Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another vipdown.exe infection

Started by Red_6 , Oct 03 2006 01:48 PM

  • This topic is locked This topic is locked

#31
Armodeluxe
Posted 11 October 2006 - 08:53 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Ok, don't connect it before applying the fix then if possible.
  • 0

Advertisements

#32
Red_6
Posted 11 October 2006 - 12:20 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
This doesn't seem to have run properly. It rebooted and appeared to do it's stuff but then seems to fail when it was zipping it up.
----

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uvvpatpm

*******************

Script file located at: ehmlkdkt

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!
  • 0

#33
Red_6
Posted 11 October 2006 - 12:32 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of HijackThis v1.99.1
Scan saved at 01:58:47, on 12/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: 5940bar BHO - {15953528-6C01-481A-8DB4-01888FB85B7D} - (no file)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5059.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: CDBurner - {D92D637A-0FB7-412D-A7E8-29340A580F7E} - C:\WINDOWS\Downloaded Program Files\jaasnt.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

#34
Red_6
Posted 11 October 2006 - 12:34 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
dam - 06-10-12 1:59:39.73 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Tools"

((((((((((((((((((((((((((((((( Files Created from 2006-09-12 to 2006-10-12 ))))))))))))))))))))))))))))))))))


2006-10-11 04:57 56,400 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-11 04:57 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-11 04:57 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-11 04:56 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2006-10-10 06:01 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-10 06:00 39,936 --a------ C:\WINDOWS\system32\xydll.dll
2006-10-10 03:06 52,529 --ahs---- C:\WINDOWS\684745LZ.DLL
2006-10-10 03:06 52,529 --ahs---- C:\WINDOWS\684745JH.DLL
2006-10-10 03:06 39,920 ---hs---- C:\WINDOWS\system32\drivers\npf.sys
2006-10-10 03:00 9,728 --a------ C:\WINDOWS\cftmon.exe
2006-10-10 02:09 613,944 --a------ C:\blbetac.exe
2006-10-09 00:57 800 --a------ C:\WINDOWS\system32\drivers\modol.sys
2006-10-07 07:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05 02:28 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-05 02:27 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-05 02:27 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-05 02:27 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-05 02:27 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-05 02:27 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-05 02:27 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-05 02:27 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-05 02:27 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-05 02:27 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-05 02:27 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-05 02:27 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-10-05 02:27 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-05 02:26 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-05 02:26 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-05 02:26 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-05 02:26 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-05 02:26 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-05 02:26 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-05 02:25 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-10-05 02:25 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-05 02:25 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-05 02:25 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-05 02:25 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-05 02:25 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-05 02:25 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-05 02:25 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-05 02:25 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-05 02:25 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-05 02:25 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-05 02:25 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-05 02:25 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-05 02:25 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-05 02:24 9,856 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2006-10-05 02:24 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-05 02:24 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-05 02:24 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-05 02:24 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-05 02:24 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-05 02:24 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-05 02:24 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-05 02:24 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-05 02:24 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-05 02:24 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-05 02:24 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-05 02:24 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-10-05 02:24 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-05 02:24 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-05 02:24 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-05 02:24 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-05 02:24 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-05 02:24 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-05 02:24 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-05 02:24 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-10-05 02:24 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-05 02:24 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-05 02:24 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-05 02:24 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-05 02:24 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-05 02:24 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-05 02:24 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-05 02:24 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-05 02:24 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-10-05 02:24 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-05 02:24 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-05 02:24 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-05 02:24 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-05 02:24 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-05 02:24 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-05 02:24 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-05 02:24 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-05 02:24 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-05 02:24 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-10-05 02:24 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-05 02:24 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-05 02:24 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-05 02:24 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-05 02:24 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-05 02:24 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-05 02:24 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-10-05 02:24 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-05 02:24 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-10-05 02:24 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-10-05 02:24 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-05 02:23 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-05 02:23 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-10-05 02:23 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-05 02:23 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-05 02:23 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-05 02:23 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-05 02:23 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-05 02:23 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-05 02:23 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-05 02:23 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-05 02:23 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-05 02:23 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-05 02:23 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-05 02:23 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-05 02:23 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-05 02:23 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-05 02:23 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-05 02:23 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-05 02:23 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-10-05 02:23 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-05 02:23 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-10-05 02:23 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-05 02:23 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-05 02:23 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-05 02:23 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-05 02:23 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-10-05 02:23 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-05 02:23 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-10-05 02:23 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-10-05 02:23 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-05 02:23 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-05 02:23 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-05 02:23 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-05 02:23 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-05 02:23 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-05 02:23 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-05 02:23 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-05 02:23 134,144 --a------ C:\WINDOWS\regedit.exe
2006-10-05 02:23 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-05 02:23 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-05 02:23 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-05 02:23 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-05 02:23 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-05 02:23 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-05 02:23 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-10-05 02:23 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-05 02:22 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-05 02:22 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-05 02:22 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-05 02:22 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-05 02:22 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-05 02:22 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-05 02:22 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-05 02:22 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-05 02:22 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-05 02:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-05 02:22 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-05 02:22 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-05 02:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-05 02:22 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-05 02:22 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-05 02:22 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-05 02:22 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-05 02:22 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-05 02:22 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-05 02:22 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-05 02:22 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-05 02:22 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-10-05 02:22 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-05 02:22 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-05 02:22 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-05 02:22 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-05 02:22 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-10-05 02:22 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-05 02:22 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-10-05 02:22 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-05 02:22 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-05 02:22 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-05 02:22 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-05 02:22 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-05 02:22 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-05 02:22 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-05 02:22 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-05 