Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer And Pop Up And Everything Else


  • This topic is locked This topic is locked
10 replies to this topic

#1 calm2chaos

calm2chaos

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 21 April 2007 - 08:05 PM

ive gotten what I can but I am being overun with malware and viruses.. need helppppppppppppp
Norton picked up a ton got rid of sum but not all

Logfile of HijackThis v1.99.1
Scan saved at 8:39:12 PM, on 21/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchosts.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\v7.exe
C:\Program Files\Common Files\{44166512-035F-4105-0611-020120040002}\Update.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\vwsrv.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
C:\PROGRA~1\COMMON~1\zokq\zokqa.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\augmxqvn.dll",setvm
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [zthocvj.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\zthocvj.dll,leontwd
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINNT\system32\drvwec.dll,startup
O4 - HKLM\..\Run: [{44166512-035F-4105-0611-020120040002}] "C:\Program Files\Common Files\{44166512-035F-4105-0611-020120040002}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [ntdll.dll] v7
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ra.ricoh-usa.com/webmail/iNotes6W.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ra.ricoh-usa.com/postauthI/epi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176593639230
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\QWRtaW5pc3RyYXRvcg\command.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINNT\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: vwservice - Unknown owner - C:\WINNT\system32\vwsrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 22 April 2007 - 06:25 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Quick note before we begin: you have a badly infected computer, so this process will not be instant, we may need to run a few tools and scanners before we get rid of all of the malware.

Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Please move HijackThis to a permanent folder. Anywhere is fine, other than your Desktop or a temporary folder. If it is in one of these locations, there is a risk that you may accidentally delete the backups; which may be needed if we fix something we're not meant to.
If you use Windows XP it may be that you just double clicked on the HijackThis.exe file, but this only extracts the file to a temporary folder. If you right click on it and select Extract, you can choose a folder to place it in.

How to make a permanent folder:
Click Start | My Computer | Local Disk (C: ) | Program Files.
In the menu bar at the top, go to File | New | Folder.
That will create a folder named "New Folder", which you can rename to "HijackThis". You have now created C:\Program Files\HijackThis.
Now get your HijackThis.exe file and place it in your folder.

Download Delcmdservice to your Desktop.
Now, unpack delcmdservice folder to you Desktop. (Click here for information for how to unpack files)
Open the delcmdservice folder on your Desktop and double-click on DelReg.bat, a DOS-window will open and rapidly close - this is normal.
Now close the program.

Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Open the extracted SDFix folder and double click runThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any key and it will restart the PC.
When the PC restarts the fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post this in your next reply, along with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 calm2chaos

calm2chaos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 22 April 2007 - 12:41 PM

OK all done .. But there were issues......
1.) im getting a warning on bootup about a error loading C:\winnt
system32\augmxqvn.dll

I have looked for this dll online and have found nothing so i am assuming it's a dll of some spyware or virus that got removed

2.) I am also getting Cannot find file C:\program' (or one of its components) make sure path and filename are correct and that all required libraries are available

3.) After the reboot and SDFix finished I got "Buffer Overrun" C:\winnt\explorer.exe..... It then would close everything and I was stuck on my blue load screen but the icons for the desk top would not appear. However notices from my zone alarm and a google update did apear, just no icons. I finally got it to boot but I had to leave the rundll error up, im afraid if I click it im going to get another over run

Also when I boot up now I keep getting the connection wizard for the internet. No big deal just found it odd..

I am also getting a red circle with an exclamation mark in my systray, ut says that i may be infected with spywar...LOL I am assuming it is spyware but I havent a clue

And last but not least Hijack this creates an error and shuts down at the end of the scan.. is that supposed to happen?

Hope your in the mood for a challenge..LOL here are the two log files


SDFix Log File

SDFix: Version 1.79

Run by Administrator - Sun 22/04/2007 - 12:43:13.13

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages

ImagePath:
"C:\WINNT\system32\svchosts.exe" -e mc-110-12-0000272

COM+ Messages - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\Administrator\Local Settings\Temp\mst50.bat - Deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\mst50.tmp - Deleted
C:\WINNT\Temp\win3DA.tmp.exe - Deleted
C:\WINNT\Temp\win3DC.tmp.exe - Deleted
C:\WINNT\Temp\win3E1.tmp.exe - Deleted
C:\WINNT\Temp\win3E3.tmp.exe - Deleted
C:\WINNT\Temp\win805.tmp.exe - Deleted
C:\WINNT\Temp\winC3D.tmp.exe - Deleted
C:\WINNT\Temp\winC42.tmp.exe - Deleted
C:\WINNT\Temp\winC48.tmp.exe - Deleted
C:\WINNT\Temp\winC4B.tmp.exe - Deleted
C:\WINNT\Temp\winC4D.tmp.exe - Deleted
C:\WINNT\Temp\winC52.tmp.exe - Deleted
C:\WINNT\Temp\win3DA.tmp.exe - Deleted
C:\WINNT\Temp\win3DC.tmp.exe - Deleted
C:\WINNT\Temp\win3E1.tmp.exe - Deleted
C:\WINNT\Temp\win3E3.tmp.exe - Deleted
C:\WINNT\Temp\win805.tmp.exe - Deleted
C:\WINNT\Temp\winC3D.tmp.exe - Deleted
C:\WINNT\Temp\winC42.tmp.exe - Deleted
C:\WINNT\Temp\winC48.tmp.exe - Deleted
C:\WINNT\Temp\winC4B.tmp.exe - Deleted
C:\WINNT\Temp\winC4D.tmp.exe - Deleted
C:\WINNT\Temp\winC52.tmp.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp\jinstall-1_5_0_11.inf - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp\jinstall.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win52.tmp.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win54.tmp.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win58.tmp.exe - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\win5A.tmp.exe - Deleted
C:\Program Files\Common Files\svchost.exe - Deleted
C:\WINNT\svchost.exe - Deleted
C:\WINNT\system32\svchosts.exe - Deleted
C:\WINNT\system32\unsvchosts.lzma - Deleted
C:\WINNT\system32\v7.exe - Deleted
C:\WINNT\Temp\removalfile.bat - Deleted
C:\WINNT\Temp\win*.tmp - Deleted


Folder C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ICD1.tmp - Removed

Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINNT\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINNT\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\WINNT\system32\yabay.dll
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\?ystem\regedit.exe
C:\WINNT\?racle\w?auclt.exe

