Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vbs.solow Infection But Cleared Only Registry Is Unable To Verify


  • This topic is locked This topic is locked
19 replies to this topic

#1 DEFC0N

DEFC0N

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 26 March 2007 - 05:04 AM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 6:00:11 PM, on 3/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
C:\Program Files\Rainmeter\Rainmeter.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\Junk Removers\uptimer4\Uptimer4.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\Junk Removers\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.jp/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EB88928-2126-4BC8-A8B1-17567CBA627F} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {4F0388F6-7635-4CD6-8B10-82DF3379386D} - C:\WINDOWS\system32\xxywvur.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Uptimer4] C:\Documents and Settings\Administrator\Desktop\Junk Removers\uptimer4\uptimer4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll
O20 - Winlogon Notify: xxywvur - C:\WINDOWS\SYSTEM32\xxywvur.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Ok I was infected with vbs.solow recently and managed to clean it but after deleting the registry values and then a reboot, try to double click the drives again and it gives the error unable to located c:/windows/bleeper.vbs and it won't open. I have to go look up the registry again and delete the values once again. Any idea as to why the registry is still the same? So far am not getting any other solutions anywhere else.

Oh yeah and my browser instead of the taga lip thing it was Malaysian Hackers instead. Got rid of that also. Not sure if I'm still infected as I'm scanning my drives one by one now in order ensure it didn't replicate again.

Edited by DEFC0N, 26 March 2007 - 05:06 AM.


BC AdBot (Login to Remove)

 


m

#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 PM

Posted 26 March 2007 - 02:46 PM

Hi and welcome to the Board

I'm Blade and I am going to try to help you with your problem. Please take a note of five things.

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement."
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Please download
VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files,
    click YES
  • Once you click yes, your desktop will go blank as it starts removing
    Vundo.
  • When completed, it will prompt that it will reboot your computer,
    click OK.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button."
when VundoFix appears at reboot.


Please run the
F-Secure Online Scanner

Note: This Scanner is for Internet Explorer
Only!
  • Follow the Instruction
    Here
    for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning
    (recommended)
    button.
  • Click the Show Report button and Copy&Paste the entire report
    in your next reply with the contents of C:\vundofix.txt and a new
    HiJackThis log.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 27 March 2007 - 01:20 AM

Ok here's my vundofix log. Installed the JRE 6 as it is. Not sure why the results as such.
VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 12:54:24 PM 3/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mlplppms.dll
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\smpplplm.ini
C:\WINDOWS\system32\xxywvur.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mllmm.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mlplppms.dll
C:\WINDOWS\system32\mlplppms.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mmllm.ini
C:\WINDOWS\system32\mmllm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mmllm.ini2
C:\WINDOWS\system32\mmllm.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\mmllm.tmp
C:\WINDOWS\system32\mmllm.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\smpplplm.ini
C:\WINDOWS\system32\smpplplm.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xxywvur.dll
C:\WINDOWS\system32\xxywvur.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.3.18

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 1:06:25 PM 3/27/2007

Listing files found while scanning....

C:\WINDOWS\system32\xxywvur.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\xxywvur.dll
C:\WINDOWS\system32\xxywvur.dll Has been deleted!

Performing Repairs to the registry.
Done!


Ok new HijackThis log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:21:35 PM, on 3/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Documents and Settings\Administrator\Desktop\Junk Removers\uptimer4\uptimer4.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
C:\Program Files\Rainmeter\Rainmeter.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Administrator\Desktop\Junk Removers\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.jp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Uptimer4] C:\Documents and Settings\Administrator\Desktop\Junk Removers\uptimer4\uptimer4.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\mlplppms.dll",setvm
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10080 bytes

Edited by DEFC0N, 27 March 2007 - 09:25 AM.


#4 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 27 March 2007 - 09:22 AM

F-secure scan log

Scanning Report
Tuesday, March 27, 2007 20:54:21 - 22:17:08
Computer name: REIKO 
Scanning type: Scan system for viruses, rootkits, spyware 
Target: C:\ D:\ E:\ 


--------------------------------------------------------------------------------

Result: 2 malware found
Tracking Cookie (spyware) 
System (Disinfected) 
Trojan-PSW.Win32.QQPass.vt (virus) 
C:\PROGRAM FILES\MOZILLA FIREFOX\XPICLEANUP.EXE (Renamed & Submitted) 

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 33062 
System: 4817 
Not scanned: 6 
Actions:
Disinfected: 1 
Renamed: 1 
Deleted: 0 
None: 0 
Submitted: 1 
Files not scanned:
C:\PAGEFILE.SYS 
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT 
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{C046E4B3-F5C8-4EA9-8367-9F4D70D69ED5}.BIN 
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL 
E:\MISC & APPS 2\MOBO DRIVERS\ABIT\NF7\AWDBIOS.BIN 

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-03-24 
F-Secure AVP: 7.0.171, 2007-03-27 
F-Secure Orion: 1.2.37, 2007-03-27 
F-Secure Blacklight: 1.0.53, 0000-00-00 
F-Secure Draco: 1.0.35, 2007-03-19 
F-Secure Pegasus: 1.19.0, 2007-02-15 
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX 
Use Advanced heuristics


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 PM

Posted 27 March 2007 - 09:49 AM

You're doing well. :thumbsup: Let's go on.


Download ATF (Atribune Temp File) Cleanerę by Atribune to your desktop.

Please follow the instructions provided, you may want to print out these instructions and use them as a reference:
AVG Anti-Spyware only works on Windows 2000 and Windows XP (32-Bit)

First download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    * Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    * Select "Automatically generate report after every scan"
    * Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 27 March 2007 - 08:31 PM

AVG anti-spyware log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	9:06:05 AM 3/28/2007

 + Scan result:	



C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Administrator\Desktop\Junk Removers\backups\backup-20070326-180543-863.dll -> Adware.Virtumonde : Cleaned.
C:\System Volume Information\_restore{01DD0ACB-2BB4-4A27-A85C-AD3874FA6F51}\RP30\A0002885.dll -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\xxywvur.dll.bad -> Adware.Virtumonde : Cleaned.
D:\System Volume Information\_restore{06CFC5D0-744F-443A-B214-88305B462327}\RP55\A0013691.EXE -> Backdoor.Hupigon.kg : Cleaned.
E:\System Volume Information\_restore{5AA69BC8-E36A-4544-A996-5C40AB00CD6D}\RP42\A0031034.exe -> Downloader.Small : Cleaned.
:mozilla.28:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.29:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.30:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.22:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.35:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.6:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Administrator\Application Data\Netscape\NSB\Profiles\tjejx7lx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\System Volume Information\_restore{BD901780-EFFB-4254-95EB-98E6A1151FB8}\RP53\A0003570.exe -> Trojan.Feutel.av : Cleaned.


::Report end

Persistant errors that are still in the pc:

Error loading C:\WINDOWS\system32\mlplppms.dll
Can not find script file "C:\fcuker.vbs" <-- modified spelling due to censoring

#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 PM

Posted 28 March 2007 - 11:00 AM

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 28 March 2007 - 11:11 PM

Heres the combofix log.

side note, my pc is a bit laggy after the fix.

[code=auto:0]"Administrator" - 07-03-29 11:43:13 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Administrator\Desktop"


((((((((((((((((((((((((((((((( Files Created from 2007-02-28 to 2007-03-29 ))))))))))))))))))))))))))))))))))


