856 bytes [13:51 02/05/2009] [12:00 04/08/2004] 7435B108B935E42EA92CA94F59C8E717
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe ------ 57856 bytes [00:12 14/04/2008] [00:12 14/04/2008] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
C:\WINDOWS\system32\dllcache\cache\spoolsv.exe --a--c 57856 bytes [10:28 25/06/2009] [00:12 14/04/2008] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
C:\WINDOWS\system32\spoolsv.exe --a--- 57856 bytes [12:00 04/08/2004] [00:12 14/04/2008] D8E14A61ACC1D4A6CD0D38AEBAC7FA3B
Searching for "ieudinit.exe"
C:\WINDOWS\$hf_mig$\KB963027-IE7\SP3QFE\ieudinit.exe --a--- 13824 bytes [13:38 02/05/2009] [10:24 20/02/2009] 666DD4ABA0025897B34B0E69C3B9109D
C:\WINDOWS\$hf_mig$\KB969897-IE7\SP3QFE\ieudinit.exe --a--- 13824 bytes [09:56 28/04/2009] [09:56 28/04/2009] E2E1332D2A8F04F35FC64F83A3006103
C:\WINDOWS\ie7updates\KB963027-IE7\ieudinit.exe -----c 13312 bytes [13:40 02/05/2009] [22:39 13/08/2007] D3D2009FD649AA5082DA2F8CBD7D9F3D
C:\WINDOWS\ie7updates\KB969897-IE7\ieudinit.exe -----c 13824 bytes [02:47 13/06/2009] [10:20 20/02/2009] BAACFE1A277DBE29BA6044DCF44A7785
C:\WINDOWS\system32\dllcache\ieudinit.exe -----c 13824 bytes [13:38 02/05/2009] [09:05 28/04/2009] C2B8415504A841E55708517658F771B3
C:\WINDOWS\system32\ieudinit.exe --a--- 13824 bytes [22:39 13/08/2007] [09:05 28/04/2009] C2B8415504A841E55708517658F771B3
Searching for "cmstp.exe"
C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe -----c 63488 bytes [13:52 02/05/2009] [12:00 04/08/2004] 69B231148006E8B15EE839ABBF8CA576
C:\WINDOWS\ServicePackFiles\i386\cmstp.exe ------ 63488 bytes [00:12 14/04/2008] [00:12 14/04/2008] 231138871DCE86961694177508CC8F17
C:\WINDOWS\system32\cmstp.exe --a--- 63488 bytes [12:00 04/08/2004] [00:12 14/04/2008] 231138871DCE86961694177508CC8F17
Searching for "mstinit.exe"
C:\WINDOWS\$NtServicePackUninstall$\mstinit.exe -----c 12288 bytes [13:52 02/05/2009] [12:00 04/08/2004] 4EC9A411607BFB7288EFF808223C25D6
C:\WINDOWS\ServicePackFiles\i386\mstinit.exe ------ 12288 bytes [00:12 14/04/2008] [00:12 14/04/2008] D5788A5243D1DD160E0F97AA4808B2BE
C:\WINDOWS\system32\mstinit.exe --a--- 12288 bytes [12:38 02/05/2009] [00:12 14/04/2008] D5788A5243D1DD160E0F97AA4808B2BE
Searching for "sessmgr.exe"
C:\WINDOWS\$NtServicePackUninstall$\sessmgr.exe -----c 140800 bytes [13:51 02/05/2009] [12:00 04/08/2004] 729798E0933076B8FCFCD9934698F164
C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe ------ 141312 bytes [00:12 14/04/2008] [00:12 14/04/2008] 3C37BF86641BDA977C3BF8A840F3B7FA
C:\WINDOWS\system32\sessmgr.exe --a--- 141312 bytes [12:37 02/05/2009] [00:12 14/04/2008] 3C37BF86641BDA977C3BF8A840F3B7FA
Searching for "cisvc.exe"
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\cisvc.exe --a--- 61440 bytes [23:37 05/06/2009] [00:20 09/05/2009] 228DC8ADC7EDAFD3063B68A695D31A6D
C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe -----c 5632 bytes [13:52 02/05/2009] [12:00 04/08/2004] 3192BD04D032A9C4A85A3278C268A13A
C:\WINDOWS\ServicePackFiles\i386\cisvc.exe ------ 5632 bytes [00:12 14/04/2008] [00:12 14/04/2008] 1CFE720EB8D93A7158A4EBC3AB178BDE
C:\WINDOWS\system32\cisvc.exe --a--- 5632 bytes [12:00 04/08/2004] [00:12 14/04/2008] 1CFE720EB8D93A7158A4EBC3AB178BDE
Searching for "comrepl.exe"
C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe -----c 9728 bytes [13:52 02/05/2009] [12:00 04/08/2004] 42B1F1CE95A41D35AF65CCF8925728A3
C:\WINDOWS\ServicePackFiles\i386\comrepl.exe ------ 9728 bytes [00:12 14/04/2008] [00:12 14/04/2008] DEDDBCE9D0B6E4864F593A8A36849E1D
C:\WINDOWS\system32\Com\comrepl.exe --a--- 9728 bytes [12:37 02/05/2009] [00:12 14/04/2008] DEDDBCE9D0B6E4864F593A8A36849E1D
Searching for "rsvp.exe"
C:\WINDOWS\system32\dllcache\rsvp.exe --a--c 132608 bytes [12:00 04/08/2004] [12:00 04/08/2004] 471B3F9741D762ABE75E9DEEA4787E47
C:\WINDOWS\system32\rsvp.exe --a--- 132608 bytes [12:00 04/08/2004] [12:00 04/08/2004] 471B3F9741D762ABE75E9DEEA4787E47
Searching for "esentutl.exe"
C:\WINDOWS\system32\dllcache\esentutl.exe --a--c 39424 bytes [12:00 04/08/2004] [12:00 04/08/2004] DF17198F6A13CA1011FFEF1D9B702481
C:\WINDOWS\system32\esentutl.exe --a--- 39424 bytes [12:00 04/08/2004] [12:00 04/08/2004] DF17198F6A13CA1011FFEF1D9B702481
-=End Of File=-