Finished

Hijack This Log File


Logfile of HijackThis v1.99.1
Scan saved at 1:20:53 PM, on 22/04/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\vwsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Common Files\{44166512-035F-4105-0611-020120040002}\Update.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\YSTEM~1\regedit.exe
C:\WINNT\?racle\w?auclt.exe
C:\New Folder\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINNT\system32\augmxqvn.dll",setvm
O4 - HKLM\..\Run: [{44166512-035F-4105-0611-020120040002}] "C:\Program Files\Common Files\{44166512-035F-4105-0611-020120040002}\Update.exe" mc-110-12-0000272
O4 - HKLM\..\Run: [ntdll.dll] v7
O4 - HKLM\..\Run: [rwvvunb.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rwvvunb.dll,yeykmid
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINNT\system32\drvrot.dll,startup
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
O4 - HKCU\..\Run: [Rcos] "C:\PROGRA~1\COMMON~1\YSTEM~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Rfm] C:\WINNT\?racle\w?auclt.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ra.ricoh-usa.com/webmail/iNotes6W.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ra.ricoh-usa.com/postauthI/epi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176593639230
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: vwservice - Unknown owner - C:\WINNT\system32\vwsrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 22 April 2007 - 01:36 PM

Two more logs please before we continue :thumbsup:
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Please download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.

Now, please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.

Once in Safe Mode, open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please include rapport.txt, along with a new HijackThis log and the ComboFix log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 calm2chaos

calm2chaos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 22 April 2007 - 06:28 PM

Not sure if the Combofix worked. Everytime it tries to run, nortons asks if I want to allow the script to run or not... Well here are all three logs.


HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 19:19, on 07-04-22
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINNT\system32\vwsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: (no name) - {052B595C-9AEF-B794-1077-0AFC1A5FB237} - C:\WINNT\system32\rwvvunb.dll
O2 - BHO: (no name) - {120E4609-50D9-1FDD-FB4F-084CEE06CE13} - C:\WINNT\system32\svxwdgf.dll
O2 - BHO: (no name) - {14266034-6237-42B0-823E-9575A3FB77De} - C:\WINNT\system32\aaypokga.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINNT\system32\rufdfsuf.dll (file missing)
O2 - BHO: (no name) - {17E1A93C-658C-3575-A338-66E33CE6FFCD} - C:\WINNT\system32\twqp.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {3A4260B3-4F1F-C099-60CE-04DE2E75A91A} - C:\WINNT\system32\akxsurc.dll
O2 - BHO: (no name) - {50ED3F53-1B6C-9D0D-BB57-090CD5F17F27} - C:\WINNT\system32\aqvzmqi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D4DC6C-5850-BCAA-6488-0035CA704315} - C:\WINNT\system32\swcxqzm.dll
O2 - BHO: (no name) - {6F43F6CA-4098-CA81-804E-0A9889D05A25} - C:\WINNT\system32\zthocvj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe SetReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [rwvvunb.dll] C:\WINNT\system32\rundll32.exe C:\WINNT\system32\rwvvunb.dll,yeykmid
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
O4 - HKCU\..\Run: [Rcos] "C:\PROGRA~1\COMMON~1\YSTEM~1\regedit.exe" -vt yazb
O4 - HKCU\..\Run: [Rfm] C:\WINNT\?racle\w?auclt.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://ra.ricoh-usa.com/webmail/iNotes6W.cab
O16 - DPF: {5EDB10D9-7E95-4833-A218-62F375DAFCF1} (Aventail Installer ) - https://ra.ricoh-usa.com/postauthI/epi.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176593639230
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: vwservice - Unknown owner - C:\WINNT\system32\vwsrv.exe
O23 - Service: WUSB54GCSVC - Unknown owner - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe" "WUSB54GC.exe (file missing)

RAPPORT

SmitFraudFix v2.171

Scan done at 18:54:41.25, Sun 22/04/2007
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts

127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{27164616-4BCC-458F-AE16-84D757E0D2EA}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CCS\Services\Tcpip\..\{55F09EC4-835E-40AF-BC4F-4D16C0B1A806}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{27164616-4BCC-458F-AE16-84D757E0D2EA}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\..\{55F09EC4-835E-40AF-BC4F-4D16C0B1A806}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{27164616-4BCC-458F-AE16-84D757E0D2EA}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\..\{55F09EC4-835E-40AF-BC4F-4D16C0B1A806}: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=207.172.3.8 207.172.3.9


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


COMBOFIX

The only txt I found was named "Error". Here it is.

1 file(s) copied.

Delete of value 'disableregistrytools' in 'hkcu\software\microsoft\windows\currentversion\policies\system' failed

C:\DOCUME~1\DEFAUL~1\APPLIC~1
Active code page: 437
Active code page: 850

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\microsoft\windows\currentversion\uninstall\webnexus does not exist!

FINDSTR: Cannot open C:\DOCUME~1\ALLUSE~1\APPLIC~1.\adobe\*
FINDSTR: Cannot open C:\DOCUME~1\ALLUSE~1\APPLIC~1.\adobe\*
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".
FINDSTR: Line 1 is too long.
FINDSTR: Line 1 is too long.
FINDSTR: Line 1 is too long.
FINDSTR: Line 1 is too long.
FINDSTR: Line 1 is too long.
vfind: improper date specification '+200-1-11-07'

[vfind, 5.2 2002-11-15]

Find matching filenames in a directory tree.

usage: vfind [option...] [path\]file...

Options:
-? Show information about this program.
-a Print all matching entries.
-A Print all matching entries except "." and "..".
-d[+|-|!]D Find files modified after/before/not date D.
-l Long listing.
-m Show short DOS names.
-n Show list summary.
-r Do not recursively search subdirectories.
-s[+|-|!]N File size [more/less/not] N bytes.
-t[!]T... Find entried [not] of type T, which is one of more of
these criteria combined (or-ed) together:
a Archive
c Compressed
d Directory
f File
h Hidden
r Read only
s System
v Volume label
w Writable
-v Verbose output.

Filenames can contain wildcard characters:
? Matches any single character (including '.').
* Matches zero or more characters (including '.').
[abc] Matches 'a', 'b', or 'c'.
[a-z] Matches 'a' through 'z'.
[!a-z] Matches any character except 'a' thru 'z'.
`X Matches X exactly (which may be a wildcard character).
!X Matches any filename except X.

Date 'D' is of the form "[YY]YY[-MM[-DD]][:HH[:MM[:SS]]]".

SteelWerX Registry Console Tool 2.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\winpcap does not exist!

