Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Have Folder "ipwindows" That I Can't Remove.


  • This topic is locked This topic is locked
13 replies to this topic

#1 dasummers

dasummers

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 29 May 2007 - 11:13 PM

New here, hello. Running Win2000 sp4 and have noticed several folders added to my programs folder. Have since downloaded suggested programs from the tutorial (ad-aware, bitdefender, spybot, superantispyware). These programs have picked up a lot which in turn quarantined/deleted the bugs. Am still feeling a bug in my computer - typing in search areas to have been thrown out somewhere else and pages popping open to ad sites. Have included a scann from hijack this as follows: Any ideas or am I good? Any help would be greatly appreciated. Thank you for all of this!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:06:36 PM, on 5/29/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\explorer.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Downloads\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: 0 - {7C92064A-AD77-4C4B-99B8-C247C374D013} - C:\Program Files\Accessories\qukatokyd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\system32\StopzillaBHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [oqpkwtwA] C:\WINNT\oqpkwtwA.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179600327149
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180134129508
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Net Agent - Unknown owner - C:\WINNT\dls0523pmw.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 7360 bytes


Moved from the 2000\2003 Forum. ~acklan~

Edited by acklan, 30 May 2007 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 30 May 2007 - 04:29 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

You are using TrendMicro's HijackThis which is still in the testing process at the moment, so there may be some problems with it. Therefore, please download version 1.99.1 of HijackThis from the following link:
HJT v1.99.1

Download Combofix to your Desktop.
Go to Start | Run and type:
"%userprofile%\desktop\combofix.exe" /wow
Then hit OK
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Scan again with the older version of HijackThis, and include the new log along with the requested Combofix report in your next post.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 dasummers

dasummers
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 30 May 2007 - 05:37 PM

Charles, thanks for the help! It's greatly appreciated and my apologies for bumbling into this. I did as suggested and here are the scans for both.

"Administrator" - 2007-05-30 17:10:50 Service Pack 4
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Administrator\Desktop\"
Command switches used :: "/wow"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINNT\rau001978.exe"
"C:\WINNT\cs_cache.ini"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_NET_AGENT
-------\Net Agent