02:22 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-05 02:21 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-05 02:21 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-05 02:21 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-05 02:21 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-05 02:21 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-05 02:21 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-05 02:21 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-05 02:21 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-05 02:21 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-10-05 02:21 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-05 02:21 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-05 02:21 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-05 02:21 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-05 02:21 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-05 02:21 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-05 02:21 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-05 02:21 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-10-05 02:21 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-05 02:21 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-10-05 02:21 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-05 02:21 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-05 02:21 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-10-05 02:20 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-05 02:20 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-05 02:20 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-05 02:20 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-05 02:20 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-05 02:20 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-05 02:20 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-05 02:20 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-10-05 02:20 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-05 02:19 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-05 02:18 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-05 02:18 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-10-05 02:18 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-05 02:18 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-05 02:18 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-05 02:18 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-05 02:18 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-05 02:18 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-05 02:18 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-05 02:18 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-05 02:18 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-10-05 02:18 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-05 02:18 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-05 02:18 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-05 02:18 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-05 02:18 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-10-05 02:18 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-05 02:18 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-05 02:18 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-10-05 02:18 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-05 02:14 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-05 02:14 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-05 02:14 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-05 02:14 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-10-05 02:13 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-10-05 02:13 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-05 02:13 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-05 02:13 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-10-05 02:13 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-05 02:13 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-05 02:13 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-05 02:13 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-05 02:13 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-05 02:13 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-05 02:13 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-05 02:13 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-05 02:13 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-05 02:13 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-05 02:13 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-05 02:13 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-10-05 02:13 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-05 02:13 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-10-05 02:13 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-10-05 02:13 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-05 02:13 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-05 02:13 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-05 02:13 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-10-05 02:13 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-10-05 02:13 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-05 02:12 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-05 02:11 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-05 02:11 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-10-05 02:11 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-05 02:11 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-05 02:11 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-05 02:11 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-10-05 02:11 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-05 02:11 212,992 --ahs---- C:\WINDOWS\system32\mskey32.dll
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-05 02:11 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-05 02:11 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-05 02:11 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-10-05 02:11 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-05 02:11 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-05 02:11 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-05 02:11 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-05 02:10 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-05 02:10 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-05 02:10 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-05 02:10 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-10-05 02:10 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-10-05 02:10 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-05 02:10 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-05 02:10 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-05 02:10 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-05 02:10 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-05 02:10 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-05 02:10 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-05 02:10 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-05 02:10 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-05 02:10 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-05 02:10 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-05 02:10 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-05 02:10 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-05 02:10 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-05 02:09 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-05 02:09 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-05 02:09 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-05 02:09 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-05 02:09 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-05 02:09 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-05 02:09 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-05 02:09 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-05 02:09 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-10-05 02:09 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-05 02:09 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-05 02:09 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-10-05 02:08 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-05 02:08 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-05 02:08 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-10-05 02:08 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-05 02:08 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-05 02:08 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-10-05 02:08 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-05 02:08 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-10-05 02:08 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-10-05 02:07 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-05 02:07 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-05 02:07 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-05 02:07 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-10-05 02:07 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-10-05 02:07 32,512 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-05 02:07 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-05 02:07 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-05 02:07 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-05 02:07 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-09-27 03:57 178,472 --a------ C:\WINDOWS\system32\drivers\degdgjdd.sys
2006-09-27 00:02 178,470 --a------ C:\WINDOWS\system32\drivers\dggajdja.sys
2006-09-26 23:38 178,468 --a------ C:\WINDOWS\system32\drivers\bgjfhffg.sys
2006-09-26 23:13 178,466 --a------ C:\WINDOWS\system32\drivers\bhjdcfjj.sys
2006-09-26 08:51 178,464 --a------ C:\WINDOWS\system32\drivers\fjaegcej.sys
2006-09-26 08:46 178,462 --a------ C:\WINDOWS\system32\drivers\fieeiffb.sys
2006-09-26 08:32 178,460 --a------ C:\WINDOWS\system32\drivers\idajcbhg.sys
2006-09-26 08:30 178,458 --a------ C:\WINDOWS\system32\drivers\dhhaejgi.sys
2006-09-26 07:18 178,456 --a------ C:\WINDOWS\system32\drivers\hibhheca.sys
2006-09-26 07:05 178,454 --a------ C:\WINDOWS\system32\drivers\fcfhfjaj.sys
2006-09-25 09:29 178,452 --a------ C:\WINDOWS\system32\drivers\eifbcfii.sys
2006-09-25 08:09 178,450 --a------ C:\WINDOWS\system32\drivers\agibgdia.sys
2006-09-25 07:57 178,448 --a------ C:\WINDOWS\system32\drivers\bhbciiai.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-11 04:56 -------- d-------- C:\Program Files\Sygate
2006-10-11 04:55 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-10 07:00 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-10 07:00 -------- d-------- C:\Program Files\Internet Explorer
2006-10-08 23:05 -------- d-------- C:\Program Files\Common Files
2006-10-07 15:23 -------- d-------- C:\Program Files\Booby
2006-10-07 07:41 -------- d-------- C:\Program Files\Macromedia
2006-10-07 07:41 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Kazaa Lite K++
2006-10-07 07:41 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-07 07:41 -------- d-------- C:\Program Files\JavaSoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Java
2006-10-07 07:41 -------- d-------- C:\Program Files\iTunes
2006-10-07 07:41 -------- d-------- C:\Program Files\IrfanView
2006-10-07 07:41 -------- d-------- C:\Program Files\iPod
2006-10-07 07:41 -------- d-------- C:\Program Files\Grisoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Google
2006-10-07 07:41 -------- d-------- C:\Program Files\eMule
2006-10-07 07:41 -------- d-------- C:\Program Files\D-Link AirPlus
2006-10-07 07:41 -------- d-------- C:\Program Files\CyberLink
2006-10-07 07:41 -------- d-------- C:\Program Files\CleanUp!
2006-10-07 07:41 -------- d-------- C:\Program Files\BitTorrent
2006-10-07 07:41 -------- d-------- C:\Program Files\Azureus
2006-10-07 07:41 -------- d-------- C:\Program Files\Audible
2006-10-07 07:41 -------- d-------- C:\Program Files\ATI Technologies
2006-10-07 07:41 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-07 07:41 -------- d-------- C:\Program Files\Ahead
2006-10-07 07:40 9 --ahs---- C:\Program Files\_desktop.ini
2006-10-07 07:35 -------- d-------- C:\Program Files\Microsoft
2006-10-07 02:34 178472 --a------ C:\WINDOWS\system32\drivers\cdnprot.sys
2006-10-05 03:10 -------- d-------- C:\Program Files\NetMeeting
2006-10-05 02:40 -------- d-------- C:\Program Files\Movie Maker
2006-10-05 02:40 -------- d-------- C:\Program Files\Messenger
2006-10-05 02:39 -------- d-------- C:\Program Files\Windows Media Player
2006-10-05 02:39 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 02:39 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 02:52 -------- d-------- C:\Documents and Settings\dam\Application Data\Lavasoft
2006-10-02 18:08 -------- d-------- C:\Program Files\Adobe
2006-09-04 08:00 -------- d-------- C:\Documents and Settings\dam\Application Data\Google


