Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bho Installed And Cannot Remove It


  • Please log in to reply
28 replies to this topic

#1 Lonranger

Lonranger

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:38 AM

Posted 07 October 2006 - 11:39 PM

I have installed spybot and bhodemon and they are both reporting a bho that is attempting to install that is unidentified. Cannot seem to stop it and have tried everything. Ran Houscall, ran counterspy, ran spybot, adaware, AVG antivirus and various other programs.

Really need help.

Thank you

Here is a copy of my log from Hijack this. All responses are appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:56:24 PM, on 10/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
P:\PROGRA~1\KEMailKb\KEMailKb.EXE
P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
P:\Program Files\Logitech\MouseWare\system\em_exec.exe
P:\Program Files\MessengerPlus! 3\MsgPlus.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\ctfmon.exe
P:\program files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\BitTorrent\bittorrent.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
P:\program files\Spybot - Search & Destroy\SpybotSD.exe
P:\program files\Spybot - Search & Destroy\TeaTimer.exe
P:\program files\Mozilla Firefox\firefox.exe
P:\program files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] P:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunServer] P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "P:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "P:\program files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: BitTorrent.lnk = P:\program files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = P:\program files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159847774875
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "P:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - P:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2006 - 04:50 PM

Hi Lonranger and Welcome to the Bleeping Computer!


Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#3 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 08 October 2006 - 05:58 PM

I ran the combofix and it did give me one error in the dos window. I hope that this log gives you more information.

Sam - 06-10-08 16:48:50.56 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Sam\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{382D4628-057B-1033-0507-040215050001}
C:\Program Files\Common Files\{982D4628-057B-1033-0507-040215050001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-08 13:46 86,036 --a------ C:\WINDOWS\system32\ewjmeiru.dll
2006-10-08 12:57 388,294 ---hs---- C:\WINDOWS\system32\bccdd.bak1
2006-10-08 12:54 684,084 ---hs---- C:\WINDOWS\system32\ddccb.dll
2006-10-08 12:05 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-08 12:05 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-08 10:39 40,973 ---hs---- C:\WINDOWS\system32\vtutuur.dll
2006-10-08 10:39 18,432 --a------ C:\WINDOWS\system32\winepi32.dll
2006-10-07 23:30 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2006-10-07 22:59 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-07 18:47 86,036 --a------ C:\WINDOWS\system32\wevthhoi.dll
2006-10-07 18:47 143,380 --a------ C:\WINDOWS\system32\igoxtmrb.exe
2006-10-07 18:40 40,973 ---hs---- C:\WINDOWS\system32\byxwtrr.dll
2006-10-07 18:40 18,432 --a------ C:\WINDOWS\system32\winexz32.dll
2006-10-07 14:50 273,066 C:\WINDOWSTetris Game Gold Uninstaller.exe
2006-10-06 17:47 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-06 17:47 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-06 17:47 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-06 17:47 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-06 17:47 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-06 17:11 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2006-10-06 17:11 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
2006-10-06 17:11 65,536 --------- C:\WINDOWS\system32\Brmfrmps.exe
2006-10-06 17:11 51,200 --------- C:\WINDOWS\system32\brinsstr.dll
2006-10-06 17:11 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2006-10-06 17:11 147,456 --------- C:\WINDOWS\brunin03.dll
2006-10-06 17:11 126,976 --------- C:\WINDOWS\system32\BrfxD04a.dll
2006-10-06 14:14 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2006-10-05 22:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-03 21:10 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2006-10-03 21:10 70,801 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2006-10-03 21:10 51,729 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2006-10-03 21:10 37,887 --------- C:\WINDOWS\system32\drivers\LHIDUSB.SYS
2006-10-03 21:10 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2006-10-03 21:10 25,505 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2006-10-03 21:10 23,375 --------- C:\WINDOWS\system32\LCOINST.DLL
2006-10-03 21:10 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2006-10-03 21:10 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2006-10-03 21:10 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2006-10-03 21:10 14,095 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2006-10-03 21:10 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2006-10-03 17:57 17,071 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2006-10-03 17:57 131,331 --a------ C:\WINDOWS\UNINST32.EXE
2006-10-03 07:11 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 07:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-03 07:11 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-03 07:11 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-03 07:11 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-03 07:11 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-03 07:11 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-02 22:06 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-02 21:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-02 21:56 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-02 21:51 174,336 -ra------ C:\WINDOWS\system32\drivers\yukonwxp.sys
2006-10-02 21:51 12,288 -ra------ C:\WINDOWS\system32\mrvdlg.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmSK.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmPTB.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmDA.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmTR.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmTH.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmSV.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmPT.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmNO.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmFI.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\sstrmenu.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmENG.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmCS.dll
2006-10-02 21:45 90,112 -ra------ C:\WINDOWS\system32\SStrmSL.dll
2006-10-02 21:45 86,016 -ra------ C:\WINDOWS\system32\SStrmHE.dll
2006-10-02 21:45 86,016 -ra------ C:\WINDOWS\system32\SStrmAR.dll
2006-10-02 21:45 73,728 -ra------ C:\WINDOWS\system32\sstray.exe
2006-10-02 21:45 69,632 -ra------ C:\WINDOWS\system32\SStrmKO.dll
2006-10-02 21:45 69,632 -ra------ C:\WINDOWS\system32\SStrmJA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SStrmZHT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraZHT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraZHC.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraTR.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraTH.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSV.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSK.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraRU.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPTB.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraNO.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraNL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraKO.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraJA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraIT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraHU.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraHE.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraFR.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraFI.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraES.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraENG.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraEL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraDE.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraDA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraCS.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraAR.dll
2006-10-02 21:45 57,344 -ra------ C:\WINDOWS\system32\SStrmZHC.dll
2006-10-02 21:45 509,984 -ra------ C:\WINDOWS\50comupd.exe
2006-10-02 21:45 491,599 -ra------ C:\WINDOWS\system32\sndstorm.exe
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplZHT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplZHC.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplTR.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplTH.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSV.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSK.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplRU.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPTB.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplNO.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplNL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplKO.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplJA.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplIT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplHU.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplHE.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplFR.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplFI.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplES.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplENG.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplEL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplDE.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplDA.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplCS.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplAR.dll
2006-10-02 21:45 208,896 --a------ C:\WINDOWS\system32\NVUninst.exe
2006-10-02 21:45 208,896 --a------ C:\WINDOWS\system32\nvuautl.exe
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmRU.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmPL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmNL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmIT.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmHU.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmFR.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmES.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmEL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmDE.dll
2006-10-02 21:45 1,589,248 -ra------ C:\WINDOWS\system32\sstrmres.dll
2006-10-02 21:44 962,560 --a------ C:\WINDOWS\system32\drivers\nvmcp.sys
2006-10-02 21:44 70,656 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2006-10-02 21:44 7,168 --a------ C:\WINDOWS\system32\nvack.dll
2006-10-02 21:44 66,688 --a------ C:\WINDOWS\system32\drivers\nvarm.sys
2006-10-02 21:44 53,760 --a------ C:\WINDOWS\system32\nvopenal.dll
2006-10-02 21:44 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-10-02 21:44 5,120 --a------ C:\WINDOWS\system32\ALut.dll
2006-10-02 21:44 48,640 --a------ C:\WINDOWS\system32\drivers\nvax.sys
2006-10-02 21:44 396,032 --a------ C:\WINDOWS\system32\drivers\nvapu.sys
2006-10-02 21:44 30,208 --a------ C:\WINDOWS\system32\nvasio.dll
2006-10-02 21:44 21,504 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvugart.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuenet.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuaudio.exe
2006-10-02 21:44 18,688 -ra------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2006-10-02 21:37 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-02 21:37 0 -rahs---- C:\MSDOS.SYS
2006-10-02 21:37 0 -rahs---- C:\IO.SYS
2006-10-02 21:37 0 --a------ C:\CONFIG.SYS
2006-10-02 21:37 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 21:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-02 21:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-02 21:35 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-02 21:35 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-02 21:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-02 21:35 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-02 21:35 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-02 21:35 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-02 21:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-02 21:35 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-02 21:35 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-02 21:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-02 21:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-02 21:35 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-02 21:35 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-02 21:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-02 21:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-02 21:35 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-02 21:35 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-02 21:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-02 21:35 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-02 21:35 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-02 21:35 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-02 21:35 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-02 21:34 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-02 21:34 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-02 21:34 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-02 21:34 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-02 21:34 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-02 21:34 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-02 21:34 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-02 21:34 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-02 21:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-02 21:34 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-02 21:34 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-02 21:34 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-02 21:34 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-02 21:34 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-02 21:34 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-02 21:34 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-02 21:34 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-02 21:34 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-02 21:34 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-02 21:34 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-02 21:34 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-02 21:34 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-02 21:33 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-02 21:33 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-02 21:33 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-02 21:33 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-02 21:33 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-02 21:33 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-02 21:33 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-02 21:33 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-02 21:33 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-02 21:33 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-02 21:33 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-02 21:33 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-02 21:33 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-02 21:33 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-02 21:33 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-02 21:33 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-02 21:33 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-02 21:33 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-02 21:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-02 21:33 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-02 21:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-02 21:33 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-02 21:33 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-02 21:33 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-02 21:33 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-02 21:33 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-02 21:33 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-02 21:33 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-02 21:33 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-02 21:33 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-02 21:33 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-02 21:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-02 21:33 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-02 21:33 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-02 21:33 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-02 21:33 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-02 21:33 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-02 21:33 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-02 21:33 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-02 21:33 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-02 21:33 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-02 21:33 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-02 21:33 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-02 21:33 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-02 21:33 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-02 21:33 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-02 21:33 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-02 21:33 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-02 21:33 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-02 21:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-02 21:33 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-02 21:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-02 21:33 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-02 21:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-02 21:33 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-02 21:33 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-02 21:33 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-02 21:33 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-02 21:33 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-02 21:33 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-02 21:33 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-02 21:33 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-02 21:33 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-02 21:33 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-02 21:33 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-02 21:33 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-02 21:33 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-02 21:33 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-02 21:33 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-02 21:33 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-02 21:33 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-02 21:33 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-02 21:33 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-02 21:33 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-02 21:33 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-02 21:33 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-02 21:33 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-02 21:33 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-02 21:33 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-02 21:33 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-02 15:29 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-02 15:29 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-02 15:29 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-02 15:29 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-02 15:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-02 15:29 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-02 15:29 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-02 15:29 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-02 15:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-02 15:29 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-02 15:29 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-02 15:29 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-02 15:28 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-02 15:28 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-02 15:28 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-02 15:28 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-02 15:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-02 15:28 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-02 15:28 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-10-02 15:28 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-02 15:28 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-10-02 15:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-02 15:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-02 15:26 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-02 15:26 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-02 15:26 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-02 15:26 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-02 15:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-02 15:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-02 15:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-02 15:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-02 15:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-02 15:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-01 10:47 102,528 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys
2006-10-01 10:47 10,368 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-08 16:50 -------- d-------- C:\Program Files\Common Files
2006-10-08 12:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\PC Tools
2006-10-07 14:50 273066 --a------ C:\WINDOWS\Tetris Game Gold Uninstaller.exe
2006-10-07 13:35 -------- d-------- C:\Documents and Settings\Sam\Application Data\Ahead
2006-10-07 13:34 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-07 13:27 -------- d-------- C:\Documents and Settings\Sam\Application Data\Lavasoft
2006-10-06 17:52 -------- d---s---- C:\Documents and Settings\Sam\Application Data\Microsoft
2006-10-06 17:39 -------- dr------- C:\Documents and Settings\Sam\Application Data\Brother
2006-10-06 17:11 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-06 15:45 -------- d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2006-10-06 15:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-06 15:40 873 --a------ C:\Documents and Settings\Sam\Application Data\AdobeDLM.log
2006-10-06 15:40 0 --a------ C:\Documents and Settings\Sam\Application Data\dm.ini
2006-10-05 21:47 -------- d-------- C:\Documents and Settings\Sam\Application Data\.bittorrent
2006-10-04 19:46 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sun
2006-10-04 19:44 -------- d-------- C:\Program Files\Common Files\Java
2006-10-03 22:00 -------- d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2006-10-03 21:10 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-03 20:06 -------- d-------- C:\Documents and Settings\Sam\Application Data\Talkback
2006-10-03 20:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2006-10-03 18:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 18:10 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-03 18:09 -------- d-------- C:\Program Files\Common Files\System
2006-10-03 07:11 -------- d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2006-10-02 22:31 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 22:30 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 22:29 -------- d-------- C:\Program Files\Outlook Express
2006-10-02 22:28 -------- d-------- C:\Program Files\Messenger
2006-10-02 22:14 -------- d-------- C:\Program Files\Online Services
2006-10-02 21:42 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-02 21:42 -------- d-------- C:\Documents and Settings\Sam\Application Data\Identities
2006-10-02 21:37 -------- d-------- C:\Program Files\xerox
2006-10-02 21:37 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-02 21:36 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-02 21:35 -------- d-------- C:\Program Files\NetMeeting
2006-10-02 21:35 -------- d-------- C:\Program Files\Movie Maker
2006-10-02 21:35 -------- d-------- C:\Program Files\Common Files\Services
2006-10-02 21:35 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-02 21:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-02 21:34 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-02 21:33 -------- d-------- C:\Program Files\Windows NT
2006-10-02 21:33 -------- d-------- C:\Program Files\MSN
2006-10-02 15:27 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-02 15:27 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-02 15:26 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"P:\\program files\\MSN Messenger\\msnmsgr.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="P:\\program files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Spyware Doctor"="\"P:\\program files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"KEMailKb"="P:\\PROGRA~1\\KEMailKb\\KEMailKb.EXE"
"Logitech Utility"="Logi_MwX.Exe"
"SunServer"="P:\\program files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"SunJavaUpdateSched"="P:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MessengerPlus3"="\"P:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SetDefPrt"="P:\\program files\\Brother\\Brmfl04b\\BrStDvPt.exe"
"ControlCenter2.0"="P:\\program files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nForce Tray Options"="sstray.exe /r"
"SWN2"="P:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"Windows Defender"="\"P:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"P:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"P:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqo
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutuur

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Sun 10/08/2006 16:52:49.93
ComboFix.txt

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 08 October 2006 - 06:21 PM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm



After posting that report please do the following:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

#5 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:38 AM

Posted 09 October 2006 - 11:13 AM

Ok I ran the two programs that you told me to, and here is the log from the smith one...


SmitFraudFix v2.106

Scan done at 9:55:30.43, Mon 10/09/2006
Run from P:\_downloads\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Sam


C:\Documents and Settings\Sam\Application Data


Start Menu


C:\DOCUME~1\Sam\FAVORI~1


Desktop


P:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"


pe386-msguard-lzx32


Scanning wininet.dll infection


End

I then ran the vundo and it seems to have worked as well. There was no report from that though.

Then I ran a scan using Hijack this and here is its report...

Logfile of HijackThis v1.99.1
Scan saved at 10:10:23 AM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
P:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
P:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
P:\PROGRA~1\KEMailKb\KEMailKb.EXE
P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
P:\Program Files\Logitech\MouseWare\system\em_exec.exe
P:\Program Files\MessengerPlus! 3\MsgPlus.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\sstray.exe
P:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
P:\program files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
P:\program files\Spybot - Search & Destroy\TeaTimer.exe
P:\program files\Spyware Doctor\swdoctor.exe
P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\BHODemon 2\BHODemon.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
P:\program files\Mozilla Firefox\firefox.exe
P:\program files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] P:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunServer] P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "P:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Windows Defender] "P:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "P:\program files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "P:\program files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: BitTorrent.lnk = P:\program files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = P:\program files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - P:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159847774875
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "P:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: sstqo - C:\WINDOWS\
O20 - Winlogon Notify: vtutuur - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - P:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - P:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

I am hoping that this will help in the diagnoses and eventual cleaning of my system. Your assistance in this trying time of mine is greatly appreciated.

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2006 - 02:14 PM

C:\vundofix.txt<---- The log should be located there.


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O20 - Winlogon Notify: ddccb - C:\WINDOWS\

O20 - Winlogon Notify: sstqo - C:\WINDOWS\

O20 - Winlogon Notify: vtutuur - C:\WINDOWS\

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button



Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#7 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 09 October 2006 - 05:15 PM

Here is the log file from Vundo that I could not find earlier:


VundoFix V6.2.0

Checking Java version...

Sun Java not detected
Scan started at 9:57:32 AM 10/9/2006

Listing files found while scanning....

C:\WINDOWS\system32\igoxtmrb.exe
C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\igoxtmrb.exe
C:\WINDOWS\system32\igoxtmrb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.bak1 Has been deleted!

Performing Repairs to the registry.
Done!


As well here is the combofix file:

Sam - 06-10-08 16:48:50.56 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Sam\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{382D4628-057B-1033-0507-040215050001}
C:\Program Files\Common Files\{982D4628-057B-1033-0507-040215050001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-08 to 2006-10-08 ))))))))))))))))))))))))))))))))))


2006-10-08 13:46 86,036 --a------ C:\WINDOWS\system32\ewjmeiru.dll
2006-10-08 12:57 388,294 ---hs---- C:\WINDOWS\system32\bccdd.bak1
2006-10-08 12:54 684,084 ---hs---- C:\WINDOWS\system32\ddccb.dll
2006-10-08 12:05 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-08 12:05 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-08 10:39 40,973 ---hs---- C:\WINDOWS\system32\vtutuur.dll
2006-10-08 10:39 18,432 --a------ C:\WINDOWS\system32\winepi32.dll
2006-10-07 23:30 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2006-10-07 22:59 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-07 18:47 86,036 --a------ C:\WINDOWS\system32\wevthhoi.dll
2006-10-07 18:47 143,380 --a------ C:\WINDOWS\system32\igoxtmrb.exe
2006-10-07 18:40 40,973 ---hs---- C:\WINDOWS\system32\byxwtrr.dll
2006-10-07 18:40 18,432 --a------ C:\WINDOWS\system32\winexz32.dll
2006-10-07 14:50 273,066 C:\WINDOWSTetris Game Gold Uninstaller.exe
2006-10-06 17:47 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-06 17:47 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-06 17:47 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-06 17:47 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-06 17:47 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-06 17:11 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2006-10-06 17:11 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
2006-10-06 17:11 65,536 --------- C:\WINDOWS\system32\Brmfrmps.exe
2006-10-06 17:11 51,200 --------- C:\WINDOWS\system32\brinsstr.dll
2006-10-06 17:11 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2006-10-06 17:11 147,456 --------- C:\WINDOWS\brunin03.dll
2006-10-06 17:11 126,976 --------- C:\WINDOWS\system32\BrfxD04a.dll
2006-10-06 14:14 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2006-10-05 22:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-03 21:10 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2006-10-03 21:10 70,801 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2006-10-03 21:10 51,729 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2006-10-03 21:10 37,887 --------- C:\WINDOWS\system32\drivers\LHIDUSB.SYS
2006-10-03 21:10 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2006-10-03 21:10 25,505 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2006-10-03 21:10 23,375 --------- C:\WINDOWS\system32\LCOINST.DLL
2006-10-03 21:10 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2006-10-03 21:10 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2006-10-03 21:10 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2006-10-03 21:10 14,095 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2006-10-03 21:10 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2006-10-03 17:57 17,071 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2006-10-03 17:57 131,331 --a------ C:\WINDOWS\UNINST32.EXE
2006-10-03 07:11 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 07:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-03 07:11 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-03 07:11 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-03 07:11 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-03 07:11 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-03 07:11 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-02 22:06 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-02 21:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-02 21:56 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-02 21:51 174,336 -ra------ C:\WINDOWS\system32\drivers\yukonwxp.sys
2006-10-02 21:51 12,288 -ra------ C:\WINDOWS\system32\mrvdlg.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmSK.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmPTB.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmDA.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmTR.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmTH.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmSV.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmPT.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmNO.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmFI.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\sstrmenu.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmENG.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmCS.dll
2006-10-02 21:45 90,112 -ra------ C:\WINDOWS\system32\SStrmSL.dll
2006-10-02 21:45 86,016 -ra------ C:\WINDOWS\system32\SStrmHE.dll
2006-10-02 21:45 86,016 -ra------ C:\WINDOWS\system32\SStrmAR.dll
2006-10-02 21:45 73,728 -ra------ C:\WINDOWS\system32\sstray.exe
2006-10-02 21:45 69,632 -ra------ C:\WINDOWS\system32\SStrmKO.dll
2006-10-02 21:45 69,632 -ra------ C:\WINDOWS\system32\SStrmJA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SStrmZHT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraZHT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraZHC.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraTR.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraTH.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSV.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSK.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraRU.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPTB.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraNO.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraNL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraKO.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraJA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraIT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraHU.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraHE.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraFR.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraFI.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraES.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraENG.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraEL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraDE.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraDA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraCS.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraAR.dll
2006-10-02 21:45 57,344 -ra------ C:\WINDOWS\system32\SStrmZHC.dll
2006-10-02 21:45 509,984 -ra------ C:\WINDOWS\50comupd.exe
2006-10-02 21:45 491,599 -ra------ C:\WINDOWS\system32\sndstorm.exe
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplZHT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplZHC.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplTR.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplTH.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSV.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSK.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplRU.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPTB.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplNO.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplNL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplKO.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplJA.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplIT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplHU.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplHE.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplFR.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplFI.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplES.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplENG.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplEL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplDE.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplDA.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplCS.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplAR.dll
2006-10-02 21:45 208,896 --a------ C:\WINDOWS\system32\NVUninst.exe
2006-10-02 21:45 208,896 --a------ C:\WINDOWS\system32\nvuautl.exe
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmRU.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmPL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmNL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmIT.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmHU.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmFR.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmES.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmEL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmDE.dll
2006-10-02 21:45 1,589,248 -ra------ C:\WINDOWS\system32\sstrmres.dll
2006-10-02 21:44 962,560 --a------ C:\WINDOWS\system32\drivers\nvmcp.sys
2006-10-02 21:44 70,656 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2006-10-02 21:44 7,168 --a------ C:\WINDOWS\system32\nvack.dll
2006-10-02 21:44 66,688 --a------ C:\WINDOWS\system32\drivers\nvarm.sys
2006-10-02 21:44 53,760 --a------ C:\WINDOWS\system32\nvopenal.dll
2006-10-02 21:44 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-10-02 21:44 5,120 --a------ C:\WINDOWS\system32\ALut.dll
2006-10-02 21:44 48,640 --a------ C:\WINDOWS\system32\drivers\nvax.sys
2006-10-02 21:44 396,032 --a------ C:\WINDOWS\system32\drivers\nvapu.sys
2006-10-02 21:44 30,208 --a------ C:\WINDOWS\system32\nvasio.dll
2006-10-02 21:44 21,504 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvugart.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuenet.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuaudio.exe
2006-10-02 21:44 18,688 -ra------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2006-10-02 21:37 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-02 21:37 0 -rahs---- C:\MSDOS.SYS
2006-10-02 21:37 0 -rahs---- C:\IO.SYS
2006-10-02 21:37 0 --a------ C:\CONFIG.SYS
2006-10-02 21:37 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 21:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-02 21:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-02 21:35 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-02 21:35 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-02 21:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-02 21:35 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-02 21:35 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-02 21:35 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-02 21:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-02 21:35 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-02 21:35 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-02 21:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-02 21:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-02 21:35 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-02 21:35 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-02 21:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-02 21:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-02 21:35 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-02 21:35 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-02 21:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-02 21:35 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-02 21:35 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-02 21:35 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-02 21:35 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-02 21:34 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-02 21:34 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-02 21:34 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-02 21:34 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-02 21:34 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-02 21:34 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-02 21:34 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-02 21:34 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-02 21:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-02 21:34 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-02 21:34 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-02 21:34 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-02 21:34 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-02 21:34 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-02 21:34 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-02 21:34 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-02 21:34 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-02 21:34 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-02 21:34 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-02 21:34 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-02 21:34 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-02 21:34 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-02 21:33 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-02 21:33 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-02 21:33 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-02 21:33 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-02 21:33 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-02 21:33 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-02 21:33 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-02 21:33 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-02 21:33 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-02 21:33 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-02 21:33 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-02 21:33 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-02 21:33 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-02 21:33 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-02 21:33 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-02 21:33 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-02 21:33 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-02 21:33 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-02 21:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-02 21:33 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-02 21:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-02 21:33 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-02 21:33 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-02 21:33 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-02 21:33 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-02 21:33 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-02 21:33 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-02 21:33 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-02 21:33 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-02 21:33 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-02 21:33 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-02 21:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-02 21:33 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-02 21:33 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-02 21:33 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-02 21:33 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-02 21:33 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-02 21:33 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-02 21:33 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-02 21:33 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-02 21:33 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-02 21:33 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-02 21:33 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-02 21:33 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-02 21:33 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-02 21:33 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-02 21:33 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-02 21:33 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-02 21:33 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-02 21:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-02 21:33 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-02 21:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-02 21:33 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-02 21:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-02 21:33 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-02 21:33 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-02 21:33 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-02 21:33 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-02 21:33 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-02 21:33 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-02 21:33 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-02 21:33 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-02 21:33 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-02 21:33 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-02 21:33 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-02 21:33 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-02 21:33 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-02 21:33 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-02 21:33 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-02 21:33 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-02 21:33 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-02 21:33 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-02 21:33 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-02 21:33 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-02 21:33 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-02 21:33 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-02 21:33 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-02 21:33 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-02 21:33 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-02 21:33 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-02 15:29 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-02 15:29 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-02 15:29 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-02 15:29 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-02 15:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-02 15:29 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-02 15:29 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-02 15:29 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-02 15:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-02 15:29 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-02 15:29 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-02 15:29 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-02 15:28 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-02 15:28 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-02 15:28 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-02 15:28 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-02 15:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-02 15:28 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-02 15:28 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-10-02 15:28 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-02 15:28 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-10-02 15:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-02 15:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-02 15:26 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-02 15:26 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-02 15:26 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-02 15:26 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-02 15:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-02 15:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-02 15:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-02 15:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-02 15:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-02 15:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-01 10:47 102,528 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys
2006-10-01 10:47 10,368 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-08 16:50 -------- d-------- C:\Program Files\Common Files
2006-10-08 12:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\PC Tools
2006-10-07 14:50 273066 --a------ C:\WINDOWS\Tetris Game Gold Uninstaller.exe
2006-10-07 13:35 -------- d-------- C:\Documents and Settings\Sam\Application Data\Ahead
2006-10-07 13:34 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-07 13:27 -------- d-------- C:\Documents and Settings\Sam\Application Data\Lavasoft
2006-10-06 17:52 -------- d---s---- C:\Documents and Settings\Sam\Application Data\Microsoft
2006-10-06 17:39 -------- dr------- C:\Documents and Settings\Sam\Application Data\Brother
2006-10-06 17:11 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-06 15:45 -------- d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2006-10-06 15:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-06 15:40 873 --a------ C:\Documents and Settings\Sam\Application Data\AdobeDLM.log
2006-10-06 15:40 0 --a------ C:\Documents and Settings\Sam\Application Data\dm.ini
2006-10-05 21:47 -------- d-------- C:\Documents and Settings\Sam\Application Data\.bittorrent
2006-10-04 19:46 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sun
2006-10-04 19:44 -------- d-------- C:\Program Files\Common Files\Java
2006-10-03 22:00 -------- d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2006-10-03 21:10 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-03 20:06 -------- d-------- C:\Documents and Settings\Sam\Application Data\Talkback
2006-10-03 20:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2006-10-03 18:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 18:10 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-03 18:09 -------- d-------- C:\Program Files\Common Files\System
2006-10-03 07:11 -------- d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2006-10-02 22:31 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 22:30 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 22:29 -------- d-------- C:\Program Files\Outlook Express
2006-10-02 22:28 -------- d-------- C:\Program Files\Messenger
2006-10-02 22:14 -------- d-------- C:\Program Files\Online Services
2006-10-02 21:42 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-02 21:42 -------- d-------- C:\Documents and Settings\Sam\Application Data\Identities
2006-10-02 21:37 -------- d-------- C:\Program Files\xerox
2006-10-02 21:37 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-02 21:36 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-02 21:35 -------- d-------- C:\Program Files\NetMeeting
2006-10-02 21:35 -------- d-------- C:\Program Files\Movie Maker
2006-10-02 21:35 -------- d-------- C:\Program Files\Common Files\Services
2006-10-02 21:35 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-02 21:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-02 21:34 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-02 21:33 -------- d-------- C:\Program Files\Windows NT
2006-10-02 21:33 -------- d-------- C:\Program Files\MSN
2006-10-02 15:27 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-02 15:27 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-02 15:26 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"P:\\program files\\MSN Messenger\\msnmsgr.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="P:\\program files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Spyware Doctor"="\"P:\\program files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"KEMailKb"="P:\\PROGRA~1\\KEMailKb\\KEMailKb.EXE"
"Logitech Utility"="Logi_MwX.Exe"
"SunServer"="P:\\program files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"SunJavaUpdateSched"="P:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MessengerPlus3"="\"P:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SetDefPrt"="P:\\program files\\Brother\\Brmfl04b\\BrStDvPt.exe"
"ControlCenter2.0"="P:\\program files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nForce Tray Options"="sstray.exe /r"
"SWN2"="P:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"Windows Defender"="\"P:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"P:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"P:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqo
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutuur

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Sun 10/08/2006 16:52:49.93
ComboFix.txt


I cannot remember if I included the hijackthis report from before, so will include it here:

Logfile of HijackThis v1.99.1
Scan saved at 10:10:23 AM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
P:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
P:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
P:\PROGRA~1\KEMailKb\KEMailKb.EXE
P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
P:\Program Files\Logitech\MouseWare\system\em_exec.exe
P:\Program Files\MessengerPlus! 3\MsgPlus.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\sstray.exe
P:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
P:\program files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
P:\program files\Spybot - Search & Destroy\TeaTimer.exe
P:\program files\Spyware Doctor\swdoctor.exe
P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\BHODemon 2\BHODemon.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\wuauclt.exe
P:\program files\Mozilla Firefox\firefox.exe
P:\program files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] P:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunServer] P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "P:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Windows Defender] "P:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "P:\program files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "P:\program files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: BitTorrent.lnk = P:\program files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = P:\program files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - P:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159847774875
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "P:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: sstqo - C:\WINDOWS\
O20 - Winlogon Notify: vtutuur - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - P:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - P:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)




The other thing I have found is explorer.exe is having issues on shutdown and I am still receiving bho registry install requests.

Hope that you can help me through this all.

Thanks again for your support and look forward to hearing back from you.

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 October 2006 - 07:36 PM

I need you to move ComboFix to your primary C:\ drive.

It must be there for the next step to work.


Click Start--> Click Run--> Copy&Paste the bold text below into the Open Run Box and click OK.

%systemdrive%\combofix.exe /v ewjmeiru vtutuur winepi32 winexz32 wevthhoi byxwtrr

Let combofix do its thing and it will create another log.


After you have posted the fresh Combo Fix log,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


#9 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:38 AM

Posted 10 October 2006 - 12:30 AM

Here is the combofix log file:

Sam - 06-10-09 21:03:23.34 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\"
Command switches used :: /v ewjmeiru vtutuur winepi32 winexz32 wevthhoi byxwtrr

((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 ))))))))))))))))))))))))))))))))))


2006-10-08 16:47 276,526 --a------ C:\combofix.exe
2006-10-08 12:05 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-08 12:05 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-10-07 23:30 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2006-10-07 22:59 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-07 14:50 273,066 C:\WINDOWSTetris Game Gold Uninstaller.exe
2006-10-06 17:47 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-06 17:47 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-06 17:47 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-06 17:47 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-10-06 17:47 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-06 17:11 81,920 --------- C:\WINDOWS\system32\BrWebIns.dll
2006-10-06 17:11 65,536 --------- C:\WINDOWS\system32\Brwebup.exe
2006-10-06 17:11 65,536 --------- C:\WINDOWS\system32\Brmfrmps.exe
2006-10-06 17:11 51,200 --------- C:\WINDOWS\system32\brinsstr.dll
2006-10-06 17:11 176,128 --------- C:\WINDOWS\system32\Pdrvinst.dll
2006-10-06 17:11 147,456 --------- C:\WINDOWS\brunin03.dll
2006-10-06 17:11 126,976 --------- C:\WINDOWS\system32\BrfxD04a.dll
2006-10-06 14:14 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2006-10-05 22:49 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-10-03 21:10 97,792 --a------ C:\WINDOWS\system32\LGUICOM.DLL
2006-10-03 21:10 70,801 --a------ C:\WINDOWS\system32\drivers\LMouFlt2.Sys
2006-10-03 21:10 51,729 --------- C:\WINDOWS\system32\drivers\L8042PR2.SYS
2006-10-03 21:10 37,887 --------- C:\WINDOWS\system32\drivers\LHIDUSB.SYS
2006-10-03 21:10 3,568 --a------ C:\WINDOWS\system32\LMOUSE16.DLL
2006-10-03 21:10 25,505 --a------ C:\WINDOWS\system32\drivers\LHidFlt2.Sys
2006-10-03 21:10 23,375 --------- C:\WINDOWS\system32\LCOINST.DLL
2006-10-03 21:10 19,968 --------- C:\WINDOWS\LOGI_MWX.EXE
2006-10-03 21:10 16,896 --a------ C:\WINDOWS\system32\LMOUSE32.DLL
2006-10-03 21:10 152,064 --------- C:\WINDOWS\system32\lmoufrc.dll
2006-10-03 21:10 14,095 --------- C:\WINDOWS\system32\drivers\LCCFLTR.SYS
2006-10-03 21:10 104,960 --a------ C:\WINDOWS\system32\COMNCTR.DLL
2006-10-03 17:57 17,071 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2006-10-03 17:57 131,331 --a------ C:\WINDOWS\UNINST32.EXE
2006-10-03 07:11 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-03 07:11 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-10-03 07:11 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-03 07:11 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-03 07:11 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-10-03 07:11 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-03 07:11 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-02 22:06 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-02 21:58 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-02 21:56 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-10-02 21:51 174,336 -ra------ C:\WINDOWS\system32\drivers\yukonwxp.sys
2006-10-02 21:51 12,288 -ra------ C:\WINDOWS\system32\mrvdlg.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmSK.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmPTB.dll
2006-10-02 21:45 98,304 -ra------ C:\WINDOWS\system32\SStrmDA.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmTR.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmTH.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmSV.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmPT.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmNO.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmFI.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\sstrmenu.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmENG.dll
2006-10-02 21:45 94,208 -ra------ C:\WINDOWS\system32\SStrmCS.dll
2006-10-02 21:45 90,112 -ra------ C:\WINDOWS\system32\SStrmSL.dll
2006-10-02 21:45 86,016 -ra------ C:\WINDOWS\system32\SStrmHE.dll
2006-10-02 21:45 86,016 -ra------ C:\WINDOWS\system32\SStrmAR.dll
2006-10-02 21:45 73,728 -ra------ C:\WINDOWS\system32\sstray.exe
2006-10-02 21:45 69,632 -ra------ C:\WINDOWS\system32\SStrmKO.dll
2006-10-02 21:45 69,632 -ra------ C:\WINDOWS\system32\SStrmJA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SStrmZHT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraZHT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraZHC.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraTR.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraTH.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSV.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraSK.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraRU.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPTB.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraPL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraNO.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraNL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraKO.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraJA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraIT.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraHU.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraHE.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraFR.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraFI.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraES.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraENG.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraEL.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraDE.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraDA.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraCS.dll
2006-10-02 21:45 61,440 -ra------ C:\WINDOWS\system32\SSTraAR.dll
2006-10-02 21:45 57,344 -ra------ C:\WINDOWS\system32\SStrmZHC.dll
2006-10-02 21:45 509,984 -ra------ C:\WINDOWS\50comupd.exe
2006-10-02 21:45 491,599 -ra------ C:\WINDOWS\system32\sndstorm.exe
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplZHT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplZHC.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplTR.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplTH.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSV.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplSK.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplRU.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPTB.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplPL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplNO.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplNL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplKO.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplJA.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplIT.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplHU.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplHE.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplFR.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplFI.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplES.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplENG.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplEL.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplDE.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplDA.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplCS.dll
2006-10-02 21:45 36,864 -ra------ C:\WINDOWS\system32\SSCplAR.dll
2006-10-02 21:45 208,896 --a------ C:\WINDOWS\system32\NVUninst.exe
2006-10-02 21:45 208,896 --a------ C:\WINDOWS\system32\nvuautl.exe
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmRU.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmPL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmNL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmIT.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmHU.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmFR.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmES.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmEL.dll
2006-10-02 21:45 102,400 -ra------ C:\WINDOWS\system32\SStrmDE.dll
2006-10-02 21:45 1,589,248 -ra------ C:\WINDOWS\system32\sstrmres.dll
2006-10-02 21:44 962,560 --a------ C:\WINDOWS\system32\drivers\nvmcp.sys
2006-10-02 21:44 70,656 -ra------ C:\WINDOWS\system32\drivers\NVENET.sys
2006-10-02 21:44 7,168 --a------ C:\WINDOWS\system32\nvack.dll
2006-10-02 21:44 66,688 --a------ C:\WINDOWS\system32\drivers\nvarm.sys
2006-10-02 21:44 53,760 --a------ C:\WINDOWS\system32\nvopenal.dll
2006-10-02 21:44 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-10-02 21:44 5,120 --a------ C:\WINDOWS\system32\ALut.dll
2006-10-02 21:44 48,640 --a------ C:\WINDOWS\system32\drivers\nvax.sys
2006-10-02 21:44 396,032 --a------ C:\WINDOWS\system32\drivers\nvapu.sys
2006-10-02 21:44 30,208 --a------ C:\WINDOWS\system32\nvasio.dll
2006-10-02 21:44 21,504 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvugart.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuenet.exe
2006-10-02 21:44 208,896 --a------ C:\WINDOWS\system32\nvuaudio.exe
2006-10-02 21:44 18,688 -ra------ C:\WINDOWS\system32\drivers\nv_agp.SYS
2006-10-02 21:37 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-10-02 21:37 0 -rahs---- C:\MSDOS.SYS
2006-10-02 21:37 0 -rahs---- C:\IO.SYS
2006-10-02 21:37 0 --a------ C:\CONFIG.SYS
2006-10-02 21:37 0 --a------ C:\AUTOEXEC.BAT
2006-10-02 21:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-10-02 21:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-10-02 21:35 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-10-02 21:35 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-02 21:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-10-02 21:35 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-10-02 21:35 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-10-02 21:35 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-10-02 21:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-10-02 21:35 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-10-02 21:35 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-10-02 21:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-10-02 21:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-10-02 21:35 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-10-02 21:35 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-10-02 21:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-10-02 21:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-10-02 21:35 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-10-02 21:35 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-10-02 21:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-10-02 21:35 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-10-02 21:35 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-10-02 21:35 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-10-02 21:35 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-10-02 21:34 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-10-02 21:34 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-10-02 21:34 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-10-02 21:34 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-10-02 21:34 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-02 21:34 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-02 21:34 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-02 21:34 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-10-02 21:34 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-10-02 21:34 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-10-02 21:34 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-02 21:34 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-10-02 21:34 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-10-02 21:34 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-02 21:34 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-10-02 21:34 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-10-02 21:34 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-02 21:34 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-10-02 21:34 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-10-02 21:34 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-02 21:34 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-10-02 21:34 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-02 21:33 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-10-02 21:33 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-10-02 21:33 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-02 21:33 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-10-02 21:33 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-10-02 21:33 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-02 21:33 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-10-02 21:33 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-10-02 21:33 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-10-02 21:33 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-10-02 21:33 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-02 21:33 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-10-02 21:33 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-02 21:33 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-10-02 21:33 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-02 21:33 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-10-02 21:33 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-10-02 21:33 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-10-02 21:33 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-02 21:33 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-10-02 21:33 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-10-02 21:33 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-10-02 21:33 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-10-02 21:33 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-10-02 21:33 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-10-02 21:33 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-10-02 21:33 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-10-02 21:33 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-02 21:33 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-10-02 21:33 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-10-02 21:33 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-02 21:33 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-10-02 21:33 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-10-02 21:33 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-10-02 21:33 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-02 21:33 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-10-02 21:33 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-10-02 21:33 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-02 21:33 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-10-02 21:33 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-02 21:33 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-10-02 21:33 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-10-02 21:33 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-10-02 21:33 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-10-02 21:33 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-10-02 21:33 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-10-02 21:33 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-10-02 21:33 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-10-02 21:33 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-10-02 21:33 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-10-02 21:33 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-02 21:33 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-10-02 21:33 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-10-02 21:33 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-10-02 21:33 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-10-02 21:33 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-10-02 21:33 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-10-02 21:33 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-10-02 21:33 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-10-02 21:33 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-10-02 21:33 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-10-02 21:33 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-10-02 21:33 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-02 21:33 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-10-02 21:33 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-10-02 21:33 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-10-02 21:33 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-10-02 21:33 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-10-02 21:33 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-10-02 21:33 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-02 21:33 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-10-02 21:33 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-02 21:33 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-10-02 21:33 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-10-02 21:33 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-10-02 21:33 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-10-02 21:33 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-10-02 21:33 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-02 21:33 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-02 21:33 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-10-02 21:33 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-10-02 15:29 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-02 15:29 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-02 15:29 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-02 15:29 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-02 15:29 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-02 15:29 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-02 15:29 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-02 15:29 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-02 15:29 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-10-02 15:29 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-02 15:29 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-02 15:29 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-02 15:28 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-10-02 15:28 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-02 15:28 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-10-02 15:28 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-10-02 15:28 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-02 15:28 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-02 15:28 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2006-10-02 15:28 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-10-02 15:28 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2006-10-02 15:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-10-02 15:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-10-02 15:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-10-02 15:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-10-02 15:27 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-10-02 15:26 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-10-02 15:26 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-10-02 15:26 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-02 15:26 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-10-02 15:26 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-10-02 15:26 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-10-02 15:26 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-10-02 15:26 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-10-02 15:26 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-10-02 15:26 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-10-01 10:47 102,528 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys
2006-10-01 10:47 10,368 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-09 12:26 -------- d---s---- C:\Documents and Settings\Sam\Application Data\Microsoft
2006-10-08 16:50 -------- d-------- C:\Program Files\Common Files
2006-10-08 12:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\PC Tools
2006-10-07 14:50 273066 --a------ C:\WINDOWS\Tetris Game Gold Uninstaller.exe
2006-10-07 13:35 -------- d-------- C:\Documents and Settings\Sam\Application Data\Ahead
2006-10-07 13:34 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-07 13:27 -------- d-------- C:\Documents and Settings\Sam\Application Data\Lavasoft
2006-10-06 17:39 -------- dr------- C:\Documents and Settings\Sam\Application Data\Brother
2006-10-06 17:11 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-06 15:45 -------- d-------- C:\Documents and Settings\Sam\Application Data\Adobe
2006-10-06 15:42 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-06 15:40 873 --a------ C:\Documents and Settings\Sam\Application Data\AdobeDLM.log
2006-10-06 15:40 0 --a------ C:\Documents and Settings\Sam\Application Data\dm.ini
2006-10-05 21:47 -------- d-------- C:\Documents and Settings\Sam\Application Data\.bittorrent
2006-10-04 19:46 -------- d-------- C:\Documents and Settings\Sam\Application Data\Sun
2006-10-04 19:44 -------- d-------- C:\Program Files\Common Files\Java
2006-10-03 22:00 -------- d-------- C:\Documents and Settings\Sam\Application Data\Macromedia
2006-10-03 21:10 -------- d-------- C:\Program Files\Common Files\Logitech
2006-10-03 20:06 -------- d-------- C:\Documents and Settings\Sam\Application Data\Talkback
2006-10-03 20:05 -------- d-------- C:\Documents and Settings\Sam\Application Data\Mozilla
2006-10-03 18:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 18:10 -------- d-------- C:\Program Files\Common Files\Designer
2006-10-03 18:09 -------- d-------- C:\Program Files\Common Files\System
2006-10-03 07:11 -------- d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2006-10-02 22:31 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 22:30 -------- d-------- C:\Program Files\Windows Media Player
2006-10-02 22:29 -------- d-------- C:\Program Files\Outlook Express
2006-10-02 22:28 -------- d-------- C:\Program Files\Messenger
2006-10-02 22:14 -------- d-------- C:\Program Files\Online Services
2006-10-02 21:42 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-02 21:42 -------- d-------- C:\Documents and Settings\Sam\Application Data\Identities
2006-10-02 21:37 -------- d-------- C:\Program Files\xerox
2006-10-02 21:37 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-02 21:36 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-02 21:35 -------- d-------- C:\Program Files\NetMeeting
2006-10-02 21:35 -------- d-------- C:\Program Files\Movie Maker
2006-10-02 21:35 -------- d-------- C:\Program Files\Common Files\Services
2006-10-02 21:35 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-10-02 21:34 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-02 21:34 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-02 21:33 -------- d-------- C:\Program Files\Windows NT
2006-10-02 21:33 -------- d-------- C:\Program Files\MSN
2006-10-02 15:27 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-02 15:27 -------- d-------- C:\Program Files\Common Files\ODBC
2006-10-02 15:26 62 --ahs---- C:\Documents and Settings\Sam\Application Data\desktop.ini
2006-08-11 21:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ C:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 3958496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"msnmsgr"="\"P:\\program files\\MSN Messenger\\msnmsgr.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"SpybotSD TeaTimer"="P:\\program files\\Spybot - Search & Destroy\\TeaTimer.exe"
"Spyware Doctor"="\"P:\\program files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"KEMailKb"="P:\\PROGRA~1\\KEMailKb\\KEMailKb.EXE"
"Logitech Utility"="Logi_MwX.Exe"
"SunServer"="P:\\program files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"SunJavaUpdateSched"="P:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"MessengerPlus3"="\"P:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SetDefPrt"="P:\\program files\\Brother\\Brmfl04b\\BrStDvPt.exe"
"ControlCenter2.0"="P:\\program files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nForce Tray Options"="sstray.exe /r"
"Windows Defender"="\"P:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"P:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="P:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"P:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="P:\\PROGRA~1\\MI1933~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddccb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqo

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Mon 10/09/2006 21:05:23.04
ComboFix.txt
ComboFix2.txt


Here is the report from f-secure:

Scanning Report
Monday, October 09, 2006 21:11:44 - 23:22:36

Computer name: JUST-BLUE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ G:\ H:\ P:\
Result: 4 malware found
SpyWareNukerXT (spyware)

* System (Disinfected)

Trojan-Downloader.JS.IstBar.j (virus)

* P:\BACKUP\__DRIVE_C_SEPT_03_2006\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\319324C3.HTM (Renamed & Submitted)

W32/Malware (virus)

* H:\FTP\-=ISOZ=-\-=GAMEZ=-\NEED.FOR.SPEED.UNDERGROUND.2-RELOADED\NO-CD\NFS-NOCD.EXE (Submitted)

W32/Smalldoor.GRU (virus)

* P:\PROGRAM FILES\RNGINTERSTITIAL.DLL (Submitted)

Statistics
Scanned:

* Files: 77980
* System: 6328
* Not scanned: 5

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 2
* Submitted: 3

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\DOCUMENTS AND SETTINGS\SAM\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E9DFC7BC-F44B-497E-A018-F0F5485263E4}
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\434A75874666F6448B5BECE114F29137_D3F28AAD-1EA5-4F0A-BA16-675635A02611
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DE8B890794C16E8039AEC69585C4F97D_D3F28AAD-1EA5-4F0A-BA16-675635A02611

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-10-09
* F-Secure Libra: 2.4.1, 2006-10-06
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Orion: 1.2.37, 2006-10-09
* F-Secure Pegasus: 1.19.0, 2006-08-29
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications


Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:26:28 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
P:\Program Files\Spyware Doctor\sdhelp.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
P:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\alg.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
P:\PROGRA~1\KEMailKb\KEMailKb.EXE
P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
P:\Program Files\Logitech\MouseWare\system\em_exec.exe
P:\Program Files\MessengerPlus! 3\MsgPlus.exe
P:\program files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\sstray.exe
P:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
P:\program files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
P:\program files\Spyware Doctor\swdoctor.exe
P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
P:\program files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
P:\PROGRA~1\MOZILL~1\FIREFOX.EXE
P:\program files\Hijack This\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] P:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunServer] P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "P:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Windows Defender] "P:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "P:\program files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "P:\program files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: BitTorrent.lnk = P:\program files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - P:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159847774875
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "P:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: sstqo - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - P:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - P:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

As I mentioned before, thank you for all your help and look forward to your response.

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 October 2006 - 03:19 AM

Please disable Tea Timer.
http://www.russelltexas.com/malware/teatimer.htm


Restart the machine and Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O20 - Winlogon Notify: ddccb - C:\WINDOWS\

O20 - Winlogon Notify: sstqo - C:\WINDOWS\

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button



Any ideas on this file F-Secure flagged:


H:\FTP\-=ISOZ=-\-=GAMEZ=-\NEED.FOR.SPEED.UNDERGROUND.2-RELOADED\NO-CD\NFS-NOCD.EXE

P:\PROGRAM FILES\RNGINTERSTITIAL.DLL



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
  • Post the contents of the ActiveScan report


#11 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 10 October 2006 - 06:58 PM

As for the following:
Any ideas on this file F-Secure flagged:


H:\FTP\-=ISOZ=-\-=GAMEZ=-\NEED.FOR.SPEED.UNDERGROUND.2-RELOADED\NO-CD\NFS-NOCD.EXE

P:\PROGRAM FILES\RNGINTERSTITIAL.DLL


I know what these are...

the first is a file on my ftp that has been used in the past on another machine, and the second relates to real networks so I think I could delete that one as I have not reinstalled that as of yet.

Will post more once I follow the directions in your last post.

#12 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:38 AM

Posted 10 October 2006 - 07:01 PM

Here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:58:17 PM, on 10/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
P:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
P:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
P:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
P:\PROGRA~1\KEMailKb\KEMailKb.EXE
P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
P:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\sstray.exe
P:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
P:\program files\Spyware Doctor\swdoctor.exe
P:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
P:\program files\Hijack This\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - P:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - P:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] P:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KEMailKb] P:\PROGRA~1\KEMailKb\KEMailKb.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunServer] P:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] P:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "P:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SetDefPrt] P:\program files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] P:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [Windows Defender] "P:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "P:\program files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] P:\program files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spyware Doctor] "P:\program files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: BHODemon 2.0.lnk = P:\program files\BHODemon 2\BHODemon.exe
O4 - Startup: BitTorrent.lnk = P:\program files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = P:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = P:\program files\Brother\Brmfcmon\BrMfcWnd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://P:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - P:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - P:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159847774875
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "P:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: ddccb - C:\WINDOWS\
O20 - Winlogon Notify: sstqo - C:\WINDOWS\
O20 - Winlogon Notify: vtutuur - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - P:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - P:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - P:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

Now on to the panda check...will report next.

#13 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada

Posted 10 October 2006 - 09:06 PM

Here is the report from Panda:


Incident Status Location

Adware:adware/powerscan Not disinfected p:\program files\Intrigue Learning
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.mp3search.ru/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.tucows.com/]
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Sam\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\9AB2A4B6-AD47-4EC4-BFCE-3E8346\3D21D33A-E15F-4CB6-AE6C-2D7073
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\VundoFix Backups\igoxtmrb.exe.bad
Spyware:Cookie/Tucows Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Cd Freaks Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/GoStats Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Maxserving Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Lop Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.mp3search.ru/]
Spyware:Cookie/RealMedia Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Seeq Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Serving-sys Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Clicktracks Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/Tickle Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Toplist Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/onestat.com Not disinfected P:\Backup\__Drive_C_Sept_03_2006\Documents and Settings\Sam\Application Data\Mozilla\Firefox\Profiles\tcnmjpzi.default\cookies.txt[stat.onestat.com/]
Potentially unwanted tool:Application/Processor Not disinfected P:\_downloads\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected P:\_downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 October 2006 - 03:37 PM

Delete the following folders please

C:\VundoFix Backups

p:\program files\Intrigue Learning


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#15 Lonranger

Lonranger
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:05:38 AM

Posted 11 October 2006 - 09:43 PM

Here is the report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 11, 2006 8:35:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/10/2006
Kaspersky Anti-Virus database records: 217581
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
P:\
Z:\

Scan Statistics:
Total number of scanned objects: 120115
Number of viruses found: 2
Number of infected objects: 0 / 0
Number of suspicious objects: 4
Duration of the scan process: 01:51:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\434a75874666f6448b5bece114f29137_d3f28aad-1ea5-4f0a-ba16-675635a02611 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\de8b890794c16e8039aec69585c4f97d_d3f28aad-1ea5-4f0a-ba16-675635a02611 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-10092006-001757.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sam\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{DAC8841B-9ADC-4BFE-97DE-F93CFA576EBB} Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Application Data\Sunbelt Software\CounterSpy\SunEventsData.sdb Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\Perflib_Perfdata_bc0.dat Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DF20A9.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DFC50D.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temp\~DFEA1F.tmp Object is locked skipped
C:\Documents and Settings\Sam\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sam\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sam\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\ftp\-=UPLOADZ=-\-=Put ALL UPLOADS IN HERE=-\Bitcomet\Bitfreaks.Oldies.Collection\DATA\U\ULTIMA16.ZIP/ORIGIN/CDWRITE.COM Suspicious: Type_ComTSR skipped
H:\ftp\-=UPLOADZ=-\-=Put ALL UPLOADS IN HERE=-\Bitcomet\Bitfreaks.Oldies.Collection\DATA\U\ULTIMA16.ZIP ZIP: suspicious - 1 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
P:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


I also disabled teatimer and bhodemon during the scan. Counterspy and spyware doctor were still running.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users