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


2007-05-30 17:16 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_cc.dat
2007-05-29 22:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\STOPzilla!
2007-05-29 22:51 <DIR> d-------- C:\Program Files\STOPzilla!
2007-05-29 22:50 <DIR> d-------- C:\Unziptemp
2007-05-29 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-29 19:41 14 --a------ C:\WINNT\system32\getfile.dat
2007-05-29 19:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 19:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-29 19:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-29 19:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-29 19:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 18:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-29 18:01 <DIR> d-------- C:\VundoFix Backups
2007-05-28 00:37 <DIR> d-a------ C:\WINNT\system32\appmgmt
2007-05-28 00:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
2007-05-27 12:50 <DIR> d-------- C:\WINNT\Downloaded Installations
2007-05-27 12:17 73 --a------ C:\WINNT\system32\n.bat
2007-05-27 12:17 4,854 --a------ C:\WINNT\system32\x.dat
2007-05-27 12:17 167 --a------ C:\WINNT\system32\5863.bat
2007-05-27 12:16 90,112 --a------ C:\WINNT\system32\ps.exe
2007-05-27 12:16 109,343 --a------ C:\WINNT\system32\app.exe
2007-05-27 12:16 <DIR> d-------- C:\WINNT\system32\TQ0
2007-05-27 12:16 <DIR> d-------- C:\WINNT\system32\T6QaSQ
2007-05-27 12:16 <DIR> d-------- C:\WINNT\system32\T6
2007-05-27 12:16 <DIR> d-------- C:\WINNT\system32\T4
2007-05-27 12:16 <DIR> d-------- C:\WINNT\system32\T3
2007-05-27 12:16 <DIR> d-------- C:\WINNT\system32\pog
2007-05-27 12:15 32,768 --a------ C:\WINNT\system32\setup9x.exe
2007-05-27 12:15 147,456 --a------ C:\WINNT\system32\vbzip10.dll
2007-05-27 12:15 0 --a------ C:\WINNT\system32\taskkill.exe
2007-05-26 19:08 <DIR> d--h----- C:\New Folder
2007-05-26 15:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-26 15:05 <DIR> d-------- C:\Program Files\Ares
2007-05-26 12:36 <DIR> d-------- C:\Music
2007-05-26 12:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-26 11:49 <DIR> d--h----- C:\Media
2007-05-26 09:03 <DIR> d-------- C:\Winrar
2007-05-26 08:43 127,208 --a------ C:\WINNT\system32\mucltui.dll
2007-05-24 23:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-24 23:13 <DIR> d-------- C:\WINNT\ShellNew
2007-05-24 23:13 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-24 23:13 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-05-24 10:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WeatherBug
2007-05-24 10:24 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-05-24 10:22 <DIR> d-------- C:\Program Files\AWS
2007-05-20 20:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-05-20 19:07 <DIR> d-------- C:\Program Files\DFX
2007-05-20 18:48 940,544 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-05-20 18:48 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys
2007-05-20 18:48 9,336 --------- C:\WINNT\system32\drivers\cdr4_2k.sys
2007-05-20 18:48 87,040 --a------ C:\WINNT\system32\drmstor.dll
2007-05-20 18:48 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys
2007-05-20 18:48 413,944 --a------ C:\WINNT\system32\wmspdmod.dll
2007-05-20 18:48 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-05-20 18:48 317,176 --a------ C:\WINNT\system32\mp43dmod.dll
2007-05-20 18:48 306,424 --a------ C:\WINNT\system32\drmclien.dll
2007-05-20 18:48 237,568 --a------ C:\WINNT\system32\qasf.dll
2007-05-20 18:48 151,552 --a------ C:\WINNT\system32\wmidx.dll
2007-05-20 18:48 129,784 --------- C:\WINNT\system32\pxafs.dll
2007-05-20 18:48 1,119,744 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-05-20 18:48 1,003,008 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-05-20 18:47 <DIR> d-------- C:\Program Files\Winamp
2007-05-20 18:16 895,736 --a------ C:\WINNT\system32\wmvdmod.dll
2007-05-20 18:16 774,904 --a------ C:\WINNT\system32\wmsdmod.dll
2007-05-20 18:16 716,288 --a------ C:\WINNT\system32\wmadmoe.dll
2007-05-20 18:16 696,320 --a------ C:\WINNT\system32\drmv2clt.dll
2007-05-20 18:16 66,048 --a------ C:\WINNT\system32\wmerrenu.dll
2007-05-20 18:16 6,656 --a------ C:\WINNT\system32\laprxy.dll
2007-05-20 18:16 53,248 --a------ C:\WINNT\system32\mspmspsv.exe
2007-05-20 18:16 50,448 --a------ C:\WINNT\system32\msdmo.dll
2007-05-20 18:16 466,944 --a------ C:\WINNT\system32\wmv8dmoe.dll
2007-05-20 18:16 446,464 --a------ C:\WINNT\system32\wmvdmoe.dll
2007-05-20 18:16 396,528 --a------ C:\WINNT\system32\wmadmod.dll
2007-05-20 18:16 368,710 --a------ C:\WINNT\system32\msisam11.dll
2007-05-20 18:16 335,360 --a------ C:\WINNT\system32\wmstream.dll
2007-05-20 18:16 32,768 --a------ C:\WINNT\system32\asferror.dll
2007-05-20 18:16 309,584 --a------ C:\WINNT\system32\wmv8dmod.dll
2007-05-20 18:16 294,400 --a------ C:\WINNT\system32\blackbox.dll
2007-05-20 18:16 270,336 --a------ C:\WINNT\system32\pdbrowse.dll
2007-05-20 18:16 260,096 --a------ C:\WINNT\system32\msnetobj.dll
2007-05-20 18:16 241,725 --a------ C:\WINNT\system32\msuni11.dll
2007-05-20 18:16 240,640 --a------ C:\WINNT\system32\mpg4dmod.dll
2007-05-20 18:16 24,064 --a------ C:\WINNT\system32\wmdmlog.dll
2007-05-20 18:16 222,208 --a------ C:\WINNT\system32\wmasf.dll
2007-05-20 18:16 221,184 --a------ C:\WINNT\system32\msscp.dll
2007-05-20 18:16 188,416 --a------ C:\WINNT\system32\mspmsp.dll
2007-05-20 18:16 184,320 --a------ C:\WINNT\system32\wmpcd.dll
2007-05-20 18:16 163,840 --a------ C:\WINNT\system32\mindex.dll
2007-05-20 18:16 16,384 --a------ C:\WINNT\system32\wmdmps.dll
2007-05-20 18:16 159,744 --a------ C:\WINNT\system32\mswmdm.dll
2007-05-20 18:16 147,456 --a------ C:\WINNT\system32\CEWMDM.dll
2007-05-20 18:16 118,784 --a------ C:\WINNT\system32\wmsdmoe.dll
2007-05-20 18:16 103,936 --a------ C:\WINNT\system32\logagent.exe
2007-05-20 18:16 1,290,240 --a------ C:\WINNT\system32\wmploc.dll
2007-05-20 18:16 1,122,304 --a------ C:\WINNT\system32\wmpui.dll
2007-05-20 18:16 1,022,464 --a------ C:\WINNT\system32\wmnetmgr.dll
2007-05-20 17:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\BitTorrent
2007-05-20 17:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-19 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-05-19 22:49 <DIR> d-------- C:\Program Files\QuickTime
2007-05-19 22:48 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-19 22:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-19 22:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-05-19 20:50 <DIR> d-------- C:\Limewire Shared
2007-05-19 20:50 <DIR> d-------- C:\Incomplete
2007-05-19 20:50 <DIR> d-------- C:\Documents and Settings\Administrator\Incomplete
2007-05-19 20:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-05-19 20:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-05-19 20:48 <DIR> d-------- C:\Program Files\LimeWire
2007-05-19 16:53 <DIR> d--hs---- C:\RECYCLER
2007-05-19 15:51 <DIR> d--h----- C:\WINNT\PIF
2007-05-19 15:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-05-19 15:48 <DIR> d-------- C:\Program Files\Google
2007-05-19 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-19 15:47 <DIR> d-------- C:\WINNT\system32\Macromed
2007-05-19 15:40 <DIR> d-------- C:\Program Files\Raxco
2007-05-19 15:40 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-05-19 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
2007-05-19 15:39 <DIR> d-------- C:\WINNT\winsxs
2007-05-19 15:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-19 15:39 <DIR> d-------- C:\Program Files\CA
2007-05-19 15:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-19 15:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-05-19 15:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Verizon
2007-05-19 15:34 <DIR> d-------- C:\Program Files\Verizon
2007-05-19 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Verizon
2007-05-19 15:08 8,192 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-19 15:08 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2007-05-19 15:02 <DIR> d-------- C:\WINNT\mui
2007-05-19 14:56 <DIR> d-------- C:\WINNT\system32\Windows Media
2007-05-19 14:55 22,752 --a------ C:\WINNT\system32\spupdsvc.exe
2007-05-19 14:54 <DIR> d--h-c--- C:\WINNT\$NtUpdateRollupPackUninstall$
2007-05-19 14:54 <DIR> d-------- C:\WINNT\msiinst.tmp
2007-05-19 14:18 <DIR> d-------- C:\WINNT\system32\BITS
2007-05-19 13:52 <DIR> d-------- C:\WINNT\RegisteredPackages
2007-05-19 13:49 <DIR> d--h----- C:\WINNT\msdownld.tmp
2007-05-19 13:49 <DIR> d-------- C:\WINNT\Windows Update Setup Files
2007-05-19 13:49 <DIR> d-------- C:\Downloads
2007-05-19 13:47 465,176 --a------ C:\WINNT\system32\wuapi.dll
2007-05-19 13:47 41,240 --a------ C:\WINNT\system32\wups.dll
2007-05-19 13:47 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2007-05-19 13:47 18,200 --a------ C:\WINNT\system32\wups2.dll
2007-05-19 13:47 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2007-05-19 13:47 127,256 --a------ C:\WINNT\system32\wucltui.dll
2007-05-19 13:45 <DIR> d-------- C:\WINNT\SoftwareDistribution
2007-05-19 13:42 974,848 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-05-19 13:42 974,848 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-19 13:42 <DIR> d--hs---- C:\WINNT\Installer
2007-05-19 13:42 <DIR> d--hs---- C:\WINNT\CSC
2007-05-19 13:42 <DIR> d--h----- C:\WINNT\system32\GroupPolicy
2007-05-19 13:41 <DIR> d--hs---- C:\System Volume Information
2007-05-19 13:41 <DIR> d-------- C:\WINNT\system32\NtmsData
2007-05-19 13:32 <DIR> d-------- C:\WINNT\system32\rpcproxy
2007-05-19 13:32 <DIR> d-------- C:\WINNT\system32\rocket
2007-05-19 13:32 <DIR> d-------- C:\WINNT\system32\inetsrv
2007-05-19 13:32 <DIR> d-------- C:\WINNT\mww32
2007-05-19 13:32 <DIR> d-------- C:\WINNT\ime
2007-05-19 13:32 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-19 13:30 122,880 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-19 13:30 0 -rahs---- C:\MSDOS.SYS
2007-05-19 13:30 0 -rahs---- C:\IO.SYS
2007-05-19 13:30 0 ---h----- C:\CONFIG.SYS
2007-05-19 13:30 0 ---h----- C:\AUTOEXEC.BAT
2007-05-19 13:29 131,072 --a------ C:\WINNT\system32\mapi32.dll
2007-05-19 13:28 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-05-19 13:28 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-19 13:28 <DIR> d---s---- C:\WINNT\Downloaded Program Files
2007-05-19 13:27 72,464 --a------ C:\WINNT\system32\isign32.dll
2007-05-19 13:27 63,248 --a------ C:\WINNT\system32\ils.dll
2007-05-19 13:27 57,104 --a------ C:\WINNT\system32\icwdial.dll
2007-05-19 13:27 53,520 --a------ C:\WINNT\system32\msconf.dll
2007-05-19 13:27 5,904 --a------ C:\WINNT\system32\icfgnt5.dll
2007-05-19 13:27 49,424 --a------ C:\WINNT\system32\icwphbk.dll
2007-05-19 13:27 4,880 --a------ C:\WINNT\system32\ksuser.dll
2007-05-19 13:27 32,880 --a------ C:\WINNT\system32\mnmdd.dll
2007-05-19 13:27 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-05-19 13:27 251,152 --a------ C:\WINNT\system32\inetcfg.dll
2007-05-19 13:27 218,896 --a------ C:\WINNT\system32\mstask.dll
2007-05-19 13:27 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-05-19 13:27 12,560 --a------ C:\WINNT\system32\nmmkcert.dll
2007-05-19 13:27 113,744 --a------ C:\WINNT\system32\drivers\ks.sys
2007-05-19 13:27 10,000 --a------ C:\WINNT\system32\mstinit.exe
2007-05-19 13:27 <DIR> d-a-s---- C:\WINNT\Tasks
2007-05-19 13:26 15,012 --a------ C:\WINNT\system32\emptyregdb.dat
