Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Infected with conime.exe
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Infected with conime.exe  
Forum Quick Jump
 
New Topic Post reply to : Infected with conime.exe Printable version of : Infected with conime.exe
[ << Previous Thread | Next Thread >> ]

currypig
New Member


Date Joined Dec 2007
Total Posts : 7
  		   Posted 12-15-2007 9:40 (GMT +1)    Quote: Infected with conime.exeAlert an admin about: Infected with conime.exe
Hi,
I have tried to use all the methods till the combofix. However wheneveri finish using combofix , after the system reboots i am unable to go to the net even though i am connected to the internet. Have to reformat the com in order to get to the internet to post my past log.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:36:53 AM, on 12/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\Outspark\Launcher\outspark.exe
C:\Documents and Settings\!!!!!\Local Settings\Temporary Internet Files\Content.IE5\BBNR8MQU\HiJackThis[1].exe
C:\DOCUME~1\!!!!!\LOCALS~1\Temp\Fiesta.Patch.70-71b.7z.729457.dir\Fiesta.Patch.70-71.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vaio-online.sony.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PrepareYourVAIO] "C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe" SETUPVU
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 9228 bytes
 
ComboFix 07-12-15.3 - curry 2007-12-17 13:56:27.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.581 [GMT 8:00]
Running from: C:\Documents and Settings\curry\Desktop\ComboFix.exe
 * Created a new restore point
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\addrTLhelp.dll
C:\WINDOWS\system32\GDQQHXI32.dll
C:\WINDOWS\system32\GDWMI32.dll
C:\WINDOWS\system32\GDDJI32.dll
C:\WINDOWS\system32\GDWLI32.dll
C:\WINDOWS\system32\GDHnXaI32.dll
C:\WINDOWS\system32\GDQJI32.dll
C:\WINDOWS\system32\GDJZI32.dll

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Program Files\Internet Explorer\PLUGINS\NvWin_5.Jmp
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\Fonts\ardaase.fon
C:\WINDOWS\Fonts\armease.fon
C:\WINDOWS\Fonts\chreaur.fon
C:\WINDOWS\Fonts\enpoafx.fon
C:\WINDOWS\Fonts\enweafx.fon
C:\WINDOWS\Fonts\gjcuaxw.fon
C:\WINDOWS\Fonts\msguasd.fon
C:\WINDOWS\Fonts\mswuasd.fon
C:\WINDOWS\Fonts\mszhasd.fon
C:\WINDOWS\Fonts\wireafw.fon
C:\WINDOWS\Fonts\wymoafz.fon
C:\WINDOWS\Fonts\wyzuafz.fon
C:\WINDOWS\system\[u]0[/u]0008.exe
C:\WINDOWS\system\[u]0[/u]0019.exe
C:\WINDOWS\system\[u]0[/u]0023.exe
C:\WINDOWS\system32\avzxjmn.dll
C:\WINDOWS\system32\DbgHlp32.dll
C:\WINDOWS\system32\drivers\comint32.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\kvdxjma.dll
C:\WINDOWS\system32\MsPrint32D.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qdshm.dll
C:\WINDOWS\system32\rarjepi.dll
C:\WINDOWS\system32\rarjetl.exe
C:\WINDOWS\system32\upxdnd.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\upxdnd.exe
D:\Autorun.inf
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_COMINT32
-------\LEGACY_NPF
-------\comint32
-------\NPF