"C:\Program Files\Common Files\Yazzle1162OinAdmin.exe"
"C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe"
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\Common Files\{44166~1\system.dll
C:\Program Files\Common Files\{44166~1\Update.exe
"C:\Program Files\Common Files\svchost.exe"
"C:\WINNT\system32\unsvchosts.lzma"
"C:\WINNT\system32\v7.exe"
"C:\WINNT\svchost.exe"
"C:\Program Files\outerinfo"
"C:\Program Files\Common Files\{44166~1"
Could Not Find C:\DOCUME~1\ALLUSE~1\STARTM~1\-d743~1.lnk
Could Not Find C:\DOCUME~1\ALLUSE~1\STARTM~1\4bb6~1.lnk
Could Not Find C:\Documents and Settings\-83f1~1.url
C:\WINNT\system32\yabay.dll
C:\WINNT\system32\ddccaxu.dll

Handle v3.11
Copyright © 1997-2005 Mark Russinovich
Sysinternals - www.sysinternals.com

No matching handles found.

Handle v3.11
Copyright © 1997-2005 Mark Russinovich
Sysinternals - www.sysinternals.com

9C: File C:\WINNT\system32\vsdatant.sys
Close handle 9C in System (PID 8)? (y/n)
Handle closed.
/\v@
C:\WINNT\system32\yabay.dll will be moved to \QooBox\Quarantine\C\WINNT\system32\yabay.dll.vir at next reboot.

To undo this, start regedt32.exe and delete value PendingFileRenameOperations
in key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager.
SteelWerX Service Controller 2.0
Written by Bobbi Flekman 2006

System Error. Code: 1060.
The specified service does not exist as an installed service

1 file(s) copied.
1 file(s) copied.
1 file(s) copied.
FINDSTR: Cannot open C:\Program Files\Common Files\?ystem
FINDSTR: Cannot open C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\*.lnk


Lemme know if I screwed something up i'll run it again..


By the way... THANK YOU... For ALL the help.. I do apprieciate it

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 23 April 2007 - 01:40 AM

Can you try running ComboFix again, making sure that you allow it with Norton.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 calm2chaos

calm2chaos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 23 April 2007 - 03:43 PM

New Combo Fix Log

This one worked but i did get an error message in the begining.

"Cannot import creg.cf: Error accesing the registry" After I clicked ok however it worked smooth


"Administrator" - Mon 2007-04-23 16:34:46 Service Pack 4
ComboFix 07-04-21.2V - Running from: C:\Documents and Settings\Administrator\Desktop\


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\system32\geeba.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\Program Files\Common Files\CURITY~1
C:\qoobox\purity\C\Program Files\Common Files\YSTEM~1
C:\qoobox\purity\C\WINNT\RACLE~1
C:\qoobox\purity\C\WINNT\STEM32~1


((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))