2007-05-19 13:25 <DIR> d-------- C:\WINNT\Registration
2007-05-19 13:24 99,600 --a------ C:\WINNT\system32\clipbrd.exe
2007-05-19 13:24 96,528 --a------ C:\WINNT\system32\winmine.exe
2007-05-19 13:24 91,408 --a------ C:\WINNT\system32\calc.exe
2007-05-19 13:24 90,384 --a------ C:\WINNT\system32\charmap.exe
2007-05-19 13:24 84,240 --a------ C:\WINNT\system32\txflog.dll
2007-05-19 13:24 76,048 --a------ C:\WINNT\system32\avwav.dll
2007-05-19 13:24 71,440 --a------ C:\WINNT\system32\stclient.dll
2007-05-19 13:24 68,368 --a------ C:\WINNT\system32\sndvol32.exe
2007-05-19 13:24 66,832 --a------ C:\WINNT\system32\winchat.exe
2007-05-19 13:24 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-05-19 13:24 60,688 --a------ C:\WINNT\system32\imgcmn.dll
2007-05-19 13:24 6,928 --a------ C:\WINNT\system32\msdtc.exe
2007-05-19 13:24 6,416 --a------ C:\WINNT\system32\write.exe
2007-05-19 13:24 576,784 --a------ C:\WINNT\system32\hypertrm.dll
2007-05-19 13:24 55,056 --a------ C:\WINNT\system32\catsrvps.dll
2007-05-19 13:24 53,008 --a------ C:\WINNT\system32\packager.exe
2007-05-19 13:24 406,800 --a------ C:\WINNT\system32\getuname.dll
2007-05-19 13:24 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-05-19 13:24 35,600 --a------ C:\WINNT\system32\mtxlegih.dll
2007-05-19 13:24 34,064 --a------ C:\WINNT\system32\sol.exe
2007-05-19 13:24 34,064 --a------ C:\WINNT\system32\freecell.exe
2007-05-19 13:24 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-05-19 13:24 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-05-19 13:24 319,760 --a------ C:\WINNT\system32\mspaint.exe
2007-05-19 13:24 3,856 --a------ C:\WINNT\system32\mtxex.dll
2007-05-19 13:24 29,968 --a------ C:\WINNT\system32\comaddin.dll
2007-05-19 13:24 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-05-19 13:24 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-05-19 13:24 226,576 --a------ C:\WINNT\system32\avtapi.dll
2007-05-19 13:24 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-05-19 13:24 21,776 --a------ C:\WINNT\system32\hticons.dll
2007-05-19 13:24 21,264 --a------ C:\WINNT\system32\comclust.exe
2007-05-19 13:24 19,216 --a------ C:\WINNT\system32\xolehlp.dll
2007-05-19 13:24 17,168 --a------ C:\WINNT\system32\avmeter.dll
2007-05-19 13:24 150,800 --a------ C:\WINNT\system32\accwiz.exe
2007-05-19 13:24 147,216 --a------ C:\WINNT\system32\DComExt.dll
2007-05-19 13:24 146,192 --a------ C:\WINNT\system32\comsnap.dll
2007-05-19 13:24 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-05-19 13:24 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-05-19 13:24 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-05-19 13:24 118,032 --a------ C:\WINNT\system32\mplay32.exe
2007-05-19 13:24 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2007-05-19 13:24 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2007-05-19 13:24 <DIR> d-------- C:\WINNT\system32\DTCLog
2007-05-19 13:24 <DIR> d-------- C:\Program Files\Windows NT
2007-05-19 13:24 <DIR> d-------- C:\Program Files\Accessories
2007-05-19 13:23 97,552 --a------ C:\WINNT\system32\comrepl.dll
2007-05-19 13:23 97,040 --a------ C:\WINNT\system32\clbcatex.dll
2007-05-19 13:23 96,016 --a------ C:\WINNT\system32\msdtclog.dll
2007-05-19 13:23 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-05-19 13:23 625,936 --a------ C:\WINNT\system32\comuid.dll
2007-05-19 13:23 61,712 --a------ C:\WINNT\system32\oiui400.dll
2007-05-19 13:23 595,728 --a------ C:\WINNT\system32\catsrvut.dll
2007-05-19 13:23 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-05-19 13:23 41,744 --a------ C:\WINNT\system32\colbact.dll
2007-05-19 13:23 26,896 --a------ C:\WINNT\system32\mtxdm.dll
2007-05-19 13:23 165,648 --a------ C:\WINNT\system32\catsrv.dll
2007-05-19 13:23 153,872 --a------ C:\WINNT\system32\msdtcui.dll
2007-05-19 13:23 124,184 --a------ C:\WINNT\system32\wuauclt.exe
2007-05-19 13:23 123,152 --a------ C:\WINNT\system32\mtxoci.dll
2007-05-19 13:23 1,842,672 -ra------ C:\WINNT\system32\dtcsetup.exe
2007-05-19 13:23 1,343,768 --a------ C:\WINNT\system32\wuaueng.dll
2007-05-19 13:23 <DIR> d-------- C:\WINNT\system32\Com
2007-05-19 08:16 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2007-05-19 08:16 6,640 --a------ C:\WINNT\system32\drivers\MSKSSRV.sys
2007-05-19 08:16 51,152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2007-05-19 08:16 5,008 --a------ C:\WINNT\system32\drivers\MSPCLOCK.sys
2007-05-19 08:16 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2007-05-19 08:16 4,816 --a------ C:\WINNT\system32\drivers\MSPQM.sys
2007-05-19 08:16 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2007-05-19 08:15 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2007-05-19 08:15 2,896 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-05-19 08:14 9,808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2007-05-19 08:13 59,664 --a------ C:\WINNT\system32\usbui.dll
2007-05-19 08:13 530,192 --a------ C:\WINNT\system32\nv4.dll
2007-05-19 08:13 358,928 --a------ C:\WINNT\system32\drivers\ds1wdm.sys
2007-05-19 08:13 35,344 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-05-19 08:13 345,040 --a------ C:\WINNT\system32\drivers\nv4.sys
2007-05-19 08:13 21,008 --a------ C:\WINNT\system32\drivers\AGP440.SYS
2007-05-19 08:13 18,704 --a------ C:\WINNT\system32\drivers\RTL8139.sys
2007-05-19 08:13 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-05-19 08:10 9,936 --a------ C:\WINNT\system\LZEXPAND.DLL
2007-05-19 08:10 9,008 --a------ C:\WINNT\system\VER.DLL
2007-05-19 08:10 85,264 --a------ C:\WINNT\system32\dgsetup.dll
2007-05-19 08:10 82,944 --a------ C:\WINNT\system\OLECLI.DLL
2007-05-19 08:10 81,168 --a------ C:\WINNT\system32\spoolss.dll
2007-05-19 08:10 69,584 --a------ C:\WINNT\system\AVICAP.DLL
2007-05-19 08:10 68,624 --a------ C:\WINNT\system\MMSYSTEM.DLL
2007-05-19 08:10 6,416 --a------ C:\WINNT\system32\batt.dll
2007-05-19 08:10 50,960 --a------ C:\WINNT\NOTEPAD.EXE
2007-05-19 08:10 5,392 --a------ C:\WINNT\delttsul.exe
2007-05-19 08:10 5,120 --a------ C:\WINNT\system\SHELL.DLL
2007-05-19 08:10 47,376 --a------ C:\WINNT\system32\spoolsv.exe
2007-05-19 08:10 35,600 --a------ C:\WINNT\TASKMAN.EXE
2007-05-19 08:10 35,600 --a------ C:\WINNT\system32\storprop.dll
2007-05-19 08:10 28,288 --a------ C:\WINNT\system\COMMDLG.DLL
2007-05-19 08:10 24,064 --a------ C:\WINNT\system\OLESVR.DLL
2007-05-19 08:10 21,344 --a------ C:\WINNT\system\TAPI.DLL
2007-05-19 08:10 176,400 --a------ C:\WINNT\system32\EqnClass.Dll
2007-05-19 08:10 148,992 --a------ C:\WINNT\system32\spxcoins.dll
2007-05-19 08:10 126,912 --a------ C:\WINNT\system\MSVIDEO.DLL
2007-05-19 08:10 123,904 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-05-19 08:10 107,984 --a------ C:\WINNT\system\AVIFILE.DLL
2007-05-19 08:10 <DIR> dra------ C:\Program Files
2007-05-19 08:10 <DIR> d-a------ C:\WINNT\Speech
2007-05-19 08:10 <DIR> d-a------ C:\Program Files\Common Files\ODBC
2007-05-19 08:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Documents
2007-05-19 08:09 <DIR> d-a------ C:\WINNT\system32\CatRoot
2007-05-19 08:09 <DIR> d-a------ C:\Documents and Settings
2007-05-19 08:04 <DIR> drahsc--- C:\WINNT\system32\dllcache
2007-05-19 08:04 <DIR> dra-s---- C:\WINNT\Fonts
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\twain_32
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\wins
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\wbem
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\spool
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ShellExt
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\Setup
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ras
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\os2
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\npp
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\mui
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ie_de
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ias
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\export
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\drivers\etc
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\drivers\disdn
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\drivers
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\dhcp
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\config
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\security
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\repair
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\msapps
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\msagent
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Media
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Help
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Driver Cache
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Debug
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Cursors
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Connection Wizard
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Config
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\AppPatch
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\addins
2007-05-19 08:04 <DIR> d-a------ C:\WINNT
2007-05-19 08:04 <DIR> d--hs---- C:\WINNT\system32
2007-05-19 08:04 <DIR> d--h----- C:\WINNT\inf
2007-05-19 08:04 <DIR> d---s---- C:\WINNT\Web
2007-04-05 02:17 2,854,400 --a------ C:\WINNT\system32\msi.dll
2007-04-04 17:15 839,880 --a------ C:\WINNT\system32\drivers\Css-Dvp.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-13 09:44:49 245,520 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-06 11:17:48 381,200 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:17:46 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:17:46 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 06:12:21 1,641,936 ----a-w C:\WINNT\system32\WIN32K.SYS
2007-03-02 17:24:44 227,856 ----a-w C:\WINNT\system32\PDBoot.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [06-10-22 23:08 ]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll [07-05-03 10:34 ]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [05-05-31 01:04 ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [07-03-14 03:43 ]
{7C92064A-AD77-4C4B-99B8-C247C374D013}=C:\Program Files\Accessories\qukatokyd.dll []
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [07-05-19 15:48 ]
{E3215F20-3212-11D6-9F8B-00D0B743919D}=C:\WINNT\system32\StopzillaBHO.dll [03-11-08 22:30 ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-20 07:00 C:\WINNT\system32\mobsync.exe]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [07-05-11 15:20 ]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [07-05-03 10:34 ]
"PPRT"="C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe" [06-12-19 13:45 ]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [07-05-03 10:35 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 ]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [07-05-14 17:22 ]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [05-05-09 12:19 ]
"STOPzilla"="C:\Program Files\STOPzilla!\Stopzilla.exe" [03-11-10 15:55 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [07-05-19 15:48 ]
"ctfmon.exe"="ctfmon.exe" [01-02-20 13:09 C:\WINNT\system32\CTFMON.EXE]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-05-23 10:12 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [06-12-20 13:55 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 17:16:21
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


********************************************************************

Completion time: 2007-05-30 17:19:05 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-05-30 17:18

--- E O F ---




Logfile of HijackThis v1.99.1
Scan saved at 5:31:03 PM, on 5/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: 0 - {7C92064A-AD77-4C4B-99B8-C247C374D013} - C:\Program Files\Accessories\qukatokyd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\system32\StopzillaBHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179600327149
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180134129508
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 31 May 2007 - 10:04 AM

Hello again, it looks like there is still quite a bit of malware hiding on your computer that needs taclking.

You are running MyWebSearch (or MyBar). Although not technically malware, it is thought to be bad by many experts and it will bring malware with it. There are safer alternatives available such as the Google toolbar. My Web Search also known as the My Way Speedbar is the Internet Explorer toolbar part of the Fun Web Products suite of utilities such as Smiley Central, Cursor Mania, My Mail Stationary, My Mail Signature, PopSwatter, Popular Screensavers, and the My Way website portal. The toolbar allows easy access to search engine results and a 404 Error Redirector called My Total Search among other things to your browser. This is not to be confused with the IBIS Web Search toolbar. MyWay is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking. It reports your surfing activity anonymously to MyWay affiliates, helping them to serve targeted advertising to you. As a BHO, MyWay shares the memory that your browser uses, detects events, creates additional windows while you are surfing, and monitors your activity. When a new browser window is opened, MyWay will send a configuration request about 5k in size.
Although none of these products claim to be spyware, they do slow your computer down. All of the products use cookies to track usage, although they claim not to use cookies or anything else to track personally identifiable information. That being said, I would still recommend uninstalling the toolbar and other Fun Web Products if you feel your computer runs better without them. They are found by most spyware removal tools such as Spybot Search and Destroy, Lavasoft Ad-Aware.
If you want to get rid of this program, removal instructions can be found here.

You also have Weatherbug installed.
This is very much an ad-enabled application, which in addition to providing current outdoor temperature information in the System Tray together with real-time weather alerts, can also draw unwanted ads and popups to your computer.
My recommendation is that you uninstall it from your computer.
If you want a program which provides weather information, there is an ad-free alternative to Weatherbug called WeatherWatcher which is available free from here: http://www.snapfiles.com/get/weatherwatcher.html.

Open Notepad and copy/paste the text in the following quotebox below into it:

File::
C:\WINNT\system32\n.bat
C:\WINNT\system32\x.dat
C:\WINNT\system32\5863.bat
C:\WINNT\system32\ps.exe
C:\WINNT\system32\app.exe
C:\WINNT\system32\setup9x.exe
C:\WINNT\system32\vbzip10.dll
C:\WINNT\system32\taskkill.exe

Folder::
C:\WINNT\system32\TQ0
C:\WINNT\system32\T6QaSQ
C:\WINNT\system32\T6
C:\WINNT\system32\T4
C:\WINNT\system32\T3
C:\WINNT\system32\pog


Save this as ComboFix-Do.txt to your Desktop.
Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below:

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot) post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Thanks,
Charles

Edited by rookie147, 31 May 2007 - 10:05 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 dasummers

dasummers
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 31 May 2007 - 07:51 PM

Many Thanks! I performed the suggested steps. First, I tried running the regsearch program using ".msi" for the string and the following was reported:

REGEDIT4
; RegSrch.vbs Bill James

; Registry search results for string ".msi " 5/31/2007 7:28:46 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer]
"Description"="Installs, repairs and removes software according to instructions contained in .MSI files."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIServer]
"Description"="Installs, repairs and removes software according to instructions contained in .MSI files."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSIServer]
"Description"="Installs, repairs and removes software according to instructions contained in .MSI files."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]
"Description"="Installs, repairs and removes software according to instructions contained in .MSI files."



I then ran it again using "MyWay" as the string and the program reported back no strings found. I uninstalled Weather Bug and installed weather Watcher - by the way, a very cool program - thanks.
I then ran HijackThis and here is the following. Again, thank you for the help. Dean


Logfile of HijackThis v1.99.1
Scan saved at 7:44:50 PM, on 5/31/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: 0 - {7C92064A-AD77-4C4B-99B8-C247C374D013} - C:\Program Files\Accessories\qukatokyd.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\system32\StopzillaBHO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179600327149
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1180134129508
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Unknown owner - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe (file missing)
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

ps. Curious, I noticed that I have a program folder "Raxco" that has a perfect disk program that I did not download - is this common to another program?

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 01 June 2007 - 03:47 AM

ps. Curious, I noticed that I have a program folder "Raxco" that has a perfect disk program that I did not download - is this common to another program?


This is Raxco, it says it is a disk defragmenter. If you like, you can get rid of this program since you don't think you installed it yourself; I don't think this sort of thing is automatically installed on your PC though.

Did Combofix produce a log?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 dasummers

dasummers
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 01 June 2007 - 12:33 PM

My apologies for not including the combofix log; here it is:


"Administrator" - 06/01/2007 12:25:25 Service Pack 4
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Administrator\"
Command switches used :: ""C:\Documents and Settings\Administrator\My Documents\ComboFix-Do.txt""


((((((((((((((((((((((((((((((( Files Created from 2007-05-01 to 2007-06-01 ))))))))))))))))))))))))))))))))))