2007-03-28 16:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-03-28 13:49 <DIR> d-------- C:\CnC3_ISO_flt
2007-03-28 10:13 24,816 --a------ C:\WINDOWS\system32\mdimon.dll
2007-03-28 10:09 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-03-28 10:09 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-03-28 10:09 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-03-28 10:08 <DIR> d-------- C:\Program Files\Microsoft Works
2007-03-28 10:06 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-03-28 09:52 <DIR> d-------- C:\Program Files\PowerISO
2007-03-28 01:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-27 22:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ventrilo
2007-03-27 20:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Media Player Classic
2007-03-27 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\vlc
2007-03-27 12:54 <DIR> d-------- C:\VundoFix Backups
2007-03-27 12:52 <DIR> d-------- C:\Program Files\Common Files\Java
2007-03-27 12:38 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-03-27 07:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.SunDownloadManager
2007-03-27 07:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
2007-03-27 07:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-03-27 01:13 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
2007-03-27 00:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-26 21:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-03-26 21:41 <DIR> d-------- C:\Program Files\Nero
2007-03-26 21:41 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-03-26 21:21 76,669 --a------ C:\WINDOWS\War3Unin.dat
2007-03-26 21:21 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-03-26 21:21 139,264 --a------ C:\WINDOWS\War3Unin.exe
2007-03-26 21:18 <DIR> d-------- C:\Program Files\Warcraft III
2007-03-26 19:47 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-03-26 19:46 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-03-26 19:45 <DIR> d-------- C:\Program Files\LimeWire
2007-03-26 19:41 262,144 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-03-26 19:07 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-03-26 19:03 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-03-26 17:53 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2007-03-26 17:20 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-03-26 16:41 <DIR> d-------- C:\Program Files\Uniblue
2007-03-26 16:41 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-03-26 16:28 <DIR> d--hs---- C:\RECYCLER
2007-03-26 14:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-03-26 13:54 <DIR> d-------- C:\Program Files\ICQLite
2007-03-26 13:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ICQLite
2007-03-26 11:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype
2007-03-26 11:47 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-03-26 11:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-03-26 11:35 <DIR> d--hs---- C:\DOCUME~1\ADMINI~1\UserData
2007-03-26 11:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-03-26 11:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-03-26 11:28 <DIR> d-------- C:\Program Files\7-Zip
2007-03-26 11:11 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-03-26 10:56 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-03-26 10:48 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-26 08:52 <DIR> d-------- C:\Downloads
2007-03-26 08:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Free Download Manager
2007-03-26 07:56 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-03-26 07:56 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-03-26 07:05 98,304 --a------ C:\WINDOWS\system32\msir3jp.dll
2007-03-26 07:05 838,144 --a------ C:\WINDOWS\system32\chtbrkr.dll
2007-03-26 07:05 811,064 --a------ C:\WINDOWS\system32\imjp81k.dll
2007-03-26 07:05 76,288 --a------ C:\WINDOWS\system32\uniime.dll
2007-03-26 07:05 70,656 --a------ C:\WINDOWS\system32\korwbrkr.dll
2007-03-26 07:05 6,144 --a------ C:\WINDOWS\system32\kbd101a.dll
2007-03-26 07:05 218,112 --a------ C:\WINDOWS\system32\c_g18030.dll
2007-03-26 07:05 1,677,824 --a------ C:\WINDOWS\system32\chsbrkr.dll
2007-03-26 07:04 9,216 --a------ C:\WINDOWS\system32\kbdnecAT.dll
2007-03-26 07:04 7,680 --a------ C:\WINDOWS\system32\kbdnecNT.dll
2007-03-26 07:04 7,168 --a------ C:\WINDOWS\system32\kbdnec95.dll
2007-03-26 07:04 7,168 --a------ C:\WINDOWS\system32\kbdibm02.dll
2007-03-26 07:04 7,168 --a------ C:\WINDOWS\system32\f3ahvoas.dll
2007-03-26 07:04 6,656 --a------ C:\WINDOWS\system32\kbdlk41a.dll
2007-03-26 07:04 6,144 --a------ C:\WINDOWS\system32\kbdlk41j.dll
2007-03-26 07:04 6,144 --a------ C:\WINDOWS\system32\kbdax2.dll
2007-03-26 07:04 6,144 --a------ C:\WINDOWS\system32\kbd106n.dll
2007-03-26 07:04 6,144 --a------ C:\WINDOWS\system32\kbd101.dll
2007-03-26 07:03 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-03-26 07:03 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-03-26 07:03 6,656 --a------ C:\WINDOWS\system32\c_is2022.dll
2007-03-26 07:03 6,144 -ra------ C:\WINDOWS\system32\kbdth3.dll
2007-03-26 07:03 6,144 -ra------ C:\WINDOWS\system32\kbdth2.dll
2007-03-26 07:03 6,144 -ra------ C:\WINDOWS\system32\kbdinpun.dll
2007-03-26 07:03 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-03-26 07:03 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-03-26 07:03 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-03-26 07:03 6,144 --a------ C:\WINDOWS\system32\ftlx041e.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdvntc.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdurdu.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdth1.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdth0.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdsyr2.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdsyr1.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdintel.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdintam.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdinmar.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdinkan.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdinhin.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdinguj.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdindev.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdheb.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbdfa.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbddiv2.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbddiv1.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbda3.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbda2.dll
2007-03-26 07:03 5,632 -ra------ C:\WINDOWS\system32\kbda1.dll
2007-03-26 07:03 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll
2007-03-26 07:03 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-03-26 07:03 5,120 -ra------ C:\WINDOWS\system32\kbdgeo.dll
2007-03-26 07:03 5,120 -ra------ C:\WINDOWS\system32\kbdarmw.dll
2007-03-26 07:03 5,120 -ra------ C:\WINDOWS\system32\kbdarme.dll
2007-03-26 07:03 185,344 --a------ C:\WINDOWS\system32\Thawbrkr.dll
2007-03-26 07:03 10,752 --a------ C:\WINDOWS\system32\c_iscii.dll
2007-03-26 07:01 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-03-26 07:00 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-03-26 07:00 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-03-26 06:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-03-26 06:57 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-03-26 06:56 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-03-26 06:56 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-03-26 06:56 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-03-26 06:56 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-03-26 06:56 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-03-26 06:56 <DIR> dr------- C:\Program Files
2007-03-26 06:56 <DIR> d--hs---- C:\WINDOWS\Installer
2007-03-26 06:56 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-26 06:56 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-03-26 06:55 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-03-26 06:55 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-03-26 06:55 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-03-26 06:55 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-03-26 06:55 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-03-26 06:55 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-03-26 06:55 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-03-26 06:55 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-03-26 06:55 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-03-26 06:55 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-03-26 06:55 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-03-26 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-03-26 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-03-26 06:55 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-03-26 06:55 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-03-26 06:55 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-03-26 06:55 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-03-26 06:55 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-03-26 06:55 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-03-26 06:55 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-03-26 06:55 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-03-26 06:55 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-03-26 06:55 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-03-26 06:55 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-03-26 06:55 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-03-26 06:55 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-03-26 06:55 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-03-26 06:53 <DIR> d--hs---- C:\System Volume Information
2007-03-26 06:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-03-26 06:53 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-03-26 06:53 <DIR> d-------- C:\Documents and Settings
2007-03-26 06:47 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-03-26 06:47 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-03-26 06:47 <DIR> dr------- C:\WINDOWS\Web
2007-03-26 06:47 <DIR> d--h----- C:\WINDOWS\inf
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\WinSxS
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\twain_32
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\wins
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\spool
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\ras
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\npp
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\mui
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\IME
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\ias
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\export
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\config
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\3076
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\2052
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1054
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1042
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1041
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1037
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1033
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1031
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1028
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32\1025
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system32
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\system
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\security
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Resources
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\repair
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Provisioning
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\PeerNet
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\pchealth
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\mui
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\msapps
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\msagent
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Media
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\java
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\ime
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Help
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\ehome
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Debug
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Cursors
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\Config
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\AppPatch
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS\addins
2007-03-26 06:47 <DIR> d-------- C:\WINDOWS
2007-03-26 05:28 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-03-26 00:48 <DIR> d-------- C:\Program Files\Free Download Manager
2007-03-26 00:47 2,433 --a------ C:\WINDOWS\mozver.dat
2007-03-26 00:44 <DIR> d-------- C:\Program Files\Ventrilo
2007-03-26 00:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-03-26 00:43 <DIR> d-------- C:\sysreset
2007-03-26 00:42 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-03-26 00:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-03-26 00:41 <DIR> d-------- C:\Program Files\MSN Messenger
2007-03-26 00:38 <DIR> d-------- C:\Program Files\Skype
2007-03-26 00:37 <DIR> d-------- C:\Program Files\Google
2007-03-26 00:36 <DIR> d-------- C:\Program Files\Java
2007-03-26 00:36 <DIR> d-------- C:\Program Files\IrfanView
2007-03-26 00:36 <DIR> d-------- C:\Program Files\CDex_150
2007-03-26 00:35 <DIR> d-------- C:\Program Files\Azureus
2007-03-26 00:33 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-03-26 00:33 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-03-26 00:33 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-03-26 00:33 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-03-26 00:33 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-03-26 00:32 <DIR> d-------- C:\Program Files\Winamp
2007-03-26 00:30 37,270 --a------ C:\WINDOWS\system32\OggDSUninst.exe
2007-03-26 00:30 <DIR> d-------- C:\Program Files\Matroska Pack
2007-03-26 00:29 <DIR> d-------- C:\Program Files\Real Alternative
2007-03-26 00:29 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2007-03-26 00:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
2007-03-26 00:29 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-03-26 00:27 4,111,872 --a------ C:\mplayerc.exe
2007-03-26 00:26 131,072 --a------ C:\WINDOWS\system32\datestamp.dll
2007-03-26 00:26 <DIR> d-------- C:\Program Files\VideoLAN
2007-03-26 00:25 <DIR> d-------- C:\WINDOWS\system32\ZeroSpyware
2007-03-26 00:25 <DIR> d-------- C:\Program Files\FBM Software
2007-03-26 00:23 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-26 00:22 <DIR> d-------- C:\Program Files\Rainmeter
2007-03-26 00:22 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Netscape
2007-03-26 00:21 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-03-26 00:20 <DIR> d-------- C:\Program Files\Netscape
2007-03-26 00:18 81,920 --a------ C:\WINDOWS\system32\ZDPN50.dll
2007-03-26 00:18 81,920 --a------ C:\WINDOWS\system32\ZDBRGDLL.dll
2007-03-26 00:18 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2007-03-26 00:18 248,320 --a------ C:\WINDOWS\system32\drivers\ZD1211U.sys
2007-03-26 00:18 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2007-03-26 00:18 19,200 --a------ C:\WINDOWS\system32\ZDBRGSYS.sys
2007-03-26 00:18 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.sys
2007-03-26 00:18 <DIR> d-------- C:\Program Files\WLAN
2007-03-26 00:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2007-03-26 00:10 <DIR> d-------- C:\Program Files\My Company Name
2007-03-26 00:09 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_n.sys
2007-03-26 00:09 992,896 --a------ C:\WINDOWS\system32\drivers\Bravo_a.sys
2007-03-26 00:09 46,592 --a------ C:\WINDOWS\system32\asfrench.dll
2007-03-26 00:09 46,080 --a------ C:\WINDOWS\system32\asrussian.dll
2007-03-26 00:09 46,080 --a------ C:\WINDOWS\system32\asgerman.dll
2007-03-26 00:09 46,080 --a------ C:\WINDOWS\system32\aseng.dll
2007-03-26 00:09 45,568 --a------ C:\WINDOWS\system32\askorean.dll
2007-03-26 00:09 45,568 --a------ C:\WINDOWS\system32\asjapan.dll
2007-03-26 00:09 45,568 --a------ C:\WINDOWS\system32\ASCHT.dll
2007-03-26 00:09 45,568 --a------ C:\WINDOWS\system32\aschs.dll
2007-03-26 00:09 37,888 --a------ C:\WINDOWS\system32\ATKOGL32.dll
2007-03-26 00:09 250,496 --a------ C:\WINDOWS\system32\ATKDISP.dll
2007-03-26 00:09 241,664 --a------ C:\WINDOWS\ATKKBService.exe
2007-03-26 00:09 2,033,664 --a------ C:\WINDOWS\system32\ATKOSDX32.dll
2007-03-26 00:09 11,008 --a------ C:\WINDOWS\system32\drivers\atkkbnt.sys
2007-03-26 00:09 10,496 --a------ C:\WINDOWS\system32\ATKOSDMini.DLL
2007-03-26 00:09 1,667,072 --a------ C:\WINDOWS\system32\ATKDispCPL.dll
2007-03-26 00:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-03-26 00:06 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-03-26 00:06 <DIR> d-------- C:\WINDOWS\nview
2007-03-26 00:03 12,416 --a------ C:\WINDOWS\system32\drivers\asusgsb32.sys
2007-03-26 00:02 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-03-26 00:02 16,000 --a------ C:\WINDOWS\system32\drivers\Video3D32.sys
2007-03-26 00:02 <DIR> d-------- C:\Program Files\GameFace Messenger
2007-03-26 00:01 14,592 --------- C:\WINDOWS\system32\drivers\USBICP.sys
2007-03-26 00:01 11,596 --a------ C:\WINDOWS\system32\drivers\copperhd.sys
2007-03-26 00:01 <DIR> d-------- C:\Program Files\Razer
2007-03-26 00:00 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2007-03-25 23:53 <DIR> d-------- C:\Program Files\Microsoft Hardware
2007-03-25 23:51 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-03-25 23:45 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-25 23:45 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-03-25 23:43 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-03-25 23:43 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-03-25 23:43 <DIR> d-------- C:\Program Files\Symantec
2007-03-25 23:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-03-25 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-03-25 23:41 51 --a------ C:\delnis.bat
2007-03-25 23:41 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-03-25 23:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
2007-03-25 23:40 5,685 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2007-03-25 23:40 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2007-03-25 23:40 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2007-03-25 23:40 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2007-03-25 23:40 <DIR> d-------- C:\Program Files\ASUS
2007-03-25 23:36 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-03-25 23:36 <DIR> d-------- C:\Program Files\Marvell
2007-03-25 23:35 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-03-25 23:35 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-03-25 23:35 <DIR> d-------- C:\WINDOWS\ASUSInstAll
2007-03-25 23:34 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-03-25 23:34 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-03-25 23:34 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-03-25 23:34 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-03-25 23:34 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-03-25 23:34 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-03-25 23:34 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-03-25 23:34 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-03-25 23:34 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-03-25 23:34 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-03-25 23:34 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-03-25 23:34 143,360 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2007-03-25 23:34 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-03-25 23:34 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-03-25 23:33 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2007-03-25 23:33 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-03-25 23:33 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-03-25 23:33 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2007-03-25 23:33 4,356,608 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-03-25 23:33 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2007-03-25 23:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-03-25 23:33 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2007-03-25 23:33 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2007-03-25 23:33 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2007-03-25 23:33 16,049,664 -r------- C:\WINDOWS\RTHDCPL.exe
2007-03-25 23:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-03-25 23:33 <DIR> d-------- C:\Program Files\Realtek
2007-03-25 23:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-03-25 23:31 <DIR> d-------- C:\Program Files\Intel
2007-03-25 23:26 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-03-25 23:26 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2007-03-25 23:26 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-03-25 23:24 2,359,296 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-03-25 23:23 262,144 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-03-25 23:23 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-03-25 23:23 <DIR> d-------- C:\WINDOWS\Prefetch
2007-03-25 23:22 262,144 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-03-25 23:18 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-03-25 23:18 0 -rahs---- C:\MSDOS.SYS
2007-03-25 23:18 0 -rahs---- C:\IO.SYS
2007-03-25 23:18 0 --a------ C:\CONFIG.SYS
2007-03-25 23:18 0 --a------ C:\AUTOEXEC.BAT
2007-03-25 23:18 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-03-25 23:18 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-03-25 23:17 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-03-25 23:16 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-03-25 23:16 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-03-25 23:16 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-03-25 23:16 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-03-25 23:15 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-03-25 23:15 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-03-25 23:15 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-03-25 23:15 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-03-25 23:14 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-03-25 23:14 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-03-25 23:14 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-03-25 23:14 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-03-25 23:14 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-03-25 23:14 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-03-25 23:14 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-03-25 23:14 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-03-25 23:14 67,584 --a------ C:\WINDOWS&#

Edited by DEFC0N, 29 March 2007 - 12:28 AM.


#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 PM

Posted 28 March 2007 - 11:25 PM

That seems to be only partial log. Could you send the whole one, please?

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 March 2007 - 12:25 AM

2007-03-25 23:14	81,920	--a------	C:\WINDOWS\system32\isign32.dll
2007-03-25 23:14	81,920	--a------	C:\WINDOWS\system32\ils.dll
2007-03-25 23:14	8,192	--a------	C:\WINDOWS\system32\bitsprx2.dll
2007-03-25 23:14	73,728	--a------	C:\WINDOWS\system32\icwdial.dll
2007-03-25 23:14	73,472	--a------	C:\WINDOWS\system32\drivers\sr.sys
2007-03-25 23:14	7,168	--a------	C:\WINDOWS\system32\bitsprx3.dll
2007-03-25 23:14	69,632	--a------	C:\WINDOWS\system32\msconf.dll
2007-03-25 23:14	679,424	--a------	C:\WINDOWS\system32\inetcomm.dll
2007-03-25 23:14	67,584	--a------	C:\WINDOWS\system32\srclient.dll
2007-03-25 23:14	65,536	--a------	C:\WINDOWS\system32\icwphbk.dll
2007-03-25 23:14	6,656	--a------	C:\WINDOWS\system32\wuauserv.dll
2007-03-25 23:14	48,128	--a------	C:\WINDOWS\system32\inetres.dll
2007-03-25 23:14	465,176	--a------	C:\WINDOWS\system32\wuapi.dll
2007-03-25 23:14	45,568	--a------	C:\WINDOWS\system32\safrslv.dll
2007-03-25 23:14	43,520	--a------	C:\WINDOWS\system32\safrcdlg.dll
2007-03-25 23:14	43,520	--a------	C:\WINDOWS\system32\racpldlg.dll
2007-03-25 23:14	41,240	--a------	C:\WINDOWS\system32\wups.dll
2007-03-25 23:14	382,464	--a------	C:\WINDOWS\system32\qmgr.dll
2007-03-25 23:14	34,560	--a------	C:\WINDOWS\system32\mnmdd.dll
2007-03-25 23:14	32,768	--a------	C:\WINDOWS\system32\mnmsrvc.exe
2007-03-25 23:14	32,768	--a------	C:\WINDOWS\system32\isrdbg32.dll
2007-03-25 23:14	29,696	--a------	C:\WINDOWS\system32\safrdm.dll
2007-03-25 23:14	28,672	--a------	C:\WINDOWS\system32\nmmkcert.dll
2007-03-25 23:14	274,944	--a------	C:\WINDOWS\system32\mstask.dll
2007-03-25 23:14	274,432	--a------	C:\WINDOWS\system32\inetcfg.dll
2007-03-25 23:14	252,928	--a------	C:\WINDOWS\system32\msoeacct.dll
2007-03-25 23:14	239,104	--a------	C:\WINDOWS\system32\srrstr.dll
2007-03-25 23:14	23,040	--a------	C:\WINDOWS\system32\fltmc.exe
2007-03-25 23:14	194,328	--a------	C:\WINDOWS\system32\wuaueng1.dll
2007-03-25 23:14	190,976	--a------	C:\WINDOWS\system32\schedsvc.dll
2007-03-25 23:14	18,944	--a------	C:\WINDOWS\system32\qmgrprxy.dll
2007-03-25 23:14	173,536	--a------	C:\WINDOWS\system32\wuweb.dll
2007-03-25 23:14	172,312	--a------	C:\WINDOWS\system32\wuauclt1.exe
2007-03-25 23:14	170,496	--a------	C:\WINDOWS\system32\srsvc.dll
2007-03-25 23:14	16,896	--a------	C:\WINDOWS\system32\fltlib.dll
2007-03-25 23:14	16,384	--a------	C:\WINDOWS\system32\icfgnt5.dll
2007-03-25 23:14	128,896	--a------	C:\WINDOWS\system32\drivers\fltmgr.sys
2007-03-25 23:14	127,256	--a------	C:\WINDOWS\system32\wucltui.dll
2007-03-25 23:14	124,184	--a------	C:\WINDOWS\system32\wuauclt.exe
2007-03-25 23:14	12,288	--a------	C:\WINDOWS\system32\mstinit.exe
2007-03-25 23:14	105,984	--a------	C:\WINDOWS\system32\msoert2.dll
2007-03-25 23:14	1,343,768	--a------	C:\WINDOWS\system32\wuaueng.dll
2007-03-25 23:14	<DIR>	d---s----	C:\WINDOWS\Tasks
2007-03-25 23:14	<DIR>	d--------	C:\WINDOWS\system32\Restore
2007-03-25 23:14	<DIR>	d--------	C:\WINDOWS\system32\Macromed
2007-03-25 23:14	<DIR>	d--------	C:\WINDOWS\srchasst
2007-03-25 23:14	<DIR>	d--------	C:\Program Files\Movie Maker
2007-03-25 23:14	<DIR>	d--------	C:\Program Files\Common Files\MSSoap
2007-03-25 23:13	21,640	--a------	C:\WINDOWS\system32\emptyregdb.dat
2007-03-25 23:13	<DIR>	d--------	C:\WINDOWS\Registration
2007-03-25 23:12	97,792	--a------	C:\WINDOWS\system32\comrepl.dll
2007-03-25 23:12	9,728	--a------	C:\WINDOWS\system32\reset.exe
2007-03-25 23:12	80,384	--a------	C:\WINDOWS\system32\charmap.exe
2007-03-25 23:12	73,216	--a------	C:\WINDOWS\system32\avwav.dll
2007-03-25 23:12	605,696	--a------	C:\WINDOWS\system32\getuname.dll
2007-03-25 23:12	56,832	--a------	C:\WINDOWS\system32\sol.exe
2007-03-25 23:12	55,296	--a------	C:\WINDOWS\system32\freecell.exe
2007-03-25 23:12	54,272	--a------	C:\WINDOWS\system32\stclient.dll
2007-03-25 23:12	5,632	--a------	C:\WINDOWS\system32\write.exe
2007-03-25 23:12	5,120	--a------	C:\WINDOWS\system32\dcomcnfg.exe
2007-03-25 23:12	44,544	--a------	C:\WINDOWS\system32\hticons.dll
2007-03-25 23:12	4,096	--a------	C:\WINDOWS\system32\rdpcfgex.dll
2007-03-25 23:12	4,096	--a------	C:\WINDOWS\system32\mtxex.dll
2007-03-25 23:12	35,328	--a------	C:\WINDOWS\system32\winchat.exe
2007-03-25 23:12	33,792	--a------	C:\WINDOWS\system32\regini.exe
2007-03-25 23:12	25,600	--a------	C:\WINDOWS\system32\comaddin.dll
2007-03-25 23:12	25,088	--a------	C:\WINDOWS\system32\mtxlegih.dll
2007-03-25 23:12	227,840	--a------	C:\WINDOWS\system32\avtapi.dll
2007-03-25 23:12	22,016	--a------	C:\WINDOWS\system32\qwinsta.exe
2007-03-25 23:12	20,992	--a------	C:\WINDOWS\system32\msg.exe
2007-03-25 23:12	20,480	--a------	C:\WINDOWS\system32\mtxdm.dll
2007-03-25 23:12	16,896	--a------	C:\WINDOWS\system32\tsshutdn.exe
2007-03-25 23:12	16,896	--a------	C:\WINDOWS\system32\qappsrv.exe
2007-03-25 23:12	16,384	--a------	C:\WINDOWS\system32\tskill.exe
2007-03-25 23:12	16,384	--a------	C:\WINDOWS\system32\avmeter.dll
2007-03-25 23:12	15,872	--a------	C:\WINDOWS\system32\rwinsta.exe
2007-03-25 23:12	15,872	--a------	C:\WINDOWS\system32\cdmodem.dll
2007-03-25 23:12	15,360	--a------	C:\WINDOWS\system32\logoff.exe
2007-03-25 23:12	147,456	--a------	C:\WINDOWS\system32\comsnap.dll
2007-03-25 23:12	14,848	--a------	C:\WINDOWS\system32\tsdiscon.exe
2007-03-25 23:12	14,848	--a------	C:\WINDOWS\system32\tscon.exe
2007-03-25 23:12	14,848	--a------	C:\WINDOWS\system32\shadow.exe
2007-03-25 23:12	138,752	--a------	C:\WINDOWS\system32\sndvol32.exe
2007-03-25 23:12	126,976	--a------	C:\WINDOWS\system32\mshearts.exe
2007-03-25 23:12	119,808	--a------	C:\WINDOWS\system32\winmine.exe
2007-03-25 23:12	114,688	--a------	C:\WINDOWS\system32\calc.exe
2007-03-25 23:12	1,161	--a------	C:\WINDOWS\system32\usrlogon.cmd
2007-03-25 23:12	<DIR>	d--------	C:\Program Files\Online Services
2007-03-25 23:12	<DIR>	d--------	C:\Program Files\MSN Gaming Zone
2007-03-25 23:12	<DIR>	d--------	C:\Program Files\Messenger
2007-03-25 23:11	956,416	--a------	C:\WINDOWS\system32\msdtctm.dll
2007-03-25 23:11	93,696	--a------	C:\WINDOWS\system32\tscfgwmi.dll
2007-03-25 23:11	91,136	--a------	C:\WINDOWS\system32\mtxoci.dll
2007-03-25 23:11	87,176	--a------	C:\WINDOWS\system32\rdpwsx.dll
2007-03-25 23:11	85,504	--a------	C:\WINDOWS\system32\catsrvps.dll
2007-03-25 23:11	67,072	--a------	C:\WINDOWS\system32\rdshost.exe
2007-03-25 23:11	655,360	--a------	C:\WINDOWS\system32\mstscax.dll
2007-03-25 23:11	625,152	--a------	C:\WINDOWS\system32\catsrvut.dll
2007-03-25 23:11	62,464	--a------	C:\WINDOWS\system32\rdpclip.exe
2007-03-25 23:11	60,416	--a------	C:\WINDOWS\system32\remotepg.dll
2007-03-25 23:11	60,416	--a------	C:\WINDOWS\system32\colbact.dll
2007-03-25 23:11	6,144	--a------	C:\WINDOWS\system32\msdtc.exe
2007-03-25 23:11	58,880	--a------	C:\WINDOWS\system32\msdtclog.dll
2007-03-25 23:11	58,880	--a------	C:\WINDOWS\system32\licwmi.dll
2007-03-25 23:11	56,320	--a------	C:\WINDOWS\system32\servdeps.dll
2007-03-25 23:11	540,160	--a------	C:\WINDOWS\system32\comuid.dll
2007-03-25 23:11	538,624	--a------	C:\WINDOWS\system32\spider.exe
2007-03-25 23:11	498,688	--a------	C:\WINDOWS\system32\clbcatq.dll
2007-03-25 23:11	44,544	--a------	C:\WINDOWS\system32\tscupgrd.exe
2007-03-25 23:11	426,496	--a------	C:\WINDOWS\system32\msdtcprx.dll
2007-03-25 23:11	407,552	--a------	C:\WINDOWS\system32\mstsc.exe
2007-03-25 23:11	40,840	--a------	C:\WINDOWS\system32\drivers\termdd.sys
2007-03-25 23:11	38,912	--a------	C:\WINDOWS\system32\cfgbkend.dll
2007-03-25 23:11	347,136	--a------	C:\WINDOWS\system32\hypertrm.dll
2007-03-25 23:11	343,040	--a------	C:\WINDOWS\system32\mspaint.exe
2007-03-25 23:11	295,424	--a------	C:\WINDOWS\system32\termsrv.dll
2007-03-25 23:11	225,792	--a------	C:\WINDOWS\system32\catsrv.dll
2007-03-25 23:11	21,896	--a------	C:\WINDOWS\system32\drivers\tdtcp.sys
2007-03-25 23:11	20,480	--a------	C:\WINDOWS\system32\qprocess.exe
2007-03-25 23:11	196,864	--a------	C:\WINDOWS\system32\drivers\rdpdr.sys
2007-03-25 23:11	19,968	--a------	C:\WINDOWS\system32\rdpsnd.dll
2007-03-25 23:11	185,344	--a------	C:\WINDOWS\system32\cmprops.dll
2007-03-25 23:11	183,808	--a------	C:\WINDOWS\system32\accwiz.exe
2007-03-25 23:11	17,408	--a------	C:\WINDOWS\system32\mmfutil.dll
2007-03-25 23:11	161,280	--a------	C:\WINDOWS\system32\msdtcuiu.dll
2007-03-25 23:11	147,968	--a------	C:\WINDOWS\system32\rdchost.dll
2007-03-25 23:11	140,800	--a------	C:\WINDOWS\system32\sessmgr.exe
2007-03-25 23:11	139,528	--a------	C:\WINDOWS\system32\drivers\rdpwd.sys
2007-03-25 23:11	131,584	--a------	C:\WINDOWS\system32\sndrec32.exe
2007-03-25 23:11	13,824	--a------	C:\WINDOWS\system32\rdsaddin.exe
2007-03-25 23:11	123,392	--a------	C:\WINDOWS\system32\mplay32.exe
2007-03-25 23:11	12,040	--a------	C:\WINDOWS\system32\drivers\tdpipe.sys
2007-03-25 23:11	110,080	--a------	C:\WINDOWS\system32\clbcatex.dll
2007-03-25 23:11	11,776	--a------	C:\WINDOWS\system32\xolehlp.dll
2007-03-25 23:11	11,264	--a------	C:\WINDOWS\system32\icaapi.dll
2007-03-25 23:11	102,912	--a------	C:\WINDOWS\system32\clipbrd.exe
2007-03-25 23:11	1,267,200	--a------	C:\WINDOWS\system32\comsvcs.dll
2007-03-25 23:11	<DIR>	d--------	C:\WINDOWS\system32\MsDtc
2007-03-25 23:11	<DIR>	d--------	C:\WINDOWS\system32\Com
2007-03-25 23:11	<DIR>	d--------	C:\Program Files\Windows NT
 
 
((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-26 06:55	62	--ahs----	C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
2007-02-12 17:22	538256	--a------	C:\WINDOWS\system32\symneti.dll
2007-02-12 17:22	31888	--a------	C:\WINDOWS\system32\drivers\symids.sys
2007-02-12 17:22	28304	--a------	C:\WINDOWS\system32\drivers\symndis.sys
2007-02-12 17:22	24720	--a------	C:\WINDOWS\system32\drivers\symredrv.sys
2007-02-12 17:22	196752	--a------	C:\WINDOWS\system32\drivers\symtdi.sys
2007-02-12 17:22	161424	--a------	C:\WINDOWS\system32\symredir.dll
2007-02-12 17:22	12944	--a------	C:\WINDOWS\system32\drivers\symdns.sys
2007-02-12 17:22	110736	--a------	C:\WINDOWS\system32\drivers\symfw.sys
2007-01-19 12:53	51056	--a------	C:\WINDOWS\system32\sirenacm.dll
2007-01-08 19:01	17408	--a------	C:\WINDOWS\system32\corpol.dll
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe  /start"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\""
"Copperhead"="C:\\Program Files\\Razer\\Copperhead\\razerhid.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"Uptimer4"="C:\\Documents and Settings\\Administrator\\Desktop\\Junk Removers\\uptimer4\\uptimer4.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SoundService"="rundll32.exe \"C:\\WINDOWS\\system32\\mlplppms.dll\",setvm"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"PWRISOVM.EXE"="C:\\Program Files\\PowerISO\\PWRISOVM.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F0388F6-7635-4CD6-8B10-82DF3379386D}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter	REG_MULTI_SZ   	HTTPFilter\0\0
LocalService	REG_MULTI_SZ   	Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService	REG_MULTI_SZ   	DnsCache\0\0
DcomLaunch	REG_MULTI_SZ   	DcomLaunch\0TermService\0\0
rpcss	REG_MULTI_SZ   	RpcSs\0\0
imgsvc	REG_MULTI_SZ   	StiSvc\0\0
termsvcs	REG_MULTI_SZ   	TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Administrator.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-29 13:14:17
C:\ComboFix2.txt ... 07-03-29 11:46

sorry, didn't realise it was incomplete.

#11 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 March 2007 - 05:36 AM

Man the pc is lagging really bad. I'm not sure what to do and I need to use it cause of work that I have to complete and such. Thus I am reinstalling windows again. Using a friend's pc now to post here.

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 PM

Posted 29 March 2007 - 07:30 AM

Hi

Sorry, couldn't check results earlier. I just came from work and shall now begin your log checking.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 March 2007 - 09:01 AM

Lol haha its ok. Hey I'm still affected by the windows host script change thanks to the solow virus. Any idea on how to get rid those shell extensions?

By the way my pc is back online now but still getting those freaking errors.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:29 PM

Posted 29 March 2007 - 10:30 AM

Okay, let's go on.

To get rid of that "Error loading C:\WINDOWS\system32\mlplppms.dll" error

Start hjt, click do a system scan only, check:
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\system32\mlplppms.dll",setvm

Close all browsers and other windows and click fix checked.

That other error is caused by that Solow pest. Let's try to get rid of it. If some part is unclear, please ask and I try to explain it more clearly. :thumbsup:


First check if wscript.exe process is running:

1. On Windows NT, 2000, XP, and Server 2003, press
CTRL+SHIFT+ESC, then click the Processes tab.
2. In the list of running programs*, locate the process:
WSCRIPT.EXE
3. Select the malware process, then press either the End Task or the End Process button, depending on the version of Windows on your computer.
4. To check if the malware process has been terminated, close Task Manager, and then open it again.
5. Close Task Manager.


Then you need to delete register entries of that pest.

1. Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run
3. In the right panel, locate and delete the entry (on bolded part replace with filename from error message. I'll use fcuker.vbs as an example):
fcuker = "%Windows%\fcuker.vbs"
(Note: %Windows% is the default Windows folder, usually C:\Windows or C:\WINNT.)

If browser title has odd name do following part too, otherwise skip to Deleting autorun.inf part.

Deleting Other Entries from the Registry

1. Still in Registry Editor, in the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Internet Explorer>Main
2. In the right panel, locate and delete the entry:
Window Title = Same odd name which was in browser's titlebar
2. Close Registry Editor.


Deleting AUTORUN.INF

1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the Named input box, type:
AUTORUN.INF
3. In the Look In drop-down list, select My Computer, then press Enter.
4. Once located, select the file then open with Notepad. Check if it contains the following strings (replace bolded part with the filename which you saw in error message):
shellexecute=wscript.exe fcuker.vbs
5. If the said strings are found, close Notepad, select the file then press SHIFT+DELETE.

Note: Check all found autorun.inf files in same way.


Post a fresh hjt log.

Microsoft Windows Insider MVP 2016

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 DEFC0N

DEFC0N
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 March 2007 - 11:12 AM

Ok did what u stated and on the side note, trend micro's v2 hijackthis has a generic worm in it so my mcafee kills it without second though.

Logfile of HijackThis v1.99.1
Scan saved at 12:08:57 AM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Misc & Apps\Fixing your pc applications\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.jp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: 802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by DEFC0N, 29 March 2007 - 11:14 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users