2007-04-22 18:54 3,160 --a------ C:\WINNT\system32\tmp.reg
2007-04-22 11:37 <DIR> d-------- C:\New Folder
2007-04-22 11:31 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-04-22 11:30 75,512 --a------ C:\WINNT\zllsputility.exe
2007-04-22 11:30 60,928 --a------ C:\WINNT\system32\twqp.dll
2007-04-22 11:30 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-04-22 11:30 1,087,216 --a------ C:\WINNT\system32\zpeng24.dll
2007-04-22 11:30 <DIR> d-a------ C:\WINNT\system32\ZoneLabs
2007-04-22 11:29 93,696 --a------ C:\WINNT\system32\drvrot.dll
2007-04-22 11:29 86,528 --a------ C:\WINNT\system32\rwvvunb.dll
2007-04-22 11:29 64,000 --a------ C:\WINNT\system32\swcxqzm.dll
2007-04-22 11:29 <DIR> d-a------ C:\WINNT\Internet Logs
2007-04-21 19:01 1,645,320 --a------ C:\WINNT\system32\gdiplus.dll
2007-04-21 17:19 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2007-04-21 17:17 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.housecall6.6
2007-04-21 17:12 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
2007-04-21 16:53 <DIR> d-------- C:\Program Files\Common Files\zokq
2007-04-21 16:37 <DIR> d--hs---- C:\WINNT\QWRtaW5pc3RyYXRvcg
2007-04-21 16:19 7,168 --a------ C:\WINNT\system32\vwsrv.exe
2007-04-21 16:12 86,016 --a------ C:\WINNT\system32\zthocvj.dll
2007-04-21 16:12 62,976 --a------ C:\WINNT\system32\akxsurc.dll
2007-04-21 15:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-04-21 14:37 <DIR> d--h----- C:\WINNT\PIF
2007-04-18 07:45 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.SygateTmpYY
2007-04-18 07:44 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Aventail
2007-04-18 07:43 2 --a------ C:\WINNT\system32\wnstsicomsv.exe
2007-04-18 07:42 86,016 --a------ C:\WINNT\system32\rssusye.dll
2007-04-18 07:42 64,000 --a------ C:\WINNT\system32\aqvzmqi.dll
2007-04-17 19:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-16 21:26 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-04-16 21:04 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-15 22:19 17,920 --a------ C:\WINNT\system32\mdimon.dll
2007-04-15 22:17 <DIR> d-------- C:\WINNT\SHELLNEW
2007-04-15 22:15 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-15 22:10 <DIR> dr-h----- C:\MSOCache
2007-04-15 17:30 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-04-15 17:18 94,208 --a------ C:\WINNT\system32\GTW32N50.dll
2007-04-15 17:18 32,768 --a------ C:\WINNT\system32\GTGina.dll
2007-04-15 17:18 245,248 --a------ C:\WINNT\system32\rt73.sys
2007-04-15 17:18 245,248 --a------ C:\WINNT\system32\drivers\rt73.sys
2007-04-15 17:18 19,387 --a------ C:\WINNT\system32\drivers\AegisP.sys
2007-04-15 17:18 17,992 --a------ C:\WINNT\system32\drivers\bcm42rly.sys
2007-04-15 17:18 17,992 --a------ C:\WINNT\system32\bcm42rly.sys
2007-04-15 17:18 17,992 --a------ C:\WINNT\bcm42rly.sys
2007-04-15 17:18 15,872 --a------ C:\WINNT\system32\GTNDIS5.sys
2007-04-15 17:17 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-15 17:17 <DIR> d-------- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2007-04-15 17:11 46,992 --a------ C:\WINNT\system32\drivers\i8042prt.sys
2007-04-15 17:11 21,776 --a------ C:\WINNT\system32\drivers\mouclass.sys
2007-04-15 17:11 12,288 -ra------ C:\WINNT\system32\drivers\Amps2prt.sys
2007-04-15 17:11 <DIR> d-------- C:\Program Files\Mouse
2007-04-15 16:25 <DIR> d-------- C:\Program Files\SymNetDrv
2007-04-15 15:58 91,904 --a------ C:\WINNT\system32\S32EVNT1.DLL
2007-04-15 15:58 124,016 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2007-04-15 15:58 <DIR> d-------- C:\Program Files\Norton SystemWorks
2007-04-15 15:58 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-04-15 15:57 <DIR> d-------- C:\Program Files\Symantec
2007-04-15 14:51 86,528 --a------ C:\WINNT\system32\wikkzmf.dll
2007-04-15 14:51 63,488 --a------ C:\WINNT\system32\svxwdgf.dll
2007-04-15 14:48 <DIR> d-------- C:\Programme
2007-04-15 14:40 <DIR> d-------- C:\Program Files\BitComet
2007-04-15 14:40 <DIR> d-------- C:\Downloads
2007-04-15 12:59 10,344 --a------ C:\WINNT\system32\drivers\symlcbrd.sys
2007-04-15 12:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-04-15 12:58 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-04-15 12:45 997,888 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-04-15 12:45 981,504 --a------ C:\WINNT\system32\wmnetmgr.dll
2007-04-15 12:45 98,304 --a------ C:\WINNT\system32\wmpshell.dll
2007-04-15 12:45 892,416 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-04-15 12:45 82,432 --a------ C:\WINNT\system32\drmstor.dll
2007-04-15 12:45 816,264 --a------ C:\WINNT\system32\wmvdmod.dll
2007-04-15 12:45 81,408 --a------ C:\WINNT\system32\logagent.exe
2007-04-15 12:45 760,968 --a------ C:\WINNT\system32\wmsdmod.dll
2007-04-15 12:45 7,680 --a------ C:\WINNT\system32\asferror.dll
2007-04-15 12:45 678,912 --a------ C:\WINNT\system32\drmv2clt.dll
2007-04-15 12:45 670,208 --a------ C:\WINNT\system32\wmadmoe.dll
2007-04-15 12:45 6,656 --a------ C:\WINNT\system32\laprxy.dll
2007-04-15 12:45 58,000 --a------ C:\WINNT\system32\drivers\cdr4_2K.sys
2007-04-15 12:45 57,344 --a------ C:\WINNT\uneng.exe
2007-04-15 12:45 52,224 --a------ C:\WINNT\system32\mspmsnsv.dll
2007-04-15 12:45 49,152 --a------ C:\WINNT\system32\cdrtc.dll
2007-04-15 12:45 486,536 --a------ C:\WINNT\system32\wmspdmod.dll
2007-04-15 12:45 45,056 --a------ C:\WINNT\system32\cdral.dll
2007-04-15 12:45 410,248 --a------ C:\WINNT\system32\wmadmod.dll
2007-04-15 12:45 401,462 --a------ C:\WINNT\system32\Msvcp60.dll
2007-04-15 12:45 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-04-15 12:45 358,912 --a------ C:\WINNT\system32\msscp.dll
2007-04-15 12:45 316,040 --a------ C:\WINNT\system32\mp43dmod.dll
2007-04-15 12:45 301,712 --a------ C:\WINNT\system32\drmclien.dll
2007-04-15 12:45 27,136 --a------ C:\WINNT\system32\wmdmlog.dll
2007-04-15 12:45 253,952 --a------ C:\WINNT\system32\msnetobj.dll
2007-04-15 12:45 245,760 --a------ C:\WINNT\system32\mswmdm.dll
2007-04-15 12:45 241,664 --a------ C:\WINNT\system32\mpg4dmod.dll
2007-04-15 12:45 232,960 --a------ C:\WINNT\system32\blackbox.dll
2007-04-15 12:45 23,552 --a------ C:\WINNT\system32\wmdmps.dll
2007-04-15 12:45 23,420 --a------ C:\WINNT\system32\drivers\cdralw2k.sys
2007-04-15 12:45 225,280 --a------ C:\WINNT\system32\wmpdxm.dll
2007-04-15 12:45 218,112 --a------ C:\WINNT\system32\wmasf.dll
2007-04-15 12:45 201,728 --a------ C:\WINNT\system32\mspmsp.dll
2007-04-15 12:45 20,480 --a------ C:\WINNT\system32\wmpui.dll
2007-04-15 12:45 20,480 --a------ C:\WINNT\system32\wmpcore.dll