2007-05-31 19:00 102,400 --a------ C:\WINNT\system32\unzip32.dll
2007-05-31 19:00 <DIR> d-------- C:\Program Files\Weather Watcher
2007-05-30 17:19 49,152 --a------ C:\WINNT\nircmd.exe
2007-05-29 22:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\STOPzilla!
2007-05-29 22:51 <DIR> d-------- C:\Program Files\STOPzilla!
2007-05-29 22:50 <DIR> d-------- C:\Unziptemp
2007-05-29 20:52 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-05-29 19:41 14 --a------ C:\WINNT\system32\getfile.dat
2007-05-29 19:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 19:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-29 19:31 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-29 19:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-29 19:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-29 19:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-29 18:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\STOPzilla!
2007-05-29 18:01 <DIR> d-------- C:\VundoFix Backups
2007-05-28 00:37 <DIR> d-a------ C:\WINNT\system32\appmgmt
2007-05-28 00:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Leadertech
2007-05-27 12:50 <DIR> d-------- C:\WINNT\Downloaded Installations
2007-05-26 19:08 <DIR> d--h----- C:\New Folder
2007-05-26 15:23 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-05-26 15:05 <DIR> d-------- C:\Program Files\Ares
2007-05-26 12:36 <DIR> d-------- C:\Music
2007-05-26 12:32 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-26 11:49 <DIR> d--h----- C:\Media
2007-05-26 09:03 <DIR> d-------- C:\Winrar
2007-05-26 08:43 127,208 --a------ C:\WINNT\system32\mucltui.dll
2007-05-24 23:18 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-05-24 23:13 <DIR> d-------- C:\WINNT\ShellNew
2007-05-24 23:13 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-24 23:13 <DIR> d-------- C:\Program Files\Common Files\L&H
2007-05-24 10:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WeatherBug
2007-05-24 10:24 <DIR> d-------- C:\Program Files\MyWebSearchWB
2007-05-20 20:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-05-20 19:07 <DIR> d-------- C:\Program Files\DFX
2007-05-20 18:48 940,544 --a------ C:\WINNT\system32\wmspdmoe.dll
2007-05-20 18:48 9,464 --------- C:\WINNT\system32\drivers\cdralw2k.sys
2007-05-20 18:48 9,336 --------- C:\WINNT\system32\drivers\cdr4_2k.sys
2007-05-20 18:48 87,040 --a------ C:\WINNT\system32\drmstor.dll
2007-05-20 18:48 43,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys
2007-05-20 18:48 413,944 --a------ C:\WINNT\system32\wmspdmod.dll
2007-05-20 18:48 384,512 --a------ C:\WINNT\system32\mp4sdmod.dll
2007-05-20 18:48 317,176 --a------ C:\WINNT\system32\mp43dmod.dll
2007-05-20 18:48 306,424 --a------ C:\WINNT\system32\drmclien.dll
2007-05-20 18:48 237,568 --a------ C:\WINNT\system32\qasf.dll
2007-05-20 18:48 151,552 --a------ C:\WINNT\system32\wmidx.dll
2007-05-20 18:48 129,784 --------- C:\WINNT\system32\pxafs.dll
2007-05-20 18:48 1,119,744 --a------ C:\WINNT\system32\wmsdmoe2.dll
2007-05-20 18:48 1,003,008 --a------ C:\WINNT\system32\wmvdmoe2.dll
2007-05-20 18:47 <DIR> d-------- C:\Program Files\Winamp
2007-05-20 18:16 895,736 --a------ C:\WINNT\system32\wmvdmod.dll
2007-05-20 18:16 774,904 --a------ C:\WINNT\system32\wmsdmod.dll
2007-05-20 18:16 716,288 --a------ C:\WINNT\system32\wmadmoe.dll
2007-05-20 18:16 696,320 --a------ C:\WINNT\system32\drmv2clt.dll
2007-05-20 18:16 66,048 --a------ C:\WINNT\system32\wmerrenu.dll
2007-05-20 18:16 6,656 --a------ C:\WINNT\system32\laprxy.dll
2007-05-20 18:16 53,248 --a------ C:\WINNT\system32\mspmspsv.exe
2007-05-20 18:16 50,448 --a------ C:\WINNT\system32\msdmo.dll
2007-05-20 18:16 466,944 --a------ C:\WINNT\system32\wmv8dmoe.dll
2007-05-20 18:16 446,464 --a------ C:\WINNT\system32\wmvdmoe.dll
2007-05-20 18:16 396,528 --a------ C:\WINNT\system32\wmadmod.dll
2007-05-20 18:16 368,710 --a------ C:\WINNT\system32\msisam11.dll
2007-05-20 18:16 335,360 --a------ C:\WINNT\system32\wmstream.dll
2007-05-20 18:16 32,768 --a------ C:\WINNT\system32\asferror.dll
2007-05-20 18:16 309,584 --a------ C:\WINNT\system32\wmv8dmod.dll
2007-05-20 18:16 294,400 --a------ C:\WINNT\system32\blackbox.dll
2007-05-20 18:16 270,336 --a------ C:\WINNT\system32\pdbrowse.dll
2007-05-20 18:16 260,096 --a------ C:\WINNT\system32\msnetobj.dll
2007-05-20 18:16 241,725 --a------ C:\WINNT\system32\msuni11.dll
2007-05-20 18:16 240,640 --a------ C:\WINNT\system32\mpg4dmod.dll
2007-05-20 18:16 24,064 --a------ C:\WINNT\system32\wmdmlog.dll
2007-05-20 18:16 222,208 --a------ C:\WINNT\system32\wmasf.dll
2007-05-20 18:16 221,184 --a------ C:\WINNT\system32\msscp.dll
2007-05-20 18:16 188,416 --a------ C:\WINNT\system32\mspmsp.dll
2007-05-20 18:16 184,320 --a------ C:\WINNT\system32\wmpcd.dll
2007-05-20 18:16 163,840 --a------ C:\WINNT\system32\mindex.dll
2007-05-20 18:16 16,384 --a------ C:\WINNT\system32\wmdmps.dll
2007-05-20 18:16 159,744 --a------ C:\WINNT\system32\mswmdm.dll
2007-05-20 18:16 147,456 --a------ C:\WINNT\system32\CEWMDM.dll
2007-05-20 18:16 118,784 --a------ C:\WINNT\system32\wmsdmoe.dll
2007-05-20 18:16 103,936 --a------ C:\WINNT\system32\logagent.exe
2007-05-20 18:16 1,290,240 --a------ C:\WINNT\system32\wmploc.dll
2007-05-20 18:16 1,122,304 --a------ C:\WINNT\system32\wmpui.dll
2007-05-20 18:16 1,022,464 --a------ C:\WINNT\system32\wmnetmgr.dll
2007-05-20 17:43 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\BitTorrent
2007-05-20 17:05 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-19 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-05-19 22:49 <DIR> d-------- C:\Program Files\QuickTime
2007-05-19 22:48 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-05-19 22:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-05-19 22:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Azureus
2007-05-19 20:50 <DIR> d-------- C:\Limewire Shared
2007-05-19 20:50 <DIR> d-------- C:\Incomplete
2007-05-19 20:50 <DIR> d-------- C:\Documents and Settings\ADMINI~1\Incomplete
2007-05-19 20:50 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-05-19 20:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\LimeWire
2007-05-19 20:48 <DIR> d-------- C:\Program Files\LimeWire
2007-05-19 16:53 <DIR> d--hs---- C:\RECYCLER
2007-05-19 15:51 <DIR> d--h----- C:\WINNT\PIF
2007-05-19 15:49 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-05-19 15:48 <DIR> d-------- C:\Program Files\Google
2007-05-19 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-19 15:47 <DIR> d-------- C:\WINNT\system32\Macromed
2007-05-19 15:40 <DIR> d-------- C:\Program Files\Raxco
2007-05-19 15:40 <DIR> d-------- C:\Program Files\Common Files\Authentium
2007-05-19 15:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Raxco
2007-05-19 15:39 <DIR> d-------- C:\WINNT\winsxs
2007-05-19 15:39 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-19 15:39 <DIR> d-------- C:\Program Files\CA
2007-05-19 15:37 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-19 15:37 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-05-19 15:35 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Verizon
2007-05-19 15:34 <DIR> d-------- C:\Program Files\Verizon
2007-05-19 15:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Verizon
2007-05-19 15:08 8,192 --a------ C:\DOCUME~1\ALLUSE~1\ntuser.dat
2007-05-19 15:08 <DIR> d--h-c--- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2007-05-19 15:02 <DIR> d-------- C:\WINNT\mui
2007-05-19 14:56 <DIR> d-------- C:\WINNT\system32\Windows Media
2007-05-19 14:55 22,752 --a------ C:\WINNT\system32\spupdsvc.exe
2007-05-19 14:54 <DIR> d--h-c--- C:\WINNT\$NtUpdateRollupPackUninstall$
2007-05-19 14:54 <DIR> d-------- C:\WINNT\msiinst.tmp
2007-05-19 14:18 <DIR> d-------- C:\WINNT\system32\BITS
2007-05-19 13:52 <DIR> d-------- C:\WINNT\RegisteredPackages
2007-05-19 13:49 <DIR> d--h----- C:\WINNT\msdownld.tmp
2007-05-19 13:49 <DIR> d-------- C:\WINNT\Windows Update Setup Files
2007-05-19 13:49 <DIR> d-------- C:\Downloads
2007-05-19 13:47 465,176 --a------ C:\WINNT\system32\wuapi.dll
2007-05-19 13:47 41,240 --a------ C:\WINNT\system32\wups.dll
2007-05-19 13:47 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2007-05-19 13:47 18,200 --a------ C:\WINNT\system32\wups2.dll
2007-05-19 13:47 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2007-05-19 13:47 127,256 --a------ C:\WINNT\system32\wucltui.dll
2007-05-19 13:45 <DIR> d-------- C:\WINNT\SoftwareDistribution
2007-05-19 13:42 1,048,576 --ah----- C:\Documents and Settings\ADMINI~1\NTUSER.DAT
2007-05-19 13:42 1,048,576 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-19 13:42 <DIR> d--hs---- C:\WINNT\Installer
2007-05-19 13:42 <DIR> d--hs---- C:\WINNT\CSC
2007-05-19 13:42 <DIR> d--h----- C:\WINNT\system32\GroupPolicy
2007-05-19 13:41 <DIR> d--hs---- C:\System Volume Information
2007-05-19 13:41 <DIR> d-------- C:\WINNT\system32\NtmsData
2007-05-19 13:32 <DIR> d-------- C:\WINNT\system32\rpcproxy
2007-05-19 13:32 <DIR> d-------- C:\WINNT\system32\rocket
2007-05-19 13:32 <DIR> d-------- C:\WINNT\system32\inetsrv
2007-05-19 13:32 <DIR> d-------- C:\WINNT\mww32
2007-05-19 13:32 <DIR> d-------- C:\WINNT\ime
2007-05-19 13:32 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-19 13:30 122,880 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-19 13:30 0 -rahs---- C:\MSDOS.SYS
2007-05-19 13:30 0 -rahs---- C:\IO.SYS
2007-05-19 13:30 0 ---h----- C:\CONFIG.SYS
2007-05-19 13:30 0 ---h----- C:\AUTOEXEC.BAT
2007-05-19 13:29 131,072 --a------ C:\WINNT\system32\mapi32.dll
2007-05-19 13:28 <DIR> dr------- C:\WINNT\Offline Web Pages
2007-05-19 13:28 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-19 13:28 <DIR> d---s---- C:\WINNT\Downloaded Program Files
2007-05-19 13:27 72,464 --a------ C:\WINNT\system32\isign32.dll
2007-05-19 13:27 63,248 --a------ C:\WINNT\system32\ils.dll
2007-05-19 13:27 57,104 --a------ C:\WINNT\system32\icwdial.dll
2007-05-19 13:27 53,520 --a------ C:\WINNT\system32\msconf.dll
2007-05-19 13:27 5,904 --a------ C:\WINNT\system32\icfgnt5.dll
2007-05-19 13:27 49,424 --a------ C:\WINNT\system32\icwphbk.dll
2007-05-19 13:27 4,880 --a------ C:\WINNT\system32\ksuser.dll
2007-05-19 13:27 32,880 --a------ C:\WINNT\system32\mnmdd.dll
2007-05-19 13:27 3,072 --a------ C:\WINNT\system32\nmevtmsg.dll
2007-05-19 13:27 251,152 --a------ C:\WINNT\system32\inetcfg.dll
2007-05-19 13:27 218,896 --a------ C:\WINNT\system32\mstask.dll
2007-05-19 13:27 21,776 --a------ C:\WINNT\system32\mnmsrvc.exe
2007-05-19 13:27 12,560 --a------ C:\WINNT\system32\nmmkcert.dll
2007-05-19 13:27 113,744 --a------ C:\WINNT\system32\drivers\ks.sys
2007-05-19 13:27 10,000 --a------ C:\WINNT\system32\mstinit.exe
2007-05-19 13:27 <DIR> d-a-s---- C:\WINNT\Tasks
2007-05-19 13:26 15,012 --a------ C:\WINNT\system32\emptyregdb.dat
2007-05-19 13:25 <DIR> d-------- C:\WINNT\Registration
2007-05-19 13:24 99,600 --a------ C:\WINNT\system32\clipbrd.exe
2007-05-19 13:24 96,528 --a------ C:\WINNT\system32\winmine.exe
2007-05-19 13:24 91,408 --a------ C:\WINNT\system32\calc.exe
2007-05-19 13:24 90,384 --a------ C:\WINNT\system32\charmap.exe
2007-05-19 13:24 84,240 --a------ C:\WINNT\system32\txflog.dll
2007-05-19 13:24 76,048 --a------ C:\WINNT\system32\avwav.dll
2007-05-19 13:24 71,440 --a------ C:\WINNT\system32\stclient.dll
2007-05-19 13:24 68,368 --a------ C:\WINNT\system32\sndvol32.exe
2007-05-19 13:24 66,832 --a------ C:\WINNT\system32\winchat.exe
2007-05-19 13:24 641,808 --a------ C:\WINNT\system32\xiffr3_0.dll
2007-05-19 13:24 60,688 --a------ C:\WINNT\system32\imgcmn.dll
2007-05-19 13:24 6,928 --a------ C:\WINNT\system32\msdtc.exe
2007-05-19 13:24 6,416 --a------ C:\WINNT\system32\write.exe
2007-05-19 13:24 576,784 --a------ C:\WINNT\system32\hypertrm.dll
2007-05-19 13:24 55,056 --a------ C:\WINNT\system32\catsrvps.dll
2007-05-19 13:24 53,008 --a------ C:\WINNT\system32\packager.exe
2007-05-19 13:24 406,800 --a------ C:\WINNT\system32\getuname.dll
2007-05-19 13:24 38,160 --a------ C:\WINNT\system32\jpeg2x32.dll
2007-05-19 13:24 35,600 --a------ C:\WINNT\system32\mtxlegih.dll
2007-05-19 13:24 34,064 --a------ C:\WINNT\system32\sol.exe
2007-05-19 13:24 34,064 --a------ C:\WINNT\system32\freecell.exe
2007-05-19 13:24 337,680 --a------ C:\WINNT\system32\cdplayer.exe
2007-05-19 13:24 33,552 --a------ C:\WINNT\system32\tifflt.dll
2007-05-19 13:24 319,760 --a------ C:\WINNT\system32\mspaint.exe
2007-05-19 13:24 3,856 --a------ C:\WINNT\system32\mtxex.dll
2007-05-19 13:24 29,968 --a------ C:\WINNT\system32\comaddin.dll
2007-05-19 13:24 27,920 --a------ C:\WINNT\system32\jpeg1x32.dll
2007-05-19 13:24 25,872 --a------ C:\WINNT\system32\oitwa400.dll
2007-05-19 13:24 226,576 --a------ C:\WINNT\system32\avtapi.dll
2007-05-19 13:24 21,776 --a------ C:\WINNT\system32\oislb400.dll
2007-05-19 13:24 21,776 --a------ C:\WINNT\system32\hticons.dll
2007-05-19 13:24 21,264 --a------ C:\WINNT\system32\comclust.exe
2007-05-19 13:24 19,216 --a------ C:\WINNT\system32\xolehlp.dll
2007-05-19 13:24 17,168 --a------ C:\WINNT\system32\avmeter.dll
2007-05-19 13:24 150,800 --a------ C:\WINNT\system32\accwiz.exe
2007-05-19 13:24 147,216 --a------ C:\WINNT\system32\DComExt.dll
2007-05-19 13:24 146,192 --a------ C:\WINNT\system32\comsnap.dll
2007-05-19 13:24 13,584 --a------ C:\WINNT\system32\imgshl.dll
2007-05-19 13:24 13,072 --a------ C:\WINNT\system32\oissq400.dll
2007-05-19 13:24 13,072 --a------ C:\WINNT\system32\oiprt400.dll
2007-05-19 13:24 118,032 --a------ C:\WINNT\system32\mplay32.exe
2007-05-19 13:24 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2007-05-19 13:24 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2007-05-19 13:24 <DIR> d-------- C:\WINNT\system32\DTCLog
2007-05-19 13:24 <DIR> d-------- C:\Program Files\Windows NT
2007-05-19 13:24 <DIR> d-------- C:\Program Files\Accessories
2007-05-19 13:23 97,552 --a------ C:\WINNT\system32\comrepl.dll
2007-05-19 13:23 97,040 --a------ C:\WINNT\system32\clbcatex.dll
2007-05-19 13:23 96,016 --a------ C:\WINNT\system32\msdtclog.dll
2007-05-19 13:23 9,216 --a------ C:\WINNT\system32\wuauserv.dll
2007-05-19 13:23 625,936 --a------ C:\WINNT\system32\comuid.dll
2007-05-19 13:23 61,712 --a------ C:\WINNT\system32\oiui400.dll
2007-05-19 13:23 595,728 --a------ C:\WINNT\system32\catsrvut.dll
2007-05-19 13:23 444,176 --a------ C:\WINNT\system32\oieng400.dll
2007-05-19 13:23 41,744 --a------ C:\WINNT\system32\colbact.dll
2007-05-19 13:23 26,896 --a------ C:\WINNT\system32\mtxdm.dll
2007-05-19 13:23 165,648 --a------ C:\WINNT\system32\catsrv.dll
2007-05-19 13:23 153,872 --a------ C:\WINNT\system32\msdtcui.dll
2007-05-19 13:23 124,184 --a------ C:\WINNT\system32\wuauclt.exe
2007-05-19 13:23 123,152 --a------ C:\WINNT\system32\mtxoci.dll
2007-05-19 13:23 1,842,672 -ra------ C:\WINNT\system32\dtcsetup.exe
2007-05-19 13:23 1,343,768 --a------ C:\WINNT\system32\wuaueng.dll
2007-05-19 13:23 <DIR> d-------- C:\WINNT\system32\Com
2007-05-19 08:16 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2007-05-19 08:16 6,640 --a------ C:\WINNT\system32\drivers\MSKSSRV.sys
2007-05-19 08:16 51,152 --a------ C:\WINNT\system32\drivers\DMusic.sys
2007-05-19 08:16 5,008 --a------ C:\WINNT\system32\drivers\MSPCLOCK.sys
2007-05-19 08:16 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2007-05-19 08:16 4,816 --a------ C:\WINNT\system32\drivers\MSPQM.sys
2007-05-19 08:16 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2007-05-19 08:15 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2007-05-19 08:15 2,896 --a------ C:\WINNT\system32\drivers\audstub.sys
2007-05-19 08:14 9,808 --a------ C:\WINNT\system32\drivers\gameenum.sys
2007-05-19 08:13 59,664 --a------ C:\WINNT\system32\usbui.dll
2007-05-19 08:13 530,192 --a------ C:\WINNT\system32\nv4.dll
2007-05-19 08:13 358,928 --a------ C:\WINNT\system32\drivers\ds1wdm.sys
2007-05-19 08:13 35,344 --a------ C:\WINNT\system32\drivers\redbook.sys
2007-05-19 08:13 345,040 --a------ C:\WINNT\system32\drivers\nv4.sys
2007-05-19 08:13 21,008 --a------ C:\WINNT\system32\drivers\AGP440.SYS
2007-05-19 08:13 18,704 --a------ C:\WINNT\system32\drivers\RTL8139.sys
2007-05-19 08:13 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys
2007-05-19 08:10 9,936 --a------ C:\WINNT\system\LZEXPAND.DLL
2007-05-19 08:10 9,008 --a------ C:\WINNT\system\VER.DLL
2007-05-19 08:10 85,264 --a------ C:\WINNT\system32\dgsetup.dll
2007-05-19 08:10 82,944 --a------ C:\WINNT\system\OLECLI.DLL
2007-05-19 08:10 81,168 --a------ C:\WINNT\system32\spoolss.dll
2007-05-19 08:10 69,584 --a------ C:\WINNT\system\AVICAP.DLL
2007-05-19 08:10 68,624 --a------ C:\WINNT\system\MMSYSTEM.DLL
2007-05-19 08:10 6,416 --a------ C:\WINNT\system32\batt.dll
2007-05-19 08:10 50,960 --a------ C:\WINNT\NOTEPAD.EXE
2007-05-19 08:10 5,392 --a------ C:\WINNT\delttsul.exe
2007-05-19 08:10 5,120 --a------ C:\WINNT\system\SHELL.DLL
2007-05-19 08:10 47,376 --a------ C:\WINNT\system32\spoolsv.exe
2007-05-19 08:10 35,600 --a------ C:\WINNT\TASKMAN.EXE
2007-05-19 08:10 35,600 --a------ C:\WINNT\system32\storprop.dll
2007-05-19 08:10 28,288 --a------ C:\WINNT\system\COMMDLG.DLL
2007-05-19 08:10 24,064 --a------ C:\WINNT\system\OLESVR.DLL
2007-05-19 08:10 21,344 --a------ C:\WINNT\system\TAPI.DLL
2007-05-19 08:10 176,400 --a------ C:\WINNT\system32\EqnClass.Dll
2007-05-19 08:10 148,992 --a------ C:\WINNT\system32\spxcoins.dll
2007-05-19 08:10 126,912 --a------ C:\WINNT\system\MSVIDEO.DLL
2007-05-19 08:10 123,904 --a------ C:\WINNT\system32\dgrpsetu.dll
2007-05-19 08:10 107,984 --a------ C:\WINNT\system\AVIFILE.DLL
2007-05-19 08:10 <DIR> dra------ C:\Program Files
2007-05-19 08:10 <DIR> d-a------ C:\WINNT\Speech
2007-05-19 08:10 <DIR> d-a------ C:\Program Files\Common Files\ODBC
2007-05-19 08:10 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Documents
2007-05-19 08:09 <DIR> d-a------ C:\WINNT\system32\CatRoot
2007-05-19 08:09 <DIR> d-a------ C:\Documents and Settings
2007-05-19 08:04 <DIR> drahsc--- C:\WINNT\system32\dllcache
2007-05-19 08:04 <DIR> dra-s---- C:\WINNT\Fonts
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\twain_32
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\wins
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\wbem
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\spool
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ShellExt
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\Setup
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ras
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\os2
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\npp
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\mui
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ie_de
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\ias
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\export
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\drivers\etc
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\drivers\disdn
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\drivers
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\dhcp
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system32\config
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\system
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\security
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\repair
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\msapps
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\msagent
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Media
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Help
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Driver Cache
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Debug
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Cursors
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Connection Wizard
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\Config
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\AppPatch
2007-05-19 08:04 <DIR> d-a------ C:\WINNT\addins
2007-05-19 08:04 <DIR> d-a------ C:\WINNT
2007-05-19 08:04 <DIR> d--hs---- C:\WINNT\system32
2007-05-19 08:04 <DIR> d--h----- C:\WINNT\inf
2007-05-19 08:04 <DIR> d---s---- C:\WINNT\Web


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-05 07:17:39 2,854,400 ----a-w C:\WINNT\system32\msi.dll
2007-04-04 22:15:02 839,880 ----a-w C:\WINNT\system32\drivers\Css-Dvp.sys
2007-03-13 09:44:49 245,520 ----a-w C:\WINNT\system32\WINSRV.DLL
2007-03-06 11:17:48 381,200 ----a-w C:\WINNT\system32\USER32.DLL
2007-03-06 11:17:46 38,160 ----a-w C:\WINNT\system32\mf3216.dll
2007-03-06 11:17:46 235,280 ----a-w C:\WINNT\system32\GDI32.DLL
2007-03-06 06:12:21 1,641,936 ----a-w C:\WINNT\system32\WIN32K.SYS
2007-03-02 17:24:44 227,856 ----a-w C:\WINNT\system32\PDBoot.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [10/22/06 11:08p]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll [05/03/07 10:34a]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [05/31/05 01:04a]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [03/14/07 03:43a]
{7C92064A-AD77-4C4B-99B8-C247C374D013}=blank []
{E3215F20-3212-11D6-9F8B-00D0B743919D}=C:\WINNT\system32\StopzillaBHO.dll [11/08/03 10:30p]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/20/03 07:00a C:\WINNT\system32\mobsync.exe]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [05/11/07 03:20p]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [05/03/07 10:34a]
"PPRT"="C:\Program Files\CA\PPRT\bin\ITMRTSVC_Logon.exe" [12/19/06 01:45p]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [05/03/07 10:35a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [05/14/07 05:22p]
"BDNewsAgent"="C:\Program Files\Softwin\BitDefender8\bdnagent.exe" [05/09/05 12:19p]
"STOPzilla"="C:\Program Files\STOPzilla!\Stopzilla.exe" [11/10/03 03:55p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [02/20/01 01:09p C:\WINNT\system32\CTFMON.EXE]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [05/23/07 10:12a]
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe" [05/12/07 10:23a]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [12/20/06 01:55p]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-01 12:27:08
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 06/01/2007 12:28:19
C:\ComboFix-quarantined-files.txt ... 06/01/07 12:28p
C:\ComboFix2.txt ... 05/31/07 06:56p
C:\ComboFix3.txt ... 05/30/07 05:28p

--- E O F ---

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 02 June 2007 - 03:05 PM

Sorry about the delay, I've been really busy working for exams at the moment.

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

Include the Panda report in your next post, and also let me know how things seem to be running now.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 dasummers

dasummers
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 03 June 2007 - 12:53 AM

Posting results for panda activescan as suggested. The system is running a lot smoother. No more erroneous web pages popping up or erratic actions. Thank you for the help.
Dean




Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Adware:Adware/DigInk Not disinfected C:\QooBox\Quarantine\C\WINNT\rau001978.exe.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\nircmd.exe

#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 03 June 2007 - 03:48 AM

Delete the following folder, you should be able to do it in normal mode without any problems:

C:\QooBox

Now that you're free from malware, please follow these simple steps to decrease the likelihood of getting re-infected again:

Set your system to not show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.
Either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

In order to protect yourself against spyware, you should consider installing and running the following free programs:
Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.
Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.
SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.
Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
Thanks and happy computing,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 dasummers

dasummers
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 03 June 2007 - 02:06 PM

Charles, I did all that was suggested and many thanks for the help. This site and your help has been a tremendous help in getting rid of this stuff. I really appreciate it.
-Dean

Edited by dasummers, 03 June 2007 - 02:07 PM.


#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 03 June 2007 - 02:13 PM

Thanks a lot for the kind words, Dean, they mean a lot to me. Great job! :thumbsup:

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 dasummers

dasummers
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:11:51 AM

Posted 04 June 2007 - 12:52 PM

Thanks again for the tremendous help. IE runs much, much smoother and the popups are at a nil. I will spread the word about this site and the help I received to all my friends @ DeVry. Good hunting.
Dean

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 05 June 2007 - 05:02 AM

You're welcome! :thumbsup:
Since this issue appears to be resolved, this topic is now closed.
If you need this topic reopened, please request this by sending me a Personal Message including a link to your thread.
This applies only to the original topic starter. Everyone else please begin a New Topic.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users