Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think Im Infected Some Of My Files Are Missing


  • This topic is locked This topic is locked
28 replies to this topic

#1 smirice38

smirice38

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 25 March 2007 - 06:51 AM

i have had a lot of problems lately with spyware malware and trojans i have run spybot ,ad-aware,i am running avg 7.5 i do daily scans but problems still get in now i have noticed that i cant access services or task manager and a couple of others can anyone please help me .i am a novice and dont know too much, i think i have managed to do a log with hijack Logfile of HijackThis v1.99.1
Scan saved at 11:42:14, on 25/03/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINNT\system32\ztwexcsft.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\wmuusffxl.exe
C:\WINNT\system32\WINBOT.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows Service Live] ztwexcsft.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Ability Office] wmuusffxl.exe
O4 - HKLM\..\Run: [Windows Config] WINBOT.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\akwmkxpj.dll",setvm
O4 - HKLM\..\RunServices: [Ability Office] wmuusffxl.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [Windows Service Live] ztwexcsft.exe
O4 - HKCU\..\RunOnce: [Windows Config] WINBOT.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF00E482-FC72-4630-82B9-4532C95BAA57}: NameServer = 212.74.112.66 212.74.112.67
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dhcpcpl - Unknown owner - C:\WINNT\system32\dhcpcpl.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing)
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

this ...

Edited by smirice38, 25 March 2007 - 12:21 PM.


BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:15 AM

Posted 26 March 2007 - 04:20 AM

Hi,

You have more than one backdoor trojan on your system as well as at least one very dangerous keylogger together with a lot of other random malware - including Vundo/virtumundo and god knows what other nasty infections are present there.

These allow hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojans may be identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 04:58 AM

i will get to another pc and change passwords then i will get back to you would it matter if someone has used their card on my pc to pay for something

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:15 AM

Posted 26 March 2007 - 05:14 AM

So I assume you're deciding to clean this up manually? Even though you use this computer for online payments?
Not sure if you understand how badly compromised your system is and the damage it already caused cannot always be repaired.
That's why I strongly recommend you to perform a format and reinstall in this case. Trust me, I am saying this with a reason - and I don't recommend a format very often, only when it is really needed.

Edited by miekiemoes, 26 March 2007 - 05:16 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 09:55 AM

yes please as i will not be using this pc for any online payments anymore

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:15 AM

Posted 26 March 2007 - 10:10 AM

Ok, but don't expect we can repair all damage it already caused. It will never run as it used to run and you will never be able to trust this computer anymore. Your call ofcourse..

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we start. Reason I am telling this is because when a system is so terribly infected and we try to clean this up manually, the damage that is already present may interfere with our removal attempts and may cause a system very unstable.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

After reboot,

* Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

---------------------------

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
do not use the scan yet

--------------------------

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.

---------------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
O4 - HKLM\..\Run: [Windows Service Live] ztwexcsft.exe
O4 - HKLM\..\Run: [Ability Office] wmuusffxl.exe
O4 - HKLM\..\Run: [Windows Config] WINBOT.EXE
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\akwmkxpj.dll",setvm
O4 - HKLM\..\RunServices: [Ability Office] wmuusffxl.exe
O4 - HKCU\..\Run: [Windows Service Live] ztwexcsft.exe
O4 - HKCU\..\RunOnce: [Windows Config] WINBOT.EXE
O23 - Service: dhcpcpl - Unknown owner - C:\WINNT\system32\dhcpcpl.exe (file missing)
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing)
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

--------------------------

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next files if still present:

C:\WINNT\system32\akwmkxpj.dll
C:\WINNT\system32\tcpipmon.exe
C:\WINNT\system32\ztwexcsft.exe
C:\WINNT\system32\wmuusffxl.exe
C:\WINNT\system32\WINBOT.EXE

--------------------------
  • Doubleclick the drweb-cureit.exe, Click Start and Allow to run the express scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • It could be possible it displays a popup to buy it in between, to buy or 50% discount. Just close that popup again.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
-------------------------
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post the following logs in your next reply:

* Combofixlog
* Log from DrWeb CureIt
* Log from SDFix
* New HijackThislog
* Log from Vundofix

You may need more than one reply to post the logs.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 02:39 PM

here is log
SDFix: Version 1.74

Run by roy - Mon 26/03/2007 - 20:10:33.18

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
SYSTEMSVC

ImagePath:
"C:\WINNT\system\system.exe"

SYSTEMSVC Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.inf - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniffdlgs.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\AXXPEE.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\ecmldr32.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi.vxd - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi32.dll - Deleted
C:\WINNT\system32\setup_54777.exe - Deleted
C:\WINNT\Temp\del.bat - Deleted
C:\WINNT\Temp\removalfile.bat - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\tmp*.tmp - Deleted


Folder C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINNT\system32
No streams found.


Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINNT\system32\ehvvnt.exe
C:\WINNT\system32\lzbzoq.exe
C:\WINNT\system32\winbot.exe

Finished

#8 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 02:48 PM

here is another log combofix
SDFix: Version 1.74

Run by roy - Mon 26/03/2007 - 20:10:33.18

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
SYSTEMSVC

ImagePath:
"C:\WINNT\system\system.exe"

SYSTEMSVC Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.inf - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniffdlgs.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\AXXPEE.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\ecmldr32.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi.vxd - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi32.dll - Deleted
C:\WINNT\system32\setup_54777.exe - Deleted
C:\WINNT\Temp\del.bat - Deleted
C:\WINNT\Temp\removalfile.bat - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\tmp*.tmp - Deleted


Folder C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINNT\system32
No streams found.


Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINNT\system32\ehvvnt.exe
C:\WINNT\system32\lzbzoq.exe
C:\WINNT\system32\winbot.exe

Finished
"roy" - Mon 26/03/2007 20:23:59 Service Pack 4
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\roy.HOME2-0A9637988\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\install.log
C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp


((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))