2007-04-15 12:45 20,480 --a------ C:\WINNT\system32\wmpcd.dll
2007-04-15 12:45 2,940,928 --a------ C:\WINNT\system32\wmploc.dll
2007-04-15 12:45 167,936 --a------ C:\WINNT\system32\wmerror.dll
2007-04-15 12:45 159,232 --a------ C:\WINNT\system32\CEWMDM.dll
2007-04-15 12:45 143,360 --a------ C:\WINNT\system32\wmidx.dll
2007-04-15 12:45 106,496 --a------ C:\WINNT\system32\wmpasf.dll
2007-04-15 12:45 1,111,040 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-04-15 12:45 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2007-04-15 12:23 98,816 --a------ C:\WINNT\system32\dmstyle.dll
2007-04-15 12:23 974,848 --a------ C:\WINNT\system32\dxdiag.exe
2007-04-15 12:23 83,968 --a------ C:\WINNT\system32\drivers\nabtsfec.sys
2007-04-15 12:23 80,896 --a------ C:\WINNT\system32\dpvsetup.exe
2007-04-15 12:23 797,184 --a------ C:\WINNT\system32\d3dim700.dll
2007-04-15 12:23 76,800 --a------ C:\WINNT\system32\dmscript.dll
2007-04-15 12:23 733,184 --a------ C:\WINNT\system32\qedwipes.dll
2007-04-15 12:23 7,424 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2007-04-15 12:23 7,168 --a------ C:\WINNT\system32\d3d8thk.dll
2007-04-15 12:23 68,096 --a------ C:\WINNT\system32\dsdmoprp.dll
2007-04-15 12:23 68,096 --a------ C:\WINNT\system32\dpnhupnp.dll
2007-04-15 12:23 64,512 --a------ C:\WINNT\system32\amstream.dll
2007-04-15 12:23 602,624 --a------ C:\WINNT\system32\dx7vb.dll
2007-04-15 12:23 591,120 --a------ C:\WINNT\system32\d3dramp.dll
2007-04-15 12:23 58,368 --a------ C:\WINNT\system32\dmcompos.dll
2007-04-15 12:23 57,856 --a------ C:\WINNT\system32\dpwsockx.dll
2007-04-15 12:23 56,832 --a------ C:\WINNT\system32\drivers\msdv.sys
2007-04-15 12:23 53,248 --a------ C:\WINNT\system32\devenum.dll
2007-04-15 12:23 524,800 --a------ C:\WINNT\system32\qedit.dll
2007-04-15 12:23 5,504 --a------ C:\WINNT\system32\drivers\mstee.sys
2007-04-15 12:23 5,248 --a------ C:\WINNT\system32\drivers\mspclock.sys
2007-04-15 12:23 49,424 --a------ C:\WINNT\system32\d3dxof.dll
2007-04-15 12:23 480,256 --a------ C:\WINNT\system32\msvidctl.dll
2007-04-15 12:23 48,512 --a------ C:\WINNT\system32\drivers\stream.sys
2007-04-15 12:23 47,104 --a------ C:\WINNT\system32\wstdecod.dll
2007-04-15 12:23 46,592 --a------ C:\WINNT\system32\dxdllreg.exe
2007-04-15 12:23 446,224 --a------ C:\WINNT\system32\d3dim.dll
2007-04-15 12:23 44,032 --a------ C:\WINNT\system32\dimap.dll
2007-04-15 12:23 4,096 --a------ C:\WINNT\system32\ksuser.dll
2007-04-15 12:23 4,096 --a------ C:\WINNT\system32\drivers\swenum.sys
2007-04-15 12:23 386,048 --a------ C:\WINNT\system32\diactfrm.dll
2007-04-15 12:23 382,976 --a------ C:\WINNT\system32\qdvd.dll
2007-04-15 12:23 377,856 --a------ C:\WINNT\system32\dpnet.dll
2007-04-15 12:23 37,648 --a------ C:\WINNT\system32\d3dpmesh.dll
2007-04-15 12:23 364,816 --a------ C:\WINNT\system32\d3drm.dll
2007-04-15 12:23 363,520 --a------ C:\WINNT\system32\dsound.dll
2007-04-15 12:23 354,816 --a------ C:\WINNT\system32\psisdecd.dll
2007-04-15 12:23 34,304 --a------ C:\WINNT\system32\mciqtz32.dll
2007-04-15 12:23 33,280 --a------ C:\WINNT\system32\dmloader.dll
2007-04-15 12:23 32,768 --a------ C:\WINNT\system32\dpnhpast.dll
2007-04-15 12:23 31,744 --a------ C:\WINNT\system32\pid.dll
2007-04-15 12:23 3,072 --a------ C:\WINNT\system32\dpnlobby.dll
2007-04-15 12:23 3,072 --a------ C:\WINNT\system32\dpnaddr.dll
2007-04-15 12:23 28,160 --a------ C:\WINNT\system32\dplaysvr.exe
2007-04-15 12:23 276,480 --a------ C:\WINNT\system32\qdv.dll
2007-04-15 12:23 27,136 --a------ C:\WINNT\system32\dmband.dll
2007-04-15 12:23 265,728 --a------ C:\WINNT\system32\ddraw.dll
2007-04-15 12:23 241,664 --a------ C:\WINNT\system32\qasf.dll
2007-04-15 12:23 230,400 --a------ C:\WINNT\system32\dplayx.dll
2007-04-15 12:23 22,016 --a------ C:\WINNT\system32\dpmodemx.dll
2007-04-15 12:23 206,336 --a------ C:\WINNT\system32\gcdef.dll
2007-04-15 12:23 203,264 --a------ C:\WINNT\system32\dpvoice.dll
2007-04-15 12:23 194,560 --a------ C:\WINNT\system32\mswebdvd.dll
2007-04-15 12:23 19,968 --a------ C:\WINNT\system32\dpvacm.dll
2007-04-15 12:23 186,880 --a------ C:\WINNT\system32\dsdmo.dll
2007-04-15 12:23 181,248 --a------ C:\WINNT\system32\dmime.dll
2007-04-15 12:23 18,944 --a------ C:\WINNT\system32\encapi.dll
2007-04-15 12:23 18,688 --a------ C:\WINNT\system32\drivers\wstcodec.sys
2007-04-15 12:23 18,432 --a------ C:\WINNT\system32\dswave.dll
2007-04-15 12:23 177,152 --a------ C:\WINNT\system32\qcap.dll
2007-04-15 12:23 166,400 --a------ C:\WINNT\system32\dinput8.dll
2007-04-15 12:23 16,896 --a------ C:\WINNT\system32\msyuv.dll
2007-04-15 12:23 16,896 --a------ C:\WINNT\system32\dpnsvr.exe
2007-04-15 12:23 16,384 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2007-04-15 12:23 150,016 --a------ C:\WINNT\system32\dinput.dll
2007-04-15 12:23 15,104 --a------ C:\WINNT\system32\drivers\mpe.sys
2007-04-15 12:23 14,976 --a------ C:\WINNT\system32\drivers\streamip.sys
2007-04-15 12:23 130,304 --a------ C:\WINNT\system32\drivers\ks.sys
2007-04-15 12:23 13,312 --a------ C:\WINNT\system32\msdmo.dll
2007-04-15 12:23 112,128 --a------ C:\WINNT\system32\dpvvox.dll
2007-04-15 12:23 11,392 --a------ C:\WINNT\system32\drivers\bdasup.sys
2007-04-15 12:23 104,448 --a------ C:\WINNT\system32\dmusic.dll
2007-04-15 12:23 100,864 --a------ C:\WINNT\system32\dmsynth.dll
2007-04-15 12:23 10,880 --a------ C:\WINNT\system32\drivers\slip.sys
2007-04-15 12:23 10,112 --a------ C:\WINNT\system32\drivers\ndisip.sys
2007-04-15 12:23 1,769,472 --a------ C:\WINNT\system32\dxdiagn.dll
2007-04-15 12:23 1,689,600 --a------ C:\WINNT\system32\d3d9.dll
2007-04-15 12:23 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2007-04-15 12:23 1,227,776 --a------ C:\WINNT\system32\quartz.dll
2007-04-15 12:23 1,189,888 --a------ C:\WINNT\system32\dx8vb.dll
2007-04-15 12:23 1,179,648 --a------ C:\WINNT\system32\d3d8.dll
2007-04-15 12:20 <DIR> d-------- C:\WINNT\system32\directx
2007-04-15 12:18 <DIR> d-------- C:\Program Files\Lavasoft
2007-04-15 12:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-14 23:11 13,744 --a------ C:\WINNT\system32\drivers\kbdhid.sys
2007-04-14 21:12 <DIR> d-------- C:\WINNT\winsxs
2007-04-14 21:12 <DIR> d-------- C:\WINNT\PCHEALTH
2007-04-14 21:10 <DIR> d-------- C:\WINNT\system32\URTTemp
2007-04-14 20:10 8,192 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-04-14 20:09 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2007-04-14 20:08 <DIR> d-------- C:\WINNT\mui
2007-04-14 20:06 <DIR> d-------- C:\WINNT\system32\Windows Media
2007-04-14 20:05 22,752 --a------ C:\WINNT\system32\spupdsvc.exe
2007-04-14 20:05 <DIR> d--h-c--- C:\WINNT\$NtUpdateRollupPackUninstall$
2007-04-14 20:05 <DIR> d-------- C:\WINNT\msiinst.tmp
2007-04-14 19:54 <DIR> d-------- C:\Program Files\Winamp
2007-04-14 19:53 <DIR> d-------- C:\Program Files\Google
2007-04-14 19:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-04-14 19:53 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-04-14 19:52 <DIR> d--hs---- C:\RECYCLER
2007-04-14 19:48 <DIR> d-------- C:\WINNT\system32\BITS
2007-04-14 19:34 465,176 --a------ C:\WINNT\system32\wuapi.dll
2007-04-14 19:34 41,240 --a------ C:\WINNT\system32\wups.dll
2007-04-14 19:34 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2007-04-14 19:34 18,200 --a------ C:\WINNT\system32\wups2.dll
2007-04-14 19:34 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2007-04-14 19:34 127,256 --a------ C:\WINNT\system32\wucltui.dll
2007-04-14 19:34 <DIR> d-------- C:\WINNT\SoftwareDistribution
2007-04-14 19:32 <DIR> d-------- C:\WINNT\system32\Macromed
2007-04-14 19:27 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-04-14 19:16 <DIR> d-------- C:\WINNT\RegisteredPackages
2007-04-14 19:14 <DIR> d--h----- C:\WINNT\msdownld.tmp
2007-04-14 19:14 <DIR> d-------- C:\WINNT\Windows Update Setup Files
2007-04-14 19:06 18,048 -ra------ C:\WINNT\system32\drivers\USB200M2.sys
2007-04-14 18:59 176,128 --a------ C:\WINNT\system32\nvudisp.exe
2007-04-14 18:59 <DIR> d-------- C:\WINNT\nview
2007-04-14 18:58 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-14 18:56 1,298,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-04-14 18:56 <DIR> d--hs---- C:\WINNT\Installer
2007-04-14 18:56 <DIR> d--h----- C:\WINNT\system32\GroupPolicy
2007-04-14 16:43 <DIR> d-------- C:\WINNT\system32\NtmsData
2007-04-14 16:42 <DIR> d--hs---- C:\WINNT\CSC
2007-04-14 16:42 <DIR> d--hs---- C:\System Volume Information
2007-04-14 16:38 <DIR> d-------- C:\WINNT\system32\rpcproxy
2007-04-14 16:38 <DIR> d-------- C:\WINNT\system32\rocket
2007-04-14 16:38 <DIR> d-------- C:\WINNT\system32\inetsrv
2007-04-14 16:38 <DIR> d-------- C:\WINNT\mww32
2007-04-14 16:38 <DIR> d-------- C:\WINNT\ime
2007-04-14 16:38 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-14 16:37 122,880 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-14 16:37 0 -rahs---- C:\MSDOS.SYS
2007-04-14 16:37 0 -rahs---- C:\IO.SYS
2007-04-14 16:37 0 ---h----- C:\CONFIG.SYS
2007-04-14 16:37 0 ---h----- C:\AUTOEXEC.BAT
2007-04-14 16:36 63,248 --a------ C:\WINNT\system32\ils.dll
2007-04-14 16:36 57,104 --a------ C:\WINNT\system32\icwdial.dll
2007-04-14 16:36 53,520 --a------ C:\WINNT\system32\msconf.dll
2007-04-14 16:36 5,904 --a------ C:\WINNT\system32\icfgnt5.dll
2007-04-14 16:36 49,424 --a------ C:\WINNT\system32\icwphbk.dll
2007-04-14 16:36 32,880 --a------ C:\WINNT\system32\mnmdd.dll
2007-04-14 16:36 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-04-14 16:36 251,152 --a------ C:\WINNT\system32\inetcfg.dll
2007-04-14 16:36 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-04-14 16:36 131,072 --a------ C:\WINNT\system32\mapi32.dll
2007-04-14 16:36 12,560 --a------ C:\WINNT\system32\nmmkcert.dll
2007-04-14 16:36 10,000 --a------ C:\WINNT\system32\mstinit.exe
2007-04-14 16:36 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-04-14 16:36 <DIR> d-a-s---- C:\WINNT\Tasks
2007-04-14 16:36 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-14 16:36 <DIR> d---s---- C:\WINNT\Downloaded Program Files
2007-04-14 16:35 72,464 --a------ C:\WINNT\system32\isign32.dll
2007-04-14 16:35 218,896 --a------ C:\WINNT\system32\mstask.dll
2007-04-14 16:35 15,012 --a------ C:\WINNT\system32\emptyregdb.dat
2007-04-14 16:35 <DIR> d-------- C:\WINNT\system32\DTCLog
2007-04-14 16:35 <DIR> d-------- C:\WINNT\Registration
2007-04-14 16:34 99,600 --a------ C:\WINNT\system32\clipbrd.exe
2007-04-14 16:34 97,552 --a------ C:\WINNT\system32\comrepl.dll
2007-04-14 16:34 97,040 --a------ C:\WINNT\system32\clbcatex.dll
2007-04-14 16:34 96,528 --a------ C:\WINNT\system32\winmine.exe
2007-04-14 16:34 96,016 --a------ C:\WINNT\system32\msdtclog.dll
2007-04-14 16:34 91,408 --a------ C:\WINNT\system32\calc.exe
2007-04-14 16:34 90,384 --a------ C:\WINNT\system32\charmap.exe
2007-04-14 16:34 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-04-14 16:34 84,240 --a------ C:\WINNT\system32\txflog.dll
2007-04-14 16:34 76,048 --a------ C:\WINNT\system32\avwav.dll
2007-04-14 16:34 71,440 --a------ C:\WINNT\system32\stclient.dll
2007-04-14 16:34 68,368 --a------ C:\WINNT\system32\sndvol32.exe
2007-04-14 16:34 66,832 --a------ C:\WINNT\system32\winchat.exe
2007-04-14 16:34 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-04-14 16:34 625,936 --a------ C:\WINNT\system32\comuid.dll
2007-04-14 16:34 61,712 --a------ C:\WINNT\system32\oiui400.dll
2007-04-14 16:34 60,688 --a------ C:\WINNT\system32\imgcmn.dll
2007-04-14 16:34 6,928 --a------ C:\WINNT\system32\msdtc.exe
2007-04-14 16:34 6,416 --a------ C:\WINNT\system32\write.exe
2007-04-14 16:34 595,728 --a------ C:\WINNT\system32\catsrvut.dll
2007-04-14 16:34 576,784 --a------ C:\WINNT\system32\hypertrm.dll
2007-04-14 16:34 55,056 --a------ C:\WINNT\system32\catsrvps.dll
2007-04-14 16:34 53,008 --a------ C:\WINNT\system32\packager.exe
2007-04-14 16:34 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-04-14 16:34 41,744 --a------ C:\WINNT\system32\colbact.dll
2007-04-14 16:34 406,800 --a------ C:\WINNT\system32\getuname.dll
2007-04-14 16:34 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-04-14 16:34 35,600 --a------ C:\WINNT\system32\mtxlegih.dll
2007-04-14 16:34 34,064 --a------ C:\WINNT\system32\sol.exe
2007-04-14 16:34 34,064 --a------ C:\WINNT\system32\freecell.exe
2007-04-14 16:34 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-04-14 16:34 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-04-14 16:34 319,760 --a------ C:\WINNT\system32\mspaint.exe
2007-04-14 16:34 3,856 --a------ C:\WINNT\system32\mtxex.dll
2007-04-14 16:34 29,968 --a------ C:\WINNT\system32\comaddin.dll
2007-04-14 16:34 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-04-14 16:34 26,896 --a------ C:\WINNT\system32\mtxdm.dll
2007-04-14 16:34 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-04-14 16:34 226,576 --a------ C:\WINNT\system32\avtapi.dll
2007-04-14 16:34 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-04-14 16:34 21,776 --a------ C:\WINNT\system32\hticons.dll
2007-04-14 16:34 21,264 --a------ C:\WINNT\system32\comclust.exe
2007-04-14 16:34 19,216 --a------ C:\WINNT\system32\xolehlp.dll
2007-04-14 16:34 17,168 --a------ C:\WINNT\system32\avmeter.dll
2007-04-14 16:34 165,648 --a------ C:\WINNT\system32\catsrv.dll
2007-04-14 16:34 153,872 --a------ C:\WINNT\system32\msdtcui.dll
2007-04-14 16:34 150,800 --a------ C:\WINNT\system32\accwiz.exe
2007-04-14 16:34 147,216 --a------ C:\WINNT\system32\DComExt.dll
2007-04-14 16:34 146,192 --a------ C:\WINNT\system32\comsnap.dll
2007-04-14 16:34 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-04-14 16:34 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-04-14 16:34 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-04-14 16:34 124,184 --a------ C:\WINNT\system32\wuauclt.exe
2007-04-14 16:34 123,152 --a------ C:\WINNT\system32\mtxoci.dll
2007-04-14 16:34 118,032 --a------ C:\WINNT\system32\mplay32.exe
2007-04-14 16:34 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2007-04-14 16:34 1,842,672 -ra------ C:\WINNT\system32\dtcsetup.exe
2007-04-14 16:34 1,343,768 --a------ C:\WINNT\system32\wuaueng.dll
2007-04-14 16:34 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2007-04-14 16:34 <DIR> d-------- C:\WINNT\system32\Com
2007-04-14 16:34 <DIR> d-------- C:\Program Files\Windows NT
2007-04-14 16:34 <DIR> d-------- C:\Program Files\Accessories
2007-04-14 12:31 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2007-04-14 12:31 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2007-04-14 12:31 51,152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2007-04-14 12:31 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2007-04-14 12:31 4,816 --a------ C:\WINNT\system32\drivers\MSPQM.sys
2007-04-14 12:31 2,896 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-04-14 12:31 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2007-04-14 12:28 9,808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2007-04-14 12:28 602,128 --a------ C:\WINNT\system32\drivers\winacpci.sys
2007-04-14 12:28 59,664 --a------ C:\WINNT\system32\usbui.dll
2007-04-14 12:28 49,776 --a------ C:\WINNT\system32\drivers\usbhub20.sys
2007-04-14 12:28 4,624 --a------ C:\WINNT\system32\drivers\intelide.sys
2007-04-14 12:28 4,128 --a------ C:\WINNT\system32\drivers\ctljystk.sys
2007-04-14 12:28 35,344 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-04-14 12:28 214,848 --a------ C:\WINNT\system32\drivers\emu10K1.sys
2007-04-14 12:28 19,728 --a------ C:\WINNT\system32\hidserv.exe
2007-04-14 12:28 19,728 --a------ C:\WINNT\system32\drivers\usbehci.sys
2007-04-14 12:28 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-04-14 12:28 138,288 --a------ C:\WINNT\system32\drivers\usbport.sys
2007-04-14 12:26 9,936 --a------ C:\WINNT\system\LZEXPAND.DLL
2007-04-14 12:26 9,008 --a------ C:\WINNT\system\VER.DLL
2007-04-14 12:26 85,264 --a------ C:\WINNT\system32\dgsetup.dll
2007-04-14 12:26 82,944 --a------ C:\WINNT\system\OLECLI.DLL
2007-04-14 12:26 81,168 --a------ C:\WINNT\system32\spoolss.dll
2007-04-14 12:26 69,584 --a------ C:\WINNT\system\AVICAP.DLL
2007-04-14 12:26 68,624 --a------ C:\WINNT\system\MMSYSTEM.DLL
2007-04-14 12:26 6,416 --a------ C:\WINNT\system32\batt.dll
2007-04-14 12:26 50,960 --a------ C:\WINNT\NOTEPAD.EXE
2007-04-14 12:26 5,392 --a------ C:\WINNT\delttsul.exe
2007-04-14 12:26 5,120 --a------ C:\WINNT\system\SHELL.DLL
2007-04-14 12:26 47,376 --a------ C:\WINNT\system32\spoolsv.exe
2007-04-14 12:26 35,600 --a------ C:\WINNT\TASKMAN.EXE
2007-04-14 12:26 35,600 --a------ C:\WINNT\system32\storprop.dll
2007-04-14 12:26 28,288 --a------ C:\WINNT\system\COMMDLG.DLL
2007-04-14 12:26 24,064 --a------ C:\WINNT\system\OLESVR.DLL
2007-04-14 12:26 21,344 --a------ C:\WINNT\system\TAPI.DLL
2007-04-14 12:26 176,400 --a------ C:\WINNT\system32\EqnClass.Dll
2007-04-14 12:26 148,992 --a------ C:\WINNT\system32\spxcoins.dll
2007-04-14 12:26 126,912 --a------ C:\WINNT\system\MSVIDEO.DLL
2007-04-14 12:26 123,904 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-04-14 12:26 107,984 --a------ C:\WINNT\system\AVIFILE.DLL
2007-04-14 12:26 <DIR> d-a------ C:\WINNT\system32\CatRoot
2007-04-14 12:26 <DIR> d-a------ C:\WINNT\Speech
2007-04-14 12:26 <DIR> d-a------ C:\Program Files\Common Files\ODBC
2007-04-14 12:26 <DIR> d-a------ C:\Program Files
2007-04-14 12:26 <DIR> d-a------ C:\Documents and Settings
2007-04-14 12:26 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Documents
2007-04-14 12:22 <DIR> drahsc--- C:\WINNT\system32\dllcache
2007-04-14 12:22 <DIR> dra-s---- C:\WINNT\Fonts
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\twain_32
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\wins
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\wbem
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\spool
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\ShellExt
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\Setup
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\ras
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\os2
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\npp
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\mui
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\ie_de
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\ias
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\export
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\drivers\etc
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\drivers\disdn
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\drivers
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\dhcp
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32\config
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system32
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\system
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\security
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\repair
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\msapps
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\msagent
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Media
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Help
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Driver Cache
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Debug
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Cursors
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Connection Wizard
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\Config
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\AppPatch
2007-04-14 12:22 <DIR> d-a------ C:\WINNT\addins
2007-04-14 12:22 <DIR> d-a------ C:\WINNT
2007-04-14 12:22 <DIR> d--h----- C:\WINNT\inf
2007-04-14 12:22 <DIR> d---s---- C:\WINNT\Web