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"LTSMMSG"="LTSMMSG.exe"
"AtiPTA"="atiptaxx.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"iPodManager"="C:\\Program Files\\iPod\\bin\\iPodManager.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"SOUNDM"="winsmd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{11760322-2400-4AC3-9605-6CAF086E809E}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62111}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62F1A}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{99F1D023-7CEB-4586-80F7-BB1A98DB7602}"=""
"{E4C3C044-CE6A-4117-9D18-C1EBEC80D2C9}"=""
"{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"CDBurner"="{D92D637A-0FB7-412D-A7E8-29340A580F7E}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 12/10/2006 2:00:37.64
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#35
Red_6
Posted 11 October 2006 - 12:36 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
StartupList report, 12/10/2006, 02:30:40
StartupList version: 1.52.2
Started from : C:\Tools\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Tools\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\dam\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
D-Link AirPlus.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LTSMMSG = LTSMMSG.exe
AtiPTA = atiptaxx.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
iPodManager = C:\Program Files\iPod\bin\iPodManager.exe
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
SOUNDM = winsmd.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
5940bar BHO - (no file) - {15953528-6C01-481A-8DB4-01888FB85B7D}
(no name) - C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5059.dll (file missing) - {16B770A0-0E87-4278-B748-2460D64A8386}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - (no file) - {CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
D-Link AirPlus Wireless Adapter: System32\DRIVERS\airplus.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
bgjfhffg: \??\C:\WINDOWS\system32\drivers\bgjfhffg.sys (system)
bhjdcfjj: \??\C:\WINDOWS\system32\drivers\bhjdcfjj.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Crystal WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DefWatch: C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (autostart)
degdgjdd: \??\C:\WINDOWS\system32\drivers\degdgjdd.sys (system)
dggajdja: \??\C:\WINDOWS\system32\drivers\dggajdja.sys (system)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FsVga: System32\DRIVERS\fsvga.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
hcbcddbg: \??\C:\WINDOWS\system32\drivers\hcbcddbg.sys (system)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Sony Ericsson 750 driver (WDM): System32\DRIVERS\k750bus.sys (manual start)
Sony Ericsson 750 USB WMC Modem Filter: System32\DRIVERS\k750mdfl.sys (manual start)
Sony Ericsson 750 USB WMC Modem Drivers: System32\DRIVERS\k750mdm.sys (manual start)
Sony Ericsson 750 USB WMC Device Management Drivers: System32\DRIVERS\k750mgmt.sys (manual start)
Sony Ericsson 750 USB WMC OBEX Interface Drivers: System32\DRIVERS\k750obex.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Registry Protect: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SENS LT56ADW Modem: System32\DRIVERS\LTSM.sys (manual start)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
NAVAP: \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041208.018\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041208.018\NAVEX15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Symantec AntiVirus Client: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sygate Personal Firewall Pro: C:\Program Files\Sygate\SPF\smc.exe (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{20494B39-F3F4-43D5-8274-0236DBA05F37} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (system)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
CDBurner: C:\WINDOWS\Downloaded Program Files\jaasnt.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 33,479 bytes
Report generated in 0.501 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#36
Armodeluxe
Posted 11 October 2006 - 02:24 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Nope, for some reason it couldn't read the script file..please try again..don't forget, you should not copy the header part where it says CODE.

Files to delete:

C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\xydll.dll
C:\WINDOWS\684745LZ.DLL
C:\WINDOWS\684745JH.DLL
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\cftmon.exe
C:\WINDOWS\system32\drivers\modol.sys
C:\WINDOWS\system32\mskey32.dll
C:\WINDOWS\system32\geai.dll
C:\WINDOWS\system32\drivers\idajcbhg.sys
C:\WINDOWS\system32\drivers\dhhaejgi.sys
C:\WINDOWS\system32\drivers\hibhheca.sys
C:\WINDOWS\system32\drivers\fcfhfjaj.sys
C:\WINDOWS\system32\drivers\eifbcfii.sys
C:\WINDOWS\system32\drivers\agibgdia.sys
C:\WINDOWS\system32\drivers\bhbciiai.sys
C:\WINDOWS\system32\drivers\cdnprot.sys
C:\DOCUME~1\dam\LOCALS~1\Temp\axfnfrr
C:\WINDOWS\system32\drivers\fieeiffb.sys
C:\WINDOWS\system32\drivers\fjaegcej.sys
C:\WINDOWS\system32\drivers\gjejghce.sys
C:\WINDOWS\system32\drivers\hhdjfcdd.sys
C:\WINDOWS\system32\drivers\hibhheca.sys
C:\WINDOWS\system32\drivers\idajcbhg.sys
C:\WINDOWS\system32\drivers\jahjeibg.sys

Registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | SOUNDM
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | CDBurner

Registry keys to delete:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15953528-6C01-481A-8DB4-01888FB85B7D}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B770A0-0E87-4278-B748-2460D64A8386}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004}

Drivers to unload:

agibgdia
axfn
bhbciiai
cdnprot
dhhaejgi
eifbcfii
fcfhfjaj
fieeiffb
fjaegcej
gjejghce
hhdjfcdd
hibhheca
idajcbhg
NPF
jahjeibg

  • 0

#37
Red_6
Posted 11 October 2006 - 03:03 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jpdqwtns

*******************

Script file located at: \??\C:\Documents and Settings\hlixatqg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\spupdsvc.exe deleted successfully.
File C:\WINDOWS\system32\xydll.dll deleted successfully.
File C:\WINDOWS\684745LZ.DLL deleted successfully.
File C:\WINDOWS\684745JH.DLL deleted successfully.
File C:\WINDOWS\system32\drivers\npf.sys deleted successfully.
File C:\WINDOWS\cftmon.exe deleted successfully.
File C:\WINDOWS\system32\drivers\modol.sys deleted successfully.
File C:\WINDOWS\system32\mskey32.dll deleted successfully.