2007-03-26 20:25 88,340 --a------ C:\WINNT\system32\jhbyxpnn.exe
2007-03-26 20:25 <DIR> d-------- C:\Program Files\VSAdd-in
2007-03-26 20:21 48,708 --a------ C:\WINNT\system32\khaoxlyn.dll
2007-03-26 20:20 879,011 ---hs---- C:\WINNT\system32\bdcdd.bak1
2007-03-26 20:20 280,676 ---hs---- C:\WINNT\system32\ddcdb.dll
2007-03-26 20:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_420.dat
2007-03-26 20:20 123,972 --a------ C:\WINNT\system32\lusyxdmj.dll
2007-03-26 20:14 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2007-03-26 18:45 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\DoctorWeb
2007-03-26 17:58 95,744 --a------ C:\VundoFix.exe
2007-03-26 17:58 <DIR> d-------- C:\VundoFix Backups
2007-03-25 23:34 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Adobe
2007-03-25 22:06 89,088 --a------ C:\WINNT\system32\atl71.dll
2007-03-25 22:06 1,060,864 --a------ C:\WINNT\system32\mfc71.dll
2007-03-25 11:41 <DIR> d-------- C:\unzipped
2007-03-24 17:37 765,296 ---hs---- C:\WINNT\system32\stsut.bak2
2007-03-24 10:51 26,730 --------- C:\WINNT\system32\efccawu.dll
2007-03-24 00:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-24 00:46 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Lavasoft
2007-03-23 17:37 729,421 ---hs---- C:\WINNT\system32\stsut.bak1
2007-03-23 12:37 51,472 --a------ C:\WINNT\system32\vfwwdm32.dll
2007-03-23 12:23 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\ArcSoft
2007-03-23 12:07 <DIR> d-------- C:\WINNT\system32\DirectX
2007-03-23 12:06 98,816 --a------ C:\WINNT\system32\dmstyle.dll
2007-03-23 12:06 937,984 --a------ C:\WINNT\system32\dxdiag.exe
2007-03-23 12:06 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2007-03-23 12:06 80,896 --a------ C:\WINNT\system32\dpvsetup.exe
2007-03-23 12:06 797,184 --a------ C:\WINNT\system32\d3dim700.dll
2007-03-23 12:06 77,824 --a------ C:\WINNT\system32\dpmodemx.dll
2007-03-23 12:06 76,800 --a------ C:\WINNT\system32\dpwsockx.dll
2007-03-23 12:06 76,800 --a------ C:\WINNT\system32\dmscript.dll
2007-03-23 12:06 733,184 --a------ C:\WINNT\system32\qedwipes.dll
2007-03-23 12:06 723,968 --a------ C:\WINNT\system32\dpnet.dll
2007-03-23 12:06 7,424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2007-03-23 12:06 7,168 --a------ C:\WINNT\system32\d3d8thk.dll
2007-03-23 12:06 68,096 --a------ C:\WINNT\system32\dpnhupnp.dll
2007-03-23 12:06 664,576 --a------ C:\WINNT\system32\dinput8.dll
2007-03-23 12:06 645,120 --a------ C:\WINNT\system32\dinput.dll
2007-03-23 12:06 64,512 --a------ C:\WINNT\system32\amstream.dll
2007-03-23 12:06 602,624 --a------ C:\WINNT\system32\dx7vb.dll
2007-03-23 12:06 58,368 --a------ C:\WINNT\system32\dmcompos.dll
2007-03-23 12:06 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys
2007-03-23 12:06 5,504 --a------ C:\WINNT\system32\drivers\mstee.sys
2007-03-23 12:06 5,248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2007-03-23 12:06 491,520 --a------ C:\WINNT\system32\dsdmoprp.dll
2007-03-23 12:06 480,256 --a------ C:\WINNT\system32\msvidctl.dll
2007-03-23 12:06 47,104 --a------ C:\WINNT\system32\wstdecod.dll
2007-03-23 12:06 459,264 --a------ C:\WINNT\system32\diactfrm.dll
2007-03-23 12:06 45,696 --a------ C:\WINNT\system32\drivers\stream.sys
2007-03-23 12:06 449,024 --a------ C:\WINNT\system32\qdvd.dll
2007-03-23 12:06 44,544 --a------ C:\WINNT\system32\dxdllreg.exe
2007-03-23 12:06 44,032 --a------ C:\WINNT\system32\dimap.dll
2007-03-23 12:06 4,096 --a------ C:\WINNT\system32\ksuser.dll
2007-03-23 12:06 4,096 --a------ C:\WINNT\system32\drivers\swenum.sys
2007-03-23 12:06 381,952 --a------ C:\WINNT\system32\dpvoice.dll
2007-03-23 12:06 355,328 --a------ C:\WINNT\system32\dsound.dll
2007-03-23 12:06 354,816 --a------ C:\WINNT\system32\psisdecd.dll
2007-03-23 12:06 34,304 --a------ C:\WINNT\system32\mciqtz32.dll
2007-03-23 12:06 33,280 --a------ C:\WINNT\system32\dmloader.dll
2007-03-23 12:06 324,096 --a------ C:\WINNT\system32\mswebdvd.dll
2007-03-23 12:06 32,768 --a------ C:\WINNT\system32\dpnhpast.dll
2007-03-23 12:06 311,808 --a------ C:\WINNT\system32\qdv.dll
2007-03-23 12:06 31,744 --a------ C:\WINNT\system32\pid.dll
2007-03-23 12:06 3,072 --a------ C:\WINNT\system32\dpnlobby.dll
2007-03-23 12:06 3,072 --a------ C:\WINNT\system32\dpnaddr.dll
2007-03-23 12:06 284,160 --a------ C:\WINNT\system32\ddraw.dll
2007-03-23 12:06 28,160 --a------ C:\WINNT\system32\dplaysvr.exe
2007-03-23 12:06 27,136 --a------ C:\WINNT\system32\dmband.dll
2007-03-23 12:06 257,024 --a------ C:\WINNT\system32\qcap.dll
2007-03-23 12:06 217,600 --a------ C:\WINNT\system32\dplayx.dll
2007-03-23 12:06 206,336 --a------ C:\WINNT\system32\gcdef.dll
2007-03-23 12:06 19,968 --a------ C:\WINNT\system32\dpvacm.dll
2007-03-23 12:06 186,880 --a------ C:\WINNT\system32\dsdmo.dll
2007-03-23 12:06 18,944 --a------ C:\WINNT\system32\encapi.dll
2007-03-23 12:06 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2007-03-23 12:06 18,432 --a------ C:\WINNT\system32\dswave.dll
2007-03-23 12:06 171,520 --a------ C:\WINNT\system32\dmime.dll
2007-03-23 12:06 16,896 --a------ C:\WINNT\system32\msyuv.dll
2007-03-23 12:06 16,896 --a------ C:\WINNT\system32\dpnsvr.exe
2007-03-23 12:06 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2007-03-23 12:06 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys
2007-03-23 12:06 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys
2007-03-23 12:06 132,608 --a------ C:\WINNT\system32\devenum.dll
2007-03-23 12:06 130,304 --a------ C:\WINNT\system32\drivers\ks.sys
2007-03-23 12:06 13,312 --a------ C:\WINNT\system32\msdmo.dll
2007-03-23 12:06 116,736 --a------ C:\WINNT\system32\dmusic.dll
2007-03-23 12:06 112,128 --a------ C:\WINNT\system32\dpvvox.dll
2007-03-23 12:06 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2007-03-23 12:06 100,864 --a------ C:\WINNT\system32\dmsynth.dll
2007-03-23 12:06 10,880 --a------ C:\WINNT\system32\drivers\slip.sys
2007-03-23 12:06 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007-03-23 12:06 1,962,496 --a------ C:\WINNT\system32\quartz.dll
2007-03-23 12:06 1,798,144 --a------ C:\WINNT\system32\qedit.dll
2007-03-23 12:06 1,675,264 --a------ C:\WINNT\system32\dxdiagn.dll
2007-03-23 12:06 1,634,304 --a------ C:\WINNT\system32\d3d9.dll
2007-03-23 12:06 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2007-03-23 12:06 1,189,888 --a------ C:\WINNT\system32\dx8vb.dll
2007-03-23 12:06 1,177,600 --a------ C:\WINNT\system32\d3d8.dll
2007-03-23 12:05 21,248 --a------ C:\WINNT\system32\drivers\pfc.sys
2007-03-23 12:05 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-03-23 12:04 212,480 --a------ C:\WINNT\PCDLIB32.DLL
2007-03-23 12:03 <DIR> d-------- C:\WINNT\PixArt
2007-03-23 12:03 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-03-21 20:04 34,159 --a------ C:\tspro.exe
2007-03-21 18:35 34,159 ---h----- C:\WINNT\system32\lzbzoq.exe
2007-03-21 18:15 34,159 ---h----- C:\WINNT\system32\ehvvnt.exe
2007-03-21 12:01 5,342,751 --------- C:\AVG7QT.DAT
2007-03-21 11:54 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-03-21 09:57 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2007-03-21 01:17 <DIR> d-a------ C:\WINNT\system32\msmq
2007-03-21 01:15 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-21 00:57 34,159 --ah----- C:\WINNT\system32\winbot.exe
2007-03-20 22:55 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-03-20 15:22 94,208 --a------ C:\WINNT\system32\PixZip.dll
2007-03-20 15:22 74,240 --a------ C:\WINNT\system32\PixService.dll
2007-03-20 15:22 62,976 --a------ C:\WINNT\system32\PixiNet.dll
2007-03-20 15:21 73,216 --a------ C:\WINNT\system32\LFFAX12N.DLL
2007-03-20 15:21 53,248 --a------ C:\WINNT\system32\LFPCT12N.DLL
2007-03-20 15:21 51,712 --a------ C:\WINNT\system32\PixEPrint.dll
2007-03-20 15:21 434,176 --a------ C:\WINNT\system32\DC120V15_32.DLL
2007-03-20 15:21 388,608 --a------ C:\WINNT\system32\LTKRN12N.DLL
2007-03-20 15:21 36,864 --a------ C:\WINNT\system32\LFPSD12N.DLL
2007-03-20 15:21 341,504 --a------ C:\WINNT\system32\LFCMP12N.DLL
2007-03-20 15:21 32,256 --a------ C:\WINNT\system32\PixologyIRISS.dll
2007-03-20 15:21 30,720 --a------ C:\WINNT\system32\LFBMP12N.DLL
2007-03-20 15:21 26,624 --a------ C:\WINNT\system32\LFPCX12N.DLL
2007-03-20 15:21 258,560 --a------ C:\WINNT\system32\LTDIS12N.DLL
2007-03-20 15:21 230,400 --a------ C:\WINNT\system32\DC265.DLL
2007-03-20 15:21 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL
2007-03-20 15:21 207,872 --a------ C:\WINNT\system32\LTEFX12N.DLL
2007-03-20 15:21 19,968 --a------ C:\WINNT\system32\LFPCD12N.DLL
2007-03-20 15:21 165,888 --a------ C:\WINNT\system32\LTIMG12N.DLL
2007-03-20 15:21 149,504 --a------ C:\WINNT\system32\LFPNG12N.DLL
2007-03-20 15:21 141,824 --a------ C:\WINNT\system32\LFTIF12N.DLL
2007-03-20 15:21 130,048 --a------ C:\WINNT\system32\LTFIL12N.DLL
2007-03-20 15:21 106,496 --a------ C:\WINNT\system32\PixText.dll
2007-03-20 14:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_5dc.dat
2007-03-20 12:31 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-03-20 11:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_308.dat
2007-03-20 11:41 <DIR> d-------- C:\WINNT\Sun
2007-03-20 10:21 <DIR> d--h----- C:\msdownld.tmp
2007-03-19 19:38 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_388.dat
2007-03-19 17:49 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_584.dat
2007-03-19 17:49 <DIR> d--h----- C:\WINNT\PIF
2007-03-19 17:31 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-03-19 15:41 4,212 --ah----- C:\WINNT\system32\zllictbl.dat
2007-03-19 15:38 <DIR> d-a------ C:\WINNT\Internet Logs
2007-03-17 10:08 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4a0.dat
2007-03-15 21:33 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-03-15 21:33 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-03-15 21:31 335 --a------ C:\WINNT\nsreg.dat
2007-03-15 20:59 70,688 --a------ C:\WINNT\system32\drivers\alcaudsl.sys
2007-03-15 20:59 53,600 --a------ C:\WINNT\system32\drivers\alcan5wn.sys
2007-03-15 20:59 5,606 --a------ C:\WINNT\system32\stci.dll
2007-03-15 20:59 5,280 --a------ C:\WINNT\system32\drivers\alcawh.sys
2007-03-15 20:59 3,968 --a------ C:\WINNT\system32\drivers\alcacr.sys
2007-03-15 20:59 <DIR> d-------- C:\Program Files\Thomson
2007-03-15 20:40 <DIR> d-------- C:\Program Files\SpeedTouch
2007-03-07 11:19 <DIR> d-------- C:\Program Files\IrfanView
2007-03-06 23:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_32c.dat
2007-03-06 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2007-03-06 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo!
2007-03-05 13:24 <DIR> d-------- C:\WINNT\Downloaded Installations
2007-03-04 23:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_300.dat
2007-03-04 20:30 <DIR> d---s---- C:\DOCUME~1\ROY~2.HOM\UserData
2007-03-04 11:12 65,536 --a------ C:\WINNT\wanmpsvc.exe
2007-03-03 23:50 759,298 --ahs---- C:\WINNT\system32\tvvut.bak2
2007-03-03 22:55 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Sun
2007-03-03 22:43 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\DivX
2007-03-03 20:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-03-03 20:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-03 18:52 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Help
2007-03-03 14:28 29,696 --a------ C:\WINNT\system32\Vb5stkit.dll
2007-03-03 14:08 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\AOL
2007-03-03 14:01 93,360 --a------ C:\WINNT\system32\drivers\ndiswan.sys
2007-03-03 14:01 64,304 --a------ C:\WINNT\system32\drivers\ipsec.sys
2007-03-03 14:01 518,928 --a------ C:\WINNT\system32\lsasrv.dll
2007-03-03 14:01 147,728 --a------ C:\WINNT\system32\schannel.dll
2007-03-03 13:56 33,588 --a------ C:\WINNT\system32\drivers\wanatw4.sys
2007-03-03 13:14 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Real
2007-03-03 13:08 368,912 --a------ C:\WINNT\system32\vbar332.dll
2007-03-03 13:08 118,784 --a------ C:\WINNT\system32\Msstdfmt.dll
2007-03-03 13:08 102,400 --a------ C:\WINNT\system32\SimpleRegistry.dll
2007-03-03 13:08 10,752 --a------ C:\WINNT\system32\aamd532.dll
2007-03-03 13:08 <DIR> d---s---- C:\WINNT\occache
2007-03-03 13:08 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\You've Got Pictures Screensaver
2007-03-03 13:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Viewpoint
2007-03-03 13:06 86,016 --a------ C:\WINNT\unvise32qt.exe
2007-03-03 13:05 <DIR> d-a------ C:\WINNT\system32\QuickTime
2007-03-03 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
2007-03-03 13:02 65,536 --a------ C:\WINNT\system32\jgsh400.dll
2007-03-03 13:02 54,784 --a------ C:\WINNT\system32\Inetwh32.dll
2007-03-03 13:02 45,568 --a------ C:\WINNT\system32\jgsd400.dll
2007-03-03 13:02 44,544 --a------ C:\WINNT\system32\jgaw400.dll
2007-03-03 13:02 401,462 --a------ C:\WINNT\system32\msvcp60.dll
2007-03-03 13:02 35,840 --a------ C:\WINNT\system32\jgmd400.dll
2007-03-03 13:02 1,044,480 --a------ C:\WINNT\system32\roboex32.dll
2007-03-03 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AOL
2007-03-03 12:29 <DIR> d--h----- C:\WINNT\msdownld.tmp
2007-03-03 12:29 <DIR> d-------- C:\WINNT\Windows Update Setup Files
2007-03-03 12:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
2007-03-02 22:47 727,177 --ahs---- C:\WINNT\system32\tvvut.bak1
2007-03-02 21:13 78,608 --a------ C:\WINNT\system32\VB5DB.DLl
2007-03-02 21:13 77,824 --a------ C:\WINNT\system32\ODBCTL32.DLl
2007-03-02 21:13 745,168 --a------ C:\WINNT\system32\Setupx.dll
2007-03-02 21:13 570,128 --a------ C:\WINNT\system32\DAO350.DLl
2007-03-02 21:13 430,080 --a------ C:\WINNT\system32\MSREPL35.DLl
2007-03-02 21:13 251,664 --a------ C:\WINNT\system32\MSRD2X35.DLl
2007-03-02 21:13 24,576 --a------ C:\WINNT\system32\Rnaph.dll
2007-03-02 21:13 24,336 --a------ C:\WINNT\system32\MSJTER35.DLl
2007-03-02 21:13 147,456 --a------ C:\WINNT\system32\uwLibs.dll
2007-03-02 21:13 121,104 --a------ C:\WINNT\system32\MSJINT35.DLl
2007-03-02 21:13 112 --a------ C:\WINNT\system32\realmedia.reg
2007-03-02 21:13 1,542,132 --a------ C:\WINNT\uwDetect.EXE
2007-03-02 21:13 1,050,384 --a------ C:\WINNT\system32\MSJET35.DLl
2007-03-02 20:56 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-03-02 20:56 981,504 --a------ C:\WINNT\system32\wmnetmgr.dll
2007-03-02 20:56 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-03-02 20:56 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-03-02 20:56 816,264 --a------ C:\WINNT\system32\wmvdmod.dll
2007-03-02 20:56 81,408 --a------ C:\WINNT\system32\logagent.exe
2007-03-02 20:56 760,968 --a------ C:\WINNT\system32\wmsdmod.dll
2007-03-02 20:56 7,680 --a------ C:\WINNT\system32\asferror.dll
2007-03-02 20:56 678,912 --a------ C:\WINNT\system32\drmv2clt.dll
2007-03-02 20:56 670,208 --a------ C:\WINNT\system32\wmadmoe.dll
2007-03-02 20:56 6,656 --a------ C:\WINNT\system32\laprxy.dll
2007-03-02 20:56 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
2007-03-02 20:56 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-03-02 20:56 410,248 --a------ C:\WINNT\system32\wmadmod.dll
2007-03-02 20:56 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-03-02 20:56 358,912 --a------ C:\WINNT\system32\msscp.dll
2007-03-02 20:56 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-03-02 20:56 27,136 --a------ C:\WINNT\system32\wmdmlog.dll
2007-03-02 20:56 253,952 --a------ C:\WINNT\system32\msnetobj.dll
2007-03-02 20:56 245,760 --a------ C:\WINNT\system32\mswmdm.dll
2007-03-02 20:56 241,664 --a------ C:\WINNT\system32\qasf.dll
2007-03-02 20:56 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll
2007-03-02 20:56 232,960 --a------ C:\WINNT\system32\blackbox.dll
2007-03-02 20:56 23,552 --a------ C:\WINNT\system32\wmdmps.dll
2007-03-02 20:56 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-03-02 20:56 218,112 --a------ C:\WINNT\system32\wmasf.dll
2007-03-02 20:56 201,728 --a------ C:\WINNT\system32\mspmsp.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-03-02 20:56 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2007-03-02 20:56 167,936 --a------ C:\WINNT\system32\wmerror.dll
2007-03-02 20:56 159,232 --a------ C:\WINNT\system32\CEWMDM.dll
2007-03-02 20:56 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-03-02 20:56 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2007-03-02 20:56 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-03-02 20:56 <DIR> d-------- C:\WINNT\RegisteredPackages
2007-03-02 20:45 <DIR> d-a------ C:\WINNT\system32\Macromed
2007-03-02 20:45 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\AdobeUM
2007-03-02 20:44 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Adobe
2007-03-02 20:32 16,144 --a------ C:\WINNT\system32\drivers\MODEMCSA.sys
2007-03-02 20:32 <DIR> d-------- C:\WINNT\Cache
2007-03-02 20:27 1,826,816 --ah----- C:\DOCUME~1\ROY~2.HOM\NTUSER.DAT
2007-03-02 20:27 <DIR> d-ah----- C:\WINNT\system32\GroupPolicy
2007-03-02 20:27 <DIR> d-a------ C:\WINNT\system32\NtmsData
2007-03-02 20:27 <DIR> d--hs---- C:\WINNT\Installer
2007-03-02 20:27 <DIR> d--hs---- C:\WINNT\CSC
2007-03-02 20:21 114,688 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\rpcproxy
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\rocket
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\inetsrv
2007-03-02 20:21 <DIR> d-------- C:\WINNT\mww32
2007-03-02 20:21 <DIR> d-------- C:\WINNT\ime
2007-03-02 20:20 0 ---h----- C:\CONFIG.SYS
2007-03-02 20:20 0 ---h----- C:\AUTOEXEC.BAT
2007-03-02 20:19 131,072 --a------ C:\WINNT\system32\mapi32.dll
2007-03-02 20:19 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-03-02 20:19 <DIR> d---s---- C:\WINNT\Downloaded Program Files
2007-03-02 20:18 72,464 --a------ C:\WINNT\system32\isign32.dll
2007-03-02 20:18 63,248 --a------ C:\WINNT\system32\ils.dll
2007-03-02 20:18 57,104 --a------ C:\WINNT\system32\icwdial.dll
2007-03-02 20:18 53,520 --a------ C:\WINNT\system32\msconf.dll
2007-03-02 20:18 5,904 --a------ C:\WINNT\system32\icfgnt5.dll
2007-03-02 20:18 49,424 --a------ C:\WINNT\system32\icwphbk.dll
2007-03-02 20:18 32,880 --a------ C:\WINNT\system32\mnmdd.dll
2007-03-02 20:18 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-03-02 20:18 251,152 --a------ C:\WINNT\system32\inetcfg.dll
2007-03-02 20:18 216,848 --a------ C:\WINNT\system32\mstask.dll
2007-03-02 20:18 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-03-02 20:18 14,996 --a------ C:\WINNT\system32\emptyregdb.dat
2007-03-02 20:18 12,560 --a------ C:\WINNT\system32\nmmkcert.dll
2007-03-02 20:18 119,568 --a------ C:\WINNT\system32\mstask.exe
2007-03-02 20:18 10,000 --a------ C:\WINNT\system32\mstinit.exe
2007-03-02 20:18 <DIR> d-a-s---- C:\WINNT\Tasks
2007-03-02 20:17 <DIR> d-------- C:\WINNT\Registration
2007-03-02 20:16 99,600 --a------ C:\WINNT\system32\clipbrd.exe
2007-03-02 20:16 96,528 --a------ C:\WINNT\system32\winmine.exe
2007-03-02 20:16 96,016 --a------ C:\WINNT\system32\clbcatex.dll
2007-03-02 20:16 91,408 --a------ C:\WINNT\system32\calc.exe
2007-03-02 20:16 90,384 --a------ C:\WINNT\system32\charmap.exe
2007-03-02 20:16 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-03-02 20:16 89,360 --a------ C:\WINNT\system32\comrepl.dll
2007-03-02 20:16 88,848 --a------ C:\WINNT\system32\msdtclog.dll
2007-03-02 20:16 84,240 --a------ C:\WINNT\system32\txflog.dll
2007-03-02 20:16 76,048 --a------ C:\WINNT\system32\avwav.dll
2007-03-02 20:16 707,344 --a------ C:\WINNT\system32\msdtcprx.dll
2007-03-02 20:16 68,368 --a------ C:\WINNT\system32\stclient.dll
2007-03-02 20:16 68,368 --a------ C:\WINNT\system32\sndvol32.exe
2007-03-02 20:16 66,832 --a------ C:\WINNT\system32\winchat.exe
2007-03-02 20:16 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-03-02 20:16 625,936 --a------ C:\WINNT\system32\comuid.dll
2007-03-02 20:16 61,712 --a------ C:\WINNT\system32\oiui400.dll
2007-03-02 20:16 60,688 --a------ C:\WINNT\system32\imgcmn.dll
2007-03-02 20:16 6,928 --a------ C:\WINNT\system32\msdtc.exe
2007-03-02 20:16 6,416 --a------ C:\WINNT\system32\write.exe
2007-03-02 20:16 591,120 --a------ C:\WINNT\system32\catsrvut.dll
2007-03-02 20:16 574,224 --a------ C:\WINNT\system32\hypertrm.dll
2007-03-02 20:16 55,056 --a------ C:\WINNT\system32\catsrvps.dll
2007-03-02 20:16 53,008 --a------ C:\WINNT\system32\packager.exe
2007-03-02 20:16 510,224 --a------ C:\WINNT\system32\clbcatq.dll
2007-03-02 20:16 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-03-02 20:16 406,800 --a------ C:\WINNT\system32\getuname.dll
2007-03-02 20:16 397,584 --a------ C:\WINNT\system32\txfaux.dll
2007-03-02 20:16 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-03-02 20:16 37,648 --a------ C:\WINNT\system32\colbact.dll
2007-03-02 20:16 34,064 --a------ C:\WINNT\system32\sol.exe
2007-03-02 20:16 34,064 --a------ C:\WINNT\system32\freecell.exe
2007-03-02 20:16 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-03-02 20:16 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-03-02 20:16 319,760 --a------ C:\WINNT\system32\mspaint.exe
2007-03-02 20:16 30,480 --a------ C:\WINNT\system32\mtxlegih.dll
2007-03-02 20:16 3,856 --a------ C:\WINNT\system32\mtxex.dll
2007-03-02 20:16 29,968 --a------ C:\WINNT\system32\comaddin.dll
2007-03-02 20:16 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-03-02 20:16 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-03-02 20:16 23,312 --a------ C:\WINNT\system32\mtxdm.dll
2007-03-02 20:16 226,576 --a------ C:\WINNT\system32\avtapi.dll
2007-03-02 20:16 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-03-02 20:16 21,776 --a------ C:\WINNT\system32\hticons.dll
2007-03-02 20:16 21,264 --a------ C:\WINNT\system32\comclust.exe
2007-03-02 20:16 192,512 --a------ C:\WINNT\system32\wuaueng.dll
2007-03-02 20:16 17,680 --a------ C:\WINNT\system32\xolehlp.dll
2007-03-02 20:16 17,168 --a------ C:\WINNT\system32\avmeter.dll
2007-03-02 20:16 166,160 --a------ C:\WINNT\system32\catsrv.dll
2007-03-02 20:16 150,800 --a------ C:\WINNT\system32\accwiz.exe
2007-03-02 20:16 147,216 --a------ C:\WINNT\system32\DComExt.dll
2007-03-02 20:16 146,192 --a------ C:\WINNT\system32\msdtcui.dll
2007-03-02 20:16 146,192 --a------ C:\WINNT\system32\comsnap.dll
2007-03-02 20:16 141,312 --a------ C:\WINNT\system32\wuauclt.exe
2007-03-02 20:16 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-03-02 20:16 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-03-02 20:16 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-03-02 20:16 118,032 --a------ C:\WINNT\system32\mplay32.exe
2007-03-02 20:16 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2007-03-02 20:16 105,744 --a------ C:\WINNT\system32\mtxoci.dll
2007-03-02 20:16 1,785,160 -ra------ C:\WINNT\system32\dtcsetup.exe
2007-03-02 20:16 1,448,208 --a------ C:\WINNT\system32\comsvcs.dll
2007-03-02 20:16 1,131,280 --a------ C:\WINNT\system32\msdtctm.dll
2007-03-02 20:16 <DIR> d-a------ C:\WINNT\system32\DTCLog
2007-03-02 20:16 <DIR> d-a------ C:\WINNT\system32\Com
2007-03-02 20:10 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2007-03-02 20:10 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2007-03-02 20:10 51,152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2007-03-02 20:10 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2007-03-02 20:10 4,816 --a------ C:\WINNT\system32\drivers\MSPQM.sys
2007-03-02 20:10 2,896 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-03-02 20:10 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2007-03-02 20:08 9,808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2007-03-02 20:08 59,664 --a------ C:\WINNT\system32\usbui.dll
2007-03-02 20:08 44,528 --a------ C:\WINNT\system32\drivers\es1371mp.sys
2007-03-02 20:08 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-03-02 20:07 71,632 --a------ C:\WINNT\system32\drivers\atimpab.sys
2007-03-02 20:07 35,344 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-03-02 20:07 135,184 --a------ C:\WINNT\system32\atidrab.dll
2007-03-02 20:04 9,936 --a------ C:\WINNT\system\LZEXPAND.DLL
2007-03-02 20:04 9,008 --a------ C:\WINNT\system\VER.DLL
2007-03-02 20:04 85,264 --a------ C:\WINNT\system32\dgsetup.dll
2007-03-02 20:04 82,944 --a------ C:\WINNT\system\OLECLI.DLL
2007-03-02 20:04 81,680 --a------ C:\WINNT\system32\SPOOLSS.DLL
2007-03-02 20:04 69,584 --a------ C:\WINNT\system\AVICAP.DLL
2007-03-02 20:04 68,624 --a------ C:\WINNT\system\MMSYSTEM.DLL
2007-03-02 20:04 6,416 --a------ C:\WINNT\system32\batt.dll
2007-03-02 20:04 50,960 --a------ C:\WINNT\NOTEPAD.EXE
2007-03-02 20:04 5,392 --a------ C:\WINNT\delttsul.exe
2007-03-02 20:04 5,120 --a------ C:\WINNT\system\SHELL.DLL
2007-03-02 20:04 45,328 --a------ C:\WINNT\system32\SPOOLSV.EXE
2007-03-02 20:04 35,600 --a------ C:\WINNT\TASKMAN.EXE
2007-03-02 20:04 35,600 --a------ C:\WINNT\system32\storprop.dll
2007-03-02 20:04 28,288 --a------ C:\WINNT\system\COMMDLG.DLL
2007-03-02 20:04 24,064 --a------ C:\WINNT\system\OLESVR.DLL
2007-03-02 20:04 21,344 --a------ C:\WINNT\system\TAPI.DLL
2007-03-02 20:04 176,400 --a------ C:\WINNT\system32\EqnClass.Dll
2007-03-02 20:04 148,992 --a------ C:\WINNT\system32\spxcoins.dll
2007-03-02 20:04 126,912 --a------ C:\WINNT\system\MSVIDEO.DLL
2007-03-02 20:04 123,904 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-03-02 20:04 107,984 --a------ C:\WINNT\system\AVIFILE.DLL
2007-03-02 20:04 <DIR> d-a------ C:\WINNT\system32\CatRoot
2007-03-02 20:04 <DIR> d-a------ C:\WINNT\Speech
2007-03-02 20:04 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-03-02 20:00 <DIR> drahsc--- C:\WINNT\system32\dllcache
2007-03-02 20:00 <DIR> dra-s---- C:\WINNT\Fonts
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\twain_32
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\wins
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\wbem
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\spool
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ShellExt
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\Setup
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ras
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\os2
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\npp
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\mui
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ie_de
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ias
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\export
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers\etc
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers\disdn
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\dhcp
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\config
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\security
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\repair
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\msapps
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\msagent
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Media
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Help
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Driver Cache
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Debug
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Cursors
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Connection Wizard
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Config
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\AppPatch
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\addins
2007-03-02 20:00 <DIR> d-a------ C:\WINNT
2007-03-02 20:00 <DIR> d--h----- C:\WINNT\inf
2007-03-02 20:00 <DIR> d---s---- C:\WINNT\Web
2007-03-02 19:53 0 --a------ C:\qckyrxv.exe
2007-03-02 16:20 <DIR> d-a------ C:\Program Files\a-squared Free
2007-03-02 11:17 <DIR> d-a------ C:\Program Files\Viewpoint
2007-03-02 11:17 <DIR> d-a------ C:\Program Files\Learn2.com
2007-03-02 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-03-02 11:16 <DIR> d-a------ C:\Program Files\Common Files\Nullsoft
2007-03-02 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-01 17:10 <DIR> d-------- C:\Program Files\Internet


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-26 20:26 -------- d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\searchtoolbarcorp
2007-03-25 13:56 -------- d-a------ C:\Program Files\google
2007-03-24 21:11 -------- d-a------ C:\Program Files\divx
2007-03-23 12:09 -------- d--h----- C:\Program Files\installshield installation information
2007-03-23 12:03 -------- d-a------ C:\Program Files\pc camer@
2007-03-17 22:06 230432 --a------ C:\StiImg.dat
2007-03-14 14:33 -------- d-a------ C:\Program Files\yahoo!
2007-03-06 09:25 -------- d-a------ C:\Program Files\quicktime
2007-03-03 13:03 -------- d-a------ C:\Program Files\Common Files\real
2007-03-03 10:08 -------- d-a------ C:\Program Files\java
2007-03-02 20:19 271 ---h----- C:\Program Files\desktop.ini
2007-03-02 20:19 21952 ---h----- C:\Program Files\folder.htt
2007-02-26 14:48 -------- d-a------ C:\Program Files\spycatcher 2006
2007-02-26 14:48 -------- d-a------ C:\Program Files\itunes
2007-02-25 22:33 -------- d-a------ C:\Program Files\Common Files\motorola shared
2007-02-25 22:16 -------- d-a------ C:\Program Files\avanquest update
2007-02-25 16:46 -------- d-a------ C:\Program Files\atp
2007-02-22 13:45 512 --a------ C:\ScanSectorLog.dat
2007-02-20 13:59 417320 --a------ C:\msgr8uk.exe
2007-02-15 12:41 -------- d-a------ C:\Program Files\Common Files\intel
2007-01-28 19:39 -------- d-a------ C:\Program Files\morpheusbar
2007-01-08 14:21 0 -rahsc--- C:\MSDOS.SYS
2007-01-08 14:21 0 -rahsc--- C:\IO.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"STManager"="\"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundService"="rundll32.exe \"C:\\WINNT\\system32\\lusyxdmj.dll\",setvm"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccawu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070326-183324-523
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
backup-20070326-182717-879
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
backup-20070326-182717-591
O23 - Service: dhcpcpl - Unknown owner - C:\WINNT\system32\dhcpcpl.exe (file missing)
backup-20070326-182717-598
O4 - HKCU\..\RunOnce: [Windows Config] WINBOT.EXE
backup-20070326-182717-463
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\akwmkxpj.dll",setvm
backup-20070326-182717-730
O4 - HKLM\..\RunServices: [Ability Office] wmuusffxl.exe
backup-20070326-182717-345
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing)
backup-20070326-182717-906
O4 - HKLM\..\Run: [Windows Config] WINBOT.EXE
backup-20070326-182717-929
O4 - HKCU\..\Run: [Windows Service Live] ztwexcsft.exe
backup-20070326-182717-916
O4 - HKLM\..\Run: [Windows Service Live] ztwexcsft.exe
backup-20070326-182717-468
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
backup-20070326-182717-696
O4 - HKLM\..\Run: [Ability Office] wmuusffxl.exe

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Disk Cleanup.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: Mon 2007-03-26 20:26:39

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:15 AM

Posted 26 March 2007 - 02:49 PM

Edit - I see you already posted :thumbsup:

Edited by miekiemoes, 26 March 2007 - 02:50 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 02:51 PM

i think this is the log from vundo
SDFix: Version 1.74

Run by roy - Mon 26/03/2007 - 20:10:33.18

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
SYSTEMSVC

ImagePath:
"C:\WINNT\system\system.exe"

SYSTEMSVC Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.inf - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniffdlgs.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\AXXPEE.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\ecmldr32.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi.vxd - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi32.dll - Deleted
C:\WINNT\system32\setup_54777.exe - Deleted
C:\WINNT\Temp\del.bat - Deleted
C:\WINNT\Temp\removalfile.bat - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\tmp*.tmp - Deleted


Folder C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINNT\system32
No streams found.


Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINNT\system32\ehvvnt.exe
C:\WINNT\system32\lzbzoq.exe
C:\WINNT\system32\winbot.exe

Finished
"roy" - Mon 26/03/2007 20:23:59 Service Pack 4
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\roy.HOME2-0A9637988\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\install.log
C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp


((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))


2007-03-26 20:25 88,340 --a------ C:\WINNT\system32\jhbyxpnn.exe
2007-03-26 20:25 <DIR> d-------- C:\Program Files\VSAdd-in
2007-03-26 20:21 48,708 --a------ C:\WINNT\system32\khaoxlyn.dll
2007-03-26 20:20 879,011 ---hs---- C:\WINNT\system32\bdcdd.bak1
2007-03-26 20:20 280,676 ---hs---- C:\WINNT\system32\ddcdb.dll
2007-03-26 20:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_420.dat
2007-03-26 20:20 123,972 --a------ C:\WINNT\system32\lusyxdmj.dll
2007-03-26 20:14 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2007-03-26 18:45 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\DoctorWeb
2007-03-26 17:58 95,744 --a------ C:\VundoFix.exe
2007-03-26 17:58 <DIR> d-------- C:\VundoFix Backups
2007-03-25 23:34 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Adobe
2007-03-25 22:06 89,088 --a------ C:\WINNT\system32\atl71.dll
2007-03-25 22:06 1,060,864 --a------ C:\WINNT\system32\mfc71.dll
2007-03-25 11:41 <DIR> d-------- C:\unzipped
2007-03-24 17:37 765,296 ---hs---- C:\WINNT\system32\stsut.bak2
2007-03-24 10:51 26,730 --------- C:\WINNT\system32\efccawu.dll
2007-03-24 00:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-24 00:46 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Lavasoft
2007-03-23 17:37 729,421 ---hs---- C:\WINNT\system32\stsut.bak1
2007-03-23 12:37 51,472 --a------ C:\WINNT\system32\vfwwdm32.dll
2007-03-23 12:23 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\ArcSoft
2007-03-23 12:07 <DIR> d-------- C:\WINNT\system32\DirectX
2007-03-23 12:06 98,816 --a------ C:\WINNT\system32\dmstyle.dll
2007-03-23 12:06 937,984 --a------ C:\WINNT\system32\dxdiag.exe
2007-03-23 12:06 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2007-03-23 12:06 80,896 --a------ C:\WINNT\system32\dpvsetup.exe
2007-03-23 12:06 797,184 --a------ C:\WINNT\system32\d3dim700.dll
2007-03-23 12:06 77,824 --a------ C:\WINNT\system32\dpmodemx.dll
2007-03-23 12:06 76,800 --a------ C:\WINNT\system32\dpwsockx.dll
2007-03-23 12:06 76,800 --a------ C:\WINNT\system32\dmscript.dll
2007-03-23 12:06 733,184 --a------ C:\WINNT\system32\qedwipes.dll
2007-03-23 12:06 723,968 --a------ C:\WINNT\system32\dpnet.dll
2007-03-23 12:06 7,424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2007-03-23 12:06 7,168 --a------ C:\WINNT\system32\d3d8thk.dll
2007-03-23 12:06 68,096 --a------ C:\WINNT\system32\dpnhupnp.dll
2007-03-23 12:06 664,576 --a------ C:\WINNT\system32\dinput8.dll
2007-03-23 12:06 645,120 --a------ C:\WINNT\system32\dinput.dll
2007-03-23 12:06 64,512 --a------ C:\WINNT\system32\amstream.dll
2007-03-23 12:06 602,624 --a------ C:\WINNT\system32\dx7vb.dll
2007-03-23 12:06 58,368 --a------ C:\WINNT\system32\dmcompos.dll
2007-03-23 12:06 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys
2007-03-23 12:06 5,504 --a------ C:\WINNT\system32\drivers\mstee.sys
2007-03-23 12:06 5,248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2007-03-23 12:06 491,520 --a------ C:\WINNT\system32\dsdmoprp.dll
2007-03-23 12:06 480,256 --a------ C:\WINNT\system32\msvidctl.dll
2007-03-23 12:06 47,104 --a------ C:\WINNT\system32\wstdecod.dll
2007-03-23 12:06 459,264 --a------ C:\WINNT\system32\diactfrm.dll
2007-03-23 12:06 45,696 --a------ C:\WINNT\system32\drivers\stream.sys
2007-03-23 12:06 449,024 --a------ C:\WINNT\system32\qdvd.dll
2007-03-23 12:06 44,544 --a------ C:\WINNT\system32\dxdllreg.exe
2007-03-23 12:06 44,032 --a------ C:\WINNT\system32\dimap.dll
2007-03-23 12:06 4,096 --a------ C:\WINNT\system32\ksuser.dll
2007-03-23 12:06 4,096 --a------ C:\WINNT\system32\drivers\swenum.sys
2007-03-23 12:06 381,952 --a------ C:\WINNT\system32\dpvoice.dll
2007-03-23 12:06 355,328 --a------ C:\WINNT\system32\dsound.dll
2007-03-23 12:06 354,816 --a------ C:\WINNT\system32\psisdecd.dll
2007-03-23 12:06 34,304 --a------ C:\WINNT\system32\mciqtz32.dll
2007-03-23 12:06 33,280 --a------ C:\WINNT\system32\dmloader.dll
2007-03-23 12:06 324,096 --a------ C:\WINNT\system32\mswebdvd.dll
2007-03-23 12:06 32,768 --a------ C:\WINNT\system32\dpnhpast.dll
2007-03-23 12:06 311,808 --a------ C:\WINNT\system32\qdv.dll
2007-03-23 12:06 31,744 --a------ C:\WINNT\system32\pid.dll
2007-03-23 12:06 3,072 --a------ C:\WINNT\system32\dpnlobby.dll
2007-03-23 12:06 3,072 --a------ C:\WINNT\system32\dpnaddr.dll
2007-03-23 12:06 284,160 --a------ C:\WINNT\system32\ddraw.dll
2007-03-23 12:06 28,160 --a------ C:\WINNT\system32\dplaysvr.exe
2007-03-23 12:06 27,136 --a------ C:\WINNT\system32\dmband.dll
2007-03-23 12:06 257,024 --a------ C:\WINNT\system32\qcap.dll
2007-03-23 12:06 217,600 --a------ C:\WINNT\system32\dplayx.dll
2007-03-23 12:06 206,336 --a------ C:\WINNT\system32\gcdef.dll
2007-03-23 12:06 19,968 --a------ C:\WINNT\system32\dpvacm.dll
2007-03-23 12:06 186,880 --a------ C:\WINNT\system32\dsdmo.dll
2007-03-23 12:06 18,944 --a------ C:\WINNT\system32\encapi.dll
2007-03-23 12:06 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2007-03-23 12:06 18,432 --a------ C:\WINNT\system32\dswave.dll
2007-03-23 12:06 171,520 --a------ C:\WINNT\system32\dmime.dll
2007-03-23 12:06 16,896 --a------ C:\WINNT\system32\msyuv.dll
2007-03-23 12:06 16,896 --a------ C:\WINNT\system32\dpnsvr.exe
2007-03-23 12:06 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2007-03-23 12:06 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys
2007-03-23 12:06 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys
2007-03-23 12:06 132,608 --a------ C:\WINNT\system32\devenum.dll
2007-03-23 12:06 130,304 --a------ C:\WINNT\system32\drivers\ks.sys
2007-03-23 12:06 13,312 --a------ C:\WINNT\system32\msdmo.dll
2007-03-23 12:06 116,736 --a------ C:\WINNT\system32\dmusic.dll
2007-03-23 12:06 112,128 --a------ C:\WINNT\system32\dpvvox.dll
2007-03-23 12:06 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2007-03-23 12:06 100,864 --a------ C:\WINNT\system32\dmsynth.dll
2007-03-23 12:06 10,880 --a------ C:\WINNT\system32\drivers\slip.sys
2007-03-23 12:06 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007-03-23 12:06 1,962,496 --a------ C:\WINNT\system32\quartz.dll
2007-03-23 12:06 1,798,144 --a------ C:\WINNT\system32\qedit.dll
2007-03-23 12:06 1,675,264 --a------ C:\WINNT\system32\dxdiagn.dll
2007-03-23 12:06 1,634,304 --a------ C:\WINNT\system32\d3d9.dll
2007-03-23 12:06 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2007-03-23 12:06 1,189,888 --a------ C:\WINNT\system32\dx8vb.dll
2007-03-23 12:06 1,177,600 --a------ C:\WINNT\system32\d3d8.dll
2007-03-23 12:05 21,248 --a------ C:\WINNT\system32\drivers\pfc.sys
2007-03-23 12:05 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-03-23 12:04 212,480 --a------ C:\WINNT\PCDLIB32.DLL
2007-03-23 12:03 <DIR> d-------- C:\WINNT\PixArt
2007-03-23 12:03 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-03-21 20:04 34,159 --a------ C:\tspro.exe
2007-03-21 18:35 34,159 ---h----- C:\WINNT\system32\lzbzoq.exe
2007-03-21 18:15 34,159 ---h----- C:\WINNT\system32\ehvvnt.exe
2007-03-21 12:01 5,342,751 --------- C:\AVG7QT.DAT
2007-03-21 11:54 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-03-21 09:57 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2007-03-21 01:17 <DIR> d-a------ C:\WINNT\system32\msmq
2007-03-21 01:15 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-21 00:57 34,159 --ah----- C:\WINNT\system32\winbot.exe
2007-03-20 22:55 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-03-20 15:22 94,208 --a------ C:\WINNT\system32\PixZip.dll
2007-03-20 15:22 74,240 --a------ C:\WINNT\system32\PixService.dll
2007-03-20 15:22 62,976 --a------ C:\WINNT\system32\PixiNet.dll
2007-03-20 15:21 73,216 --a------ C:\WINNT\system32\LFFAX12N.DLL
2007-03-20 15:21 53,248 --a------ C:\WINNT\system32\LFPCT12N.DLL
2007-03-20 15:21 51,712 --a------ C:\WINNT\system32\PixEPrint.dll
2007-03-20 15:21 434,176 --a------ C:\WINNT\system32\DC120V15_32.DLL
2007-03-20 15:21 388,608 --a------ C:\WINNT\system32\LTKRN12N.DLL
2007-03-20 15:21 36,864 --a------ C:\WINNT\system32\LFPSD12N.DLL
2007-03-20 15:21 341,504 --a------ C:\WINNT\system32\LFCMP12N.DLL
2007-03-20 15:21 32,256 --a------ C:\WINNT\system32\PixologyIRISS.dll
2007-03-20 15:21 30,720 --a------ C:\WINNT\system32\LFBMP12N.DLL
2007-03-20 15:21 26,624 --a------ C:\WINNT\system32\LFPCX12N.DLL
2007-03-20 15:21 258,560 --a------ C:\WINNT\system32\LTDIS12N.DLL
2007-03-20 15:21 230,400 --a------ C:\WINNT\system32\DC265.DLL
2007-03-20 15:21 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL
2007-03-20 15:21 207,872 --a------ C:\WINNT\system32\LTEFX12N.DLL
2007-03-20 15:21 19,968 --a------ C:\WINNT\system32\LFPCD12N.DLL
2007-03-20 15:21 165,888 --a------ C:\WINNT\system32\LTIMG12N.DLL
2007-03-20 15:21 149,504 --a------ C:\WINNT\system32\LFPNG12N.DLL
2007-03-20 15:21 141,824 --a------ C:\WINNT\system32\LFTIF12N.DLL
2007-03-20 15:21 130,048 --a------ C:\WINNT\system32\LTFIL12N.DLL
2007-03-20 15:21 106,496 --a------ C:\WINNT\system32\PixText.dll
2007-03-20 14:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_5dc.dat
2007-03-20 12:31 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-03-20 11:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_308.dat
2007-03-20 11:41 <DIR> d-------- C:\WINNT\Sun
2007-03-20 10:21 <DIR> d--h----- C:\msdownld.tmp
2007-03-19 19:38 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_388.dat
2007-03-19 17:49 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_584.dat
2007-03-19 17:49 <DIR> d--h----- C:\WINNT\PIF
2007-03-19 17:31 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-03-19 15:41 4,212 --ah----- C:\WINNT\system32\zllictbl.dat
2007-03-19 15:38 <DIR> d-a------ C:\WINNT\Internet Logs
2007-03-17 10:08 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4a0.dat
2007-03-15 21:33 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-03-15 21:33 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-03-15 21:31 335 --a------ C:\WINNT\nsreg.dat
2007-03-15 20:59 70,688 --a------ C:\WINNT\system32\drivers\alcaudsl.sys
2007-03-15 20:59 53,600 --a------ C:\WINNT\system32\drivers\alcan5wn.sys
2007-03-15 20:59 5,606 --a------ C:\WINNT\system32\stci.dll
2007-03-15 20:59 5,280 --a------ C:\WINNT\system32\drivers\alcawh.sys
2007-03-15 20:59 3,968 --a------ C:\WINNT\system32\drivers\alcacr.sys
2007-03-15 20:59 <DIR> d-------- C:\Program Files\Thomson
2007-03-15 20:40 <DIR> d-------- C:\Program Files\SpeedTouch
2007-03-07 11:19 <DIR> d-------- C:\Program Files\IrfanView
2007-03-06 23:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_32c.dat
2007-03-06 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2007-03-06 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo!
2007-03-05 13:24 <DIR> d-------- C:\WINNT\Downloaded Installations
2007-03-04 23:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_300.dat
2007-03-04 20:30 <DIR> d---s---- C:\DOCUME~1\ROY~2.HOM\UserData
2007-03-04 11:12 65,536 --a------ C:\WINNT\wanmpsvc.exe
2007-03-03 23:50 759,298 --ahs---- C:\WINNT\system32\tvvut.bak2
2007-03-03 22:55 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Sun
2007-03-03 22:43 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\DivX
2007-03-03 20:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-03-03 20:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-03 18:52 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Help
2007-03-03 14:28 29,696 --a------ C:\WINNT\system32\Vb5stkit.dll
2007-03-03 14:08 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\AOL
2007-03-03 14:01 93,360 --a------ C:\WINNT\system32\drivers\ndiswan.sys
2007-03-03 14:01 64,304 --a------ C:\WINNT\system32\drivers\ipsec.sys
2007-03-03 14:01 518,928 --a------ C:\WINNT\system32\lsasrv.dll
2007-03-03 14:01 147,728 --a------ C:\WINNT\system32\schannel.dll
2007-03-03 13:56 33,588 --a------ C:\WINNT\system32\drivers\wanatw4.sys
2007-03-03 13:14 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Real
2007-03-03 13:08 368,912 --a------ C:\WINNT\system32\vbar332.dll
2007-03-03 13:08 118,784 --a------ C:\WINNT\system32\Msstdfmt.dll
2007-03-03 13:08 102,400 --a------ C:\WINNT\system32\SimpleRegistry.dll
2007-03-03 13:08 10,752 --a------ C:\WINNT\system32\aamd532.dll
2007-03-03 13:08 <DIR> d---s---- C:\WINNT\occache
2007-03-03 13:08 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\You've Got Pictures Screensaver
2007-03-03 13:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Viewpoint
2007-03-03 13:06 86,016 --a------ C:\WINNT\unvise32qt.exe
2007-03-03 13:05 <DIR> d-a------ C:\WINNT\system32\QuickTime
2007-03-03 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
2007-03-03 13:02 65,536 --a------ C:\WINNT\system32\jgsh400.dll
2007-03-03 13:02 54,784 --a------ C:\WINNT\system32\Inetwh32.dll
2007-03-03 13:02 45,568 --a------ C:\WINNT\system32\jgsd400.dll
2007-03-03 13:02 44,544 --a------ C:\WINNT\system32\jgaw400.dll
2007-03-03 13:02 401,462 --a------ C:\WINNT\system32\msvcp60.dll
2007-03-03 13:02 35,840 --a------ C:\WINNT\system32\jgmd400.dll
2007-03-03 13:02 1,044,480 --a------ C:\WINNT\system32\roboex32.dll
2007-03-03 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AOL
2007-03-03 12:29 <DIR> d--h----- C:\WINNT\msdownld.tmp
2007-03-03 12:29 <DIR> d-------- C:\WINNT\Windows Update Setup Files
2007-03-03 12:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
2007-03-02 22:47 727,177 --ahs---- C:\WINNT\system32\tvvut.bak1
2007-03-02 21:13 78,608 --a------ C:\WINNT\system32\VB5DB.DLl
2007-03-02 21:13 77,824 --a------ C:\WINNT\system32\ODBCTL32.DLl
2007-03-02 21:13 745,168 --a------ C:\WINNT\system32\Setupx.dll
2007-03-02 21:13 570,128 --a------ C:\WINNT\system32\DAO350.DLl
2007-03-02 21:13 430,080 --a------ C:\WINNT\system32\MSREPL35.DLl
2007-03-02 21:13 251,664 --a------ C:\WINNT\system32\MSRD2X35.DLl
2007-03-02 21:13 24,576 --a------ C:\WINNT\system32\Rnaph.dll
2007-03-02 21:13 24,336 --a------ C:\WINNT\system32\MSJTER35.DLl
2007-03-02 21:13 147,456 --a------ C:\WINNT\system32\uwLibs.dll
2007-03-02 21:13 121,104 --a------ C:\WINNT\system32\MSJINT35.DLl
2007-03-02 21:13 112 --a------ C:\WINNT\system32\realmedia.reg
2007-03-02 21:13 1,542,132 --a------ C:\WINNT\uwDetect.EXE
2007-03-02 21:13 1,050,384 --a------ C:\WINNT\system32\MSJET35.DLl
2007-03-02 20:56 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-03-02 20:56 981,504 --a------ C:\WINNT\system32\wmnetmgr.dll
2007-03-02 20:56 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-03-02 20:56 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-03-02 20:56 816,264 --a------ C:\WINNT\system32\wmvdmod.dll
2007-03-02 20:56 81,408 --a------ C:\WINNT\system32\logagent.exe
2007-03-02 20:56 760,968 --a------ C:\WINNT\system32\wmsdmod.dll
2007-03-02 20:56 7,680 --a------ C:\WINNT\system32\asferror.dll
2007-03-02 20:56 678,912 --a------ C:\WINNT\system32\drmv2clt.dll
2007-03-02 20:56 670,208 --a------ C:\WINNT\system32\wmadmoe.dll
2007-03-02 20:56 6,656 --a------ C:\WINNT\system32\laprxy.dll
2007-03-02 20:56 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
2007-03-02 20:56 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-03-02 20:56 410,248 --a------ C:\WINNT\system32\wmadmod.dll
2007-03-02 20:56 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-03-02 20:56 358,912 --a------ C:\WINNT\system32\msscp.dll
2007-03-02 20:56 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-03-02 20:56 27,136 --a------ C:\WINNT\system32\wmdmlog.dll
2007-03-02 20:56 253,952 --a------ C:\WINNT\system32\msnetobj.dll
2007-03-02 20:56 245,760 --a------ C:\WINNT\system32\mswmdm.dll
2007-03-02 20:56 241,664 --a------ C:\WINNT\system32\qasf.dll
2007-03-02 20:56 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll
2007-03-02 20:56 232,960 --a------ C:\WINNT\system32\blackbox.dll
2007-03-02 20:56 23,552 --a------ C:\WINNT\system32\wmdmps.dll
2007-03-02 20:56 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-03-02 20:56 218,112 --a------ C:\WINNT\system32\wmasf.dll
2007-03-02 20:56 201,728 --a------ C:\WINNT\system32\mspmsp.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-03-02 20:56 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2007-03-02 20:56 167,936 --a------ C:\WINNT\system32\wmerror.dll
2007-03-02 20:56 159,232 --a------ C:\WINNT\system32\CEWMDM.dll
2007-03-02 20:56 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-03-02 20:56 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2007-03-02 20:56 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-03-02 20:56 <DIR> d-------- C:\WINNT\RegisteredPackages
2007-03-02 20:45 <DIR> d-a------ C:\WINNT\system32\Macromed
2007-03-02 20:45 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\AdobeUM
2007-03-02 20:44 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Adobe
2007-03-02 20:32 16,144 --a------ C:\WINNT\system32\drivers\MODEMCSA.sys
2007-03-02 20:32 <DIR> d-------- C:\WINNT\Cache
2007-03-02 20:27 1,826,816 --ah----- C:\DOCUME~1\ROY~2.HOM\NTUSER.DAT
2007-03-02 20:27 <DIR> d-ah----- C:\WINNT\system32\GroupPolicy
2007-03-02 20:27 <DIR> d-a------ C:\WINNT\system32\NtmsData
2007-03-02 20:27 <DIR> d--hs---- C:\WINNT\Installer
2007-03-02 20:27 <DIR> d--hs---- C:\WINNT\CSC
2007-03-02 20:21 114,688 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\rpcproxy
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\rocket
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\inetsrv
2007-03-02 20:21 <DIR> d-------- C:\WINNT\mww32
2007-03-02 20:21 <DIR> d-------- C:\WINNT\ime
2007-03-02 20:20 0 ---h----- C:\CONFIG.SYS
2007-03-02 20:20 0 ---h----- C:\AUTOEXEC.BAT
2007-03-02 20:19 131,072 --a------ C:\WINNT\system32\mapi32.dll
2007-03-02 20:19 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-03-02 20:19 <DIR> d---s---- C:\WINNT\Downloaded Program Files
2007-03-02 20:18 72,464 --a------ C:\WINNT\system32\isign32.dll
2007-03-02 20:18 63,248 --a------ C:\WINNT\system32\ils.dll
2007-03-02 20:18 57,104 --a------ C:\WINNT\system32\icwdial.dll
2007-03-02 20:18 53,520 --a------ C:\WINNT\system32\msconf.dll
2007-03-02 20:18 5,904 --a------ C:\WINNT\system32\icfgnt5.dll
2007-03-02 20:18 49,424 --a------ C:\WINNT\system32\icwphbk.dll
2007-03-02 20:18 32,880 --a------ C:\WINNT\system32\mnmdd.dll
2007-03-02 20:18 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-03-02 20:18 251,152 --a------ C:\WINNT\system32\inetcfg.dll
2007-03-02 20:18 216,848 --a------ C:\WINNT\system32\mstask.dll
2007-03-02 20:18 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-03-02 20:18 14,996 --a------ C:\WINNT\system32\emptyregdb.dat
2007-03-02 20:18 12,560 --a------ C:\WINNT\system32\nmmkcert.dll
2007-03-02 20:18 119,568 --a------ C:\WINNT\system32\mstask.exe
2007-03-02 20:18 10,000 --a------ C:\WINNT\system32\mstinit.exe
2007-03-02 20:18 <DIR> d-a-s---- C:\WINNT\Tasks
2007-03-02 20:17 <DIR> d-------- C:\WINNT\Registration
2007-03-02 20:16 99,600 --a------ C:\WINNT\system32\clipbrd.exe
2007-03-02 20:16 96,528 --a------ C:\WINNT\system32\winmine.exe
2007-03-02 20:16 96,016 --a------ C:\WINNT\system32\clbcatex.dll
2007-03-02 20:16 91,408 --a------ C:\WINNT\system32\calc.exe
2007-03-02 20:16 90,384 --a------ C:\WINNT\system32\charmap.exe
2007-03-02 20:16 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-03-02 20:16 89,360 --a------ C:\WINNT\system32\comrepl.dll
2007-03-02 20:16 88,848 --a------ C:\WINNT\system32\msdtclog.dll
2007-03-02 20:16 84,240 --a------ C:\WINNT\system32\txflog.dll
2007-03-02 20:16 76,048 --a------ C:\WINNT\system32\avwav.dll
2007-03-02 20:16 707,344 --a------ C:\WINNT\system32\msdtcprx.dll
2007-03-02 20:16 68,368 --a------ C:\WINNT\system32\stclient.dll
2007-03-02 20:16 68,368 --a------ C:\WINNT\system32\sndvol32.exe
2007-03-02 20:16 66,832 --a------ C:\WINNT\system32\winchat.exe
2007-03-02 20:16 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-03-02 20:16 625,936 --a------ C:\WINNT\system32\comuid.dll
2007-03-02 20:16 61,712 --a------ C:\WINNT\system32\oiui400.dll
2007-03-02 20:16 60,688 --a------ C:\WINNT\system32\imgcmn.dll
2007-03-02 20:16 6,928 --a------ C:\WINNT\system32\msdtc.exe
2007-03-02 20:16 6,416 --a------ C:\WINNT\system32\write.exe
2007-03-02 20:16 591,120 --a------ C:\WINNT\system32\catsrvut.dll
2007-03-02 20:16 574,224 --a------ C:\WINNT\system32\hypertrm.dll
2007-03-02 20:16 55,056 --a------ C:\WINNT\system32\catsrvps.dll
2007-03-02 20:16 53,008 --a------ C:\WINNT\system32\packager.exe
2007-03-02 20:16 510,224 --a------ C:\WINNT\system32\clbcatq.dll
2007-03-02 20:16 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-03-02 20:16 406,800 --a------ C:\WINNT\system32\getuname.dll
2007-03-02 20:16 397,584 --a------ C:\WINNT\system32\txfaux.dll
2007-03-02 20:16 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-03-02 20:16 37,648 --a------ C:\WINNT\system32\colbact.dll
2007-03-02 20:16 34,064 --a------ C:\WINNT\system32\sol.exe
2007-03-02 20:16 34,064 --a------ C:\WINNT\system32\freecell.exe
2007-03-02 20:16 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-03-02 20:16 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-03-02 20:16 319,760 --a------ C:\WINNT\system32\mspaint.exe
2007-03-02 20:16 30,480 --a------ C:\WINNT\system32\mtxlegih.dll
2007-03-02 20:16 3,856 --a------ C:\WINNT\system32\mtxex.dll
2007-03-02 20:16 29,968 --a------ C:\WINNT\system32\comaddin.dll
2007-03-02 20:16 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-03-02 20:16 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-03-02 20:16 23,312 --a------ C:\WINNT\system32\mtxdm.dll
2007-03-02 20:16 226,576 --a------ C:\WINNT\system32\avtapi.dll
2007-03-02 20:16 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-03-02 20:16 21,776 --a------ C:\WINNT\system32\hticons.dll
2007-03-02 20:16 21,264 --a------ C:\WINNT\system32\comclust.exe
2007-03-02 20:16 192,512 --a------ C:\WINNT\system32\wuaueng.dll
2007-03-02 20:16 17,680 --a------ C:\WINNT\system32\xolehlp.dll
2007-03-02 20:16 17,168 --a------ C:\WINNT\system32\avmeter.dll
2007-03-02 20:16 166,160 --a------ C:\WINNT\system32\catsrv.dll
2007-03-02 20:16 150,800 --a------ C:\WINNT\system32\accwiz.exe
2007-03-02 20:16 147,216 --a------ C:\WINNT\system32\DComExt.dll
2007-03-02 20:16 146,192 --a------ C:\WINNT\system32\msdtcui.dll
2007-03-02 20:16 146,192 --a------ C:\WINNT\system32\comsnap.dll
2007-03-02 20:16 141,312 --a------ C:\WINNT\system32\wuauclt.exe
2007-03-02 20:16 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-03-02 20:16 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-03-02 20:16 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-03-02 20:16 118,032 --a------ C:\WINNT\system32\mplay32.exe
2007-03-02 20:16 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2007-03-02 20:16 105,744 --a------ C:\WINNT\system32\mtxoci.dll
2007-03-02 20:16 1,785,160 -ra------ C:\WINNT\system32\dtcsetup.exe
2007-03-02 20:16 1,448,208 --a------ C:\WINNT\system32\comsvcs.dll
2007-03-02 20:16 1,131,280 --a------ C:\WINNT\system32\msdtctm.dll
2007-03-02 20:16 <DIR> d-a------ C:\WINNT\system32\DTCLog
2007-03-02 20:16 <DIR> d-a------ C:\WINNT\system32\Com
2007-03-02 20:10 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2007-03-02 20:10 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2007-03-02 20:10 51,152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2007-03-02 20:10 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2007-03-02 20:10 4,816 --a------ C:\WINNT\system32\drivers\MSPQM.sys
2007-03-02 20:10 2,896 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-03-02 20:10 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2007-03-02 20:08 9,808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2007-03-02 20:08 59,664 --a------ C:\WINNT\system32\usbui.dll
2007-03-02 20:08 44,528 --a------ C:\WINNT\system32\drivers\es1371mp.sys
2007-03-02 20:08 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-03-02 20:07 71,632 --a------ C:\WINNT\system32\drivers\atimpab.sys
2007-03-02 20:07 35,344 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-03-02 20:07 135,184 --a------ C:\WINNT\system32\atidrab.dll
2007-03-02 20:04 9,936 --a------ C:\WINNT\system\LZEXPAND.DLL
2007-03-02 20:04 9,008 --a------ C:\WINNT\system\VER.DLL
2007-03-02 20:04 85,264 --a------ C:\WINNT\system32\dgsetup.dll
2007-03-02 20:04 82,944 --a------ C:\WINNT\system\OLECLI.DLL
2007-03-02 20:04 81,680 --a------ C:\WINNT\system32\SPOOLSS.DLL
2007-03-02 20:04 69,584 --a------ C:\WINNT\system\AVICAP.DLL
2007-03-02 20:04 68,624 --a------ C:\WINNT\system\MMSYSTEM.DLL
2007-03-02 20:04 6,416 --a------ C:\WINNT\system32\batt.dll
2007-03-02 20:04 50,960 --a------ C:\WINNT\NOTEPAD.EXE
2007-03-02 20:04 5,392 --a------ C:\WINNT\delttsul.exe
2007-03-02 20:04 5,120 --a------ C:\WINNT\system\SHELL.DLL
2007-03-02 20:04 45,328 --a------ C:\WINNT\system32\SPOOLSV.EXE
2007-03-02 20:04 35,600 --a------ C:\WINNT\TASKMAN.EXE
2007-03-02 20:04 35,600 --a------ C:\WINNT\system32\storprop.dll
2007-03-02 20:04 28,288 --a------ C:\WINNT\system\COMMDLG.DLL
2007-03-02 20:04 24,064 --a------ C:\WINNT\system\OLESVR.DLL
2007-03-02 20:04 21,344 --a------ C:\WINNT\system\TAPI.DLL
2007-03-02 20:04 176,400 --a------ C:\WINNT\system32\EqnClass.Dll
2007-03-02 20:04 148,992 --a------ C:\WINNT\system32\spxcoins.dll
2007-03-02 20:04 126,912 --a------ C:\WINNT\system\MSVIDEO.DLL
2007-03-02 20:04 123,904 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-03-02 20:04 107,984 --a------ C:\WINNT\system\AVIFILE.DLL
2007-03-02 20:04 <DIR> d-a------ C:\WINNT\system32\CatRoot
2007-03-02 20:04 <DIR> d-a------ C:\WINNT\Speech
2007-03-02 20:04 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-03-02 20:00 <DIR> drahsc--- C:\WINNT\system32\dllcache
2007-03-02 20:00 <DIR> dra-s---- C:\WINNT\Fonts
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\twain_32
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\wins
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\wbem
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\spool
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ShellExt
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\Setup
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ras
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\os2
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\npp
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\mui
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ie_de
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ias
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\export
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers\etc
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers\disdn
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\dhcp
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\config
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\security
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\repair
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\msapps
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\msagent
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Media
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Help
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Driver Cache
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Debug
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Cursors
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Connection Wizard
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Config
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\AppPatch
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\addins
2007-03-02 20:00 <DIR> d-a------ C:\WINNT
2007-03-02 20:00 <DIR> d--h----- C:\WINNT\inf
2007-03-02 20:00 <DIR> d---s---- C:\WINNT\Web
2007-03-02 19:53 0 --a------ C:\qckyrxv.exe
2007-03-02 16:20 <DIR> d-a------ C:\Program Files\a-squared Free
2007-03-02 11:17 <DIR> d-a------ C:\Program Files\Viewpoint
2007-03-02 11:17 <DIR> d-a------ C:\Program Files\Learn2.com
2007-03-02 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-03-02 11:16 <DIR> d-a------ C:\Program Files\Common Files\Nullsoft
2007-03-02 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-01 17:10 <DIR> d-------- C:\Program Files\Internet


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-26 20:26 -------- d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\searchtoolbarcorp
2007-03-25 13:56 -------- d-a------ C:\Program Files\google
2007-03-24 21:11 -------- d-a------ C:\Program Files\divx
2007-03-23 12:09 -------- d--h----- C:\Program Files\installshield installation information
2007-03-23 12:03 -------- d-a------ C:\Program Files\pc camer@
2007-03-17 22:06 230432 --a------ C:\StiImg.dat
2007-03-14 14:33 -------- d-a------ C:\Program Files\yahoo!
2007-03-06 09:25 -------- d-a------ C:\Program Files\quicktime
2007-03-03 13:03 -------- d-a------ C:\Program Files\Common Files\real
2007-03-03 10:08 -------- d-a------ C:\Program Files\java
2007-03-02 20:19 271 ---h----- C:\Program Files\desktop.ini
2007-03-02 20:19 21952 ---h----- C:\Program Files\folder.htt
2007-02-26 14:48 -------- d-a------ C:\Program Files\spycatcher 2006
2007-02-26 14:48 -------- d-a------ C:\Program Files\itunes
2007-02-25 22:33 -------- d-a------ C:\Program Files\Common Files\motorola shared
2007-02-25 22:16 -------- d-a------ C:\Program Files\avanquest update
2007-02-25 16:46 -------- d-a------ C:\Program Files\atp
2007-02-22 13:45 512 --a------ C:\ScanSectorLog.dat
2007-02-20 13:59 417320 --a------ C:\msgr8uk.exe
2007-02-15 12:41 -------- d-a------ C:\Program Files\Common Files\intel
2007-01-28 19:39 -------- d-a------ C:\Program Files\morpheusbar
2007-01-08 14:21 0 -rahsc--- C:\MSDOS.SYS
2007-01-08 14:21 0 -rahsc--- C:\IO.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"STManager"="\"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundService"="rundll32.exe \"C:\\WINNT\\system32\\lusyxdmj.dll\",setvm"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccawu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070326-183324-523
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
backup-20070326-182717-879
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
backup-20070326-182717-591
O23 - Service: dhcpcpl - Unknown owner - C:\WINNT\system32\dhcpcpl.exe (file missing)
backup-20070326-182717-598
O4 - HKCU\..\RunOnce: [Windows Config] WINBOT.EXE
backup-20070326-182717-463
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\akwmkxpj.dll",setvm
backup-20070326-182717-730
O4 - HKLM\..\RunServices: [Ability Office] wmuusffxl.exe
backup-20070326-182717-345
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing)
backup-20070326-182717-906
O4 - HKLM\..\Run: [Windows Config] WINBOT.EXE
backup-20070326-182717-929
O4 - HKCU\..\Run: [Windows Service Live] ztwexcsft.exe
backup-20070326-182717-916
O4 - HKLM\..\Run: [Windows Service Live] ztwexcsft.exe
backup-20070326-182717-468
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
backup-20070326-182717-696
O4 - HKLM\..\Run: [Ability Office] wmuusffxl.exe

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Disk Cleanup.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: Mon 2007-03-26 20:26:39

#11 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 02:57 PM

i dont know if you have got everything that you need, if not can you tell me what else please and thankyou very much for your time it is much appreciated

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:15 AM

Posted 26 March 2007 - 03:00 PM

Hi,

You posted 3 times the same log.

These were the logs you had to post:

* Combofixlog <== you posted this
* Log from DrWeb CureIt
* Log from SDFix <== you posted this
* New HijackThislog
* Log from Vundofix

So what I need now is:

* New HijackThislog
* Log from DrWeb CureIt (I asked you to save)
* Log from Vundofix (C:\vundofix.txt)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 03:07 PM

sorry, i will go and find them for you

#14 smirice38

smirice38
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 26 March 2007 - 03:11 PM

this is from dr web
SDFix: Version 1.74

Run by roy - Mon 26/03/2007 - 20:10:33.18

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
SYSTEMSVC

ImagePath:
"C:\WINNT\system\system.exe"

SYSTEMSVC Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniff.inf - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\avsniffdlgs.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\AXXPEE.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\ecmldr32.dll - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi.vxd - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp\navapi32.dll - Deleted
C:\WINNT\system32\setup_54777.exe - Deleted
C:\WINNT\Temp\del.bat - Deleted
C:\WINNT\Temp\removalfile.bat - Deleted
C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\tmp*.tmp - Deleted


Folder C:\DOCUME~1\ROY~2.HOM\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINNT\system32
No streams found.


Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes :

C:\WINNT\system32\ehvvnt.exe
C:\WINNT\system32\lzbzoq.exe
C:\WINNT\system32\winbot.exe

Finished
"roy" - Mon 26/03/2007 20:23:59 Service Pack 4
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\roy.HOME2-0A9637988\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\install.log
C:\DOCUME~1\ROY~2.HOM\APPLIC~1.\searchtoolbarcorp


((((((((((((((((((((((((((((((( Files Created from 2007-02-26 to 2007-03-26 ))))))))))))))))))))))))))))))))))


2007-03-26 20:25 88,340 --a------ C:\WINNT\system32\jhbyxpnn.exe
2007-03-26 20:25 <DIR> d-------- C:\Program Files\VSAdd-in
2007-03-26 20:21 48,708 --a------ C:\WINNT\system32\khaoxlyn.dll
2007-03-26 20:20 879,011 ---hs---- C:\WINNT\system32\bdcdd.bak1
2007-03-26 20:20 280,676 ---hs---- C:\WINNT\system32\ddcdb.dll
2007-03-26 20:20 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_420.dat
2007-03-26 20:20 123,972 --a------ C:\WINNT\system32\lusyxdmj.dll
2007-03-26 20:14 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2007-03-26 18:45 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\DoctorWeb
2007-03-26 17:58 95,744 --a------ C:\VundoFix.exe
2007-03-26 17:58 <DIR> d-------- C:\VundoFix Backups
2007-03-25 23:34 <DIR> d-------- C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\Adobe
2007-03-25 22:06 89,088 --a------ C:\WINNT\system32\atl71.dll
2007-03-25 22:06 1,060,864 --a------ C:\WINNT\system32\mfc71.dll
2007-03-25 11:41 <DIR> d-------- C:\unzipped
2007-03-24 17:37 765,296 ---hs---- C:\WINNT\system32\stsut.bak2
2007-03-24 10:51 26,730 --------- C:\WINNT\system32\efccawu.dll
2007-03-24 00:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-24 00:46 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Lavasoft
2007-03-23 17:37 729,421 ---hs---- C:\WINNT\system32\stsut.bak1
2007-03-23 12:37 51,472 --a------ C:\WINNT\system32\vfwwdm32.dll
2007-03-23 12:23 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\ArcSoft
2007-03-23 12:07 <DIR> d-------- C:\WINNT\system32\DirectX
2007-03-23 12:06 98,816 --a------ C:\WINNT\system32\dmstyle.dll
2007-03-23 12:06 937,984 --a------ C:\WINNT\system32\dxdiag.exe
2007-03-23 12:06 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2007-03-23 12:06 80,896 --a------ C:\WINNT\system32\dpvsetup.exe
2007-03-23 12:06 797,184 --a------ C:\WINNT\system32\d3dim700.dll
2007-03-23 12:06 77,824 --a------ C:\WINNT\system32\dpmodemx.dll
2007-03-23 12:06 76,800 --a------ C:\WINNT\system32\dpwsockx.dll
2007-03-23 12:06 76,800 --a------ C:\WINNT\system32\dmscript.dll
2007-03-23 12:06 733,184 --a------ C:\WINNT\system32\qedwipes.dll
2007-03-23 12:06 723,968 --a------ C:\WINNT\system32\dpnet.dll
2007-03-23 12:06 7,424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2007-03-23 12:06 7,168 --a------ C:\WINNT\system32\d3d8thk.dll
2007-03-23 12:06 68,096 --a------ C:\WINNT\system32\dpnhupnp.dll
2007-03-23 12:06 664,576 --a------ C:\WINNT\system32\dinput8.dll
2007-03-23 12:06 645,120 --a------ C:\WINNT\system32\dinput.dll
2007-03-23 12:06 64,512 --a------ C:\WINNT\system32\amstream.dll
2007-03-23 12:06 602,624 --a------ C:\WINNT\system32\dx7vb.dll
2007-03-23 12:06 58,368 --a------ C:\WINNT\system32\dmcompos.dll
2007-03-23 12:06 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys
2007-03-23 12:06 5,504 --a------ C:\WINNT\system32\drivers\mstee.sys
2007-03-23 12:06 5,248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2007-03-23 12:06 491,520 --a------ C:\WINNT\system32\dsdmoprp.dll
2007-03-23 12:06 480,256 --a------ C:\WINNT\system32\msvidctl.dll
2007-03-23 12:06 47,104 --a------ C:\WINNT\system32\wstdecod.dll
2007-03-23 12:06 459,264 --a------ C:\WINNT\system32\diactfrm.dll
2007-03-23 12:06 45,696 --a------ C:\WINNT\system32\drivers\stream.sys
2007-03-23 12:06 449,024 --a------ C:\WINNT\system32\qdvd.dll
2007-03-23 12:06 44,544 --a------ C:\WINNT\system32\dxdllreg.exe
2007-03-23 12:06 44,032 --a------ C:\WINNT\system32\dimap.dll
2007-03-23 12:06 4,096 --a------ C:\WINNT\system32\ksuser.dll
2007-03-23 12:06 4,096 --a------ C:\WINNT\system32\drivers\swenum.sys
2007-03-23 12:06 381,952 --a------ C:\WINNT\system32\dpvoice.dll
2007-03-23 12:06 355,328 --a------ C:\WINNT\system32\dsound.dll
2007-03-23 12:06 354,816 --a------ C:\WINNT\system32\psisdecd.dll
2007-03-23 12:06 34,304 --a------ C:\WINNT\system32\mciqtz32.dll
2007-03-23 12:06 33,280 --a------ C:\WINNT\system32\dmloader.dll
2007-03-23 12:06 324,096 --a------ C:\WINNT\system32\mswebdvd.dll
2007-03-23 12:06 32,768 --a------ C:\WINNT\system32\dpnhpast.dll
2007-03-23 12:06 311,808 --a------ C:\WINNT\system32\qdv.dll
2007-03-23 12:06 31,744 --a------ C:\WINNT\system32\pid.dll
2007-03-23 12:06 3,072 --a------ C:\WINNT\system32\dpnlobby.dll
2007-03-23 12:06 3,072 --a------ C:\WINNT\system32\dpnaddr.dll
2007-03-23 12:06 284,160 --a------ C:\WINNT\system32\ddraw.dll
2007-03-23 12:06 28,160 --a------ C:\WINNT\system32\dplaysvr.exe
2007-03-23 12:06 27,136 --a------ C:\WINNT\system32\dmband.dll
2007-03-23 12:06 257,024 --a------ C:\WINNT\system32\qcap.dll
2007-03-23 12:06 217,600 --a------ C:\WINNT\system32\dplayx.dll
2007-03-23 12:06 206,336 --a------ C:\WINNT\system32\gcdef.dll
2007-03-23 12:06 19,968 --a------ C:\WINNT\system32\dpvacm.dll
2007-03-23 12:06 186,880 --a------ C:\WINNT\system32\dsdmo.dll
2007-03-23 12:06 18,944 --a------ C:\WINNT\system32\encapi.dll
2007-03-23 12:06 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2007-03-23 12:06 18,432 --a------ C:\WINNT\system32\dswave.dll
2007-03-23 12:06 171,520 --a------ C:\WINNT\system32\dmime.dll
2007-03-23 12:06 16,896 --a------ C:\WINNT\system32\msyuv.dll
2007-03-23 12:06 16,896 --a------ C:\WINNT\system32\dpnsvr.exe
2007-03-23 12:06 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2007-03-23 12:06 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys
2007-03-23 12:06 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys
2007-03-23 12:06 132,608 --a------ C:\WINNT\system32\devenum.dll
2007-03-23 12:06 130,304 --a------ C:\WINNT\system32\drivers\ks.sys
2007-03-23 12:06 13,312 --a------ C:\WINNT\system32\msdmo.dll
2007-03-23 12:06 116,736 --a------ C:\WINNT\system32\dmusic.dll
2007-03-23 12:06 112,128 --a------ C:\WINNT\system32\dpvvox.dll
2007-03-23 12:06 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2007-03-23 12:06 100,864 --a------ C:\WINNT\system32\dmsynth.dll
2007-03-23 12:06 10,880 --a------ C:\WINNT\system32\drivers\slip.sys
2007-03-23 12:06 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007-03-23 12:06 1,962,496 --a------ C:\WINNT\system32\quartz.dll
2007-03-23 12:06 1,798,144 --a------ C:\WINNT\system32\qedit.dll
2007-03-23 12:06 1,675,264 --a------ C:\WINNT\system32\dxdiagn.dll
2007-03-23 12:06 1,634,304 --a------ C:\WINNT\system32\d3d9.dll
2007-03-23 12:06 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2007-03-23 12:06 1,189,888 --a------ C:\WINNT\system32\dx8vb.dll
2007-03-23 12:06 1,177,600 --a------ C:\WINNT\system32\d3d8.dll
2007-03-23 12:05 21,248 --a------ C:\WINNT\system32\drivers\pfc.sys
2007-03-23 12:05 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2007-03-23 12:04 212,480 --a------ C:\WINNT\PCDLIB32.DLL
2007-03-23 12:03 <DIR> d-------- C:\WINNT\PixArt
2007-03-23 12:03 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-03-21 20:04 34,159 --a------ C:\tspro.exe
2007-03-21 18:35 34,159 ---h----- C:\WINNT\system32\lzbzoq.exe
2007-03-21 18:15 34,159 ---h----- C:\WINNT\system32\ehvvnt.exe
2007-03-21 12:01 5,342,751 --------- C:\AVG7QT.DAT
2007-03-21 11:54 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-03-21 09:57 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_35c.dat
2007-03-21 01:17 <DIR> d-a------ C:\WINNT\system32\msmq
2007-03-21 01:15 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-21 00:57 34,159 --ah----- C:\WINNT\system32\winbot.exe
2007-03-20 22:55 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-03-20 15:22 94,208 --a------ C:\WINNT\system32\PixZip.dll
2007-03-20 15:22 74,240 --a------ C:\WINNT\system32\PixService.dll
2007-03-20 15:22 62,976 --a------ C:\WINNT\system32\PixiNet.dll
2007-03-20 15:21 73,216 --a------ C:\WINNT\system32\LFFAX12N.DLL
2007-03-20 15:21 53,248 --a------ C:\WINNT\system32\LFPCT12N.DLL
2007-03-20 15:21 51,712 --a------ C:\WINNT\system32\PixEPrint.dll
2007-03-20 15:21 434,176 --a------ C:\WINNT\system32\DC120V15_32.DLL
2007-03-20 15:21 388,608 --a------ C:\WINNT\system32\LTKRN12N.DLL
2007-03-20 15:21 36,864 --a------ C:\WINNT\system32\LFPSD12N.DLL
2007-03-20 15:21 341,504 --a------ C:\WINNT\system32\LFCMP12N.DLL
2007-03-20 15:21 32,256 --a------ C:\WINNT\system32\PixologyIRISS.dll
2007-03-20 15:21 30,720 --a------ C:\WINNT\system32\LFBMP12N.DLL
2007-03-20 15:21 26,624 --a------ C:\WINNT\system32\LFPCX12N.DLL
2007-03-20 15:21 258,560 --a------ C:\WINNT\system32\LTDIS12N.DLL
2007-03-20 15:21 230,400 --a------ C:\WINNT\system32\DC265.DLL
2007-03-20 15:21 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL
2007-03-20 15:21 207,872 --a------ C:\WINNT\system32\LTEFX12N.DLL
2007-03-20 15:21 19,968 --a------ C:\WINNT\system32\LFPCD12N.DLL
2007-03-20 15:21 165,888 --a------ C:\WINNT\system32\LTIMG12N.DLL
2007-03-20 15:21 149,504 --a------ C:\WINNT\system32\LFPNG12N.DLL
2007-03-20 15:21 141,824 --a------ C:\WINNT\system32\LFTIF12N.DLL
2007-03-20 15:21 130,048 --a------ C:\WINNT\system32\LTFIL12N.DLL
2007-03-20 15:21 106,496 --a------ C:\WINNT\system32\PixText.dll
2007-03-20 14:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_5dc.dat
2007-03-20 12:31 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-03-20 11:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_308.dat
2007-03-20 11:41 <DIR> d-------- C:\WINNT\Sun
2007-03-20 10:21 <DIR> d--h----- C:\msdownld.tmp
2007-03-19 19:38 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_388.dat
2007-03-19 17:49 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_584.dat
2007-03-19 17:49 <DIR> d--h----- C:\WINNT\PIF
2007-03-19 17:31 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-03-19 15:41 4,212 --ah----- C:\WINNT\system32\zllictbl.dat
2007-03-19 15:38 <DIR> d-a------ C:\WINNT\Internet Logs
2007-03-17 10:08 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4a0.dat
2007-03-15 21:33 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-03-15 21:33 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-03-15 21:31 335 --a------ C:\WINNT\nsreg.dat
2007-03-15 20:59 70,688 --a------ C:\WINNT\system32\drivers\alcaudsl.sys
2007-03-15 20:59 53,600 --a------ C:\WINNT\system32\drivers\alcan5wn.sys
2007-03-15 20:59 5,606 --a------ C:\WINNT\system32\stci.dll
2007-03-15 20:59 5,280 --a------ C:\WINNT\system32\drivers\alcawh.sys
2007-03-15 20:59 3,968 --a------ C:\WINNT\system32\drivers\alcacr.sys
2007-03-15 20:59 <DIR> d-------- C:\Program Files\Thomson
2007-03-15 20:40 <DIR> d-------- C:\Program Files\SpeedTouch
2007-03-07 11:19 <DIR> d-------- C:\Program Files\IrfanView
2007-03-06 23:51 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_32c.dat
2007-03-06 10:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo! Companion
2007-03-06 10:26 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Yahoo!
2007-03-05 13:24 <DIR> d-------- C:\WINNT\Downloaded Installations
2007-03-04 23:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_300.dat
2007-03-04 20:30 <DIR> d---s---- C:\DOCUME~1\ROY~2.HOM\UserData
2007-03-04 11:12 65,536 --a------ C:\WINNT\wanmpsvc.exe
2007-03-03 23:50 759,298 --ahs---- C:\WINNT\system32\tvvut.bak2
2007-03-03 22:55 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Sun
2007-03-03 22:43 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\DivX
2007-03-03 20:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Spybot - Search & Destroy
2007-03-03 20:45 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-03 18:52 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Help
2007-03-03 14:28 29,696 --a------ C:\WINNT\system32\Vb5stkit.dll
2007-03-03 14:08 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\AOL
2007-03-03 14:01 93,360 --a------ C:\WINNT\system32\drivers\ndiswan.sys
2007-03-03 14:01 64,304 --a------ C:\WINNT\system32\drivers\ipsec.sys
2007-03-03 14:01 518,928 --a------ C:\WINNT\system32\lsasrv.dll
2007-03-03 14:01 147,728 --a------ C:\WINNT\system32\schannel.dll
2007-03-03 13:56 33,588 --a------ C:\WINNT\system32\drivers\wanatw4.sys
2007-03-03 13:14 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Real
2007-03-03 13:08 368,912 --a------ C:\WINNT\system32\vbar332.dll
2007-03-03 13:08 118,784 --a------ C:\WINNT\system32\Msstdfmt.dll
2007-03-03 13:08 102,400 --a------ C:\WINNT\system32\SimpleRegistry.dll
2007-03-03 13:08 10,752 --a------ C:\WINNT\system32\aamd532.dll
2007-03-03 13:08 <DIR> d---s---- C:\WINNT\occache
2007-03-03 13:08 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\You've Got Pictures Screensaver
2007-03-03 13:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Viewpoint
2007-03-03 13:06 86,016 --a------ C:\WINNT\unvise32qt.exe
2007-03-03 13:05 <DIR> d-a------ C:\WINNT\system32\QuickTime
2007-03-03 13:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\QuickTime
2007-03-03 13:02 65,536 --a------ C:\WINNT\system32\jgsh400.dll
2007-03-03 13:02 54,784 --a------ C:\WINNT\system32\Inetwh32.dll
2007-03-03 13:02 45,568 --a------ C:\WINNT\system32\jgsd400.dll
2007-03-03 13:02 44,544 --a------ C:\WINNT\system32\jgaw400.dll
2007-03-03 13:02 401,462 --a------ C:\WINNT\system32\msvcp60.dll
2007-03-03 13:02 35,840 --a------ C:\WINNT\system32\jgmd400.dll
2007-03-03 13:02 1,044,480 --a------ C:\WINNT\system32\roboex32.dll
2007-03-03 13:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\AOL
2007-03-03 12:29 <DIR> d--h----- C:\WINNT\msdownld.tmp
2007-03-03 12:29 <DIR> d-------- C:\WINNT\Windows Update Setup Files
2007-03-03 12:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Adobe
2007-03-02 22:47 727,177 --ahs---- C:\WINNT\system32\tvvut.bak1
2007-03-02 21:13 78,608 --a------ C:\WINNT\system32\VB5DB.DLl
2007-03-02 21:13 77,824 --a------ C:\WINNT\system32\ODBCTL32.DLl
2007-03-02 21:13 745,168 --a------ C:\WINNT\system32\Setupx.dll
2007-03-02 21:13 570,128 --a------ C:\WINNT\system32\DAO350.DLl
2007-03-02 21:13 430,080 --a------ C:\WINNT\system32\MSREPL35.DLl
2007-03-02 21:13 251,664 --a------ C:\WINNT\system32\MSRD2X35.DLl
2007-03-02 21:13 24,576 --a------ C:\WINNT\system32\Rnaph.dll
2007-03-02 21:13 24,336 --a------ C:\WINNT\system32\MSJTER35.DLl
2007-03-02 21:13 147,456 --a------ C:\WINNT\system32\uwLibs.dll
2007-03-02 21:13 121,104 --a------ C:\WINNT\system32\MSJINT35.DLl
2007-03-02 21:13 112 --a------ C:\WINNT\system32\realmedia.reg
2007-03-02 21:13 1,542,132 --a------ C:\WINNT\uwDetect.EXE
2007-03-02 21:13 1,050,384 --a------ C:\WINNT\system32\MSJET35.DLl
2007-03-02 20:56 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-03-02 20:56 981,504 --a------ C:\WINNT\system32\wmnetmgr.dll
2007-03-02 20:56 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-03-02 20:56 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-03-02 20:56 816,264 --a------ C:\WINNT\system32\wmvdmod.dll
2007-03-02 20:56 81,408 --a------ C:\WINNT\system32\logagent.exe
2007-03-02 20:56 760,968 --a------ C:\WINNT\system32\wmsdmod.dll
2007-03-02 20:56 7,680 --a------ C:\WINNT\system32\asferror.dll
2007-03-02 20:56 678,912 --a------ C:\WINNT\system32\drmv2clt.dll
2007-03-02 20:56 670,208 --a------ C:\WINNT\system32\wmadmoe.dll
2007-03-02 20:56 6,656 --a------ C:\WINNT\system32\laprxy.dll
2007-03-02 20:56 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
2007-03-02 20:56 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-03-02 20:56 410,248 --a------ C:\WINNT\system32\wmadmod.dll
2007-03-02 20:56 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-03-02 20:56 358,912 --a------ C:\WINNT\system32\msscp.dll
2007-03-02 20:56 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-03-02 20:56 27,136 --a------ C:\WINNT\system32\wmdmlog.dll
2007-03-02 20:56 253,952 --a------ C:\WINNT\system32\msnetobj.dll
2007-03-02 20:56 245,760 --a------ C:\WINNT\system32\mswmdm.dll
2007-03-02 20:56 241,664 --a------ C:\WINNT\system32\qasf.dll
2007-03-02 20:56 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll
2007-03-02 20:56 232,960 --a------ C:\WINNT\system32\blackbox.dll
2007-03-02 20:56 23,552 --a------ C:\WINNT\system32\wmdmps.dll
2007-03-02 20:56 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-03-02 20:56 218,112 --a------ C:\WINNT\system32\wmasf.dll
2007-03-02 20:56 201,728 --a------ C:\WINNT\system32\mspmsp.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-03-02 20:56 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-03-02 20:56 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2007-03-02 20:56 167,936 --a------ C:\WINNT\system32\wmerror.dll
2007-03-02 20:56 159,232 --a------ C:\WINNT\system32\CEWMDM.dll
2007-03-02 20:56 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-03-02 20:56 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2007-03-02 20:56 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-03-02 20:56 <DIR> d-------- C:\WINNT\RegisteredPackages
2007-03-02 20:45 <DIR> d-a------ C:\WINNT\system32\Macromed
2007-03-02 20:45 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\AdobeUM
2007-03-02 20:44 <DIR> d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\Adobe
2007-03-02 20:32 16,144 --a------ C:\WINNT\system32\drivers\MODEMCSA.sys
2007-03-02 20:32 <DIR> d-------- C:\WINNT\Cache
2007-03-02 20:27 1,826,816 --ah----- C:\DOCUME~1\ROY~2.HOM\NTUSER.DAT
2007-03-02 20:27 <DIR> d-ah----- C:\WINNT\system32\GroupPolicy
2007-03-02 20:27 <DIR> d-a------ C:\WINNT\system32\NtmsData
2007-03-02 20:27 <DIR> d--hs---- C:\WINNT\Installer
2007-03-02 20:27 <DIR> d--hs---- C:\WINNT\CSC
2007-03-02 20:21 114,688 ---h----- C:\DOCUME~1\DEFAUL~1.WIN\NTUSER.DAT
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\rpcproxy
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\rocket
2007-03-02 20:21 <DIR> d-a------ C:\WINNT\system32\inetsrv
2007-03-02 20:21 <DIR> d-------- C:\WINNT\mww32
2007-03-02 20:21 <DIR> d-------- C:\WINNT\ime
2007-03-02 20:20 0 ---h----- C:\CONFIG.SYS
2007-03-02 20:20 0 ---h----- C:\AUTOEXEC.BAT
2007-03-02 20:19 131,072 --a------ C:\WINNT\system32\mapi32.dll
2007-03-02 20:19 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1.WIN\DRM
2007-03-02 20:19 <DIR> d---s---- C:\WINNT\Downloaded Program Files
2007-03-02 20:18 72,464 --a------ C:\WINNT\system32\isign32.dll
2007-03-02 20:18 63,248 --a------ C:\WINNT\system32\ils.dll
2007-03-02 20:18 57,104 --a------ C:\WINNT\system32\icwdial.dll
2007-03-02 20:18 53,520 --a------ C:\WINNT\system32\msconf.dll
2007-03-02 20:18 5,904 --a------ C:\WINNT\system32\icfgnt5.dll
2007-03-02 20:18 49,424 --a------ C:\WINNT\system32\icwphbk.dll
2007-03-02 20:18 32,880 --a------ C:\WINNT\system32\mnmdd.dll
2007-03-02 20:18 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-03-02 20:18 251,152 --a------ C:\WINNT\system32\inetcfg.dll
2007-03-02 20:18 216,848 --a------ C:\WINNT\system32\mstask.dll
2007-03-02 20:18 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-03-02 20:18 14,996 --a------ C:\WINNT\system32\emptyregdb.dat
2007-03-02 20:18 12,560 --a------ C:\WINNT\system32\nmmkcert.dll
2007-03-02 20:18 119,568 --a------ C:\WINNT\system32\mstask.exe
2007-03-02 20:18 10,000 --a------ C:\WINNT\system32\mstinit.exe
2007-03-02 20:18 <DIR> d-a-s---- C:\WINNT\Tasks
2007-03-02 20:17 <DIR> d-------- C:\WINNT\Registration
2007-03-02 20:16 99,600 --a------ C:\WINNT\system32\clipbrd.exe
2007-03-02 20:16 96,528 --a------ C:\WINNT\system32\winmine.exe
2007-03-02 20:16 96,016 --a------ C:\WINNT\system32\clbcatex.dll
2007-03-02 20:16 91,408 --a------ C:\WINNT\system32\calc.exe
2007-03-02 20:16 90,384 --a------ C:\WINNT\system32\charmap.exe
2007-03-02 20:16 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-03-02 20:16 89,360 --a------ C:\WINNT\system32\comrepl.dll
2007-03-02 20:16 88,848 --a------ C:\WINNT\system32\msdtclog.dll
2007-03-02 20:16 84,240 --a------ C:\WINNT\system32\txflog.dll
2007-03-02 20:16 76,048 --a------ C:\WINNT\system32\avwav.dll
2007-03-02 20:16 707,344 --a------ C:\WINNT\system32\msdtcprx.dll
2007-03-02 20:16 68,368 --a------ C:\WINNT\system32\stclient.dll
2007-03-02 20:16 68,368 --a------ C:\WINNT\system32\sndvol32.exe
2007-03-02 20:16 66,832 --a------ C:\WINNT\system32\winchat.exe
2007-03-02 20:16 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-03-02 20:16 625,936 --a------ C:\WINNT\system32\comuid.dll
2007-03-02 20:16 61,712 --a------ C:\WINNT\system32\oiui400.dll
2007-03-02 20:16 60,688 --a------ C:\WINNT\system32\imgcmn.dll
2007-03-02 20:16 6,928 --a------ C:\WINNT\system32\msdtc.exe
2007-03-02 20:16 6,416 --a------ C:\WINNT\system32\write.exe
2007-03-02 20:16 591,120 --a------ C:\WINNT\system32\catsrvut.dll
2007-03-02 20:16 574,224 --a------ C:\WINNT\system32\hypertrm.dll
2007-03-02 20:16 55,056 --a------ C:\WINNT\system32\catsrvps.dll
2007-03-02 20:16 53,008 --a------ C:\WINNT\system32\packager.exe
2007-03-02 20:16 510,224 --a------ C:\WINNT\system32\clbcatq.dll
2007-03-02 20:16 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-03-02 20:16 406,800 --a------ C:\WINNT\system32\getuname.dll
2007-03-02 20:16 397,584 --a------ C:\WINNT\system32\txfaux.dll
2007-03-02 20:16 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-03-02 20:16 37,648 --a------ C:\WINNT\system32\colbact.dll
2007-03-02 20:16 34,064 --a------ C:\WINNT\system32\sol.exe
2007-03-02 20:16 34,064 --a------ C:\WINNT\system32\freecell.exe
2007-03-02 20:16 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-03-02 20:16 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-03-02 20:16 319,760 --a------ C:\WINNT\system32\mspaint.exe
2007-03-02 20:16 30,480 --a------ C:\WINNT\system32\mtxlegih.dll
2007-03-02 20:16 3,856 --a------ C:\WINNT\system32\mtxex.dll
2007-03-02 20:16 29,968 --a------ C:\WINNT\system32\comaddin.dll
2007-03-02 20:16 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-03-02 20:16 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-03-02 20:16 23,312 --a------ C:\WINNT\system32\mtxdm.dll
2007-03-02 20:16 226,576 --a------ C:\WINNT\system32\avtapi.dll
2007-03-02 20:16 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-03-02 20:16 21,776 --a------ C:\WINNT\system32\hticons.dll
2007-03-02 20:16 21,264 --a------ C:\WINNT\system32\comclust.exe
2007-03-02 20:16 192,512 --a------ C:\WINNT\system32\wuaueng.dll
2007-03-02 20:16 17,680 --a------ C:\WINNT\system32\xolehlp.dll
2007-03-02 20:16 17,168 --a------ C:\WINNT\system32\avmeter.dll
2007-03-02 20:16 166,160 --a------ C:\WINNT\system32\catsrv.dll
2007-03-02 20:16 150,800 --a------ C:\WINNT\system32\accwiz.exe
2007-03-02 20:16 147,216 --a------ C:\WINNT\system32\DComExt.dll
2007-03-02 20:16 146,192 --a------ C:\WINNT\system32\msdtcui.dll
2007-03-02 20:16 146,192 --a------ C:\WINNT\system32\comsnap.dll
2007-03-02 20:16 141,312 --a------ C:\WINNT\system32\wuauclt.exe
2007-03-02 20:16 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-03-02 20:16 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-03-02 20:16 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-03-02 20:16 118,032 --a------ C:\WINNT\system32\mplay32.exe
2007-03-02 20:16 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2007-03-02 20:16 105,744 --a------ C:\WINNT\system32\mtxoci.dll
2007-03-02 20:16 1,785,160 -ra------ C:\WINNT\system32\dtcsetup.exe
2007-03-02 20:16 1,448,208 --a------ C:\WINNT\system32\comsvcs.dll
2007-03-02 20:16 1,131,280 --a------ C:\WINNT\system32\msdtctm.dll
2007-03-02 20:16 <DIR> d-a------ C:\WINNT\system32\DTCLog
2007-03-02 20:16 <DIR> d-a------ C:\WINNT\system32\Com
2007-03-02 20:10 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2007-03-02 20:10 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2007-03-02 20:10 51,152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2007-03-02 20:10 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2007-03-02 20:10 4,816 --a------ C:\WINNT\system32\drivers\MSPQM.sys
2007-03-02 20:10 2,896 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-03-02 20:10 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2007-03-02 20:08 9,808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2007-03-02 20:08 59,664 --a------ C:\WINNT\system32\usbui.dll
2007-03-02 20:08 44,528 --a------ C:\WINNT\system32\drivers\es1371mp.sys
2007-03-02 20:08 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-03-02 20:07 71,632 --a------ C:\WINNT\system32\drivers\atimpab.sys
2007-03-02 20:07 35,344 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-03-02 20:07 135,184 --a------ C:\WINNT\system32\atidrab.dll
2007-03-02 20:04 9,936 --a------ C:\WINNT\system\LZEXPAND.DLL
2007-03-02 20:04 9,008 --a------ C:\WINNT\system\VER.DLL
2007-03-02 20:04 85,264 --a------ C:\WINNT\system32\dgsetup.dll
2007-03-02 20:04 82,944 --a------ C:\WINNT\system\OLECLI.DLL
2007-03-02 20:04 81,680 --a------ C:\WINNT\system32\SPOOLSS.DLL
2007-03-02 20:04 69,584 --a------ C:\WINNT\system\AVICAP.DLL
2007-03-02 20:04 68,624 --a------ C:\WINNT\system\MMSYSTEM.DLL
2007-03-02 20:04 6,416 --a------ C:\WINNT\system32\batt.dll
2007-03-02 20:04 50,960 --a------ C:\WINNT\NOTEPAD.EXE
2007-03-02 20:04 5,392 --a------ C:\WINNT\delttsul.exe
2007-03-02 20:04 5,120 --a------ C:\WINNT\system\SHELL.DLL
2007-03-02 20:04 45,328 --a------ C:\WINNT\system32\SPOOLSV.EXE
2007-03-02 20:04 35,600 --a------ C:\WINNT\TASKMAN.EXE
2007-03-02 20:04 35,600 --a------ C:\WINNT\system32\storprop.dll
2007-03-02 20:04 28,288 --a------ C:\WINNT\system\COMMDLG.DLL
2007-03-02 20:04 24,064 --a------ C:\WINNT\system\OLESVR.DLL
2007-03-02 20:04 21,344 --a------ C:\WINNT\system\TAPI.DLL
2007-03-02 20:04 176,400 --a------ C:\WINNT\system32\EqnClass.Dll
2007-03-02 20:04 148,992 --a------ C:\WINNT\system32\spxcoins.dll
2007-03-02 20:04 126,912 --a------ C:\WINNT\system\MSVIDEO.DLL
2007-03-02 20:04 123,904 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-03-02 20:04 107,984 --a------ C:\WINNT\system\AVIFILE.DLL
2007-03-02 20:04 <DIR> d-a------ C:\WINNT\system32\CatRoot
2007-03-02 20:04 <DIR> d-a------ C:\WINNT\Speech
2007-03-02 20:04 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1.WIN\Documents
2007-03-02 20:00 <DIR> drahsc--- C:\WINNT\system32\dllcache
2007-03-02 20:00 <DIR> dra-s---- C:\WINNT\Fonts
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\twain_32
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\wins
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\wbem
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\spool
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ShellExt
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\Setup
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ras
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\os2
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\npp
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\mui
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ie_de
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\ias
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\export
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers\etc
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers\disdn
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\drivers
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\dhcp
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32\config
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system32
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\system
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\security
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\repair
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\msapps
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\msagent
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Media
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Help
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Driver Cache
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Debug
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Cursors
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Connection Wizard
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\Config
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\AppPatch
2007-03-02 20:00 <DIR> d-a------ C:\WINNT\addins
2007-03-02 20:00 <DIR> d-a------ C:\WINNT
2007-03-02 20:00 <DIR> d--h----- C:\WINNT\inf
2007-03-02 20:00 <DIR> d---s---- C:\WINNT\Web
2007-03-02 19:53 0 --a------ C:\qckyrxv.exe
2007-03-02 16:20 <DIR> d-a------ C:\Program Files\a-squared Free
2007-03-02 11:17 <DIR> d-a------ C:\Program Files\Viewpoint
2007-03-02 11:17 <DIR> d-a------ C:\Program Files\Learn2.com
2007-03-02 11:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-03-02 11:16 <DIR> d-a------ C:\Program Files\Common Files\Nullsoft
2007-03-02 11:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-03-01 17:10 <DIR> d-------- C:\Program Files\Internet


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-26 20:26 -------- d-------- C:\DOCUME~1\ROY~2.HOM\APPLIC~1\searchtoolbarcorp
2007-03-25 13:56 -------- d-a------ C:\Program Files\google
2007-03-24 21:11 -------- d-a------ C:\Program Files\divx
2007-03-23 12:09 -------- d--h----- C:\Program Files\installshield installation information
2007-03-23 12:03 -------- d-a------ C:\Program Files\pc camer@
2007-03-17 22:06 230432 --a------ C:\StiImg.dat
2007-03-14 14:33 -------- d-a------ C:\Program Files\yahoo!
2007-03-06 09:25 -------- d-a------ C:\Program Files\quicktime
2007-03-03 13:03 -------- d-a------ C:\Program Files\Common Files\real
2007-03-03 10:08 -------- d-a------ C:\Program Files\java
2007-03-02 20:19 271 ---h----- C:\Program Files\desktop.ini
2007-03-02 20:19 21952 ---h----- C:\Program Files\folder.htt
2007-02-26 14:48 -------- d-a------ C:\Program Files\spycatcher 2006
2007-02-26 14:48 -------- d-a------ C:\Program Files\itunes
2007-02-25 22:33 -------- d-a------ C:\Program Files\Common Files\motorola shared
2007-02-25 22:16 -------- d-a------ C:\Program Files\avanquest update
2007-02-25 16:46 -------- d-a------ C:\Program Files\atp
2007-02-22 13:45 512 --a------ C:\ScanSectorLog.dat
2007-02-20 13:59 417320 --a------ C:\msgr8uk.exe
2007-02-15 12:41 -------- d-a------ C:\Program Files\Common Files\intel
2007-01-28 19:39 -------- d-a------ C:\Program Files\morpheusbar
2007-01-08 14:21 0 -rahsc--- C:\MSDOS.SYS
2007-01-08 14:21 0 -rahsc--- C:\IO.SYS


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"STManager"="\"C:\\Program Files\\SpeedTouch\\Dr SpeedTouch\\drst.exe\" -b"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SoundService"="rundll32.exe \"C:\\WINNT\\system32\\lusyxdmj.dll\",setvm"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{182B90A3-F372-438A-800C-6814B4DE417B}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcdb
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efccawu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvvt

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070326-183324-523
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
backup-20070326-182717-879
O23 - Service: Windows System Service (SYSTEMSVC) - Unknown owner - C:\WINNT\system\system.exe (file missing)
backup-20070326-182717-591
O23 - Service: dhcpcpl - Unknown owner - C:\WINNT\system32\dhcpcpl.exe (file missing)
backup-20070326-182717-598
O4 - HKCU\..\RunOnce: [Windows Config] WINBOT.EXE
backup-20070326-182717-463
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\akwmkxpj.dll",setvm
backup-20070326-182717-730
O4 - HKLM\..\RunServices: [Ability Office] wmuusffxl.exe
backup-20070326-182717-345
O23 - Service: msnntlp - Unknown owner - C:\WINNT\system\msnntlp.exe (file missing)
backup-20070326-182717-906
O4 - HKLM\..\Run: [Windows Config] WINBOT.EXE
backup-20070326-182717-929
O4 - HKCU\..\Run: [Windows Service Live] ztwexcsft.exe
backup-20070326-182717-916
O4 - HKLM\..\Run: [Windows Service Live] ztwexcsft.exe
backup-20070326-182717-468
O4 - HKLM\..\Run: [tcpipmon] tcpipmon.exe
backup-20070326-182717-696
O4 - HKLM\..\Run: [Ability Office] wmuusffxl.exe

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Disk Cleanup.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: Mon 2007-03-26 20:26:39

#15 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:15 AM

Posted 26 March 2007 - 03:14 PM

Hi,

You still posted the same logs. Above log is not from DrWeb, it's the combofix log+SDFix log
Please doublecheck before you post
Rightclick the logs and choose copy first.

Edited by miekiemoes, 26 March 2007 - 03:14 PM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users