Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With W32/myzor.fk@yf A/k/a Zlob Trojan


  • This topic is locked This topic is locked
6 replies to this topic

#1 mfvs1978

mfvs1978

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 27 November 2006 - 09:58 PM

I went on a website when I didnt realize my McAfee was not completely up and running on my computer. My internet explorer homepage was taken over and I am always directed to yourieprotect to install spyware software. I followed the instructions in the Prepartion Guide for use before posting on Hijackthis and the following log is the results of all the cleanups I tried.
I am not sure if the virus is still on the computer?
Please help.



Logfile of HijackThis v1.99.1
Scan saved at 9:50:01 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Documents and Settings\Chucke\Local Settings\Temporary Internet Files\Content.IE5\JOHMDKVA\stng260[1].exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061030
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/service_compone...vex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162434492656
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...902/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:51 AM

Posted 28 November 2006 - 10:45 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 mfvs1978

mfvs1978
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 28 November 2006 - 07:45 PM

[b]Hi Sam-
Thanks for your anticipated help :thumbsup:

Here is the log file from running combofix.exe. What does that program do differently than hijaxthis? As I said in my earlier post, i don't know how I got infected, but I can't wait to get rid of the virus.
Thanks again.


Chucke - 06-11-28 19:38:03.22 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Chucke\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


2006-11-27 21:49 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Intuit
2006-11-27 21:47 <DIR> d-------- C:\Program Files\HijackThis
2006-11-27 21:17 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2006-11-27 21:13 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-11-27 21:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-11-27 21:13 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\SUPERAntiSpyware.com
2006-11-27 20:59 <DIR> d-------- C:\Program Files\Softwin
2006-11-27 20:59 <DIR> d-------- C:\Program Files\Common Files\Softwin
2006-11-26 23:23 <DIR> d-------- C:\Program Files\Lavasoft
2006-11-26 23:23 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Lavasoft
2006-11-26 23:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-26 23:09 <DIR> d-------- C:\WINDOWS\temp
2006-11-26 22:38 <DIR> d-------- C:\Program Files\Roguescanfix
2006-11-26 22:23 <DIR> d-------- C:\Program Files\NoAdware4
2006-11-26 19:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2006-11-26 19:12 <DIR> d-------- C:\WINDOWS\McAfee.com
2006-11-26 18:26 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2006-11-26 17:31 <DIR> d-------- C:\Program Files\Windows Defender
2006-11-26 17:07 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-26 16:29 <DIR> d-------- C:\Documents and Settings\Chucke\.housecall6.6
2006-11-26 14:04 <DIR> d-------- C:\Program Files\MSN Games
2006-11-23 21:22 <DIR> d-------- C:\Programme
2006-11-22 21:18 <DIR> d-------- C:\WINDOWS\system32\Dell
2006-11-22 21:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-22 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-19 18:47 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Sun
2006-11-15 20:56 <DIR> d-------- C:\3a5de248a4c8392ac20230
2006-11-11 13:20 <DIR> d-------- C:\WINDOWS\Sun
2006-11-09 21:50 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\WildTangent
2006-11-09 21:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2006-11-07 19:27 202,240 --a------ C:\WINDOWS\system32\sunny_screensaver.scr
2006-11-07 19:27 <DIR> d-------- C:\WINDOWS\system32\sunny_screensaver dir
2006-11-04 22:38 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-11-04 22:36 <DIR> d-------- C:\MWASPINT
2006-11-04 22:35 557,056 --a------ C:\WINDOWS\system32\FE05F3D5.dll
2006-11-04 22:35 548,864 --a------ C:\WINDOWS\system32\FE05DA0D.dll
2006-11-04 22:35 274,432 --a------ C:\WINDOWS\system32\FFTIFF16.dll
2006-11-04 22:35 159,744 --a------ C:\WINDOWS\system32\FFRAFLIB.DLL
2006-11-04 22:35 106,496 --a------ C:\WINDOWS\system32\FPXS2Pro.dll
2006-11-04 22:35 <DIR> d-------- C:\Program Files\PIXELA
2006-11-04 22:35 <DIR> d-------- C:\Program Files\FinePixViewer
2006-11-04 22:34 81,924 --------- C:\WINDOWS\system32\drivers\VC4CB104.SYS
2006-11-04 22:34 69,632 --------- C:\WINDOWS\system32\FREGSHEX.DLL
2006-11-04 22:34 65,536 --------- C:\WINDOWS\system32\FINFCHECK.dll
2006-11-04 22:34 45,056 --------- C:\WINDOWS\system32\FINFCOPY.dll
2006-11-04 22:34 45,056 --------- C:\WINDOWS\system32\FCLKBTN.dll
2006-11-04 22:34 <DIR> d-------- C:\Program Files\REGSHAVE
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 19:48 1,933,312 --a------ C:\WINDOWS\system32\cdintf250.dll
2006-11-03 19:48 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2006-11-03 19:47 <DIR> d-------- C:\Program Files\Quicken
2006-11-03 19:47 <DIR> d-------- C:\Program Files\Common Files\Intuit
2006-11-03 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2006-11-02 20:42 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\AdobeUM
2006-11-02 20:42 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Adobe
2006-11-02 18:38 88 -r-hs---- C:\WINDOWS\system32\128340334B.sys
2006-11-02 18:38 2,516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-01 23:38 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Template
2006-11-01 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MCAF3.tmp
2006-11-01 22:49 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Macromedia
2006-11-01 22:48 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Google
2006-11-01 22:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2006-11-01 22:14 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\McAfee.com Personal Firewall
2006-11-01 22:12 <DIR> dr-h----- C:\Documents and Settings\Chucke\SendTo
2006-11-01 22:12 <DIR> dr-h----- C:\Documents and Settings\Chucke\Recent
2006-11-01 22:12 <DIR> dr-h----- C:\Documents and Settings\Chucke\Application Data\.
2006-11-01 22:12 <DIR> dr-h----- C:\Documents and Settings\Chucke\Application Data
2006-11-01 22:12 <DIR> dr------- C:\Documents and Settings\Chucke\Start Menu
2006-11-01 22:12 <DIR> dr------- C:\Documents and Settings\Chucke\My Documents
2006-11-01 22:12 <DIR> dr------- C:\Documents and Settings\Chucke\Favorites
2006-11-01 22:12 <DIR> d--hs---- C:\Documents and Settings\Chucke\Cookies
2006-11-01 22:12 <DIR> d--h----- C:\Documents and Settings\Chucke\Templates
2006-11-01 22:12 <DIR> d--h----- C:\Documents and Settings\Chucke\PrintHood
2006-11-01 22:12 <DIR> d--h----- C:\Documents and Settings\Chucke\NetHood
2006-11-01 22:12 <DIR> d--h----- C:\Documents and Settings\Chucke\Local Settings
2006-11-01 22:12 <DIR> d--h----- C:\Documents and Settings\Chucke\Application Data\Gtek
2006-11-01 22:12 <DIR> d---s---- C:\Documents and Settings\Chucke\Application Data\Microsoft
2006-11-01 22:12 <DIR> d-------- C:\Documents and Settings\Chucke\Desktop
2006-11-01 22:12 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\InstallShield
2006-11-01 22:12 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\Identities
2006-11-01 22:12 <DIR> d-------- C:\Documents and Settings\Chucke\Application Data\..
2006-11-01 22:12 <DIR> d-------- C:\Documents and Settings\Chucke\..
2006-11-01 22:12 <DIR> d-------- C:\Documents and Settings\Chucke\.
2006-11-01 22:07 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-01 22:07 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-01 22:06 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-01 22:05 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-01 22:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-01 21:50 90,112 --a------ C:\WINDOWS\system32\mcrtl32.dll
2006-11-01 21:50 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2006-11-01 21:50 131,072 --a------ C:\WINDOWS\system32\mclsp.dll
2006-11-01 21:50 11,264 --------- C:\WINDOWS\system32\sporder.dll
2006-11-01 21:50 <DIR> d-------- C:\WINDOWS\system32\mclsphlr
2006-11-01 21:42 23,040 --------- C:\WINDOWS\kb913800.exe
2006-11-01 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-01 21:34 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2006-11-01 21:31 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-01 21:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-01 21:26 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2006-11-01 18:56 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-01 18:55 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-01 18:55 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-10-30 16:50 <DIR> d--hs---- C:\RECYCLER
2006-10-30 16:46 <DIR> d-------- C:\Program Files\EarthLink Setup
2006-10-30 16:45 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2006-10-30 16:45 <DIR> d-------- C:\Program Files\Dell Support
2006-10-30 16:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek
2006-10-30 16:44 <DIR> d-------- C:\WINDOWS\SHELLNEW
2006-10-30 16:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2006-10-30 16:44 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
2006-10-30 16:44 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2006-10-30 16:44 <DIR> d-------- C:\Program Files\Common Files\L&H
2006-10-30 16:44 <DIR> d-------- C:\Program Files\Common Files\DESIGNER
2006-10-30 16:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-10-30 16:43 <DIR> d-------- C:\Program Files\Adobe
2006-10-30 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-10-30 16:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-30 16:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-10-30 16:42 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-30 16:42 114,856 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-10-30 16:42 <DIR> d-------- C:\Program Files\Yahoo!
2006-10-30 16:42 <DIR> d-------- C:\Program Files\Microsoft Works
2006-10-30 16:42 <DIR> d-------- C:\Program Files\Microsoft Office
2006-10-30 16:42 <DIR> d-------- C:\Program Files\illiminable
2006-10-30 16:42 <DIR> d-------- C:\Program Files\Common Files\SureThing Shared
2006-10-30 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO
2006-10-30 16:40 <DIR> d-------- C:\Program Files\Google
2006-10-30 16:40 <DIR> d-------- C:\Program Files\BAE
2006-10-30 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2006-10-30 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2006-10-30 16:39 94,263 --a------ C:\WINDOWS\DLA.EXE
2006-10-30 16:39 89,264 --a------ C:\WINDOWS\system32\drivers\DRVMCDB.SYS
2006-10-30 16:39 80,640 --a------ C:\WINDOWS\system32\drivers\MpFirewall.sys
2006-10-30 16:39 61,500 --a------ C:\WINDOWS\system32\DLAAPI_W.DLL
2006-10-30 16:39 5,628 --a------ C:\WINDOWS\system32\drivers\DLACDBHM.SYS
2006-10-30 16:39 40,544 --a------ C:\WINDOWS\system32\drivers\DRVNDDM.SYS
2006-10-30 16:39 22,684 --a------ C:\WINDOWS\system32\drivers\DLARTL_N.SYS
2006-10-30 16:39 <DIR> d-------- C:\WINDOWS\system32\DLA
2006-10-30 16:39 <DIR> d-------- C:\Program Files\Roxio
2006-10-30 16:39 <DIR> d-------- C:\Program Files\McAfee
2006-10-30 16:39 <DIR> d-------- C:\Program Files\Common Files\TiVo Shared
2006-10-30 16:39 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
2006-10-30 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-10-30 16:38 9,216 --a------ C:\WINDOWS\system32\MpfApi.dll
2006-10-30 16:38 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2006-10-30 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2006-10-30 16:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2006-10-30 16:37 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2006-10-30 16:37 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2006-10-30 16:37 <DIR> d-------- C:\Program Files\McAfee.com
2006-10-30 16:36 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2006-10-30 16:36 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2006-10-30 16:36 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2006-10-30 16:36 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll
2006-10-30 16:36 1,044,480 --a------ C:\WINDOWS\system32\roboex32.dll
2006-10-30 16:36 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2006-10-30 16:36 <DIR> d-------- C:\WINDOWS\occache
2006-10-30 16:36 <DIR> d-------- C:\Program Files\WildTangent
2006-10-30 16:36 <DIR> d-------- C:\Program Files\Viewpoint
2006-10-30 16:36 <DIR> d-------- C:\Program Files\Real
2006-10-30 16:36 <DIR> d-------- C:\Program Files\QuickTime
2006-10-30 16:36 <DIR> d-------- C:\Program Files\Common Files\Real
2006-10-30 16:36 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-10-30 16:36 <DIR> d-------- C:\Program Files\AOL Companion
2006-10-30 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2006-10-30 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2006-10-30 16:35 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys
2006-10-30 16:35 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll
2006-10-30 16:35 <DIR> d-------- C:\Program Files\MUSICMATCH
2006-10-30 16:35 <DIR> d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE
2006-10-30 16:35 <DIR> d-------- C:\Program Files\Microsoft Plus! Digital Media Edition
2006-10-30 16:35 <DIR> d-------- C:\Program Files\Common Files\aolshare
2006-10-30 16:35 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-10-30 16:35 <DIR> d-------- C:\Program Files\America Online 9.0
2006-10-30 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-10-30 16:34 <DIR> d-------- C:\Program Files\Corel
2006-10-30 16:34 <DIR> d-------- C:\Program Files\Common Files\Corel
2006-10-30 16:34 <DIR> d-------- C:\My Music
2006-10-30 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Corel
2006-10-30 16:33 <DIR> d-------- C:\Program Files\NetWaiting
2006-10-30 16:31 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-10-30 16:31 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-10-30 16:31 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-10-30 16:31 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-10-30 16:31 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-10-30 16:31 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-10-30 16:31 282,624 --a------ C:\WINDOWS\stsystra.exe
2006-10-30 16:31 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-10-30 16:31 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-10-30 16:31 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-10-30 16:31 1,093,632 --a------ C:\WINDOWS\system32\stlang.dll
2006-10-30 16:31 <DIR> d-------- C:\Program Files\Sigmatel
2006-10-30 16:30 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-10-30 16:30 <DIR> d-------- C:\Program Files\Modem Diagnostic Tool
2006-10-30 16:30 <DIR> d-------- C:\Program Files\InterActual
2006-10-30 16:30 <DIR> d-------- C:\Program Files\Dell
2006-10-30 16:30 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2006-10-30 16:30 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-10-30 16:30 <DIR> d-------- C:\Program Files\Broadcom
2006-10-30 16:29 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2006-10-30 16:29 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2006-10-30 16:27 <DIR> d-------- C:\Program Files\Java
2006-10-30 16:27 <DIR> d-------- C:\Program Files\Common Files\Java
2006-10-30 16:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2006-10-30 16:17 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-10-30 16:17 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-10-30 16:17 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-10-30 16:17 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-10-30 16:17 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-10-30 16:17 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys
2006-10-30 16:17 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-10-30 16:17 <DIR> d-------- C:\Program Files\CONEXANT
2006-10-30 16:16 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2006-10-30 16:12 155,648 --a------ C:\WINDOWS\system32\GWSEH.dll
2006-10-30 16:11 90,112 --a------ C:\WINDOWS\system32\nvapi.dll
2006-10-30 16:11 90,112 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-10-30 16:11 89,344 --a------ C:\WINDOWS\system32\drivers\nvraid.sys
2006-10-30 16:11 86,016 --a------ C:\WINDOWS\system32\nvmctray.dll
2006-10-30 16:11 81,920 --a------ C:\WINDOWS\system32\nvwddi.dll
2006-10-30 16:11 77,824 --a------ C:\WINDOWS\setpwr32.exe
2006-10-30 16:11 7,323,648 --a------ C:\WINDOWS\system32\nvcpl.dll
2006-10-30 16:11 680,704 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2006-10-30 16:11 5,398,528 --a------ C:\WINDOWS\system32\nvoglnt.dll
2006-10-30 16:11 45,056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-10-30 16:11 44,544 --a------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2006-10-30 16:11 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2006-10-30 16:11 35,328 --a------ C:\WINDOWS\system32\nvcodins.dll
2006-10-30 16:11 35,328 --a------ C:\WINDOWS\system32\nvcod.dll
2006-10-30 16:11 335,872 --a------ C:\WINDOWS\system32\nvwrses.dll
2006-10-30 16:11 327,680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
2006-10-30 16:11 323,584 --a------ C:\WINDOWS\system32\nvwrsit.dll
2006-10-30 16:11 32,218 --a------ C:\WINDOWS\system32\HSFCI008.dll
2006-10-30 16:11 319,488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
2006-10-30 16:11 319,488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
2006-10-30 16:11 311,296 --a------ C:\WINDOWS\system32\nvwrsde.dll
2006-10-30 16:11 303,104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
2006-10-30 16:11 299,008 --a------ C:\WINDOWS\system32\nvwrsno.dll
2006-10-30 16:11 294,912 --a------ C:\WINDOWS\system32\nvwrssv.dll
2006-10-30 16:11 294,912 --a------ C:\WINDOWS\system32\nvwrsda.dll
2006-10-30 16:11 278,528 --a------ C:\WINDOWS\system32\nvrsfr.dll
2006-10-30 16:11 274,432 --a------ C:\WINDOWS\system32\nvrsit.dll
2006-10-30 16:11 274,432 --a------ C:\WINDOWS\system32\nvrses.dll
2006-10-30 16:11 270,336 --a------ C:\WINDOWS\system32\nvrsde.dll
2006-10-30 16:11 266,240 --a------ C:\WINDOWS\system32\nvrsnl.dll
2006-10-30 16:11 262,144 --a------ C:\WINDOWS\system32\nvrsptb.dll
2006-10-30 16:11 262,144 --a------ C:\WINDOWS\system32\nvrsja.dll
2006-10-30 16:11 258,048 --a------ C:\WINDOWS\system32\nvrsko.dll
2006-10-30 16:11 249,856 --a------ C:\WINDOWS\system32\nvrssv.dll
2006-10-30 16:11 249,856 --a------ C:\WINDOWS\system32\nvrsno.dll
2006-10-30 16:11 249,856 --a------ C:\WINDOWS\system32\nvrsda.dll
2006-10-30 16:11 241,664 --a------ C:\WINDOWS\system32\nvrsfi.dll
2006-10-30 16:11 229,376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-10-30 16:11 225,280 --a------ C:\WINDOWS\system32\stacapi.dll
2006-10-30 16:11 217,088 --a------ C:\WINDOWS\system32\nvrszhc.dll
2006-10-30 16:11 212,992 --a------ C:\WINDOWS\system32\nvwrsja.dll
2006-10-30 16:11 212,224 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2006-10-30 16:11 196,608 --a------ C:\WINDOWS\system32\nvwrsko.dll
2006-10-30 16:11 167,936 --a------ C:\WINDOWS\system32\nvwrszht.dll
2006-10-30 16:11 163,840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
2006-10-30 16:11 143,427 --a------ C:\WINDOWS\system32\nvsvc32.exe
2006-10-30 16:11 118,784 --a------ C:\WINDOWS\system32\nvrszht.dll
2006-10-30 16:11 117,248 --a------ C:\WINDOWS\system32\staco.dll
2006-10-30 16:11 11,043 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-10-30 16:11 105,344 --a------ C:\WINDOWS\system32\drivers\nvatabus.sys
2006-10-30 16:11 1,171,464 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2006-10-30 16:11 1,042,432 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys
2006-10-30 16:11 <DIR> d-------- C:\drivers


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-27 21:31 -------- d-------- C:\Program Files\Windows Media Player
2006-11-27 21:13 -------- d-------- C:\Program Files\Common Files
2006-11-27 20:32 -------- d-------- C:\Program Files\Internet Explorer
2006-11-27 20:31 -------- d-------- C:\Program Files\Common Files\System
2006-11-26 17:46 -------- d-------- C:\Program Files\GemMaster
2006-11-01 22:23 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-30 16:29 -------- d-------- C:\Program Files\Outlook Express
2006-10-30 16:28 -------- d-------- C:\Program Files\Messenger
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 11:30 668976 --a------ C:\WINDOWS\system32\OGACheckControl.DLL
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"SigmatelSysTrayApp"="stsystra.exe"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdmcon.exe\""
"BDNewsAgent"="\"C:\\Program Files\\Softwin\\BitDefender8\\bdnagent.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,ea,00,00,00,00,00,00,00,16,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{827D3881-317C-442A-B4ED-F576CBA700BB}"="GW SEH Intercept"
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoDispBackgroundPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (MARTIN-Pretty Girl).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-11-28 19:38:38.61
C:\ComboFix.txt ... 06-11-28 19:38

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:51 AM

Posted 28 November 2006 - 10:20 PM

That log looks pretty good. Are you still having problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 mfvs1978

mfvs1978
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 29 November 2006 - 07:15 AM

Really? My home page hasn't be redirected or "taken over" since I installed the Superantispyware program, but that is because i chose a selection to block someone or something from taking over my home page. I wasn't sure if that completely took care of the problem or just a bandaid and the trojan was still on my computer. Is there anyway to clearly know the computer is fixed? Or do I just have to make sure McAfee is up and running all the time before I connect ot the internet and run the antispyware programs weekly to clean things up?

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:51 AM

Posted 29 November 2006 - 08:44 PM

I don't know that there's ever a way to know 100% that your computer is clean. But if there is malware present you would likely experience popups, homepages redirections, or excessive slowness. You are right to be concerned and yes, regular scans are really the best thing you can do. Here are some other recommendations.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :flowers:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:07:51 AM

Posted 14 December 2006 - 08:32 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users