There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
acer black screen blue screen boot computer connection crash css dell display driver drivers email error excel explorer firefox firefox 3 freeze hard drive internet internet explorer itunes laptop linux malware monitor network networking nvidia outlook outlook 2003 outlook express partition password printer problem ram router security slow software sound trojan usb virus vista windows windows xp wireless
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
love.exe help


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Closed Thread
Page 1 of 5 1 234 > Last »
 
Thread Tools
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
07-Apr-2008, 10:36 PM #1
Exclamation love.exe help
i have something on my computer and it's in my C:/WINDOWS/system32/ folder and it's known as love.exe

it doesn't cause any dampers on my system performance all it does is use alot of Page File.....and RAM.... but i can open up task manager and end the love.exe process and functions return to normal......i've used lavasoft adaware pro...norton internet security...Spy Huter 3 Security Suite.... and uniblue Spy Eraser and Run FULL scans...they picked up some cookies and a few other things but won't remove love.exe.....it's stuck there......i can go into the system 32 folder and delete it and the next time i start up my computer it's right there again and just starts up with my computer again.......someone please help me remove this pain in the neck
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
24-Apr-2008, 11:13 PM #2
could someone please help me with this...it's starting to affect my system performance and idk what it is ...the process as listed above is love.exe

it's located in
C:/WINDOWS/system32/love.exe
i uninstalled norton 2008 and installed norton 2007 and it picked up stuff in the full system scan that norton 2008 didn't....i updated my uniblue spy eraser and ran a deep scan it picked up the file love.exe and an S.bat file ...both were located in my system32 folder they were removed and i restarted my computer afterwards and they're right there again...norton internet security doesn't pick this up by the way ......can someone please help me
Cookiegal's Avatar
Administrator with 54,829 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
09-May-2008, 08:43 AM #3
Click here to download HJTsetup.exe.
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
10-May-2008, 11:45 PM #4
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:04 PM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SQ931STI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\love.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKCU\..\Policies\Explorer\Run: [] C:\WINDOWS\system32\config\sysrestore.exe -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avp - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10110 bytes
Cookiegal's Avatar
Administrator with 54,829 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
11-May-2008, 08:49 AM #5
Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
11-May-2008, 03:49 PM #6
Combo Fix LOG

ComboFix 08-05-11.1 - Stephen Matthews 2008-05-11 12:41:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -7:00]
Running from: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msvrc20.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000017_.tmp.dll
C:\WINDOWS\system32\_000024_.tmp.dll
C:\WINDOWS\system32\_000028_.tmp.dll
C:\WINDOWS\system32\_000029_.tmp.dll
C:\WINDOWS\system32\_000030_.tmp.dll
C:\WINDOWS\system32\_000031_.tmp.dll
C:\WINDOWS\system32\_000032_.tmp.dll
C:\WINDOWS\system32\_000034_.tmp.dll
C:\WINDOWS\system32\_000058_.tmp.dll
C:\WINDOWS\system32\i.txt
C:\WINDOWS\system32\Ultra.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.

2008-05-10 20:42 . 2008-05-10 20:42 <DIR> d----c--- C:\Program Files\Trend Micro
2008-05-10 20:32 . 2008-05-10 20:32 66 --a--c--- C:\WINDOWS\system32\S.BAT
2008-05-07 20:52 . 2008-05-07 20:52 <DIR> d----c--- C:\Program Files\Radmin Viewer 3
2008-05-07 18:32 . 2008-05-07 18:32 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Radmin
2008-05-07 16:57 . 2008-05-10 19:27 <DIR> d----c--- C:\WINDOWS\system32\rserver30
2008-05-06 17:58 . 2008-05-06 17:58 <DIR> d----c--- C:\WINDOWS\Migo Recover Lost Data
2008-05-06 14:20 . 2008-05-06 14:20 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Aurora Web Editor
2008-05-06 10:49 . 2008-05-06 16:05 <DIR> d----c--- C:\Program Files\Multimedia Australia
2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\SUPERAntiSpyware.com
2008-05-03 12:56 . 2008-05-03 12:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-01 21:44 . 2008-05-01 21:44 <DIR> d----c--- C:\Setup
2008-05-01 20:56 . 2008-05-01 20:56 <DIR> d--hsc--- C:\INCINERATE
2008-04-29 14:42 . 2008-04-29 14:42 <DIR> d----c--- C:\Program Files\Speed Gear 5
2008-04-27 20:07 . 2008-04-27 20:40 <DIR> d----c--- C:\Program Files\Norton Internet Security
2008-04-27 20:06 . 2008-04-27 20:35 123,952 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-27 20:06 . 2008-04-27 20:35 60,800 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-27 20:05 . 2008-04-27 20:35 <DIR> d----c--- C:\Program Files\Symantec
2008-04-27 19:15 . 2008-04-27 19:17 <DIR> d----c--- C:\WINDOWS\system32\Adobe
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_2_D1.prf
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_1_D1.prf
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\AM_D0.PRF
2008-04-26 07:45 . 2008-04-26 07:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-04-26 07:45 . 2007-05-03 10:27 47,360 -ra--c--- C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 46,592 -ra--c--- C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:28 39,552 -ra--c--- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 37,248 -ra--c--- C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 32,000 -ra--c--- C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2008-04-25 21:06 . 2008-04-25 21:06 <DIR> d----c--- C:\Program Files\Google Hacks
2008-04-25 15:12 . 2007-12-24 17:37 138,384 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-24 21:00 . 2008-04-24 21:00 <DIR> d----c--- C:\Documents and Settings\Administrator.STEPHEN\Application Data\Lavasoft
2008-04-23 18:56 . 2008-04-23 18:56 <DIR> d----c--- C:\Program Files\LimeWire
2008-04-23 17:06 . 2008-04-23 17:06 71 --a--c--- C:\WINDOWS\SpotAuditor.INI
2008-04-22 15:01 . 2008-04-22 15:01 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools Pro
2008-04-22 14:56 . 2007-02-22 09:05 90,112 --a--c--- C:\Progr_.dll
2008-04-22 14:38 . 2008-04-22 14:38 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools
2008-04-22 14:38 . 2008-04-22 14:38 717,296 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2008-04-22 04:59 . 2008-04-22 04:59 1,409 --a--c--- C:\WINDOWS\system32\tmp621EE.FOT
2008-04-22 04:59 . 2008-04-22 04:59 24 --a--c--- C:\WINDOWS\AM_D8.PRF
2008-04-22 04:55 . 2008-04-26 11:26 <DIR> d----c--- C:\Program Files\Graffiti Studio 2.0
2008-04-21 22:11 . 2008-04-21 22:11 <DIR> d----c--- C:\WINDOWS\uninstall\F4U KeyGen Maker
2008-04-21 22:11 . 2008-04-21 22:11 <DIR> d----c--- C:\WINDOWS\uninstall
2008-04-21 20:17 . 2008-04-21 20:17 16 --a--c--- C:\WINDOWS\system32\coh.cache
2008-04-20 20:25 . 2008-04-20 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-20 20:13 . 2008-04-21 21:25 <DIR> d----c--- C:\Program Files\Wireless WEP Key Password Spy
2008-04-18 19:01 . 2008-04-23 10:58 <DIR> d----c--- C:\Program Files\Speeditup Free
2008-04-17 04:49 . 2007-12-19 11:06 172,032 --a--c--- C:\WINDOWS\system32\igfxres.dll
2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\WINDOWS\OPTIONS
2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\Program Files\Realtek
2008-04-17 04:43 . 2008-01-31 21:45 53,248 --a--c--- C:\WINDOWS\system32\CSVer.dll
2008-04-17 04:40 . 2008-04-17 04:40 <DIR> d----c--- C:\WINDOWS\system32\ENU
2008-04-17 04:40 . 2007-10-18 15:51 126,976 --a--c--- C:\WINDOWS\system32\Imsmudlg.exe
2008-04-16 22:59 . 2004-06-14 14:56 427,864 --a--c--- C:\WINDOWS\system32\XceedZip.dll
2008-04-16 22:38 . 2008-04-16 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}
2008-04-14 14:52 . 2008-04-14 14:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 14:34 . 2008-04-19 09:21 <DIR> d----c--- C:\Program Files\XoftSpySE
2008-04-13 22:26 . 2008-05-10 20:37 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-13 12:40 . 2008-04-30 09:24 <DIR> d----c--- C:\WINDOWS\system32\NtmsData
2008-04-11 21:28 . 2007-10-01 16:40 1,526,072 --a--c--- C:\WINDOWS\WRSetup.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 19:43 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-05-11 03:32 495,616 -cs---w C:\WINDOWS\system32\love.exe
2008-05-11 02:30 --------- dc----w C:\Program Files\Thinstall.VS
2008-05-09 00:26 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\U3
2008-05-08 02:35 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Thinstall
2008-05-07 22:51 --------- dc----w C:\Program Files\FriendBlasterPro
2008-05-06 00:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-05-06 00:55 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 21:01 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Registry Help Pro
2008-05-03 20:47 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-05-03 20:46 307,968 -c--a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-02 16:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
2008-04-30 16:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\iolo
2008-04-30 16:24 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\LimeWire
2008-04-30 16:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-30 15:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 00:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-28 03:39 6,596 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-28 03:39 58,912 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-28 03:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-28 03:35 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-26 13:54 --------- dc----w C:\Program Files\RegCure
2008-04-24 01:52 --------- dc----w C:\Program Files\Microsoft Money 2006
2008-04-20 20:10 --------- dc----w C:\Program Files\KGB Archiver 2
2008-04-17 22:24 --------- dc----w C:\Program Files\Hewlett-Packard
2008-04-17 11:40 --------- dc----w C:\Program Files\Intel
2008-04-14 04:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-04-12 04:47 --------- dc----w C:\Program Files\Hitman Pro
2008-04-11 06:55 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:57 164 -c--a-w C:\install.dat
2008-04-08 03:42 32,300 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 03:42 2,331,424 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 01:46 --------- dc----w C:\Program Files\Enigma Software Group
2008-04-07 23:46 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-04-07 21:00 --------- dc----w C:\Program Files\Kaspersky Lab
2008-04-07 05:50 --------- dc----w C:\Program Files\Yahoo!
2008-04-07 02:07 --------- dc----w C:\Program Files\Avant Browser
2008-04-04 03:30 31,938 -c--a-w C:\WINDOWS\system32\tcpipbak.reg
2008-04-03 21:11 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\URSoft
2008-04-03 05:32 --------- dc----w C:\Program Files\Lavasoft
2008-04-03 01:49 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Auslogics
2008-04-03 01:20 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\IconTweaker
2008-04-02 00:22 --------- dc----w C:\Program Files\Dachshund Software
2008-04-01 23:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Lavasoft
2008-04-01 23:31 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\AdobeUM
2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Sonic
2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Leadertech
2008-04-01 02:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\JP Software
2008-03-30 23:11 --------- dc----w C:\Program Files\CBS Software
2008-03-30 05:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\acccore
2008-03-30 02:59 --------- dc----w C:\Program Files\AIM6
2008-03-30 02:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-30 02:57 --------- dc----w C:\Program Files\Common Files\AOL
2008-03-29 21:50 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\InstallShield
2008-03-25 11:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\PC Tools
2008-03-21 11:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\BinarySense
2008-03-21 11:36 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\tor
2008-03-21 11:19 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Mask Surf Standard
2008-03-20 18:36 --------- dc----w C:\Documents and Settings\Administrator.STEPHEN\Application Data\Uniblue
2008-03-20 18:06 --------- dc----w C:\Program Files\Uniblue
2008-03-20 17:47 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Uniblue
2008-03-20 09:13 --------- dc----w C:\Program Files\Java
2008-03-19 16:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DMCache
2008-03-19 09:47 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-03-15 00:52 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint
2008-03-14 19:54 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-03-14 08:59 --------- dc----w C:\Program Files\Remove on Reboot
2008-03-14 04:47 --------- dc----w C:\Program Files\MySpace
2008-03-13 08:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\gtk-2.0
2008-03-13 08:47 --------- dc----w C:\Program Files\PidginPortable
2008-03-13 05:35 --------- dc----w C:\Program Files\Microsoft Works
2008-03-13 04:21 --------- dc-h--w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\yahoo!
2008-03-11 07:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DelinvFile
2008-03-11 02:33 --------- dc----w C:\Program Files\Acesoft
2008-03-11 01:40 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\TeamViewer
2008-03-01 13:06 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 20:15 28,416 -c--a-w C:\WINDOWS\system32\uxtuneup.dll
2008-02-23 06:01 675,328 -c--a-w C:\WINDOWS\is-L7F12.exe
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
2007-12-04 02:07 2 -cshatr C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 15:21 135168]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"SQ931STI"="C:\WINDOWS\SQ931STI.EXE" [2007-01-24 14:24 151552]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 22:22 794713]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 11:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 11:08 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 11:07 131072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explo rer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\disallowrun]
"1"= love.exe

[HKLM\~\startupfolder\C:^Documents and Settings^Stephen Matthews.STEPHEN^Start Menu^Programs^StartUp^HDDlife.lnk]
backup=C:\WINDOWS\pss\HDDlife.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2008-04-24 08:49]
R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 06:01]
S3 SQ931;USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\Capt931a.sys [2007-03-27 17:44]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 13:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{61825c52-ed79-11dc-b43f-0014a5f0bae9}]
\Shell\AutoRun\command - F:\setupSNK.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - RADDRVV3
.
Contents of the 'Scheduled Tasks' folder
"2008-05-03 15:49:47 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Stephen Matthews.job"
- C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\Navw32.exe
"2008-04-24 20:17:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-11 12:43:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-11 12:46:32
ComboFix-quarantined-files.txt 2008-05-11 19:46:27

Pre-Run: 32,881,324,032 bytes free
Post-Run: 32,939,630,592 bytes free

255 --- E O F --- 2008-04-28 02:20:07
Last edited by bigdaddysjm09 : 11-May-2008 06:21 PM.
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
11-May-2008, 06:41 PM #7
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:59 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\love.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SQ931STI.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKCU\..\Policies\Explorer\Run: [] C:\WINDOWS\system32\config\sysrestore.exe -s
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/...ws-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avp - GRISOFT, s.r.o. - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9826 bytes
Last edited by bigdaddysjm09 : 11-May-2008 07:29 PM.
Cookiegal's Avatar
Administrator with 54,829 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
12-May-2008, 07:27 PM #8
I just wanted to let you know that I haven't forgotten you but I won't be able to get to that log until tomorrow morning.
Last edited by Cookiegal : 13-May-2008 11:19 AM.
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
12-May-2008, 11:20 PM #9
oh don't worry i can wait it's all cool....someone looked at it and i've tried everything i've run scans with norton internet security...nod32.....kaspersky internet security.....spyeraser (uniblue)....Spybot Search and Destroy....XoftSpy SE.....and quite a few online scanners.....and they've picked up nothing but cookies and when i delete this file known as love.exe i get an error saying it's missing ot of my system32 folder....but i can wait no problem....thanks for the help so far...i really appreciate it
Cookiegal's Avatar
Administrator with 54,829 posts.
  
Join Date: Aug 2003
Location: Quebec, Canada
13-May-2008, 11:21 AM #10
Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/

C:\WINDOWS\is-L7F12.exe


Open Notepad and copy and paste the text in the code box below into it:

Code:
File::
C:\WINDOWS\system32\S.BAT
C:\WINDOWS\system32\love.exe
C:\WINDOWS\winstart.bat

Folder::
C:\WINDOWS\uninstall\F4U KeyGen Maker
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Program Files\Enigma Software Group
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint

DirLook::
C:\Setup
C:\INCINERATE
C:\WINDOWS\uninstall
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.




This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
__________________
Microsoft MVP - Consumer Security

Alliance of Security Analysis Professionals
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
13-May-2008, 11:48 PM #11
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


but idk where it came from if you want me to delete it i can..
bigdaddysjm09's Avatar
Computer Specs
Member with 70 posts.
  
Join Date: Jan 2008
Location: Tennessee
Experience: Intermediate
14-May-2008, 07:41 AM #12
combofix log
ComboFix 08-05-11.1 - Stephen Matthews 2008-05-13 20:48:53.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT -7:00]
Running from: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\love.exe
C:\WINDOWS\system32\S.BAT
C:\WINDOWS\winstart.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1271263650.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-392803713.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1469554372.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\155915928.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\656290609.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1013624820.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2015586220.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-51377543.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-825612810.swf
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-905540712.mtz
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1806120299.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1879617777.mtz
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1250051772.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-135678801.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-729682611.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1759399190.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1901163955.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-135813659.swf
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1446580733.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1469502972.swf
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1997079084.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\570236374.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\663702647.mts
C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\853263198.mts
C:\Program Files\Enigma Software Group
C:\WINDOWS\system32\i.txt
C:\WINDOWS\system32\love.exe
C:\WINDOWS\system32\S.BAT
C:\WINDOWS\uninstall\F4U KeyGen Maker
C:\WINDOWS\uninstall\F4U KeyGen Maker\setup.exe
C:\WINDOWS\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
.

2008-05-13 20:40 . 2008-05-13 20:40 <DIR> d----c--- C:\WINDOWS\LastGood
2008-05-12 20:46 . 2004-03-09 00:00 224,016 --a--c--- C:\WINDOWS\system32\TabCtl32.ocx
2008-05-12 20:46 . 2004-03-09 00:00 132,880 --a--c--- C:\WINDOWS\system32\msinet.ocx
2008-05-12 16:45 . 2007-09-18 15:24 676,224 --a--c--- C:\WINDOWS\system32\OGACheckControl.dll
2008-05-10 20:42 . 2008-05-10 20:42 <DIR> d----c--- C:\Program Files\Trend Micro
2008-05-07 20:52 . 2008-05-07 20:52 <DIR> d----c--- C:\Program Files\Radmin Viewer 3
2008-05-07 18:32 . 2008-05-07 18:32 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Radmin
2008-05-07 16:57 . 2008-05-10 19:27 <DIR> d----c--- C:\WINDOWS\system32\rserver30
2008-05-06 17:58 . 2008-05-06 17:58 <DIR> d----c--- C:\WINDOWS\Migo Recover Lost Data
2008-05-06 14:20 . 2008-05-06 14:20 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Aurora Web Editor
2008-05-06 10:49 . 2008-05-06 16:05 <DIR> d----c--- C:\Program Files\Multimedia Australia
2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\SUPERAntiSpyware.com
2008-05-03 12:56 . 2008-05-03 12:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-01 21:44 . 2008-05-01 21:44 <DIR> d----c--- C:\Setup
2008-05-01 20:56 . 2008-05-01 20:56 <DIR> d--hsc--- C:\INCINERATE
2008-04-29 14:42 . 2008-04-29 14:42 <DIR> d----c--- C:\Program Files\Speed Gear 5
2008-04-27 20:07 . 2008-04-27 20:40 <DIR> d----c--- C:\Program Files\Norton Internet Security
2008-04-27 20:06 . 2008-04-27 20:35 123,952 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-27 20:06 . 2008-04-27 20:35 60,800 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-27 20:05 . 2008-04-27 20:35 <DIR> d----c--- C:\Program Files\Symantec
2008-04-27 19:15 . 2008-04-27 19:17 <DIR> d----c--- C:\WINDOWS\system32\Adobe
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_2_D1.prf
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_1_D1.prf
2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\AM_D0.PRF
2008-04-26 07:45 . 2008-04-26 07:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SRS Labs
2008-04-26 07:45 . 2007-05-03 10:27 47,360 -ra--c--- C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 46,592 -ra--c--- C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:28 39,552 -ra--c--- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 37,248 -ra--c--- C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
2008-04-26 07:45 . 2007-05-03 10:27 32,000 -ra--c--- C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
2008-04-25 21:06 . 2008-04-25 21:06 <DIR> d----c--- C:\Program Files\Google Hacks
2008-04-25 15:12 . 2007-12-24 17:37 138,384 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-24 21:00 . 2008-04-24 21:00 <DIR> d----c--- C:\Documents and Settings\Administrator.STEPHEN\Application Data\Lavasoft
2008-04-23 18:56 . 2008-04-23 18:56 <DIR> d----c--- C:\Program Files\LimeWire
2008-04-23 17:06 . 2008-04-23 17:06 71 --a--c--- C:\WINDOWS\SpotAuditor.INI
2008-04-22 15:01 . 2008-04-22 15:01 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools Pro
2008-04-22 14:56 . 2007-02-22 09:05 90,112 --a--c--- C:\Progr_.dll
2008-04-22 14:38 . 2008-04-22 14:38 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools
2008-04-22 14:38 . 2008-04-22 14:38 717,296 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
2008-04-22 04:59 . 2008-04-22 04:59 1,409 --a--c--- C:\WINDOWS\system32\tmp621EE.FOT
2008-04-22 04:59 . 2008-04-22 04:59 24 --a--c--- C:\WINDOWS\AM_D8.PRF
2008-04-22 04:55 . 2008-04-26 11:26 <DIR> d----c--- C:\Program Files\Graffiti Studio 2.0
2008-04-21 22:11 . 2008-05-13 20:49 <DIR> d----c--- C:\WINDOWS\uninstall
2008-04-21 20:17 . 2008-04-21 20:17 16 --a--c--- C:\WINDOWS\system32\coh.cache
2008-04-20 20:25 . 2008-04-20 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-20 20:13 . 2008-04-21 21:25 <DIR> d----c--- C:\Program Files\Wireless WEP Key Password Spy
2008-04-18 19:01 . 2008-05-11 22:35 <DIR> d----c--- C:\Program Files\Speeditup Free
2008-04-17 04:49 . 2007-12-19 11:06 172,032 --a--c--- C:\WINDOWS\system32\igfxres.dll
2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\WINDOWS\OPTIONS
2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\Program Files\Realtek
2008-04-17 04:43 . 2008-01-31 21:45 53,248 --a--c--- C:\WINDOWS\system32\CSVer.dll
2008-04-17 04:40 . 2008-04-17 04:40 <DIR> d----c--- C:\WINDOWS\system32\ENU
2008-04-17 04:40 . 2007-10-18 15:51 126,976 --a--c--- C:\WINDOWS\system32\Imsmudlg.exe
2008-04-16 22:59 . 2004-06-14 14:56 427,864 --a--c--- C:\WINDOWS\system32\XceedZip.dll
2008-04-16 22:38 . 2008-04-16 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}
2008-04-14 14:52 . 2008-04-14 14:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-14 14:34 . 2008-04-19 09:21 <DIR> d----c--- C:\Program Files\XoftSpySE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 02:53 675,328 -c--a-w C:\WINDOWS\is-L7F12.exe
2008-05-14 02:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-14 02:15 --------- dc----w C:\Program Files\Common Files\Symantec Shared
2008-05-13 03:43 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 03:30 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
2008-05-13 03:30 249,856 -c----w C:\WINDOWS\Setup1.exe
2008-05-12 04:02 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\LimeWire
2008-05-11 02:30 --------- dc----w C:\Program Files\Thinstall.VS
2008-05-09 00:26 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\U3
2008-05-08 02:35 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Thinstall
2008-05-07 22:51 --------- dc----w C:\Program Files\FriendBlasterPro
2008-05-06 00:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-05-06 00:55 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 21:01 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Registry Help Pro
2008-05-03 20:47 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-05-03 20:46 307,968 -c--a-w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-05-02 16:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
2008-04-30 16:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\iolo
2008-04-30 16:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-30 00:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-28 03:39 6,596 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-28 03:39 58,912 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-28 03:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-28 03:35 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-26 13:54 --------- dc----w C:\Program Files\RegCure
2008-04-24 01:52 --------- dc----w C:\Program Files\Microsoft Money 2006
2008-04-20 20:10 --------- dc----w C:\Program Files\KGB Archiver 2
2008-04-17 22:24 --------- dc----w C:\Program Files\Hewlett-Packard
2008-04-17 11:40 --------- dc----w C:\Program Files\Intel
2008-04-12 04:47 --------- dc----w C:\Program Files\Hitman Pro
2008-04-11 06:55 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-11 03:57 164 -c--a-w C:\install.dat
2008-04-08 03:42 32,300 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 03:42 2,331,424 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-07 23:46 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-04-07 21:00 --------- dc----w C:\Program Files\Kaspersky Lab
2008-04-07 05:50 --------- dc----w C:\Program Files\Yahoo!
2008-04-07 02:07 --------- dc----w C:\Program Files\Avant Browser
2008-04-04 03:30 31,938 -c--a-w C:\WINDOWS\system32\tcpipbak.reg
2008-04-03 21:11 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\URSoft
2008-04-03 05:32 --------- dc----w C:\Program Files\Lavasoft
2008-04-03 01:49 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Auslogics
2008-04-03 01:20 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\IconTweaker
2008-04-02 00:22 --------- dc----w C:\Program Files\Dachshund Software
2008-04-01 23:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Lavasoft
2008-04-01 23:31 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\AdobeUM
2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Sonic
2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Leadertech
2008-04-01 02:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\JP Software
2008-03-30 23:11 --------- dc----w C:\Program Files\CBS Software
2008-03-30 05:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\acccore
2008-03-30 02:59 --------- dc----w C:\Program Files\AIM6
2008-03-30 02:57 --------- dc----w C:\Program Files\Common Files\AOL
2008-03-29 21:50 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\InstallShield
2008-03-25 11:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\PC Tools
2008-03-21 11:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\BinarySense
2008-03-21 11:36 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\tor
2008-03-21 11:19 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Mask Surf Standard
2008-03-20 18:36 --------- dc----w C:\Documents and Settings\Administrator.STEPHEN\Application Data\Uniblue
2008-03-20 18:06 --------- dc----w C:\Program Files\Uniblue
2008-03-20 17:47 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Uniblue
2008-03-20 09:13 --------- dc----w C:\Program Files\Java
2008-03-19 16:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DMCache
2008-03-19 09:47 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 19:54 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-03-14 08:59 --------- dc----w C:\Program Files\Remove on Reboot
2008-03-14 04:47 --------- dc----w C:\Program Files\MySpace
2008-03-01 13:06 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 20:15 28,416 -c--a-w C:\WINDOWS\system32\uxtuneup.dll
2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\INCINERATE ----

2008-05-01 21:38 65 ---hsc--- C:\INCINERATE\desktop.ini
2008-05-01 20:58 0 --a--c--- C:\INCINERATE\info.shr

---- Directory of C:\Setup ----

2008-05-01 21:44 4090214 --a--c--- C:\Setup\Setup.exe

---- Directory of C:\WINDOWS\uninstall ----

2008-04-21 22:11 417802 --a--c--- C:\WINDOWS\uninstall\F4U KeyGen Maker\setup.exe


((((((((((((((((((((((((((((( snapshot@2008-05-11_12.46.12.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 03:32:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 11:52:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-30 15:00:41 217,864 -c--a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 02:16:17 217,864 -c--a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
- 2008-04-30 15:01:50 20,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-14 02:22:42 20,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-30 15:01:50 184,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-14 02:22:42 184,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2008-04-30 15:01:50 217,864 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-14 02:22:42 217,864 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
- 2008-04-30 15:01:50 18,704 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-14 02:22:42 18,704 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.e