File C:\WINDOWS\system32\geai.dll not found!
Deletion of file C:\WINDOWS\system32\geai.dll failed!

Could not process line:
C:\WINDOWS\system32\geai.dll
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\idajcbhg.sys deleted successfully.
File C:\WINDOWS\system32\drivers\dhhaejgi.sys deleted successfully.
File C:\WINDOWS\system32\drivers\hibhheca.sys deleted successfully.
File C:\WINDOWS\system32\drivers\fcfhfjaj.sys deleted successfully.
File C:\WINDOWS\system32\drivers\eifbcfii.sys deleted successfully.
File C:\WINDOWS\system32\drivers\agibgdia.sys deleted successfully.
File C:\WINDOWS\system32\drivers\bhbciiai.sys deleted successfully.
File C:\WINDOWS\system32\drivers\cdnprot.sys deleted successfully.


File C:\DOCUME~1\dam\LOCALS~1\Temp\axfnfrr not found!
Deletion of file C:\DOCUME~1\dam\LOCALS~1\Temp\axfnfrr failed!

Could not process line:
C:\DOCUME~1\dam\LOCALS~1\Temp\axfnfrr
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\fieeiffb.sys deleted successfully.
File C:\WINDOWS\system32\drivers\fjaegcej.sys deleted successfully.


File C:\WINDOWS\system32\drivers\gjejghce.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\gjejghce.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\gjejghce.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\hhdjfcdd.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\hhdjfcdd.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\hhdjfcdd.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\hibhheca.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\hibhheca.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\hibhheca.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\idajcbhg.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\idajcbhg.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\idajcbhg.sys
Status: 0xc0000034



File C:\WINDOWS\system32\drivers\jahjeibg.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\jahjeibg.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\jahjeibg.sys
Status: 0xc0000034

Driver agibgdia unloaded successfully.
Driver axfn unloaded successfully.
Driver bhbciiai unloaded successfully.
Driver cdnprot unloaded successfully.
Driver dhhaejgi unloaded successfully.
Driver eifbcfii unloaded successfully.
Driver fcfhfjaj unloaded successfully.
Driver fieeiffb unloaded successfully.
Driver fjaegcej unloaded successfully.
Driver gjejghce unloaded successfully.
Driver hhdjfcdd unloaded successfully.
Driver hibhheca unloaded successfully.
Driver idajcbhg unloaded successfully.
Driver NPF unloaded successfully.
Driver jahjeibg unloaded successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SOUNDM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|CDBurner deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15953528-6C01-481A-8DB4-01888FB85B7D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16B770A0-0E87-4278-B748-2460D64A8386} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#38
Red_6
Posted 11 October 2006 - 03:04 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of HijackThis v1.99.1
Scan saved at 04:48:49, on 12/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0

#39
Red_6
Posted 11 October 2006 - 03:06 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
dam - 06-10-12 4:49:43.68 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Tools"

((((((((((((((((((((((((((((((( Files Created from 2006-09-12 to 2006-10-12 ))))))))))))))))))))))))))))))))))