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 1:18am

By th way, since we started our little experiments, my computer began to restart by itself from the "severe error" at least once a day.
Is cure worse than the decease? :-)

Katana

MRU Expert

1,682 Posts

2 Jul 2009, 11:11am

Quoting burevestnik

Is cure worse than the decease? :-)

Not normally, but your machine was heavily infected.

It is installtion keygen anyway.

I need to know if you ever used this Keygen, even if it was only once.

OTMoveIt
Please download OTM by OldTimer and save it to your desktop

Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )

Code:

:Processes
:Reg
:Files
C:\Documents and Settings\Anna\Local Settings\temp\*.* /s
C:\Documents and Settings\Rachel\Local Settings\temp\*.* /s
C:\Documents and Settings\Papa\Local Settings\Temp\*.* /s
C:\Documents and Settings\Leah\Local Settings\Temp\*.* /s
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\*.*
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\cisvc.exe
:Commands
[Purity]
[EmptyTemp]

Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.
Reboot your machine and see if the problem still exists
(if it does, where ? )

burevestnik

Icrontic Regular

27 Posts

2 Jul 2009, 11:38am

Yes,
I did use that keygen once.
*******************************************************
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\Anna\Local Settings\temp\jusched.log moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\lilo2 moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\lilo3 moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\tmp53.tmp moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\wmplog00.sqm moved successfully.
DllUnregisterServer procedure not found in C:\Documents and Settings\Anna\Local Settings\temp\zlib1.dll
C:\Documents and Settings\Anna\Local Settings\temp\zlib1.dll NOT unregistered.
C:\Documents and Settings\Anna\Local Settings\temp\zlib1.dll moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c04\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb43c05\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c04\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb45c05\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c03\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb50c04\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c02\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb52c03\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c01\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb56c02\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c01\spoolsv.exe moved successfully.
C:\Documents and Settings\Anna\Local Settings\temp\~temp\gb57c02\spoolsv.exe moved successfully.
File move failed. C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp30\mdm.exe scheduled to be moved on reboot.
C:\Documents and Settings\Anna\Local Settings\temp\outlook logging\firstrun.log moved successfully.
File/Folder C:\Documents and Settings\Rachel\Local Settings\temp\*.* not found.
C:\Documents and Settings\Papa\Local Settings\Temp\BCG113A.tmp moved successfully.
C:\Documents and Settings\Papa\Local Settings\Temp\E_S77.tmp moved successfully.
C:\Documents and Settings\Papa\Local Settings\Temp\java_install_reg.log moved successfully.
C:\Documents and Settings\Papa\Local Settings\Temp\jusched.log moved successfully.
C:\Documents and Settings\Papa\Local Settings\Temp\NSF7.tmp moved successfully.
C:\Documents and Settings\Papa\Local Settings\Temp\~DFFE27.tmp moved successfully.
C:\Documents and Settings\Papa\Local Settings\Temp\~DFFE32.tmp moved successfully.
File/Folder C:\Documents and Settings\Leah\Local Settings\Temp\*.* not found.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06272009.Log moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06282009.Log moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06292009.Log moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\06302009.Log moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\07012009.Log moved successfully.
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\07022009.Log moved successfully.
C:\Documents and Settings\Anna\Local Settings\Application Data\Microsoft\cisvc.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 58820402 bytes
->FireFox cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Leah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 11256 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Papa
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\Papa\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1152018 bytes
->Java cache emptied: 13425503 bytes
->FireFox cache emptied: 3323346 bytes

User: Rachel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 17007 bytes

RecycleBin emptied: 1143988338 bytes

Total Files Cleaned = 1164.25 mb

OTM by OldTimer - Version 3.0.0.2 log created on 07022009_061710
Files moved on Reboot...
File C:\Documents and Settings\Anna\Local Settings\temp\~temp\mlp30\mdm.exe not found!
Registry entries deleted on Reboot...

Katana

MRU Expert

1,682 Posts

3 Jul 2009, 11:10am

Quoting Katana

Reboot your machine and see if the problem still exists

Is the problem still present ?

burevestnik

Icrontic Regular

27 Posts

3 Jul 2009, 12:14pm

I did not see it since yesterday....

Katana

MRU Expert

1,682 Posts

3 Jul 2009, 9:21pm

Quoting Katana

If you ever used this file, then you need to reformat your computer

It allow outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...

Uninstall OTMoveIt (OTM.exe)

Open OTMoveIt Click Cleanup,
When a box pops up click YES.

Your machine appears to be clean now,
but as I previously mentioned to you, if you used that file then you need to reformat your machine to be completely safe.

burevestnik

Icrontic Regular

27 Posts

4 Jul 2009, 2:46pm

To be completely safe you have to live in North Dakota in a shack and not use computer at all... :-)
That keygen was provided by a friend who used it many times for other people and never it was a problem of any sorts...

Anyway, thank you for your help! I hope it is relatively clean now. But this exercise proves my observation, which I got during my many years in IT: with Windows, it is always faster to rebuild the PC instead of looking for a problem and fixing it...

Katana, I have read your recommendations and I would like to clarify them, if you have few minutes.

1. What Antivirus software you would recommend? I use Symantec AntiVirus v 10.1.8.8000 (Corpotae edition). And I also use MS Windows Defender. This configuration was recommended by PC support team at work. I also have installtion files for Symantec Endpoint protection (Corporate) v 11. It includes anti-spamware, etc. What do you think? Should I change it to, let's say, Avira or Kaspersky?

2. You recommended several software pieces to run:

Spybot - Search & Destroy
MalwareBytes Anti-malware
a-squared Free
superantispyware

Prevention

This is all great, but it is a little too much for me. I would prefer to use one in each group or some suite of apps, if possible...

3. Router. I cuirrently use ZoneAlarm router Z100G. It has antivirus software inside in addition to other Checkpoint features. I am looking at D-Link DIR825, People say it is much faster and as secure as others. What do you think?

4. What about local software firewall? ZoneAlarm, Comodo? Anything else you can recommend, if I need it at all?

I am sorry to bother you with so many questions...
Thanks in advance!

Username
Password	Forgot?
Remember me