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-15 14:40 2560 --a------ C:\WINNT\system32\bitcometres.dll
2007-04-14 16:36 271 ---h----- C:\Program Files\desktop.ini
2007-04-14 16:36 21952 ---h----- C:\Program Files\folder.htt
2007-03-15 12:23 497496 --a------ C:\WINNT\system32\xceedzip.dll
2007-03-15 12:19 526184 --a------ C:\WINNT\system32\xceedcry.dll
2007-03-13 05:44 245520 --a------ C:\WINNT\system32\winsrv.dll
2007-03-06 07:17 38160 --a------ C:\WINNT\system32\mf3216.dll
2007-03-06 07:17 381200 --a------ C:\WINNT\system32\user32.dll
2007-03-06 07:17 235280 --a------ C:\WINNT\system32\gdi32.dll
2007-03-06 02:12 1641936 --a------ C:\WINNT\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{052B595C-9AEF-B794-1077-0AFC1A5FB237} C:\WINNT\system32\rwvvunb.dll
{120E4609-50D9-1FDD-FB4F-084CEE06CE13} C:\WINNT\system32\svxwdgf.dll
{14266034-6237-42B0-823E-9575A3FB77De} C:\WINNT\system32\aaypokga.dll [x]
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINNT\system32\rufdfsuf.dll [x]
{17E1A93C-658C-3575-A338-66E33CE6FFCD} C:\WINNT\system32\twqp.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
{3A4260B3-4F1F-C099-60CE-04DE2E75A91A} C:\WINNT\system32\akxsurc.dll
{50ED3F53-1B6C-9D0D-BB57-090CD5F17F27} C:\WINNT\system32\aqvzmqi.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{65D4DC6C-5850-BCAA-6488-0035CA704315} C:\WINNT\system32\swcxqzm.dll
{6F43F6CA-4098-CA81-804E-0A9889D05A25} C:\WINNT\system32\zthocvj.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll
{BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTray.exe SetReg"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"WheelMouse"="Amoumain.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"QD FastAndSafe"=""
"rwvvunb.dll"="C:\\WINNT\\system32\\rundll32.exe C:\\WINNT\\system32\\rwvvunb.dll,yeykmid"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"zokq"="C:\\PROGRA~1\\COMMON~1\\zokq\\zokqm.exe"
"Rcos"="\"C:\\PROGRA~1\\COMMON~1\\YSTEM~1\\regedit.exe\" -vt yazb"
"Rfm"="C:\\WINNT\\?racle\\w?auclt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymTray - Norton SystemWorks"="C:\\Program Files\\Common Files\\Symantec Shared\\Symtrdr.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"="internat.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=dword:00000000

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RASAUTO


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
C:\WINNT\tasks\Norton SystemWorks One Button Checkup.job
C:\WINNT\tasks\Symantec Drmc.job
C:\WINNT\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 16:36:35
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
SymTray - Norton SystemWorks = C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe?c=C:\WINNT\system32\cmd.exe?DEVMGR_SHOW_DE

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: Mon 2007-04-23 16:36:39
C:\ComboFix-quarantined-files.txt ... 07-04-23 16:36

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 24 April 2007 - 03:27 PM

From your ComboFix log it looks to me like you may have recently formatted your computer or repaired your Operating System. If this is the case, due to the nature and number of infections on your PC, I think it would be best if you decided to reformat your computer now.

Edited by rookie147, 24 April 2007 - 03:28 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 calm2chaos

calm2chaos
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:24 PM

Posted 24 April 2007 - 03:50 PM

well I was trynig to avoid that if at all possible. I'll look into redoing the format or just running a zero fill and starting from complete scratch possibly, See what kind of mood im in.. Thanks for the attempt

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 25 April 2007 - 04:24 PM

Let me know what you choose.
I'm sorry that it came down to reformatting, but I think it's the best thing to do in your situation.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 01 May 2007 - 01:40 PM

Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users