2006-10-11 04:57 56,400 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-11 04:57 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-11 04:57 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-11 04:56 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2006-10-10 02:09 613,944 --a------ C:\blbetac.exe
2006-10-07 07:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05 02:28 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-05 02:27 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-05 02:27 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-05 02:27 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-05 02:27 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-05 02:27 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-05 02:27 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-05 02:27 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-05 02:27 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-05 02:27 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-05 02:27 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-05 02:27 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-10-05 02:27 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-05 02:26 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-05 02:26 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-05 02:26 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-05 02:26 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-05 02:26 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-05 02:26 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-05 02:25 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-10-05 02:25 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-05 02:25 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-05 02:25 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-05 02:25 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-05 02:25 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-05 02:25 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-05 02:25 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-05 02:25 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-05 02:25 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-05 02:25 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-05 02:25 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-05 02:25 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-05 02:25 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-05 02:24 9,856 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2006-10-05 02:24 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-05 02:24 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-05 02:24 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-05 02:24 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-05 02:24 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-05 02:24 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-05 02:24 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-05 02:24 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-05 02:24 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-05 02:24 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-05 02:24 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-05 02:24 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-10-05 02:24 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-05 02:24 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-05 02:24 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-05 02:24 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-05 02:24 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-05 02:24 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-05 02:24 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-05 02:24 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-10-05 02:24 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-05 02:24 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-05 02:24 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-05 02:24 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-05 02:24 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-05 02:24 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-05 02:24 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-05 02:24 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-05 02:24 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-10-05 02:24 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-05 02:24 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-05 02:24 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-05 02:24 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-05 02:24 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-05 02:24 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-05 02:24 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-05 02:24 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-05 02:24 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-05 02:24 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-10-05 02:24 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-05 02:24 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-05 02:24 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-05 02:24 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-05 02:24 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-05 02:24 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-05 02:24 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-10-05 02:24 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-05 02:24 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-10-05 02:24 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-10-05 02:24 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-05 02:23 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-05 02:23 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-10-05 02:23 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-05 02:23 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-05 02:23 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-05 02:23 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-05 02:23 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-05 02:23 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-05 02:23 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-05 02:23 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-05 02:23 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-05 02:23 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-05 02:23 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-05 02:23 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-05 02:23 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-05 02:23 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-05 02:23 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-05 02:23 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-05 02:23 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-10-05 02:23 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-05 02:23 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-10-05 02:23 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-05 02:23 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-05 02:23 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-05 02:23 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-05 02:23 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-10-05 02:23 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-05 02:23 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-10-05 02:23 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-10-05 02:23 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-05 02:23 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-05 02:23 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-05 02:23 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-05 02:23 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-05 02:23 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-05 02:23 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-05 02:23 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-05 02:23 134,144 --a------ C:\WINDOWS\regedit.exe
2006-10-05 02:23 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-05 02:23 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-05 02:23 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-05 02:23 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-05 02:23 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-05 02:23 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-05 02:23 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-10-05 02:23 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-05 02:22 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-05 02:22 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-05 02:22 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-05 02:22 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-05 02:22 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-05 02:22 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-05 02:22 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-05 02:22 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-05 02:22 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-05 02:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-05 02:22 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-05 02:22 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-05 02:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-05 02:22 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-05 02:22 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-05 02:22 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-05 02:22 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-05 02:22 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-05 02:22 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-05 02:22 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-05 02:22 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-10-05 02:22 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-10-05 02:22 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-05 02:22 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-05 02:22 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-05 02:22 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-05 02:22 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-10-05 02:22 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-05 02:22 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-10-05 02:22 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-05 02:22 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-05 02:22 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-05 02:22 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-05 02:22 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-05 02:22 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-05 02:22 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-05 02:22 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-05 02:22 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-05 02:21 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-05 02:21 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-10-05 02:21 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-05 02:21 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-05 02:21 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-05 02:21 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-05 02:21 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-05 02:21 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-05 02:21 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-10-05 02:21 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-05 02:21 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-05 02:21 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-05 02:21 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-05 02:21 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-05 02:21 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-10-05 02:21 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-05 02:21 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-10-05 02:21 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-05 02:21 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-10-05 02:21 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-05 02:21 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-05 02:21 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-10-05 02:20 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-05 02:20 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-05 02:20 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-05 02:20 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-05 02:20 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-05 02:20 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-05 02:20 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-05 02:20 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-10-05 02:20 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-05 02:19 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-05 02:18 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-05 02:18 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-10-05 02:18 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-05 02:18 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-05 02:18 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-05 02:18 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-05 02:18 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-05 02:18 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-05 02:18 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-05 02:18 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-05 02:18 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-10-05 02:18 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-05 02:18 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-05 02:18 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-05 02:18 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-05 02:18 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-10-05 02:18 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-05 02:18 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-05 02:18 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-10-05 02:18 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-05 02:14 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-05 02:14 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-05 02:14 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-05 02:14 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-10-05 02:13 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-10-05 02:13 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-05 02:13 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-05 02:13 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-10-05 02:13 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-05 02:13 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-05 02:13 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-05 02:13 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-05 02:13 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-05 02:13 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-05 02:13 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-05 02:13 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-05 02:13 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-05 02:13 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-05 02:13 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-05 02:13 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-10-05 02:13 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-05 02:13 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-10-05 02:13 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-10-05 02:13 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-05 02:13 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-05 02:13 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-05 02:13 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-10-05 02:13 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-10-05 02:13 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-05 02:12 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-05 02:11 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-05 02:11 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-10-05 02:11 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-05 02:11 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-05 02:11 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-05 02:11 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-10-05 02:11 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-05 02:11 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-05 02:11 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-05 02:11 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-10-05 02:11 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-05 02:11 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-05 02:11 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-05 02:11 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-05 02:10 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-05 02:10 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-05 02:10 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-05 02:10 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-10-05 02:10 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-10-05 02:10 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-10-05 02:10 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-05 02:10 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-05 02:10 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-05 02:10 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-05 02:10 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-05 02:10 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-05 02:10 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-05 02:10 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-05 02:10 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-05 02:10 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-05 02:10 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-05 02:10 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-05 02:10 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-05 02:09 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-05 02:09 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-05 02:09 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-05 02:09 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-05 02:09 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-05 02:09 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-05 02:09 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-05 02:09 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-05 02:09 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-10-05 02:09 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-05 02:09 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-05 02:09 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-10-05 02:08 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-05 02:08 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-05 02:08 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-10-05 02:08 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-05 02:08 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-05 02:08 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-10-05 02:08 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-05 02:08 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-10-05 02:08 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-10-05 02:07 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-05 02:07 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-05 02:07 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-05 02:07 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-10-05 02:07 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-10-05 02:07 32,512 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-05 02:07 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-05 02:07 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-05 02:07 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-05 02:07 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-09-27 03:57 178,472 --a------ C:\WINDOWS\system32\drivers\degdgjdd.sys
2006-09-27 00:02 178,470 --a------ C:\WINDOWS\system32\drivers\dggajdja.sys
2006-09-26 23:38 178,468 --a------ C:\WINDOWS\system32\drivers\bgjfhffg.sys
2006-09-26 23:13 178,466 --a------ C:\WINDOWS\system32\drivers\bhjdcfjj.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-11 04:56 -------- d-------- C:\Program Files\Sygate
2006-10-11 04:55 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-10 07:00 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-10 07:00 -------- d-------- C:\Program Files\Internet Explorer
2006-10-08 23:05 -------- d-------- C:\Program Files\Common Files
2006-10-07 15:23 -------- d-------- C:\Program Files\Booby
2006-10-07 07:41 -------- d-------- C:\Program Files\Macromedia
2006-10-07 07:41 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Kazaa Lite K++
2006-10-07 07:41 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-07 07:41 -------- d-------- C:\Program Files\JavaSoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Java
2006-10-07 07:41 -------- d-------- C:\Program Files\iTunes
2006-10-07 07:41 -------- d-------- C:\Program Files\IrfanView
2006-10-07 07:41 -------- d-------- C:\Program Files\iPod
2006-10-07 07:41 -------- d-------- C:\Program Files\Grisoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Google
2006-10-07 07:41 -------- d-------- C:\Program Files\eMule
2006-10-07 07:41 -------- d-------- C:\Program Files\D-Link AirPlus
2006-10-07 07:41 -------- d-------- C:\Program Files\CyberLink
2006-10-07 07:41 -------- d-------- C:\Program Files\CleanUp!
2006-10-07 07:41 -------- d-------- C:\Program Files\BitTorrent
2006-10-07 07:41 -------- d-------- C:\Program Files\Azureus
2006-10-07 07:41 -------- d-------- C:\Program Files\Audible
2006-10-07 07:41 -------- d-------- C:\Program Files\ATI Technologies
2006-10-07 07:41 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-07 07:41 -------- d-------- C:\Program Files\Ahead
2006-10-07 07:40 9 --ahs---- C:\Program Files\_desktop.ini
2006-10-07 07:35 -------- d-------- C:\Program Files\Microsoft
2006-10-05 03:10 -------- d-------- C:\Program Files\NetMeeting
2006-10-05 02:40 -------- d-------- C:\Program Files\Movie Maker
2006-10-05 02:40 -------- d-------- C:\Program Files\Messenger
2006-10-05 02:39 -------- d-------- C:\Program Files\Windows Media Player
2006-10-05 02:39 -------- d-------- C:\Program Files\Outlook Express
2006-10-05 02:39 -------- d-------- C:\Program Files\Common Files\System
2006-10-04 02:52 -------- d-------- C:\Documents and Settings\dam\Application Data\Lavasoft
2006-10-02 18:08 -------- d-------- C:\Program Files\Adobe
2006-09-04 08:00 -------- d-------- C:\Documents and Settings\dam\Application Data\Google


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"LTSMMSG"="LTSMMSG.exe"
"AtiPTA"="atiptaxx.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"iPodManager"="C:\\Program Files\\iPod\\bin\\iPodManager.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{11760322-2400-4AC3-9605-6CAF086E809E}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62111}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62F1A}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{99F1D023-7CEB-4586-80F7-BB1A98DB7602}"=""
"{E4C3C044-CE6A-4117-9D18-C1EBEC80D2C9}"=""
"{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 12/10/2006 4:50:34.37
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#40
Red_6
Posted 11 October 2006 - 03:07 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
StartupList report, 12/10/2006, 04:59:10
StartupList version: 1.52.2
Started from : C:\Tools\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Tools\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\dam\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
D-Link AirPlus.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\System32\Userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
LTSMMSG = LTSMMSG.exe
AtiPTA = atiptaxx.exe
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
iPodManager = C:\Program Files\iPod\bin\iPodManager.exe
MMTray = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SmcService = C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: System32\DRIVERS\ACPIEC.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
D-Link AirPlus Wireless Adapter: System32\DRIVERS\airplus.sys (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
bgjfhffg: \??\C:\WINDOWS\system32\drivers\bgjfhffg.sys (system)
bhjdcfjj: \??\C:\WINDOWS\system32\drivers\bhjdcfjj.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
Microsoft AC Adapter Driver: System32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Crystal WDM Audio Codec Driver: system32\drivers\cwawdm.sys (manual start)
DefWatch: C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe (autostart)
degdgjdd: \??\C:\WINDOWS\system32\drivers\degdgjdd.sys (system)
dggajdja: \??\C:\WINDOWS\system32\drivers\dggajdja.sys (system)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FsVga: System32\DRIVERS\fsvga.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
hcbcddbg: \??\C:\WINDOWS\system32\drivers\hcbcddbg.sys (system)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: C:\Program Files\iPod\bin\iPodService.exe (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Sony Ericsson 750 driver (WDM): System32\DRIVERS\k750bus.sys (manual start)
Sony Ericsson 750 USB WMC Modem Filter: System32\DRIVERS\k750mdfl.sys (manual start)
Sony Ericsson 750 USB WMC Modem Drivers: System32\DRIVERS\k750mdm.sys (manual start)
Sony Ericsson 750 USB WMC Device Management Drivers: System32\DRIVERS\k750mgmt.sys (manual start)
Sony Ericsson 750 USB WMC OBEX Interface Drivers: System32\DRIVERS\k750obex.sys (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Registry Protect: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SENS LT56ADW Modem: System32\DRIVERS\LTSM.sys (manual start)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
NAVAP: \??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041208.018\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20041208.018\NAVEX15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Symantec AntiVirus Client: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
Pcmcia: System32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sygate Personal Firewall Pro: C:\Program Files\Sygate\SPF\smc.exe (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{20494B39-F3F4-43D5-8274-0236DBA05F37} (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (system)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 33,111 bytes
Report generated in 0.531 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

Advertisements

#41
Red_6
Posted 11 October 2006 - 03:10 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
I see there's still a handful of dodgy drivers.
  • 0

#42
Armodeluxe
Posted 12 October 2006 - 07:18 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Much less this time. I just realized that these were listed in the second set of logs you posted yesterday, but I didn't have time to go through them and I gave you the previous script again when it didn't run the first time around. So we need one more round with Avenger and then please post a fresh one of the same logs.

Here's new script, much smaller this time.

Files to delete:

C:\WINDOWS\system32\drivers\degdgjdd.sys
C:\WINDOWS\system32\drivers\dggajdja.sys
C:\WINDOWS\system32\drivers\bgjfhffg.sys
C:\WINDOWS\system32\drivers\bhjdcfjj.sys
C:\WINDOWS\system32\drivers\hcbcddbg.sys

Drivers to unload:

bgjfhffg
bhjdcfjj
degdgjdd
dggajdja
hcbcddbg

  • 0

#43
Red_6
Posted 12 October 2006 - 01:28 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hwkebgpm

*******************

Script file located at: \??\C:\WINDOWS\System32\dicpnhsc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\degdgjdd.sys deleted successfully.
File C:\WINDOWS\system32\drivers\dggajdja.sys deleted successfully.
File C:\WINDOWS\system32\drivers\bgjfhffg.sys deleted successfully.
File C:\WINDOWS\system32\drivers\bhjdcfjj.sys deleted successfully.


File C:\WINDOWS\system32\drivers\hcbcddbg.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\hcbcddbg.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\hcbcddbg.sys
Status: 0xc0000034

Driver bgjfhffg unloaded successfully.
Driver bhjdcfjj unloaded successfully.
Driver degdgjdd unloaded successfully.
Driver dggajdja unloaded successfully.
Driver hcbcddbg unloaded successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#44
Red_6
Posted 12 October 2006 - 01:29 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
dam - 06-10-13 3:20:01.26 Service Pack 1
ComboFix 06.09.28 - Running from: "C:\Tools"

((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))


2006-10-13 02:59 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-10-11 04:57 56,400 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2006-10-11 04:57 18,515 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2006-10-11 04:57 11,914 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2006-10-11 04:56 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2006-10-10 06:57 991,232 --a------ C:\WINDOWS\system32\esent.dll
2006-10-10 02:09 613,944 --a------ C:\blbetac.exe
2006-10-07 07:31 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-05 02:28 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-10-05 02:27 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-10-05 02:27 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-10-05 02:27 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-10-05 02:27 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-10-05 02:27 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-10-05 02:27 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-10-05 02:27 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-10-05 02:27 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-10-05 02:27 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-10-05 02:27 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-10-05 02:27 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-10-05 02:27 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-10-05 02:26 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-10-05 02:26 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-10-05 02:26 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-10-05 02:26 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-05 02:26 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-10-05 02:26 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-10-05 02:25 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-10-05 02:25 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-10-05 02:25 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-10-05 02:25 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-05 02:25 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-10-05 02:25 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-10-05 02:25 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-10-05 02:25 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-10-05 02:25 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-05 02:25 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-10-05 02:25 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-10-05 02:25 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-10-05 02:25 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-10-05 02:25 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-10-05 02:24 9,856 --------- C:\WINDOWS\system32\drivers\tunmp.sys
2006-10-05 02:24 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-10-05 02:24 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-10-05 02:24 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-10-05 02:24 72,192 --a------ C:\WINDOWS\system32\telnet.exe
2006-10-05 02:24 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-10-05 02:24 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-10-05 02:24 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-10-05 02:24 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-10-05 02:24 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-10-05 02:24 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-10-05 02:24 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-10-05 02:24 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-10-05 02:24 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-10-05 02:24 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-10-05 02:24 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-10-05 02:24 5,504 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-10-05 02:24 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-10-05 02:24 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-10-05 02:24 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-10-05 02:24 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-10-05 02:24 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-10-05 02:24 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-10-05 02:24 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-10-05 02:24 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-10-05 02:24 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-10-05 02:24 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-10-05 02:24 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-10-05 02:24 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-10-05 02:24 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-10-05 02:24 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-10-05 02:24 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-10-05 02:24 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-10-05 02:24 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-10-05 02:24 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-10-05 02:24 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-10-05 02:24 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-10-05 02:24 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-10-05 02:24 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-10-05 02:24 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-10-05 02:24 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-10-05 02:24 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-10-05 02:24 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-10-05 02:24 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-10-05 02:24 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-10-05 02:24 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-10-05 02:24 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-10-05 02:24 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-10-05 02:24 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-10-05 02:24 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-10-05 02:23 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-10-05 02:23 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-10-05 02:23 891,711 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-10-05 02:23 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-10-05 02:23 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-10-05 02:23 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-10-05 02:23 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-10-05 02:23 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-10-05 02:23 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-10-05 02:23 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-10-05 02:23 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-10-05 02:23 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-10-05 02:23 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-10-05 02:23 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-10-05 02:23 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-10-05 02:23 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-10-05 02:23 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-10-05 02:23 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-10-05 02:23 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-10-05 02:23 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-10-05 02:23 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-10-05 02:23 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-10-05 02:23 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-10-05 02:23 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-10-05 02:23 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-10-05 02:23 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-10-05 02:23 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-10-05 02:23 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-10-05 02:23 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-10-05 02:23 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-10-05 02:23 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-10-05 02:23 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-10-05 02:23 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-10-05 02:23 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-10-05 02:23 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-10-05 02:23 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-10-05 02:23 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-10-05 02:23 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-10-05 02:23 134,144 --a------ C:\WINDOWS\regedit.exe
2006-10-05 02:23 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-10-05 02:23 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-10-05 02:23 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-10-05 02:23 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-10-05 02:23 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-10-05 02:23 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-10-05 02:23 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-10-05 02:23 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-10-05 02:23 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-10-05 02:22 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-10-05 02:22 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-10-05 02:22 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-10-05 02:22 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-10-05 02:22 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-10-05 02:22 5,120 --------- C:\WINDOWS\system32\hccoin.dll
2006-10-05 02:22 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-10-05 02:22 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-10-05 02:22 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-10-05 02:22 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-10-05 02:22 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-10-05 02:22 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-10-05 02:22 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-10-05 02:22 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-10-05 02:22 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-10-05 02:22 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-10-05 02:22 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-10-05 02:22 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-10-05 02:22 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-10-05 02:22 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-10-05 02:22 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-10-05 02:22 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-10-05 02:22 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-10-05 02:22 19,328 --------- C:\WINDOWS\system32\drivers\usbehci.sys
2006-10-05 02:22 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-10-05 02:22 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-10-05 02:22 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-10-05 02:22 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-10-05 02:22 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-10-05 02:22 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-10-05 02:22 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-10-05 02:22 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-10-05 02:22 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-10-05 02:22 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-10-05 02:22 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-10-05 02:22 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-10-05 02:22 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-10-05 02:22 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-10-05 02:21 91,136 --a------ C:\WINDOWS\system32\MSOERT2.DLL
2006-10-05 02:21 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-10-05 02:21 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-10-05 02:21 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-10-05 02:21 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-10-05 02:21 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-10-05 02:21 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-10-05 02:21 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-10-05 02:21 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-10-05 02:21 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-10-05 02:21 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-10-05 02:21 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-10-05 02:21 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-10-05 02:21 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-10-05 02:21 229,376 --a------ C:\WINDOWS\system32\MSOEACCT.DLL
2006-10-05 02:21 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-10-05 02:21 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-10-05 02:21 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-10-05 02:21 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-10-05 02:21 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-10-05 02:21 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-10-05 02:21 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-10-05 02:20 78,848 --a------ C:\WINDOWS\system32\msiexec.exe
2006-10-05 02:20 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-05 02:20 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-10-05 02:20 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-10-05 02:20 271,360 --a------ C:\WINDOWS\system32\msihnd.dll
2006-10-05 02:20 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-10-05 02:20 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-10-05 02:20 2,890,240 --a------ C:\WINDOWS\system32\msi.dll
2006-10-05 02:20 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-10-05 02:19 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-10-05 02:18 72,192 --a------ C:\WINDOWS\system32\uniime.dll
2006-10-05 02:18 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-10-05 02:18 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-10-05 02:18 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-10-05 02:18 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-10-05 02:18 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-10-05 02:18 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-10-05 02:18 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-10-05 02:18 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-10-05 02:18 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-05 02:18 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-10-05 02:18 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-10-05 02:18 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-10-05 02:18 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-05 02:18 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-10-05 02:18 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-10-05 02:18 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-10-05 02:18 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-10-05 02:18 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-10-05 02:14 827,438 --a------ C:\WINDOWS\system32\imjp81k.dll
2006-10-05 02:14 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-10-05 02:14 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-10-05 02:14 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-10-05 02:13 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-10-05 02:13 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-10-05 02:13 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-10-05 02:13 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-10-05 02:13 596,480 --a------ C:\WINDOWS\system32\INETCOMM.DLL
2006-10-05 02:13 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-05 02:13 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-10-05 02:13 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-10-05 02:13 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-10-05 02:13 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-10-05 02:13 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-05 02:13 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-05 02:13 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-05 02:13 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-10-05 02:13 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-10-05 02:13 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-10-05 02:13 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-05 02:13 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-10-05 02:13 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-10-05 02:13 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-05 02:13 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-10-05 02:13 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-10-05 02:13 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-10-05 02:13 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-10-05 02:13 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-10-05 02:12 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-10-05 02:11 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-10-05 02:11 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-10-05 02:11 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-10-05 02:11 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-10-05 02:11 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-10-05 02:11 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-10-05 02:11 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-10-05 02:11 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-10-05 02:11 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-10-05 02:11 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-10-05 02:11 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-10-05 02:11 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-10-05 02:11 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-10-05 02:11 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-10-05 02:11 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-05 02:10 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-10-05 02:10 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-10-05 02:10 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-10-05 02:10 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-10-05 02:10 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-10-05 02:10 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-10-05 02:10 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-10-05 02:10 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-10-05 02:10 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-10-05 02:10 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-10-05 02:10 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-10-05 02:10 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-10-05 02:10 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-10-05 02:10 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-10-05 02:10 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-10-05 02:10 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-10-05 02:10 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-10-05 02:10 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-10-05 02:09 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-10-05 02:09 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-10-05 02:09 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-10-05 02:09 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-10-05 02:09 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-10-05 02:09 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-10-05 02:09 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-10-05 02:09 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-10-05 02:09 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-10-05 02:09 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-10-05 02:09 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-10-05 02:09 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-10-05 02:08 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-10-05 02:08 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-10-05 02:08 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-10-05 02:08 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-10-05 02:08 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-10-05 02:08 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-10-05 02:08 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-10-05 02:08 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-10-05 02:08 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-10-05 02:07 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-10-05 02:07 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-05 02:07 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-10-05 02:07 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-10-05 02:07 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-10-05 02:07 32,512 --------- C:\WINDOWS\system32\drivers\amdk7.sys
2006-10-05 02:07 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-10-05 02:07 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-10-05 02:07 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-10-05 02:07 115,712 --a------ C:\WINDOWS\system32\apphelp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-13 03:01 -------- d-------- C:\Program Files\Messenger
2006-10-13 03:00 -------- d-------- C:\Program Files\Windows Media Player
2006-10-13 02:54 -------- d-------- C:\Program Files\Outlook Express
2006-10-13 02:54 -------- d-------- C:\Program Files\Common Files\System
2006-10-11 04:56 -------- d-------- C:\Program Files\Sygate
2006-10-11 04:55 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-10 07:00 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-10 07:00 -------- d-------- C:\Program Files\Internet Explorer
2006-10-08 23:05 -------- d-------- C:\Program Files\Common Files
2006-10-07 15:23 -------- d-------- C:\Program Files\Booby
2006-10-07 07:41 -------- d-------- C:\Program Files\Macromedia
2006-10-07 07:41 -------- d-------- C:\Program Files\Lavasoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Kazaa Lite K++
2006-10-07 07:41 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-07 07:41 -------- d-------- C:\Program Files\JavaSoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Java
2006-10-07 07:41 -------- d-------- C:\Program Files\iTunes
2006-10-07 07:41 -------- d-------- C:\Program Files\IrfanView
2006-10-07 07:41 -------- d-------- C:\Program Files\iPod
2006-10-07 07:41 -------- d-------- C:\Program Files\Grisoft
2006-10-07 07:41 -------- d-------- C:\Program Files\Google
2006-10-07 07:41 -------- d-------- C:\Program Files\eMule
2006-10-07 07:41 -------- d-------- C:\Program Files\D-Link AirPlus
2006-10-07 07:41 -------- d-------- C:\Program Files\CyberLink
2006-10-07 07:41 -------- d-------- C:\Program Files\CleanUp!
2006-10-07 07:41 -------- d-------- C:\Program Files\BitTorrent
2006-10-07 07:41 -------- d-------- C:\Program Files\Azureus
2006-10-07 07:41 -------- d-------- C:\Program Files\Audible
2006-10-07 07:41 -------- d-------- C:\Program Files\ATI Technologies
2006-10-07 07:41 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-07 07:41 -------- d-------- C:\Program Files\Ahead
2006-10-07 07:40 9 --ahs---- C:\Program Files\_desktop.ini
2006-10-07 07:35 -------- d-------- C:\Program Files\Microsoft
2006-10-05 03:10 -------- d-------- C:\Program Files\NetMeeting
2006-10-05 02:40 -------- d-------- C:\Program Files\Movie Maker
2006-10-04 02:52 -------- d-------- C:\Documents and Settings\dam\Application Data\Lavasoft
2006-10-02 18:08 -------- d-------- C:\Program Files\Adobe
2006-09-04 08:00 -------- d-------- C:\Documents and Settings\dam\Application Data\Google


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"LTSMMSG"="LTSMMSG.exe"
"AtiPTA"="atiptaxx.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"iPodManager"="C:\\Program Files\\iPod\\bin\\iPodManager.exe"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}"=""
"{6E44887F-5214-41F2-AB46-4728735C4CC6}"=""
"{11760322-2400-4AC3-9605-6CAF086E809E}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62111}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F62F1A}"=""
"{9A0CFC58-5A6F-41ba-9FFE-4320F4F621BA}"=""
"{99F1D023-7CEB-4586-80F7-BB1A98DB7602}"=""
"{E4C3C044-CE6A-4117-9D18-C1EBEC80D2C9}"=""
"{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 13/10/2006 3:20:58.43
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#45
Red_6
Posted 12 October 2006 - 01:30 PM

Red_6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 76 posts
Logfile of HijackThis v1.99.1
Scan saved at 03:22:43, on 13/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [iPodManager] C:\Program Files\iPod\bin\iPodManager.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP