Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
2 Pages V   1 2 >  
 Closed TopicStart new topic
Winvirus BS again! Please help! [RESOLVED], What the h#%$ is the purpose of this winvirus thing anyway????? H
RMW
post May 31 2007, 11:10 PM
Post #1


Member
**
Posts: 25
OS: XP
Anyhoo.. they've got me.. winvirus popups and others that come right behind it or before it.. but they just keep coming. I have ran AVG Antispy 7.5 and SUPERAntispyware and they found a bunch of trojans and removed them so it has improved the performance of the PC.. but the faithful "winvirus" thing is still present.

Interestingly enough I have Symantec Norton Protection Center, Norton Internet Security 2005 with 2007 updates and Norton System Works, and it tells me (after the winvirus pops up) that it has just blocked the winvirus from loading and that my computer is now safe.. and that a load of crap! I really need the right protection.. the right piece of software that really does what it says it does. Anything you could suggest to me ( after we get this problem solved first) would be greatly appreciated.

Any help is much appreciated - Sincerely - Roger
Go to the top of the page
 
+Quote Post
__RiP_ChAiN_
post Jun 1 2007, 05:14 AM
Post #2


Malware Expert
Group Icon
Posts: 8,272
From: Omaha, Nebraska U.S.A
OS: Windows XP Professional/Windows Vista Ultimate x64/x86
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Go to the top of the page
 
+Quote Post
RMW
post Jun 1 2007, 10:54 AM
Post #3


Member
**
Posts: 25
OS: XP
Here is my Hijack This Log

Roger


Logfile of HijackThis v1.99.1
Scan saved at 9:53:37 AM, on 6/1/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\csrss.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avvenu\Avvenu_agent.exe
C:\Program Files\Avvenu\Avvenu_cachescheduler.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {DEBEB52F-CFA6-4647-971F-3EDB75B63AFA} - C:\WINDOWS\system32\tmp4.tmp.dll
O2 - BHO: (no name) - {f7fcd00a-01d2-4aa0-af88-f5640bde6ad8} - C:\WINDOWS\system32\kbd11n.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\gebxww.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: Avvenu.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - AppInit_DLLs: c:\windows\system32\vtstsqr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: kbd11n - C:\WINDOWS\SYSTEM32\kbd11n.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Go to the top of the page
 
+Quote Post
__RiP_ChAiN_
post Jun 1 2007, 04:23 PM
Post #4


Malware Expert
Group Icon
Posts: 8,272
From: Omaha, Nebraska U.S.A
OS: Windows XP Professional/Windows Vista Ultimate x64/x86
Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Go to the top of the page
 
+Quote Post
RMW
post Jun 1 2007, 05:18 PM
Post #5


Member
**
Posts: 25
OS: XP
"Compaq_Owner" - 03-06-01 16:04:37 Service Pack 2
ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\Compaq_Owner\Desktop\PC Virus checkers and Cleaners\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2F.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp31.tmp.dll
C:\WINDOWS\system32\tmp32.tmp.dll
C:\WINDOWS\system32\tmp34.tmp.dll
C:\WINDOWS\system32\tmp36.tmp.dll
C:\WINDOWS\system32\tmp38.tmp.dll
C:\WINDOWS\system32\tmp3A.tmp.dll
C:\WINDOWS\system32\tmp3C.tmp.dll
C:\WINDOWS\system32\tmp3E.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp42.tmp.dll
C:\WINDOWS\system32\tmp45.tmp.dll
C:\WINDOWS\system32\tmp48.tmp.dll
C:\WINDOWS\system32\tmp4A.tmp.dll
C:\WINDOWS\system32\tmp4C.tmp.dll
C:\WINDOWS\system32\tmp4F.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp51.tmp.dll
C:\WINDOWS\system32\tmp56.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp7F.tmp.dll
C:\WINDOWS\system32\tmp8.tmp.dll
C:\WINDOWS\system32\tmp81.tmp.dll
C:\WINDOWS\system32\tmp95.tmp.dll
C:\WINDOWS\system32\tmp97.tmp.dll
C:\WINDOWS\system32\tmp99.tmp.dll
C:\WINDOWS\system32\tmp9B.tmp.dll
C:\WINDOWS\system32\tmp9D.tmp.dll
C:\WINDOWS\system32\tmp9F.tmp.dll
C:\WINDOWS\system32\tmpA.tmp.dll
C:\WINDOWS\system32\tmpA1.tmp.dll
C:\WINDOWS\system32\tmpA3.tmp.dll
C:\WINDOWS\system32\tmpA5.tmp.dll
C:\WINDOWS\system32\tmpA7.tmp.dll
C:\WINDOWS\system32\tmpA9.tmp.dll
C:\WINDOWS\system32\tmpAA.tmp.dll
C:\WINDOWS\system32\tmpAC.tmp.dll
C:\WINDOWS\system32\tmpAE.tmp.dll
C:\WINDOWS\system32\tmpD.tmp.dll
C:\WINDOWS\system32\tmpD9B.tmp.dll
C:\WINDOWS\system32\tmpF.tmp.dll
C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2F.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp31.tmp.dll
C:\WINDOWS\system32\tmp32.tmp.dll
C:\WINDOWS\system32\tmp34.tmp.dll
C:\WINDOWS\system32\tmp36.tmp.dll
C:\WINDOWS\system32\tmp38.tmp.dll
C:\WINDOWS\system32\tmp3A.tmp.dll
C:\WINDOWS\system32\tmp3C.tmp.dll
C:\WINDOWS\system32\tmp3E.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp42.tmp.dll
C:\WINDOWS\system32\tmp45.tmp.dll
C:\WINDOWS\system32\tmp48.tmp.dll
C:\WINDOWS\system32\tmp4A.tmp.dll
C:\WINDOWS\system32\tmp4C.tmp.dll
C:\WINDOWS\system32\tmp4F.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp51.tmp.dll
C:\WINDOWS\system32\tmp56.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp7F.tmp.dll
C:\WINDOWS\system32\tmp8.tmp.dll
C:\WINDOWS\system32\tmp81.tmp.dll
C:\WINDOWS\system32\tmp95.tmp.dll
C:\WINDOWS\system32\tmp97.tmp.dll
C:\WINDOWS\system32\tmp99.tmp.dll
C:\WINDOWS\system32\tmp9B.tmp.dll
C:\WINDOWS\system32\tmp9D.tmp.dll
C:\WINDOWS\system32\tmp9F.tmp.dll
C:\WINDOWS\system32\tmpA.tmp.dll
C:\WINDOWS\system32\tmpA1.tmp.dll
C:\WINDOWS\system32\tmpA3.tmp.dll
C:\WINDOWS\system32\tmpA5.tmp.dll
C:\WINDOWS\system32\tmpA7.tmp.dll
C:\WINDOWS\system32\tmpA9.tmp.dll
C:\WINDOWS\system32\tmpAA.tmp.dll
C:\WINDOWS\system32\tmpAC.tmp.dll
C:\WINDOWS\system32\tmpAE.tmp.dll
C:\WINDOWS\system32\tmpD.tmp.dll
C:\WINDOWS\system32\tmpD9B.tmp.dll
C:\WINDOWS\system32\tmpF.tmp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tmp11.tmp.dll
C:\WINDOWS\system32\tmp18.tmp.dll
C:\WINDOWS\system32\tmp2.tmp.dll
C:\WINDOWS\system32\tmp2F.tmp.dll
C:\WINDOWS\system32\tmp3.tmp.dll
C:\WINDOWS\system32\tmp31.tmp.dll
C:\WINDOWS\system32\tmp32.tmp.dll
C:\WINDOWS\system32\tmp34.tmp.dll
C:\WINDOWS\system32\tmp36.tmp.dll
C:\WINDOWS\system32\tmp38.tmp.dll
C:\WINDOWS\system32\tmp3A.tmp.dll
C:\WINDOWS\system32\tmp3C.tmp.dll
C:\WINDOWS\system32\tmp3E.tmp.dll
C:\WINDOWS\system32\tmp4.tmp.dll
C:\WINDOWS\system32\tmp42.tmp.dll
C:\WINDOWS\system32\tmp45.tmp.dll
C:\WINDOWS\system32\tmp48.tmp.dll
C:\WINDOWS\system32\tmp4A.tmp.dll
C:\WINDOWS\system32\tmp4C.tmp.dll
C:\WINDOWS\system32\tmp4F.tmp.dll
C:\WINDOWS\system32\tmp5.tmp.dll
C:\WINDOWS\system32\tmp51.tmp.dll
C:\WINDOWS\system32\tmp56.tmp.dll
C:\WINDOWS\system32\tmp6.tmp.dll
C:\WINDOWS\system32\tmp7.tmp.dll
C:\WINDOWS\system32\tmp7F.tmp.dll
C:\WINDOWS\system32\tmp8.tmp.dll
C:\WINDOWS\system32\tmp81.tmp.dll
C:\WINDOWS\system32\tmp95.tmp.dll
C:\WINDOWS\system32\tmp97.tmp.dll
C:\WINDOWS\system32\tmp99.tmp.dll
C:\WINDOWS\system32\tmp9B.tmp.dll
C:\WINDOWS\system32\tmp9D.tmp.dll
C:\WINDOWS\system32\tmp9F.tmp.dll
C:\WINDOWS\system32\tmpA.tmp.dll
C:\WINDOWS\system32\tmpA1.tmp.dll
C:\WINDOWS\system32\tmpA3.tmp.dll
C:\WINDOWS\system32\tmpA5.tmp.dll
C:\WINDOWS\system32\tmpA7.tmp.dll
C:\WINDOWS\system32\tmpA9.tmp.dll
C:\WINDOWS\system32\tmpAA.tmp.dll
C:\WINDOWS\system32\tmpAC.tmp.dll
C:\WINDOWS\system32\tmpAE.tmp.dll
C:\WINDOWS\system32\tmpD.tmp.dll
C:\WINDOWS\system32\tmpD9B.tmp.dll
C:\WINDOWS\system32\tmpF.tmp.dll
C:\WINDOWS\csrss.exe


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\NETDown
-------\LEGACY_NETDOWN


((((((((((((((((((((((((((((((( Files Created from 2003-05-01 to 2003-06-01 ))))))))))))))))))))))))))))))))))


2003-06-01 15:27 <DIR> d-------- C:\WINDOWS\system32\TQ0
2003-06-01 15:27 <DIR> d-------- C:\WINDOWS\system32\T7
2003-06-01 15:27 <DIR> d-------- C:\WINDOWS\system32\T6
2003-06-01 15:27 <DIR> d-------- C:\WINDOWS\system32\T4
2003-06-01 15:27 <DIR> d-------- C:\WINDOWS\system32\T3
2003-06-01 15:27 <DIR> d-------- C:\WINDOWS\system32\pog
2003-06-01 15:26 <DIR> d-------- C:\TEMP\x2b
2003-06-01 15:24 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp18.tmp.exe
2003-06-01 15:24 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp19.tmp.exe
2003-06-01 15:24 14,390 --a------ C:\systcib.exe
2003-06-01 14:11 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB6.tmp.exe
2003-06-01 14:11 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB7.tmp.exe
2003-06-01 14:07 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB4.tmp.exe
2003-06-01 14:07 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB5.tmp.exe
2003-06-01 14:04 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB2.tmp.exe
2003-06-01 14:04 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB3.tmp.exe
2003-06-01 14:01 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB0.tmp.exe
2003-06-01 14:01 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB1.tmp.exe
2003-06-01 14:00 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpAE.tmp.exe
2003-06-01 14:00 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpAF.tmp.exe
2003-06-01 13:58 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpAC.tmp.exe
2003-06-01 13:58 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpAA.tmp.exe
2003-06-01 13:58 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpAD.tmp.exe
2003-06-01 13:58 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpAB.tmp.exe
2003-06-01 13:56 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA9.tmp.exe
2003-06-01 13:56 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA7.tmp.exe
2003-06-01 13:56 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA8.tmp.exe
2003-06-01 13:54 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA6.tmp.exe
2003-06-01 13:53 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA5.tmp.exe
2003-06-01 13:53 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA4.tmp.exe
2003-06-01 13:52 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA3.tmp.exe
2003-06-01 13:52 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA1.tmp.exe
2003-06-01 13:52 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA2.tmp.exe
2003-06-01 13:52 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA0.tmp.exe
2003-06-01 13:48 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp9F.tmp.exe
2003-06-01 13:48 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp9E.tmp.exe
2003-06-01 13:47 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp9D.tmp.exe
2003-06-01 13:47 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp9C.tmp.exe
2003-06-01 13:46 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp9B.tmp.exe
2003-06-01 13:45 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp99.tmp.exe
2003-06-01 13:45 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp9A.tmp.exe
2003-06-01 13:42 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp97.tmp.exe
2003-06-01 13:42 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp98.tmp.exe
2003-06-01 13:41 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp95.tmp.exe
2003-06-01 13:41 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp96.tmp.exe
2003-06-01 13:40 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp81.tmp.exe
2003-06-01 13:40 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp82.tmp.exe
2003-06-01 13:37 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7F.tmp.exe
2003-06-01 13:37 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp80.tmp.exe
2003-06-01 13:32 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7D.tmp.exe
2003-06-01 13:32 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7E.tmp.exe
2003-06-01 13:30 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7B.tmp.exe
2003-06-01 13:30 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7C.tmp.exe
2003-06-01 13:29 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp79.tmp.exe
2003-06-01 13:29 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7A.tmp.exe
2003-06-01 13:27 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp77.tmp.exe
2003-06-01 13:27 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp78.tmp.exe
2003-06-01 13:26 6,788 --a------ C:\syskbeu.exe
2003-06-01 13:26 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp75.tmp.exe
2003-06-01 13:26 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp76.tmp.exe
2003-06-01 13:25 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp74.tmp.exe
2003-06-01 13:24 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp73.tmp.exe
2003-06-01 13:22 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp71.tmp.exe
2003-06-01 13:22 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp72.tmp.exe
2003-06-01 13:19 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6F.tmp.exe
2003-06-01 13:19 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp70.tmp.exe
2003-06-01 13:18 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6D.tmp.exe
2003-06-01 13:18 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6E.tmp.exe
2003-06-01 13:16 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6B.tmp.exe
2003-06-01 13:16 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6C.tmp.exe
2003-06-01 13:13 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6A.tmp.exe
2003-06-01 13:13 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp69.tmp.exe
2003-06-01 13:12 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp68.tmp.exe
2003-06-01 13:12 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp67.tmp.exe
2003-06-01 13:10 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp66.tmp.exe
2003-06-01 13:10 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp65.tmp.exe
2003-06-01 13:07 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp64.tmp.exe
2003-06-01 13:07 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp63.tmp.exe
2003-06-01 13:06 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp62.tmp.exe
2003-06-01 13:06 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp61.tmp.exe
2003-06-01 13:05 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp60.tmp.exe
2003-06-01 13:03 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp5F.tmp.exe
2003-06-01 12:57 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp5E.tmp.exe
2003-06-01 12:56 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp56.tmp.exe
2003-06-01 12:56 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp5D.tmp.exe
2003-06-01 12:56 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp52.tmp.exe
2003-06-01 12:51 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp51.tmp.exe
2003-06-01 12:49 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp50.tmp.exe
2003-06-01 12:48 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp4F.tmp.exe
2003-06-01 12:48 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp4E.tmp.exe
2003-06-01 12:47 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp4C.tmp.exe
2003-06-01 12:47 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp4A.tmp.exe
2003-06-01 12:47 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp4B.tmp.exe
2003-06-01 12:46 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp48.tmp.exe
2003-06-01 12:46 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp45.tmp.exe
2003-06-01 12:46 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp49.tmp.exe
2003-06-01 12:46 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp46.tmp.exe
2003-06-01 12:40 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp44.tmp.exe
2003-06-01 12:40 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp43.tmp.exe
2003-06-01 12:38 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp42.tmp.exe
2003-06-01 12:36 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp40.tmp.exe
2003-06-01 12:36 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp41.tmp.exe
2003-06-01 12:31 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3F.tmp.exe
2003-06-01 12:30 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3E.tmp.exe
2003-06-01 12:27 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3C.tmp.exe
2003-06-01 12:27 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3D.tmp.exe
2003-06-01 12:25 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3A.tmp.exe
2003-06-01 12:25 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3B.tmp.exe
2003-06-01 12:09 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp39.tmp.exe
2003-06-01 12:08 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp38.tmp.exe
2003-06-01 12:07 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp36.tmp.exe
2003-06-01 12:07 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp37.tmp.exe
2003-06-01 12:06 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp34.tmp.exe
2003-06-01 12:06 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp35.tmp.exe
2003-06-01 12:06 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp33.tmp.exe
2003-06-01 12:05 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp32.tmp.exe
2003-06-01 12:03 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp31.tmp.exe
2003-06-01 12:03 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp30.tmp.exe
2003-06-01 12:02 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp2F.tmp.exe
2003-06-01 12:02 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp2E.tmp.exe
2003-06-01 11:49 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp14.tmp.exe
2003-06-01 11:45 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp13.tmp.exe
2003-06-01 11:42 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp11.tmp.exe
2003-06-01 11:42 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp12.tmp.exe
2003-06-01 10:52 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpF.tmp.exe
2003-06-01 10:52 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp10.tmp.exe
2003-06-01 10:51 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpD.tmp.exe
2003-06-01 10:51 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpE.tmp.exe
2003-06-01 10:44 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpA.tmp.exe
2003-06-01 10:44 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB.tmp.exe
2003-06-01 10:18 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp8.tmp.exe
2003-06-01 10:14 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp7.tmp.exe
2003-06-01 10:07 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp6.tmp.exe
2003-06-01 09:55 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp5.tmp.exe
2003-06-01 09:52 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp4.tmp.exe
2003-06-01 09:51 2,560 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp3.tmp.exe
2003-06-01 09:48 50,970 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp2.tmp.exe
2003-05-31 15:20 3,584 --a------ C:\WINDOWS\system32\nso12k.sys
2003-05-31 15:19 <DIR> d-------- C:\Program Files\Ofb11
2003-05-31 15:15 12,800 --a------ C:\WINDOWS\system32\wmvds32.dll
2003-05-02 04:06 81,408 -ra------ C:\WINDOWS\system32\lffax11n.dll
2003-05-02 04:06 716,288 -ra------ C:\WINDOWS\system32\Ltwvc11n.dll
2003-05-02 04:06 59,392 -ra------ C:\WINDOWS\system32\lfwmf11n.dll
2003-05-02 04:06 56,320 -ra------ C:\WINDOWS\system32\lfpsd11n.dll
2003-05-02 04:06 41,472 -ra------ C:\WINDOWS\system32\lfgif11n.dll
2003-05-02 04:06 392,192 -ra------ C:\WINDOWS\system32\ltkrn11n.dll
2003-05-02 04:06 36,864 -ra------ C:\WINDOWS\system32\lfbmp11n.dll
2003-05-02 04:06 33,280 -ra------ C:\WINDOWS\system32\lfpcx11n.dll
2003-05-02 04:06 31,232 -ra------ C:\WINDOWS\system32\lfeps11n.dll
2003-05-02 04:06 285,184 -ra------ C:\WINDOWS\system32\LFCMP11n.DLL
2003-05-02 04:06 27,648 -ra------ C:\WINDOWS\system32\lftga11n.dll
2003-05-02 04:06 262,656 -ra------ C:\WINDOWS\system32\LTDIS11n.dll
2003-05-02 04:06 26,112 -ra------ C:\WINDOWS\system32\lfpcd11n.dll
2003-05-02 04:06 212,480 -ra------ C:\WINDOWS\system32\PCDLIB32.DLL
2003-05-02 04:06 172,032 -ra------ C:\WINDOWS\system32\Lfpng11n.dll
2003-05-02 04:06 152,064 -ra------ C:\WINDOWS\system32\lftif11n.dll
2003-05-02 04:06 127,488 -ra------ C:\WINDOWS\system32\ltimg11n.dll
2003-05-02 04:06 118,784 -ra------ C:\WINDOWS\system32\ltfil11n.DLL


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-10 16:56 82380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2007-04-27 14:48 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-02-20 18:05 22112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-01-11 19:22 276792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-01-11 19:22 25400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-01-11 19:22 247608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-01-09 15:32 40120 --a------ C:\WINDOWS\system32\drivers\symids.sys
2007-01-09 15:32 38200 --a------ C:\WINDOWS\system32\drivers\symndisv.sys
2007-01-09 15:32 35256 --a------ C:\WINDOWS\system32\drivers\symndis.sys
2007-01-09 15:32 27576 --a------ C:\WINDOWS\system32\drivers\symredrv.sys
2007-01-09 15:32 191544 --a------ C:\WINDOWS\system32\drivers\symtdi.sys
2007-01-09 15:32 145976 --a------ C:\WINDOWS\system32\drivers\symfw.sys
2007-01-09 15:32 12984 --a------ C:\WINDOWS\system32\drivers\symdns.sys
2006-10-10 06:17 81780 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2006-09-19 14:44 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-05 09:03 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2005-11-03 19:43 90272 --a------ C:\WINDOWS\system32\drivers\SdDriver.SYS
2005-02-16 15:06 20576 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2004-11-02 09:27 773565 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2004-10-28 01:14 448128 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2004-10-28 01:13 174592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2004-10-13 17:33 2287104 --a------ C:\WINDOWS\system32\drivers\RtkHDAud.sys
2004-10-08 23:48 262400 --a------ C:\WINDOWS\system32\drivers\http.sys
2004-08-11 09:45 18944 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
2004-08-04 11:00 92032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2004-08-04 11:00 80128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2004-08-04 11:00 63744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2004-08-04 11:00 61824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2004-08-04 11:00 60800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2004-08-04 11:00 58112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2004-08-04 11:00 574592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2004-08-04 11:00 51712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2004-08-04 11:00 4352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2004-08-04 11:00 42496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2004-08-04 11:00 37376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2004-08-04 11:00 36992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2004-08-04 11:00 36480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2004-08-04 11:00 35328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2004-08-04 11:00 30080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2004-08-04 11:00 262528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2004-08-04 11:00 25472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2004-08-04 11:00 23936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2004-08-04 11:00 23808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2004-08-04 11:00 23040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2004-08-04 11:00 21376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2004-08-04 11:00 18688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2004-08-04 11:00 16000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2004-08-04 11:00 15488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2004-08-04 11:00 12928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2004-08-04 11:00 12416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2004-08-04 11:00 12160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2004-08-04 11:00 12032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys
2004-08-04 11:00 12032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys
2004-08-04 11:00 12032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys
2004-08-04 11:00 11776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys
2004-08-04 07:15 82944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2004-08-04 07:15 60800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2004-08-04 07:07 6400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2004-08-04 07:07 52864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2004-08-04 07:07 2944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2004-08-04 07:07 171776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2004-08-04 07:01 40840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2004-08-04 06:58 7552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2004-08-04 06:58 5376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2004-08-04 06:58 4992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2004-08-04 06:39 142464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2004-08-04 05:01 196864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2004-08-04 04:00 96256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2004-08-04 04:00 9600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys
2004-08-04 04:00 95360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2004-08-04 04:00 91776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2004-08-04 04:00 88448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2004-08-04 04:00 8832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys
2004-08-04 04:00 799744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2004-08-04 04:00 79744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2004-08-04 04:00 7936 --a------ C:\WINDOWS\system32\drivers\fs_rec.sys
2004-08-04 04:00 7680 --a------ C:\WINDOWS\system32\drivers\mcd.sys
2004-08-04 04:00 74752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2004-08-04 04:00 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2004-08-04 04:00 71552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2004-08-04 04:00 71040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2004-08-04 04:00 69120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2004-08-04 04:00 68224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2004-08-04 04:00 6784 --a------ C:\WINDOWS\system32\drivers\parvdm.sys
2004-08-04 04:00 67584 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2004-08-04 04:00 66176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2004-08-04 04:00 64896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2004-08-04 04:00 63744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2004-08-04 04:00 63232 --a------ C:\WINDOWS\system32\drivers\nwlnknb.sys
2004-08-04 04:00 61056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2004-08-04 04:00 59904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2004-08-04 04:00 5888 --a------ C:\WINDOWS\system32\drivers\rootmdm.sys
2004-08-04 04:00 5888 --a------ C:\WINDOWS\system32\drivers\dmload.sys
2004-08-04 04:00 57600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2004-08-04 04:00 55936 --a------ C:\WINDOWS\system32\drivers\nwlnkspx.sys
2004-08-04 04:00 55936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2004-08-04 04:00 5504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2004-08-04 04:00 5376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2004-08-04 04:00 53248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2004-08-04 04:00 52352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2004-08-04 04:00 51328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2004-08-04 04:00 49664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2004-08-04 04:00 49536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2004-08-04 04:00 48384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2004-08-04 04:00 4736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2004-08-04 04:00 4352 --a------ C:\WINDOWS\system32\drivers\wmilib.sys
2004-08-04 04:00 42240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2004-08-04 04:00 4224 --a------ C:\WINDOWS\system32\drivers\rdpcdd.sys
2004-08-04 04:00 4224 --a------ C:\WINDOWS\system32\drivers\mnmdd.sys
2004-08-04 04:00 4224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2004-08-04 04:00 41856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2004-08-04 04:00 41472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2004-08-04 04:00 40320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2004-08-04 04:00 38016 --a------ C:\WINDOWS\system32\drivers\ndproxy.sys
2004-08-04 04:00 36352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2004-08-04 04:00 36224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2004-08-04 04:00 36096 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2004-08-04 04:00 359040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2004-08-04 04:00 35840 --a------ C:\WINDOWS\system32\drivers\isapnp.sys
2004-08-04 04:00 352256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys
2004-08-04 04:00 35072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2004-08-04 04:00 34944 --a------ C:\WINDOWS\system32\drivers\fips.sys
2004-08-04 04:00 34560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2004-08-04 04:00 34560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2004-08-04 04:00 3456 --a------ C:\WINDOWS\system32\drivers\oprghdlr.sys
2004-08-04 04:00 34432 --a------ C:\WINDOWS\system32\drivers\rawwan.sys
2004-08-04 04:00 336256 --a------ C:\WINDOWS\system32\drivers\srv.sys
2004-08-04 04:00 3328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2004-08-04 04:00 3328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys
2004-08-04 04:00 32896 --a------ C:\WINDOWS\system32\drivers\ipfltdrv.sys
2004-08-04 04:00 32512 --a------ C:\WINDOWS\system32\drivers\nwlnkfwd.sys
2004-08-04 04:00 31360 --a------ C:\WINDOWS\system32\drivers\atmepvc.sys
2004-08-04 04:00 30848 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2004-08-04 04:00 30080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2004-08-04 04:00 2944 --a------ C:\WINDOWS\system32\drivers\null.sys
2004-08-04 04:00 29056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys
2004-08-04 04:00 27440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2004-08-04 04:00 27392 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2004-08-04 04:00 26624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2004-08-04 04:00 25088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2004-08-04 04:00 24960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2004-08-04 04:00 223616 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2004-08-04 04:00 21896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2004-08-04 04:00 20992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2004-08-04 04:00 20992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys
2004-08-04 04:00 209408 --a------ C:\WINDOWS\system32\drivers\update.sys
2004-08-04 04:00 20480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2004-08-04 04:00 20480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2004-08-04 04:00 200064 --a------ C:\WINDOWS\system32\drivers\RMCast.sys
2004-08-04 04:00 19072 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2004-08-04 04:00 187776 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2004-08-04 04:00 18688 --a------ C:\WINDOWS\system32\drivers\partmgr.sys
2004-08-04 04:00 18560 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2004-08-04 04:00 182912 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2004-08-04 04:00 181248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 04:00 17792 --a------ C:\WINDOWS\system32\drivers\ptilink.sys
2004-08-04 04:00 16512 --a------ C:\WINDOWS\system32\drivers\raspti.sys
2004-08-04 04:00 162816 --a------ C:\WINDOWS\system32\drivers\netbt.sys
2004-08-04 04:00 15488 --a------ C:\WINDOWS\system32\drivers\serenum.sys
2004-08-04 04:00 153344 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2004-08-04 04:00 14976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2004-08-04 04:00 14592 --a------ C:\WINDOWS\system32\drivers\smclib.sys
2004-08-04 04:00 143360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys
2004-08-04 04:00 14336 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys
2004-08-04 04:00 142976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2004-08-04 04:00 14208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys
2004-08-04 04:00 13952 --a------ C:\WINDOWS\system32\drivers\cbidf2k.sys
2004-08-04 04:00 139400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2004-08-04 04:00 138496 --a------ C:\WINDOWS\system32\drivers\afd.sys
2004-08-04 04:00 134912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2004-08-04 04:00 12672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2004-08-04 04:00 125056 --a------ C:\WINDOWS\system32\drivers\ftdisk.sys
2004-08-04 04:00 124800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2004-08-04 04:00 12416 --a------ C:\WINDOWS\system32\drivers\nwlnkflt.sys
2004-08-04 04:00 12040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2004-08-04 04:00 12032 --a------ C:\WINDOWS\system32\drivers\ws2ifsl.sys
2004-08-04 04:00 119936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2004-08-04 04:00 11648 --a------ C:\WINDOWS\system32\drivers\acpiec.sys
2004-08-04 04:00 11392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys
2004-08-04 04:00 11264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2004-08-04 04:00 11136 --a------ C:\WINDOWS\system32\drivers\sffdisk.sys
2004-08-04 04:00 107904 --a------ C:\WINDOWS\system32\drivers\mup.sys
2004-08-04 04:00 10496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2004-08-04 04:00 10240 --a------ C:\WINDOWS\system32\drivers\sffp_sd.sys
2004-08-03 23:15 140928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2004-08-03 23:14 52736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2004-08-03 23:08 60288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2004-08-03 23:08 48640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2004-08-03 22:58 24576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2004-08-03 21:59 57472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2004-08-03 21:31 20992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2004-06-29 10:07 1268204 --a------ C:\WINDOWS\system32\drivers\AGRSM.sys
2004-04-26 23:31 135168 --a------ C:\WINDOWS\system32\drivers\Hdaudbus.sys
2004-03-18 00:10 113664 --a------ C:\WINDOWS\system32\drivers\Hdaudio.sys
2004-03-16 02:41 135040 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2003-12-19 15:15 17277 --a------ C:\WINDOWS\system32\drivers\US122DL.sys
2003-12-19 15:00 86648 --a------ C:\WINDOWS\system32\drivers\US122Wdm.sys
2003-12-19 15:00 213196 --a------ C:\WINDOWS\system32\drivers\US122.sys
2003-09-19 09:47 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2003-09-11 07:36 21060 --a------ C:\WINDOWS\system32\drivers\iviaspi.sys
2003-06-19 01:31 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2003-06-01 15:58 3649 --a------ C:\WINDOWS\viassary-hp.reg
2003-06-01 10:44 -------- d-------- C:\Program Files\superantispyware
2003-06-01 08:25 -------- d-------- C:\Program Files\norton systemworks basic edition
2003-05-31 02:12 847920 --a------ C:\WINDOWS\system32\python22.dll
2003-05-20 09:09 141312 --a------ C:\WINDOWS\system32\oeminfo.dll
2003-04-27 15:23 36352 --a------ C:\WINDOWS\system32\mp2enc.dll
2003-04-18 16:46 1233920 --a------ C:\WINDOWS\system32\msxml4.dll
2003-04-18 16:29 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2003-04-10 23:04 77824 --a------ C:\WINDOWS\system32\windowsaccessbridge.dll
2003-04-10 23:04 28672 --a------ C:\WINDOWS\system32\jawtaccessbridge.dll
2003-04-10 23:04 139264 --a------ C:\WINDOWS\system32\javaaccessbridge.dll
2003-03-18 14:12 1047552 --a------ C:\WINDOWS\system32\mfc71u.dll
2003-03-18 12:05 89088 --a------ C:\WINDOWS\system32\atl71.dll
2003-03-12 21:04 20480 --a------ C:\WINDOWS\daodp202.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{f7fcd00a-01d2-4aa0-af88-f5640bde6ad8} C:\WINDOWS\system32\kbd11n.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"Share-to-Web Namespace Daemon"="\"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe\""
"setup"="rundll32.exe \"C:\\WINDOWS\\gebxww.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"csrss"="C:\\WINDOWS\\csrss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kbd11n

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\vtstsqr.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2003-06-01 16:12:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 03-06-01 16:12:49
C:\ComboFix-quarantined-files.txt ... 03-06-01 16:12
C:\ComboFix2.txt ... 07-05-05 10:36



AND BELOW IS MY Hijack Log----------

Logfile of HijackThis v1.99.1
Scan saved at 4:17:46 PM, on 6/1/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avvenu\Avvenu_agent.exe
C:\Program Files\Avvenu\Avvenu_cachescheduler.exe
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {f7fcd00a-01d2-4aa0-af88-f5640bde6ad8} - C:\WINDOWS\system32\kbd11n.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\gebxww.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Global Startup: Avvenu.lnk = C:\Program Files\Avvenu\Avvenu_agent.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O20 - AppInit_DLLs: c:\windows\system32\vtstsqr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: kbd11n - C:\WINDOWS\SYSTEM32\kbd11n.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe



Thanks again - Roger
Go to the top of the page
 
+Quote Post
__RiP_ChAiN_
post Jun 2 2007, 07:58 PM
Post #6


Malware Expert
Group Icon
Posts: 8,272
From: Omaha, Nebraska U.S.A
OS: Windows XP Professional/Windows Vista Ultimate x64/x86
Hello RMW,

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

After that is completed, please go back and re-do the ComboFix instructions as well.
Go to the top of the page
 
+