(((((((((((((((((((((((((   Files Created from 2007-11-17 to 2007-12-17  )))))))))))))))))))))))))))))))
.
2007-12-17 11:45 . 2007-12-17 11:45 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-12-17 02:38 . 2007-12-17 02:38 <DIR> d-------- C:\Documents and Settings\curry\Application Data\Grisoft
2007-12-17 02:38 . 2007-12-17 02:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-17 02:38 . 2007-05-30 20:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-16 23:44 . 2007-12-16 23:44 14,585 --a------ C:\WINDOWS\system32\gdwli32.dll.vir
2007-12-16 23:34 . 2007-12-16 17:04 16,492 --a------ C:\WINDOWS\szklyq.exe
2007-12-16 17:16 . 2007-12-16 17:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-12-16 17:13 . 2007-12-16 17:13 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-16 17:13 . 2007-12-16 17:14 <DIR> d-------- C:\Program Files\CCleaner
2007-12-16 16:50 . 2007-12-16 16:50 <DIR> d-------- C:\WINDOWS\Sun
2007-12-16 16:39 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-16 16:39 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-16 16:39 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-16 05:09 . 2007-12-16 05:09 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-16 00:45 . 2007-12-16 00:45 <DIR> d-------- C:\Documents and Settings\curry\Contacts
2007-12-16 00:42 . 2007-12-16 00:42 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-16 00:41 . 2007-12-16 00:44 <DIR> d-------- C:\Program Files\Windows Live
2007-12-16 00:41 . 2007-12-16 00:44 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-16 00:40 . 2007-12-16 00:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-16 00:38 . 2007-12-16 23:34 95,744 --a------ C:\WINDOWS\system\inudhya.dll
2007-12-16 00:38 . 2007-12-16 00:38 51,042 --a------ C:\WINDOWS\system\soundma.exe
2007-12-16 00:38 . 2007-12-16 23:44 4,026 --a------ C:\WINDOWS\system\SYSTEM128.VXD
2007-12-16 00:32 . 2007-10-11 07:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-16 00:32 . 2007-07-01 11:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-16 00:32 . 2007-07-01 11:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-16 00:32 . 2007-10-11 07:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-16 00:32 . 2007-10-11 07:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-16 00:32 . 2007-10-11 07:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-16 00:32 . 2007-10-11 07:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-16 00:32 . 2007-10-11 07:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-16 00:32 . 2007-10-10 18:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-16 00:28 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-16 00:26 . 2007-12-16 00:26 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 23:14 . 2007-07-09 21:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-15 23:12 . 2006-12-07 14:40 2,362,184 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-12-15 22:40 . 2007-12-15 22:43 <DIR> d-------- C:\Documents and Settings\curry\Builds
2007-12-15 01:35 . 2007-12-15 01:35 <DIR> d-------- C:\Documents and Settings\curry\Application Data\ICQ Toolbar
2007-12-15 01:33 . 2007-12-15 22:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2007-12-15 01:32 . 2007-12-15 22:27 <DIR> d-------- C:\Program Files\Outspark
2007-12-15 01:29 . 2007-12-17 10:41 28,000 ---hs---- C:\WINDOWS\system\C0NIME.EXE
2007-12-15 01:29 . 2007-12-17 10:41 28,000 ---hs---- C:\ntldr.exe
2007-12-15 01:27 . 2007-12-16 16:42 <DIR> d-------- C:\Program Files\ICQToolbar
2007-12-15 01:27 . 2007-12-15 01:29 <DIR> d-------- C:\Program Files\ICQ6
2007-12-15 01:27 . 2007-12-15 01:27 <DIR> d---s---- C:\Documents and Settings\curry\UserData
2007-12-15 01:27 . 2007-12-15 01:29 <DIR> d-------- C:\Documents and Settings\curry\Application Data\ICQ
2007-12-15 01:26 . 2007-12-15 01:26 <DIR> d-------- C:\Documents and Settings\curry\Application Data\InstallShield
2007-12-15 01:20 . 2007-12-15 01:20 <DIR> d-------- C:\WINDOWS\system32\VAIOcameravjsrc
2007-12-15 01:20 . 2005-11-25 16:35 368,640 --a------ C:\WINDOWS\system32\cameravj.scr
2007-12-15 01:20 . 2004-12-27 19:55 53,248 --a------ C:\WINDOWS\system32\vaiomov.scr
2007-12-15 01:20 . 2007-12-15 01:20 56 --a------ C:\WINDOWS\WININIT.INI
2007-12-15 01:20 . 2007-12-15 01:20 0 --a------ C:\WINDOWS\VAIOUpdt.INI
2007-12-15 01:20 . 2001-12-09 17:13 0 --a------ C:\WINDOWS\system32\snyprmnd.oem
2007-12-15 01:19 . 2007-12-15 01:19 <DIR> d-------- C:\Program Files\Roxio
2007-12-15 01:19 . 2007-12-15 01:20 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-12-15 01:18 . 2005-09-08 10:09 565,248 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2007-12-15 01:18 . 2005-08-25 16:43 68,608 --a------ C:\WINDOWS\system32\SonyAIwo.dll
2007-12-15 01:18 . 2005-08-10 10:27 61,952 --a------ C:\WINDOWS\system32\SonyAIds.dll
2007-12-15 01:18 . 2005-06-20 15:38 38,400 --a------ C:\WINDOWS\system32\SonyAIwd.dll
2007-12-15 01:16 . 2007-12-15 01:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\VAIO Media Platform
2007-12-15 01:15 . 2004-05-13 18:53 757,760 --a------ C:\WINDOWS\system32\CDDBUI.dll
2007-12-15 01:15 . 2004-05-13 18:53 630,784 --a------ C:\WINDOWS\system32\CDDBControl.dll
2007-12-15 01:14 . 2007-12-15 01:14 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2007-12-15 01:14 . 2002-12-17 16:23 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-12-15 01:14 . 2002-10-20 14:05 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-12-15 01:10 . 2007-12-15 01:10 <DIR> d-------- C:\Program Files\Toshiba
2007-12-15 01:09 . 2007-12-15 01:09 <DIR> d-------- C:\Documents and Settings\All Users\ImageConverter2
2007-12-15 01:08 . 2005-12-27 08:36 <DIR> d-------- C:\Documents and Settings\curry\Application Data\Symantec
2007-12-15 01:08 . 2007-12-15 01:33 <DIR> d-------- C:\Documents and Settings\curry\Application Data\Sony Corporation
2007-12-15 01:08 . 2004-08-04 20:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-15 01:06 . 2005-12-27 08:36 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-12-15 01:06 . 2005-12-27 08:25 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Sony Corporation
2007-12-15 01:06 . 2007-12-15 01:06 <DIR> d-------- C:\Program Files\Program Shortcuts
2007-12-15 01:06 . 2007-12-15 01:06 0 -rah----- C:\WINDOWS\system32\drivers\Sony_VGN-FE15GP.mrk
2007-12-15 01:04 . 2001-08-18 06:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-17 06:01 112 ----a-w C:\WINDOWS\Fonts\okmhbcs.dll
2007-12-17 06:01 109 ----a-w C:\WINDOWS\Fonts\wszjccj.dll
2007-12-17 06:01 109 ----a-w C:\WINDOWS\Fonts\kapjecsa.dll
2007-12-17 06:01 107 ----a-w C:\WINDOWS\Fonts\avwlgina.dll
2007-12-17 06:01 103 ----a-w C:\WINDOWS\Fonts\wsmsecj.dll
2007-12-17 06:01 103 ----a-w C:\WINDOWS\Fonts\gjcsass.dll
2007-12-17 06:01 101 ----a-w C:\WINDOWS\Fonts\swrcfcs.dll
2007-12-17 06:01 101 ----a-w C:\WINDOWS\Fonts\kawdfcsa.dll
2007-12-17 06:01 101 ----a-w C:\WINDOWS\Fonts\avwghin.dll
2007-12-17 05:58 105 ----a-w C:\WINDOWS\Fonts\kvdxjcf.dll
2007-12-17 05:58 105 ----a-w C:\WINDOWS\Fonts\avzxjin.dll
2007-12-17 05:56 102 ----a-w C:\WINDOWS\Fonts\rarjenia.dll
2007-12-14 17:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-12-14 17:20 --------- d-----w C:\Program Files\Sony
2007-12-14 17:18 --------- d-----w C:\Program Files\Common Files\Sony Shared
2007-12-14 17:09 --------- d-----w C:\Program Files\InterVideo
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2004-08-04 09:04 24,394 --sh--w C:\WINDOWS\system32\avwghmn.dll
2004-08-04 09:04 26,454 --sh--w C:\WINDOWS\system32\avwlgmn.dll
2004-08-04 09:04 21,326 --sh--w C:\WINDOWS\system32\gjcsayc.dll
2004-08-04 09:04 24,410 --sh--w C:\WINDOWS\system32\kapjezy.dll
2004-08-04 09:04 23,882 --sh--w C:\WINDOWS\system32\kawdfzy.dll
2004-08-04 09:04 24,928 --sh--w C:\WINDOWS\system32\okmhbzy.dll
2004-08-04 09:04 23,882 --sh--w C:\WINDOWS\system32\swrcfzc.dll
2004-08-04 09:04 25,934 --sh--w C:\WINDOWS\system32\wsmsezx.dll
2004-08-04 09:04 21,850 --sh--w C:\WINDOWS\system32\wszjczx.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-11-24 11:47]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 21:36]
"TBMonEx"="C:\WINDOWS\system\C0NIME.EXE" [2007-12-17 10:41]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 20:00 C:\WINDOWS\system32\rundll32.exe]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2005-12-27 08:28:05]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{2A57CAD1-412F-9547-713F-9641FA3FC7A2}"= C:\WINDOWS\system32\okmhbzy.dll [2004-08-04 17:04 24928]
"{792FADFA-BCDE-ACDF-CDEF-21054865CBA7}"= C:\WINDOWS\system32\wsmsezx.dll [2004-08-04 17:04 25934]
"{778A7521-FA87-34AB-34C2-4893F3AD34C7}"= C:\WINDOWS\system32\swrcfzc.dll [2004-08-04 17:04 23882]
"{68907901-1416-3389-9981-372178569986}"= C:\WINDOWS\system32\kawdfzy.dll [2004-08-04 17:04 23882]
"{8A1247C1-53DA-FF43-ABD3-345F323A48D8}"= C:\WINDOWS\system32\avwghmn.dll [2004-08-04 17:04 24394]
"{A859245F-345D-BC13-AC4F-145D47DA34FA}"= C:\WINDOWS\system32\avzxjmn.dll [ ]
"{7960356A-458E-DE24-BD50-268F589A56A7}"= C:\WINDOWS\system32\avwlgmn.dll [2004-08-04 17:04 26454]
"{1FA10261-B890-F432-A453-69F1023513F1}"= C:\WINDOWS\system32\gjcsayc.dll [2004-08-04 17:04 21326]
"{35679330-4034-9021-7012-909856721373}"= C:\WINDOWS\system32\wszjczx.dll [2004-08-04 17:04 21850]
"{5A321487-4977-D98A-C8D5-6488257545A5}"= C:\WINDOWS\system32\kapjezy.dll [2004-08-04 17:04 24410]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2005-05-21 09:42 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wszjczx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360rpt.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360Safe.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\360tray.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ACKWIN32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ANTI-TROJAN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\APVXDWIN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\asktao.mod]
Debugger=C:\WINDOWS\system\wdlm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AUTODOWN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVCONSOL.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVE32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVGCTRL.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVKSERV.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVNT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPCC.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPDOS32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPM.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPTC32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVPUPD.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVSCHED32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWIN95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVWUPD32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKD.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\BLACKICE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIADMIN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFIAUDIT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CFINET32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLAW95CF.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CLEANER3.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DVP95_0.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ECENGINE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EGHOST.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ESAFE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\EXPWATCH.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-AGNT95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-PROT95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\F-STOPW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FESCUE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FINDVIRU.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FP-WIN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPROT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FRW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMAPP.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IAMSERV.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMASN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IBMAVSP.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOAD95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICLOADNT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICMON.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPP95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ICSUPPNT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IFACE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\IOMON98.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Iparmor.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\JEDI.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVsvc.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVSvcUI.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVFW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVMonXP.kxp]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVSrvXP.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KVwsc.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KvXP.kxp]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KWatchUI.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOCKDOWN2000.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo1_.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Logo_1.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LOOKOUT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LUALL.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MAILMON.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MOOLIVE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\MPFTRAY.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\my.exe]
Debugger=C:\WINDOWS\system\lmmh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\N32SCANW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapw32.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVLU32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVNT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navw32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVWNT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NISUM.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NMain.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NORMIST.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NUPGRADE.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NVC95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVCL.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVSCHED.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PAVW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCCWIN98.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PCFWALLICON.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PERSFW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\PFW.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Play.exe]
Debugger=C:\WINDOWS\system\lmmy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rav.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAV7WIN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVmon.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVmonD.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RAVtimer.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Rising.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SAFEWEB.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCAN95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCANPM.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SCRSCAN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SERV95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SMC.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SPHINX.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SWEEP95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TBSCAN.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TCA.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-98.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TDS2-NT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\THGUARD.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TrojanHunter.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VET95.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VETTRAY.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSCAN40.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSECOMR.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSHWIN32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\VSSTAT.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WEBSCANX.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\WFINDV32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ZONEALARM.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVP32.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVPCC.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\_AVPM.EXE]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ÐÞ¸´¹¤¾ß.exe]
Debugger=C:\WINDOWS\system\C0NIME.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^curry^Start Menu^Programs^Startup^E-Flyer.lnk]
path=C:\Documents and Settings\curry\Start Menu\Programs\Startup\E-Flyer.lnk
backup=C:\WINDOWS\pss\E-Flyer.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^curry^Start Menu^Programs^Startup^VAIO Launcher.lnk]
path=C:\Documents and Settings\curry\Start Menu\Programs\Startup\VAIO Launcher.lnk
backup=C:\WINDOWS\pss\VAIO Launcher.lnkStartup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-12-16 23:44 147586 --a------ C:\Program Files\Apoint\Apoint.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2005-09-17 15:27 52848 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 20:00 15360 --a------ C:\WINDOWS\system32\ctfmon.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
   C:\WINDOWS\DbgHlp32.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
   C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetExe]
   C:\WINDOWS\system\motou.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\inudhya]
2007-12-16 00:38 51042 --a------ C:\WINDOWS\system\soundma.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
   C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE REBOOT
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-21 06:12 32768 --a------ C:\Program Files\Sony\ISB Utility\ISBMgr.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
   ICO.EXE
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsPrint32D]
2007-12-16 17:04 16492 --a------ C:\WINDOWS\szklyq.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
   C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
   RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
   C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
   C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrepareYourVAIO]
2007-12-16 11:02 147586 --a------ C:\Program Files\Sony\Prepare your VAIO\PYVAlert.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2007-12-16 23:45 245890 --a------ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
2004-11-03 07:59 218240 --a------ C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-27 10:14 36975 --a------ C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBMonEx]
2007-12-17 10:41 28000 ---hs---- C:\WINDOWS\system\C0NIME.EXE
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\upxdnd]
   C:\WINDOWS\upxdnd.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
2005-10-23 09:29 23168 --a------ C:\Program Files\Norton Internet Security\UrlLstCk.exe
   
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2007-12-16 23:44 98434 --a------ C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
S3 HnXa;HnXa;\??\C:\WINDOWS\TEMP\tmp21.tmp
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
S3 PciHardDisk;PciHardDisk;\??\C:\WINDOWS\system32\fat32.sys
S3 PciHdd;PciHdd;\??\C:\WINDOWS\system32\drivers\pcihdd.sys
S3 QJ;QJ;\??\C:\WINDOWS\TEMP\tmp1E.tmp
S3 QQHX;QQHX;\??\C:\WINDOWS\TEMP\tmp15.tmp
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2005-12-27 00:32:25 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 14:02:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\wsmsezx.dll
PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\wsmsezx.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\wsmsezx.dll
-> C:\WINDOWS\system32\okmhbzy.dll
-> C:\WINDOWS\system32\swrcfzc.dll
-> C:\WINDOWS\system32\kawdfzy.dll
-> C:\WINDOWS\system32\avwghmn.dll
-> C:\WINDOWS\system32\avwlgmn.dll
-> C:\WINDOWS\system32\gjcsayc.dll
-> C:\WINDOWS\system32\wszjczx.dll
-> C:\WINDOWS\system32\kapjezy.dll
.
Completion time: 2007-12-17 14:04:56 - machine was rebooted
.
2007-12-15 21:09:53 --- E O F --- 
 
CLEANING COMPLETE - (34.863 secs)
------------------------------------------------------------------------------------------
1,908.0MB removed.
------------------------------------------------------------------------------------------
Details of files deleted
------------------------------------------------------------------------------------------
IE Temporary Internet Files (1835 files) 40.2MB
C:\Documents and Settings\curry\Cookies\curry@login.live[1].txt 698 bytes
C:\Documents and Settings\curry\Cookies\curry@forums.cnet[1].txt 81 bytes
C:\Documents and Settings\curry\Cookies\curry@messenger.msn[1].txt 96 bytes
C:\Documents and Settings\curry\Cookies\curry@com[1].txt 89 bytes
C:\Documents and Settings\curry\Cookies\curry@www.3dstats[1].txt 117 bytes
C:\Documents and Settings\curry\Cookies\curry@facebook[2].txt 645 bytes
C:\Documents and Settings\curry\Cookies\curry@m.webtrends[1].txt 201 bytes
C:\Documents and Settings\curry\Cookies\curry@icq[2].txt 668 bytes
C:\Documents and Settings\curry\Cookies\curry@atwola[1].txt 97 bytes
C:\Documents and Settings\curry\Cookies\curry@outspark[2].txt 620 bytes
C:\Documents and Settings\curry\Cookies\curry@windowsmarketplace[2].txt 260 bytes
C:\Documents and Settings\curry\Cookies\curry@www.bullguard[1].txt 751 bytes
C:\Documents and Settings\curry\Cookies\curry@advertising[1].txt 268 bytes
C:\Documents and Settings\curry\Cookies\curry@download[2].txt 606 bytes
C:\Documents and Settings\curry\Cookies\curry@microsoft[1].txt 386 bytes
C:\Documents and Settings\curry\Cookies\curry@liutilities[1].txt 388 bytes
C:\Documents and Settings\curry\Cookies\curry@www.download[1].txt 140 bytes
C:\Documents and Settings\curry\Cookies\curry@live[1].txt 1.60KB
C:\Documents and Settings\curry\Cookies\curry@cnet[1].txt 696 bytes
C:\Documents and Settings\curry\Cookies\curry@2o7[2].txt 677 bytes
C:\Documents and Settings\curry\Cookies\curry@revsci[2].txt 253 bytes
C:\Documents and Settings\curry\Cookies\curry@get.live[1].txt 169 bytes
C:\Documents and Settings\curry\Cookies\curry@indextools[1].txt 342 bytes
C:\Documents and Settings\curry\Cookies\curry@abmr[1].txt 196 bytes
C:\Documents and Settings\curry\Cookies\curry@zune[2].txt 232 bytes
C:\Documents and Settings\curry\Cookies\curry@home.live[1].txt 68 bytes
C:\Documents and Settings\curry\Cookies\curry@rad.microsoft[2].txt 750 bytes
C:\Documents and Settings\curry\Cookies\curry@p.live[1].txt 104 bytes
C:\Documents and Settings\curry\Cookies\curry@rad.msn[2].txt 690 bytes
C:\Documents and Settings\curry\Cookies\curry@msn[2].txt 886 bytes
C:\Documents and Settings\curry\Cookies\curry@wwp.greenwichmeantime[1].txt 392 bytes
C:\Documents and Settings\curry\Cookies\curry@google.com[1].txt 133 bytes
C:\Documents and Settings\curry\Cookies\curry@server.iad.liveperson[1].txt 106 bytes
C:\Documents and Settings\curry\Cookies\curry@h.live[1].txt 69 bytes
C:\Documents and Settings\curry\Cookies\curry@rad.live[2].txt 700 bytes
C:\Documents and Settings\curry\Cookies\curry@atdmt[2].txt 103 bytes
C:\Documents and Settings\curry\Cookies\curry@bleepingcomputer.us.intellitxt[1].txt 137 bytes
C:\Documents and Settings\curry\Cookies\curry@tribalfusion[2].txt 215 bytes
C:\Documents and Settings\curry\Cookies\curry@sc.intellitxt[1].txt 121 bytes
C:\Documents and Settings\curry\Cookies\curry@update.microsoft[1].txt 146 bytes
C:\Documents and Settings\curry\Cookies\curry@cgi-bin[2].txt 214 bytes
Marked for deletion: C:\Documents and Settings\curry\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marked for deletion: C:\Documents and Settings\curry\Cookies\index.dat
Marked for deletion: C:\Documents and Settings\curry\Local Settings\History\History.IE5\index.dat
Emptied Recycle Bin (2 files) 1,816.7MB
C:\WINDOWS\TEMP\Cookies\index.dat 16.00KB
C:\WINDOWS\TEMP\History\History.IE5\desktop.ini 113 bytes
C:\WINDOWS\TEMP\History\History.IE5\index.dat 16.00KB
C:\WINDOWS\TEMP\netfxsl.log 14.54KB
C:\WINDOWS\TEMP\NetFxUpdate_v1.1.4322.log 7.32KB
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\A1WVAB4F\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat 16.00KB
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\IVGH01YX\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\SPY32FGP\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\U5QTQNKV\desktop.ini 67 bytes
C:\WINDOWS\TEMP\tmp15.tmp 3.13KB
C:\WINDOWS\TEMP\tmp18.tmp 3.13KB
C:\WINDOWS\TEMP\tmp19.tmp 13.05KB
C:\WINDOWS\TEMP\tmp1B.tmp 3.13KB
C:\WINDOWS\TEMP\tmp1E.tmp 3.00KB
C:\WINDOWS\TEMP\tmp21.tmp 3.25KB
C:\WINDOWS\TEMP\tmp24.tmp 3.00KB
C:\WINDOWS\TEMP\tmp27.tmp 3.00KB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.64-65b.7z 3.49MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.64-65b.7z.191688.dir\Fiesta.Patch.64-65.exe 3.61MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.64-65b.7z.191688.dir\patch.rb 574 bytes
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.65-66.7z 5.14MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.65-66.7z.826007.dir\Fiesta.Patch.65-66.exe 5.21MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.65-66.7z.826007.dir\patch.rb 574 bytes
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.66-69.7z 2.70MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.66-69.7z.752360.dir\Fiesta.Patch.66-69.exe 2.81MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.66-69.7z.752360.dir\patch.rb 574 bytes
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.69-70.7z 0.20MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.69-70.7z.274061.dir\Fiesta.Patch.69-70.exe 0.22MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.69-70.7z.274061.dir\patch.rb 574 bytes
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.70-71b.7z 7.82MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.70-71b.7z.432287.dir\Fiesta.Patch.70-71.exe 8.00MB
C:\Documents and Settings\curry\Local Settings\Temp\Fiesta.Patch.70-71b.7z.432287.dir\patch.rb 574 bytes
C:\Documents and Settings\curry\Local Settings\Temp\GLB33.tmp 70.00KB
C:\Documents and Settings\curry\Local Settings\Temp\GLF31.tmp 10.00KB
C:\Documents and Settings\curry\Local Settings\Temp\GLF32.tmp 13.41KB
C:\Documents and Settings\curry\Local Settings\Temp\GLM2F.tmp 12.50KB
C:\Documents and Settings\curry\Local Settings\Temp\java_install_reg.log 618 bytes
C:\Documents and Settings\curry\Local Settings\Temp\jusched.log 625 bytes
C:\Documents and Settings\curry\Local Settings\Temp\Launcher.Patch.75-84.7z.322810.dir\Launcher.Patch.75-84.exe 0.30MB
C:\Documents and Settings\curry\Local Settings\Temp\Launcher.Patch.75-84.7z.322810.dir\patch.rb 541 bytes
C:\Documents and Settings\curry\Local Settings\Temp\Launcher.Patch.84-85.7z.970807.dir\Launcher.Patch.84-85.exe 0.22MB
C:\Documents and Settings\curry\Local Settings\Temp\Launcher.Patch.84-85.7z.970807.dir\patch.rb 541 bytes
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\+7YRYhBsp6AvZiRF75dj2FOjhG9E= 2.80KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\0yH4DE1KJUnXx3U14g0t9KsrKRc= 2.12KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\2+SdM3YfUoFRXsktgsZXZdHkLg4= 13.29KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\4GEHVGaFoG32FicDBM9Ed6TyZpRA= 3.34KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\4Go9A7YxAftqNYlp2FDk7XcUTFb4= 2.71KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\4Gy4Xs4z05GX96hIatxNmXE+Pr0= 25.85KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\5g6ee820MvTlTAAeOJUSQLKw2ZA= 1.79KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\5WlUNk9NonOFHDsm8budRX+X9J0= 24.97KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\6lFG2g9HQ3oLe24RpPYYl37ESPk= 3.20KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\6Neuwh1su8hXlhju4pYhPexIq8M= 2.20KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\7n59oMQgdopc2dA43bF4P6CkKts= 21.43KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\9pDciqUjBF2lGx4hm1ro9849fYc= 28.25KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\A96A3tH5a2Fv2FoJUMA1by67xo3Gc= 2.22KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\aQt+eR45Et1NGTzV8fCJWyk2FLro= 28.47KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\atVNRjYzaw58ufwLasc7esKRZ88= 2.22KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\c8CJiYRdJHFZVCfMKGIBIjEjNMQ= 3.58KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\D3a+SKit5eqc2FX3JeMR9nV+1z5M= 2.57KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\DPilbnWQ2QkH5F0LawG8GEGxSUw= 2.41KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\F6ha1lGJ9GD08WaN9OMCKrl7gAw= 3.02KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\G+2AU0EtUcVWpN5oQUuw3bAvvwM= 12.99KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\gkR3+1ks1kAqs6zN8qutihmyeb0= 25.30KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\GMzAhKpVK1u5l3H3M2FII3i6TkQE= 25.04KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\iU0S5Zcc45Gdms2ifbl0Am0yOlc= 2.78KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\IXDFey0HFvI5d2FA+D869zu4AMrI= 2.44KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\JTSQKMCQtRd2T4F6JM0rTFc+jxQ= 3.54KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\KRullakJhSTL5XiZfKKfcwYlMLI= 20.52KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\lW2tPGaiFRHusXemSJx3N13Av1s= 28.16KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\NPdINOh0NVtCnsILJnqxtzWr7uc= 2.26KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\OwUn5dwblGPrFVAaQPjCOZ0vtKM= 13.16KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\PbxMiEHei0u9vM8O2RA2l8Tb65o= 3.95KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\pC43Nl4O4HMJokcotWimrVvBQn0= 27.28KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\Q1PSeIO4qF5IrL2eCiPHFgBx2Fgw= 2.36KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\Rdy4Z3MT7Jrrmh5IF2yHSbxtYiU= 2.32KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\RZHcu1xQNCbPu4mZAat3Yh2FbaZc= 1.83KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\t82Fz9NPVsjozjjfPWScRI9j8Z6Y= 2.66KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\tEfyg8smNadGfMphI47RYKddokI= 2.93KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\u2F7M27gvrUwQik4Mtl9qy1ZsHaE= 16.64KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\vAK0c6WgYZehv1lmeMsT+GZdYlE= 2.25KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\wMdO9ss7cwXULVn4MoKFUTEH5tU= 27.51KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\xg9Vo0h2pKR2TTkWq2FFjY+huKIg= 2.31KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\Y5Q6T7WpD5LgbhFiuuBMG72Fsq5k= 28.06KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\yczapimA0SIPUkf+Uw5lBcW3zxg= 3.32KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\YXR12FklRZgcTyyxLP2FEJJ2FseRHI= 18.16KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\ZM2FBxPxEmW5TGnvo1LUvEGySx2o= 2.46KB
C:\Documents and Settings\curry\Local Settings\Temp\MessengerCache\ZpDZDv3AuvRviBSOg6txBm4haus= 1.90KB
C:\Documents and Settings\curry\Local Settings\Temp\netfxsl.log 14.52KB
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\InstallOptions.dll 14.00KB
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\ioFileY.ini 1,007 bytes
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\ioSpecial.ini 740 bytes
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\LangDLL.dll 5.00KB
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\modern-header.bmp 9.51KB
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\modern-wizard.bmp 51.34KB
C:\Documents and Settings\curry\Local Settings\Temp\nsi2B.tmp\System.dll 10.00KB
C:\Documents and Settings\curry\Local Settings\Temp\redist.log 1.42KB
C:\Documents and Settings\curry\Local Settings\Temp\Setup.log 189 bytes
C:\Documents and Settings\curry\Local Settings\Temp\symlcsv1.exe 31.12KB
C:\Documents and Settings\curry\Local Settings\Temp\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\SSMSCustomPreset.log 2.05KB
C:\Documents and Settings\curry\Local Settings\Temp\{0207D146-68FC-42D5-AC45-E7A3CDA9BC3A}\{60DE4033-9503-48D1-A483-7846BD217CA9}\FlashPlayerControl.dll 0.37MB
C:\Documents and Settings\curry\Local Settings\Temp\{AB467B85-4F52-48C2-AEED-0673D00417B0}\SSMSFilter.log 6.60KB
C:\Documents and Settings\curry\Local Settings\Temp\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\SSMS.log 2.18KB
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\data1.cab 0.45MB
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\data1.hdr 18.63KB
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\data2.cab 1.28MB
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\Install.iss 427 bytes
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\layout.bin 476 bytes
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\Setup.exe 55.00KB
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\Setup.ini 135 bytes
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\setup.inx 0.13MB
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\Uninst.iss 429 bytes
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher\version.txt 12 bytes
C:\Documents and Settings\curry\Local Settings\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}\VAIO Launcher.log 90 bytes
C:\Documents and Settings\curry\Local Settings\Temp\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\SSEP.log 511 bytes
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 12.36KB
C:\WINDOWS\system32\wbem\Logs\mofcomp.log 14.16KB
C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes
C:\WINDOWS\system32\wbem\Logs\setup.log 6.88KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 235 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 63.48KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 323 bytes
C:\WINDOWS\system32\wbem\Logs\wmiadap.log 864 bytes
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 2.62KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64.06KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\cmsetacl.log 200 bytes
C:\WINDOWS\COM+.log 1.42KB
C:\WINDOWS\comsetup.log 0.24MB
C:\WINDOWS\dahotfix.log 3.63KB
C:\WINDOWS\dasetup.log 19.07KB
C:\WINDOWS\DirectX.log 994 bytes
C:\WINDOWS\DPINST.LOG 17.19KB
C:\WINDOWS\DtcInstall.log 641 bytes
C:\WINDOWS\FaxSetup.log 0.70MB
C:\WINDOWS\IDNMitigationAPIs.log 30.61KB
C:\WINDOWS\ie7.log 63.29KB
C:\WINDOWS\ie7_main.log 30.77KB
C:\WINDOWS\iis6.log 0.80MB
C:\WINDOWS\imsins.log 1.36KB
C:\WINDOWS\KB307154.log 5.79KB
C:\WINDOWS\KB835221.log 5.52KB
C:\WINDOWS\KB873339.log 7.07KB
C:\WINDOWS\KB884018.log 37.28KB
C:\WINDOWS\KB884575.log 4.79KB
C:\WINDOWS\KB885250.log 8.12KB
C:\WINDOWS\KB885835.log 8.16KB
C:\WINDOWS\KB885836.log 7.15KB
C:\WINDOWS\KB886185.log 7.29KB
C:\WINDOWS\KB887472.log 7.73KB
C:\WINDOWS\KB887742.log 27.61KB
C:\WINDOWS\KB888113.log 7.85KB
C:\WINDOWS\KB888239.log 5.67KB
C:\WINDOWS\KB888302.log 7.91KB
C:\WINDOWS\KB888321.log 5.89KB
C:\WINDOWS\KB890046.log 10.92KB
C:\WINDOWS\KB890859.log 12.19KB
C:\WINDOWS\KB891781.log 7.84KB
C:\WINDOWS\KB892130.log 7.87KB
C:\WINDOWS\KB893056.log 5.27KB
C:\WINDOWS\KB893066.log 10.53KB
C:\WINDOWS\KB893357.log 30.34KB
C:\WINDOWS\KB893756.log 13.70KB
C:\WINDOWS\KB893803v2.log 27.96KB
C:\WINDOWS\KB894391.log 31.90KB
C:\WINDOWS\KB896256.log 30.60KB
C:\WINDOWS\KB896358.log 10.90KB
C:\WINDOWS\KB896422.log 10.49KB
C:\WINDOWS\KB896423.log 14.31KB
C:\WINDOWS\KB896428.log 11.88KB
C:\WINDOWS\KB896688.log 31.74KB
C:\WINDOWS\KB898458.log 29.58KB
C:\WINDOWS\KB898461.log 6.71KB
C:\WINDOWS\KB899587.log 13.93KB
C:\WINDOWS\KB899589.log 14.63KB
C:\WINDOWS\KB899591.log 13.41KB
C:\WINDOWS\KB900485.log 21.95KB
C:\WINDOWS\KB900725.log 18.00KB
C:\WINDOWS\KB901017.log 15.25KB
C:\WINDOWS\KB901190.log 19.36KB
C:\WINDOWS\KB901214.log 12.75KB
C:\WINDOWS\KB902400.log 28.25KB
C:\WINDOWS\KB904706.log 16.72KB
C:\WINDOWS\KB904942.log 54.44KB
C:\WINDOWS\KB905414.log 14.94KB
C:\WINDOWS\KB905749.log 15.45KB
C:\WINDOWS\KB908519.log 18.99KB
C:\WINDOWS\KB908531.log 20.83KB
C:\WINDOWS\KB909667.log 26.58KB
C:\WINDOWS\KB910437.log 11.20KB
C:\WINDOWS\KB911280.log 12.60KB
C:\WINDOWS\KB911562.log 20.08KB
C:\WINDOWS\KB911564.log 8.68KB
C:\WINDOWS\KB911927.log 19.57KB
C:\WINDOWS\KB913580.log 21.74KB
C:\WINDOWS\KB914388.log 22.86KB
C:\WINDOWS\KB914389.log 21.49KB
C:\WINDOWS\KB914440.log 26.32KB
C:\WINDOWS\KB915865.log 27.86KB
C:\WINDOWS\KB916595.log 12.01KB
C:\WINDOWS\KB917953.log 21.22KB
C:\WINDOWS\KB918118.log 28.06KB
C:\WINDOWS\KB918439.log 20.56KB
C:\WINDOWS\KB919007.log 24.26KB
C:\WINDOWS\KB920213.log 46.70KB
C:\WINDOWS\KB920670.log 22.34KB
C:\WINDOWS\KB920683.log 23.91KB
C:\WINDOWS\KB920685.log 24.04KB
C:\WINDOWS\KB920872.log 26.77KB
C:\WINDOWS\KB921503.log 33.38KB
C:\WINDOWS\KB922582.log 14.51KB
C:\WINDOWS\KB922819.log 25.84KB
C:\WINDOWS\KB923191.log 22.70KB
C:\WINDOWS\KB923414.log 24.18KB
C:\WINDOWS\KB923689.log 30.07KB
C:\WINDOWS\KB923723.log 21.08KB
C:\WINDOWS\KB923980.log 27.32KB
C:\WINDOWS\KB924270.log 26.98KB
C:\WINDOWS\KB924496.log 24.67KB
C:\WINDOWS\KB924667.log 22.12KB
C:\WINDOWS\KB925398.log 27.31KB
C:\WINDOWS\KB925902.log 30.20KB
C:\WINDOWS\KB926255.log 27.24KB
C:\WINDOWS\KB926436.log 28.45KB
C:\WINDOWS\KB927779.log 27.17KB
C:\WINDOWS\KB927802.log 24.33KB
C:\WINDOWS\KB927891.log 25.71KB
C:\WINDOWS\KB928255.log 28.50KB
C:\WINDOWS\KB928843.log 23.82KB
C:\WINDOWS\KB929123.log 32.55KB
C:\WINDOWS\KB930178.log 30.38KB
C:\WINDOWS\KB930916.log 31.57KB
C:\WINDOWS\KB931261.log 30.09KB
C:\WINDOWS\KB931784.log 38.88KB
C:\WINDOWS\KB932168.log 36.93KB
C:\WINDOWS\KB933729.log 27.87KB
C:\WINDOWS\KB935839.log 32.60KB
C:\WINDOWS\KB935840.log 32.23KB
C:\WINDOWS\KB936021.log 34.04KB
C:\WINDOWS\KB936357.log 35.92KB
C:\WINDOWS\KB936782.log 27.18KB
C:\WINDOWS\KB937894.log 65.15KB
C:\WINDOWS\KB938127-IE7.log 23.49KB
C:\WINDOWS\KB938127.log 33.82KB
C:\WINDOWS\KB938828.log 33.20KB
C:\WINDOWS\KB938829.log 34.10KB
C:\WINDOWS\KB941202.log 34.81KB
C:\WINDOWS\KB941568.log 64.02KB
C:\WINDOWS\KB941569.log 60.09KB
C:\WINDOWS\KB942615-IE7.log 74.42KB
C:\WINDOWS\KB942615.log 78.85KB
C:\WINDOWS\KB942763.log 74.87KB
C:\WINDOWS\KB942840.log 64.30KB
C:\WINDOWS\KB943460.log 29.04KB
C:\WINDOWS\KB944653.log 63.97KB
C:\WINDOWS\LUINSTALL.LOG 1.42KB
C:\WINDOWS\MedCtrOC.log 49.61KB
C:\WINDOWS\msgsocm.log 35.85KB
C:\WINDOWS\msmqinst.log 0.22MB
C:\WINDOWS\msxml4-KB936181-enu.LOG 0.27MB
C:\WINDOWS\muisetup.log 558 bytes
C:\WINDOWS\netfxocm.log 0.12MB
C:\WINDOWS\NLSDownlevelMapping.log 28.92KB
C:\WINDOWS\ntdtcsetup.log 0.15MB
C:\WINDOWS\ocgen.log 0.34MB
C:\WINDOWS\ocmsn.log 39.61KB
C:\WINDOWS\oobeact.log 52 bytes
C:\WINDOWS\Q307419.log 170 bytes
C:\WINDOWS\regopt.log 4.15KB
C:\WINDOWS\sessmgr.setup.log 3.26KB
C:\WINDOWS\setupact.log 0.20MB
C:\WINDOWS\setupapi.log 0.24MB
C:\WINDOWS\setuperr.log 0 bytes
C:\WINDOWS\spupdsvc.log 6.14KB
C:\WINDOWS\tabletoc.log 36.49KB
C:\WINDOWS\tsoc.log 0.32MB
C:\WINDOWS\updspapi.log 49.77KB
C:\WINDOWS\wmsetup.log 40.29KB
C:\WINDOWS\wmsetup10.log 244 bytes
C:\WINDOWS\xpsp1hfm.log 1.06KB
C:\WINDOWS\imsins.BAK 1.36KB
C:\WINDOWS\OEWABLog.txt 1.15KB
C:\WINDOWS\setuplog.txt 0.86MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 14.30KB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp 6.96KB
C:\WINDOWS\Debug\blastcln.log 286 bytes
C:\WINDOWS\Debug\mrt.log 2.15KB
C:\WINDOWS\Debug\mrteng.log 1.70KB
C:\WINDOWS\Debug\NetSetup.LOG 4.86KB
C:\WINDOWS\Debug\UserMode\userenv.log 42.79KB
C:\WINDOWS\security\logs\backup.log 2.65KB
C:\WINDOWS\security\logs\SceRoot.log 592 bytes
C:\WINDOWS\security\logs\scesetup.log 0.39MB
C:\WINDOWS\security\logs\scecomp.old 700 bytes
C:\Documents and Settings\curry\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51.class-14cf808b-4e9900e1.class 6.17KB
C:\Documents and Settings\curry\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51.class-14cf808b-4e9900e1.idx 310 bytes
C:\Documents and Settings\curry\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51Sleep.class-2c6f7a5c-1f31d46e.class 698 bytes
C:\Documents and Settings\curry\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\v51Sleep.class-2c6f7a5c-1f31d46e.idx 314 bytes
C:\Documents and Settings\curry\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 348 bytes
-------------------------------------------------------------------------------
 
********************************* ROOTCHK-(5-12-07)-LOG, by ejvindh
Mon 12/17/2007 13:51:57.95
Driver npf (visible) is present. Run COMBOFIX by sUBs.
********************************* ROOTCHK-LOG-end

catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-17 13:51:59
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="kvdxjma.dll"
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
 
 

 
Back to Top
 

currypig
New Member


Date Joined Dec 2007
Total Posts : 7
  		   Posted 12-16-2007 5:55 (GMT +1)    Quote: Infected with conime.exeAlert an admin about: Infected with conime.exe
upupiup
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14307
  		   Posted 12-16-2007 6:39 (GMT +1)    Quote: Infected with conime.exeAlert an admin about: Infected with conime.exe
No need to bump, as You were supposed to post the log´s in this topic:
 
Please download Free  Version of Superantispyware
http://www.superantispyware.com/superantispywarefreevspro.html
 
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it.
close the program
 
 
 
 
Download and install DrWebCureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
http://spywareinfo.dk/download/drweb-cureit.exe
 
to your desktop.
 
 
 
 
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
 
 
 
Reboot to Safe mode
 
 
 
 
 
 
 
 
Doubleclick the "drweb-cureit.exe" and click "Start" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done"
Click on the Options->Change settings.
 
Actions Tab- Adware-Dialers-Riskware-Hacktools, use dropdown menu and select –Rename
Click – Apply - OK
Click on Scan Tab.  Move  dot from Express scan to Complete Scan.  Click on The Green arrow to the right.  It will now scan your  drive(s), say yes to all
 
After the scan, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
 
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
 
 
 
 
 
Start Superantispyware.
Hit - Scan Your Computer - button
Click on the drive(s) you want to scan. Put a check in - Perform Complete Scan, then next,
it will scan now. When scan have finished, put a checkmark with  all items it found. Next, after cleaning, allow it to Reboot
 
 
 
Start Superantispyware again –
Click Preferences and then click the statistics/logs tab.
Click the dated log and press view log and a text file will appear.
 
 
 
Post this log along with fresh hijackthis log, Dr.Web log  fresh combofix log - in this topic
 
 
 
 
 
 
 
 
 
 
 

Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Post reply to : Infected with conime.exe Printable version of : Infected with conime.exe
 
Forum Information
Currently it is Wednesday, January 07, 2009 1:50 PM (GMT +1)
There are a total of 65.903 posts in 16.171 threads.
In the last 3 days there were 22 new threads and 106 reply posts. View Active Threads
Who's Online
This forum has 27772 registered members. Please welcome our newest member, Kuchhal.
63 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Getting taken by multiple bad guys (2)07-01-2009 12:13:09 (Derrack)
Slow laptop, odd files and ~60 processes (3)07-01-2009 09:29:14 (Touch)
Slow computer;can't use restore (8)07-01-2009 09:27:32 (Touch)
Some nasty trojan (3)07-01-2009 09:25:26 (Touch)
Virtumundo Virus HELP! (9)07-01-2009 09:10:15 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard