Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help! home page defaults to http://www.uptodateprotection.net/

Started by cromulentone , Oct 04 2006 07:08 PM

  • Please log in to reply

#1
cromulentone
Posted 04 October 2006 - 07:08 PM

cromulentone

    Member

  • Member
  • PipPip
  • 13 posts
Hi,

I have gone through the steps listed on the site twice and have cleared up a lot of popups and such, but I am still having my homepage on Internet Explorer going to http://www.uptodateprotection.net/. I have tried changing my homepage, but it doesn't seem to make a difference.

I have posted my hijackthis log below. Please let me know if there is any additional information that would be helpful in solving this problem.

Thanks in advance for your assistance!

Scott



Logfile of HijackThis v1.99.1
Scan saved at 6:58:22 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\nwsgaaci.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158533964219
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  • 0

Advertisements

#2
Wizard
Posted 04 October 2006 - 07:19 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#3
cromulentone
Posted 04 October 2006 - 07:32 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

Thanks for the quick reply as well as your assistance!

Here is the log from SmitfraudFix:

SmitFraudFix v2.104

Scan done at 19:30:29.87, Wed 10/04/2006
Run from C:\Documents and Settings\Scott\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ismini.exe FOUND !
C:\WINDOWS\system32\issearch.exe FOUND !
C:\WINDOWS\system32\ixt?.dll FOUND !
C:\WINDOWS\system32\ixt??.dll FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\components\flx?.dll FOUND !
C:\WINDOWS\system32\components\flx??.dll FOUND !
C:\WINDOWS\system32\components\flx???.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Scott\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Scott\FAVORI~1

C:\DOCUME~1\Scott\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
Wizard
Posted 04 October 2006 - 07:39 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



After posting C:\rapport.txt,Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.
  • 0

#5
cromulentone
Posted 04 October 2006 - 07:56 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks again for your assistance. I will be downloading Combofix and posting my results in a moment per your instructions.

Here are the contents of rapport.txt:

SmitFraudFix v2.104

Scan done at 19:48:08.40, Wed 10/04/2006
Run from C:\Documents and Settings\Scott\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\Scott\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
cromulentone
Posted 04 October 2006 - 07:58 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is my ComboFix log:

Scott - 06-10-04 19:57:33.18 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Scott\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}
C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-04 19:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-04 19:30 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-04 19:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-04 19:30 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-03 17:41 86,036 --a------ C:\WINDOWS\system32\nwsgaaci.dll
2006-10-03 17:41 823,560 ---hs---- C:\WINDOWS\system32\vvvwa.bak2
2006-10-01 22:03 836,440 ---hs---- C:\WINDOWS\system32\vvvwa.bak1
2006-10-01 21:54 45,525 --a------ C:\WINDOWS\system32\jqjwfmtq.dll
2006-10-01 16:48 45,525 --a------ C:\WINDOWS\system32\isucgaqo.dll
2006-10-01 16:48 143,380 --a------ C:\WINDOWS\system32\gmblsqiv.exe
2006-10-01 16:46 577,588 --a------ C:\WINDOWS\system32\awvvv.dll.vir
2006-09-22 21:50 34,528 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-09-21 17:01 339,968 --a------ C:\WINDOWS\system32\mpiwin32.dll
2006-09-21 17:01 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-09-20 20:12 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-09-19 22:01 61,440 --a------ C:\WINDOWS\system32\packet.dll
2006-09-19 19:56 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-09-19 19:55 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-19 19:55 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-09-19 19:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-19 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-19 10:18 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-19 10:18 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-17 17:57 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-17 17:57 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-17 17:57 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-17 17:57 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-17 17:57 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-17 17:57 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-17 17:00 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-17 16:55 31,104 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
2006-09-17 16:44 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-17 16:44 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-17 16:44 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-17 16:44 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-17 16:44 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-17 16:44 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-17 16:44 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-17 16:44 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-17 16:44 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-17 16:44 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-17 16:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-17 16:44 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-17 16:44 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-17 16:44 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-17 16:44 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-17 16:43 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-17 16:43 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-17 16:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-17 16:43 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-17 16:43 4,262,912 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-09-17 16:43 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-17 16:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-17 16:43 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-17 16:43 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-17 16:43 16,143,872 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-17 16:38 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-09-17 16:38 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2006-09-17 16:30 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-17 16:30 0 -rahs---- C:\MSDOS.SYS
2006-09-17 16:30 0 -rahs---- C:\IO.SYS
2006-09-17 16:30 0 --a------ C:\CONFIG.SYS
2006-09-17 16:30 0 --a------ C:\AUTOEXEC.BAT
2006-09-17 16:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-17 16:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-17 16:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-17 16:28 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-17 16:28 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-17 16:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-17 16:28 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-17 16:28 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-17 16:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-17 16:28 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-17 16:28 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-17 16:28 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-17 16:28 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-17 16:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-17 16:28 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-17 16:28 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-17 16:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-17 16:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-17 16:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-17 16:28 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-17 16:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-17 16:28 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-17 16:28 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-17 16:28 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-17 16:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-17 16:28 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-17 16:28 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-17 16:28 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-17 16:28 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-17 16:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-17 16:28 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-17 16:28 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-17 16:28 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-17 16:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-17 16:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-17 16:28 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-17 16:28 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-17 16:28 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-17 16:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-17 16:28 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-09-17 16:28 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-17 16:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-17 16:28 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-17 16:28 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-17 16:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-17 16:27 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-17 16:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-17 16:27 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-17 16:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-17 16:27 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-17 16:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-17 16:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-17 16:27 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-17 16:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-17 16:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-17 16:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-17 16:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-17 16:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-17 16:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-17 16:27 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-17 16:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-17 16:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-17 16:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-17 16:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-17 16:27 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-17 16:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-17 16:27 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-17 16:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-17 16:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-17 16:27 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-17 16:27 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-17 16:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-17 16:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-17 16:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-17 16:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-17 16:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-17 16:27 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-17 16:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-17 16:27 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-17 16:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-17 16:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-17 16:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-17 16:27 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-17 16:27 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-17 16:27 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-17 16:27 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-17 16:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-17 16:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-17 16:27 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-17 16:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-17 16:27 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-17 16:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-17 16:27 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-17 16:27 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-17 16:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-17 16:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-17 16:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-17 16:27 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-17 16:27 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-17 16:27 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-17 16:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-17 16:27 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-17 16:27 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-17 16:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-17 16:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-17 16:27 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-17 16:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-17 16:27 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-17 16:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-17 16:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-17 16:27 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-17 16:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-17 16:27 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-17 16:27 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-17 16:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-17 16:27 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-17 16:27 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-17 16:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-17 16:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-17 16:27 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-17 16:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-17 16:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-17 16:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-17 16:27 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-17 16:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-17 16:27 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-17 10:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-17 10:24 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-17 10:19 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-17 10:18 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-17 10:18 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-17 10:18 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-17 10:18 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-17 10:18 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-17 10:18 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-17 10:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-17 10:18 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-17 10:18 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-17 10:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-17 10:18 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-17 10:18 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-17 10:05 61,184 -ra------ C:\WINDOWS\system32\drivers\mv614x.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 19:57 -------- d-------- C:\Program Files\Common Files
2006-10-04 19:51 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-04 10:17 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-02 19:18 -------- d-------- C:\Documents and Settings\Scott\Application Data\TrojanHunter
2006-10-02 18:42 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-02 18:39 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 18:38 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-10-01 21:53 -------- d-------- C:\Program Files\CleanUp!
2006-10-01 17:00 -------- d-------- C:\Program Files\DVD Shrink
2006-10-01 16:59 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-01 16:28 -------- d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
2006-10-01 09:58 -------- d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2006-09-25 18:11 -------- d-------- C:\Documents and Settings\Scott\Application Data\ICAClient
2006-09-25 18:02 -------- d-------- C:\Program Files\Citrix
2006-09-23 10:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-23 09:57 -------- d-------- C:\Program Files\LucasArts
2006-09-22 22:09 -------- d-------- C:\Program Files\PopCap Games
2006-09-22 21:17 -------- d-------- C:\Program Files\Lavasoft
2006-09-22 18:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-22 18:16 -------- d-------- C:\Program Files\Adobe
2006-09-21 17:01 -------- d-------- C:\Program Files\@Last Software
2006-09-21 14:05 -------- d-------- C:\Documents and Settings\Scott\Application Data\Sun
2006-09-21 10:38 -------- d-------- C:\Documents and Settings\Scott\Application Data\AdobeUM
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\System
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-21 06:55 -------- d-------- C:\Program Files\Microsoft Office
2006-09-21 06:55 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-21 06:55 -------- d-------- C:\Documents and Settings\Scott\Application Data\Microsoft Web Folders
2006-09-21 06:53 -------- d-------- C:\Program Files\Java
2006-09-21 06:52 -------- d-------- C:\Program Files\LimeWire Acceleration Patch
2006-09-20 21:37 -------- d-------- C:\Documents and Settings\Scott\Application Data\Lavasoft
2006-09-20 19:22 -------- d-------- C:\Documents and Settings\Scott\Application Data\Autodesk
2006-09-20 19:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 19:16 -------- d-------- C:\Program Files\Autodesk
2006-09-20 19:15 -------- d-------- C:\Program Files\AutoCAD 2005
2006-09-20 19:15 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-09-19 22:01 -------- d-------- C:\Program Files\LimeWire
2006-09-19 21:59 -------- d-------- C:\Program Files\Common Files\Java
2006-09-19 21:42 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-19 21:18 -------- d-------- C:\Program Files\WinRAR
2006-09-19 21:18 -------- d-------- C:\Documents and Settings\Scott\Application Data\Help
2006-09-19 21:02 -------- d-------- C:\Documents and Settings\Scott\Application Data\Macromedia
2006-09-19 20:25 -------- d-------- C:\Documents and Settings\Scott\Application Data\Mozilla
2006-09-19 10:30 -------- d-------- C:\Program Files\Trend Micro
2006-09-17 18:02 -------- d-------- C:\Program Files\Common Files\Nero
2006-09-17 17:57 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-17 17:57 -------- d-------- C:\Program Files\Ahead
2006-09-17 17:48 -------- d-------- C:\Program Files\Windows Media Player
2006-09-17 17:39 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 17:38 -------- d-------- C:\Program Files\Messenger
2006-09-17 16:55 -------- d-------- C:\Program Files\Attansic
2006-09-17 16:43 -------- d-------- C:\Program Files\Realtek
2006-09-17 16:43 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-17 16:38 -------- d-------- C:\Program Files\VIA
2006-09-17 16:36 -------- d-------- C:\Documents and Settings\Scott\Application Data\Identities
2006-09-17 16:30 -------- d-------- C:\Program Files\xerox
2006-09-17 16:29 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-17 16:29 -------- d-------- C:\Program Files\NetMeeting
2006-09-17 16:29 -------- d-------- C:\Program Files\Common Files\Services
2006-09-17 16:28 -------- d-------- C:\Program Files\Movie Maker
2006-09-17 16:28 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-17 16:28 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-17 16:27 -------- d-------- C:\Program Files\Windows NT
2006-09-17 16:27 -------- d-------- C:\Program Files\Online Services
2006-09-17 16:27 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-17 16:27 -------- d-------- C:\Program Files\MSN
2006-09-17 10:18 62 --ahs---- C:\Documents and Settings\Scott\Application Data\desktop.ini
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Wed 10/04/2006 19:57:58.95
ComboFix.txt
  • 0

#7
Wizard
Posted 05 October 2006 - 02:26 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the entries below into the open boxes
    • C:\WINDOWS\system32\gmblsqiv.exe
    • C:\WINDOWS\system32\nwsgaaci.dll
    • C:\WINDOWS\system32\jqjwfmtq.dll
  • Click Add Files and Click Close Window
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.



Restart in Safe Mode and be sure Windows is Showing Hidden Files.
http://www.bleepingc...al62.html#winxp


Search for and Delete if found

C:\WINDOWS\system32\isucgaqo.dll<-- File

C:\WINDOWS\system32\awvvv.dll.vir<-- File

C:\WINDOWS\system32\vvvwa.bak2<-- File

C:\WINDOWS\system32\vvvwa.bak1<-- File


Still in Safe Mode,Scan with ComboFix once more and save the log.


Restart Normal and post a fresh HijackThis log along with C:\vundofix.txt and the new Combo Fix log.


After posting those logs,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Edited by Cretemonster, 05 October 2006 - 02:28 AM.

  • 0

#8
cromulentone
Posted 05 October 2006 - 05:48 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

Here is my VundoFix log:


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 5:45:31 PM 10/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\hkghknih.dll
C:\WINDOWS\system32\qomklkk.dll
C:\WINDOWS\system32\winhoo32.dll
C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}\services.dll
C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}\services.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hkghknih.dll
C:\WINDOWS\system32\hkghknih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomklkk.dll
C:\WINDOWS\system32\qomklkk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\winhoo32.dll
C:\WINDOWS\system32\winhoo32.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}\services.dll
C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}\services.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}\services.dll
C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 5:55:34 PM 10/3/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 6:55:20 PM 10/4/2006

Listing files found while scanning....

No infected files were found.


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 5:36:18 PM 10/5/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\gmblsqiv.exe
C:\WINDOWS\system32\gmblsqiv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwsgaaci.dll
C:\WINDOWS\system32\nwsgaaci.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jqjwfmtq.dll
C:\WINDOWS\system32\jqjwfmtq.dll Has been deleted!

Performing Repairs to the registry.
Done!


And here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 5:43:52 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security

2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Adobe\Acrobat

7.0\Acrobat\acrobat_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) -

{849B9523-785F-4014-9CAF-079FB4A74C61} -

C:\WINDOWS\system32\nwsgaaci.dll (file missing)
O2 - BHO: (no name) -

{a43385f0-7113-496d-96d7-b9b550e3fcca} -

C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend

Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program

Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido

anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program

Files\TrojanHunter 4.6\THGuard.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk =

?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk =

C:\Program Files\Common Files\Autodesk

Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program

Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to

Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to

existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to

Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.ht

ml
O8 - Extra context menu item: Convert selected links to

existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htm

l
O8 - Extra context menu item: Convert selection to Adobe

PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to

existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.micros.../v6/V5Controls/

en/x86/client/wuweb_site.cab?1158533964219
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoft...s5free/asinst.c

ab
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems -

C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk,

Inc. - C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard -

Anti-Malware Development a.s. - C:\Program Files\ewido

anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -

Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) -

NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component

(PcCtlCom) - Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) -

Trend Micro Incorporated. -

C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) -

Trend Micro Inc. -

C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

I will post a combofix log, vundofix, and new hijack this log in a few moments.

Thanks!
Scott
  • 0

#9
cromulentone
Posted 05 October 2006 - 06:39 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

Here is my combofix log:

Scott - 06-10-05 18:33:13.79 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Scott\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-05 to 2006-10-05 ))))))))))))))))))))))))))))))))))


2006-10-04 19:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-04 19:30 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-04 19:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-04 19:30 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-03 17:41 823,560 ---hs---- C:\WINDOWS\system32\vvvwa.bak2
2006-10-01 22:03 836,440 ---hs---- C:\WINDOWS\system32\vvvwa.bak1
2006-09-22 21:50 34,528 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-09-21 17:01 339,968 --a------ C:\WINDOWS\system32\mpiwin32.dll
2006-09-21 17:01 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-09-20 20:12 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-09-19 22:01 61,440 --a------ C:\WINDOWS\system32\packet.dll
2006-09-19 19:56 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-09-19 19:55 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-19 19:55 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-09-19 19:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-19 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-19 10:18 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-19 10:18 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-17 17:57 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-17 17:57 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-17 17:57 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-17 17:57 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-17 17:57 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-17 17:57 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-17 17:00 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-17 16:55 31,104 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
2006-09-17 16:44 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-17 16:44 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-17 16:44 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-17 16:44 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-17 16:44 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-17 16:44 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-17 16:44 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-17 16:44 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-17 16:44 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-17 16:44 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-17 16:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-17 16:44 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-17 16:44 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-17 16:44 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-17 16:44 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-17 16:43 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-17 16:43 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-17 16:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-17 16:43 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-17 16:43 4,262,912 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-09-17 16:43 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-17 16:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-17 16:43 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-17 16:43 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-17 16:43 16,143,872 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-17 16:38 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-09-17 16:38 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2006-09-17 16:30 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-17 16:30 0 -rahs---- C:\MSDOS.SYS
2006-09-17 16:30 0 -rahs---- C:\IO.SYS
2006-09-17 16:30 0 --a------ C:\CONFIG.SYS
2006-09-17 16:30 0 --a------ C:\AUTOEXEC.BAT
2006-09-17 16:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-17 16:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-17 16:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-17 16:28 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-17 16:28 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-17 16:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-17 16:28 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-17 16:28 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-17 16:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-17 16:28 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-17 16:28 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-17 16:28 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-17 16:28 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-17 16:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-17 16:28 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-17 16:28 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-17 16:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-17 16:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-17 16:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-17 16:28 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-17 16:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-17 16:28 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-17 16:28 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-17 16:28 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-17 16:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-17 16:28 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-17 16:28 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-17 16:28 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-17 16:28 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-17 16:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-17 16:28 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-17 16:28 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-17 16:28 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-17 16:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-17 16:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-17 16:28 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-17 16:28 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-17 16:28 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-17 16:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-17 16:28 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-09-17 16:28 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-17 16:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-17 16:28 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-17 16:28 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-17 16:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-17 16:27 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-17 16:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-17 16:27 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-17 16:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-17 16:27 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-17 16:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-17 16:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-17 16:27 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-17 16:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-17 16:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-17 16:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-17 16:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-17 16:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-17 16:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-17 16:27 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-17 16:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-17 16:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-17 16:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-17 16:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-17 16:27 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-17 16:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-17 16:27 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-17 16:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-17 16:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-17 16:27 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-17 16:27 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-17 16:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-17 16:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-17 16:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-17 16:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-17 16:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-17 16:27 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-17 16:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-17 16:27 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-17 16:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-17 16:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-17 16:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-17 16:27 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-17 16:27 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-17 16:27 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-17 16:27 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-17 16:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-17 16:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-17 16:27 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-17 16:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-17 16:27 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-17 16:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-17 16:27 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-17 16:27 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-17 16:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-17 16:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-17 16:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-17 16:27 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-17 16:27 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-17 16:27 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-17 16:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-17 16:27 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-17 16:27 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-17 16:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-17 16:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-17 16:27 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-17 16:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-17 16:27 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-17 16:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-17 16:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-17 16:27 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-17 16:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-17 16:27 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-17 16:27 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-17 16:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-17 16:27 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-17 16:27 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-17 16:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-17 16:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-17 16:27 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-17 16:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-17 16:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-17 16:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-17 16:27 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-17 16:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-17 16:27 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-17 10:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-17 10:24 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-17 10:19 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-17 10:18 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-17 10:18 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-17 10:18 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-17 10:18 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-17 10:18 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-17 10:18 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-17 10:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-17 10:18 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-17 10:18 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-17 10:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-17 10:18 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-17 10:18 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-17 10:05 61,184 -ra------ C:\WINDOWS\system32\drivers\mv614x.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 17:44 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-05 17:34 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-04 19:57 -------- d-------- C:\Program Files\Common Files
2006-10-02 19:18 -------- d-------- C:\Documents and Settings\Scott\Application Data\TrojanHunter
2006-10-02 18:42 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-02 18:39 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 18:38 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-10-01 21:53 -------- d-------- C:\Program Files\CleanUp!
2006-10-01 17:00 -------- d-------- C:\Program Files\DVD Shrink
2006-10-01 16:59 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-01 16:28 -------- d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
2006-10-01 09:58 -------- d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2006-09-25 18:11 -------- d-------- C:\Documents and Settings\Scott\Application Data\ICAClient
2006-09-25 18:02 -------- d-------- C:\Program Files\Citrix
2006-09-23 10:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-23 09:57 -------- d-------- C:\Program Files\LucasArts
2006-09-22 22:09 -------- d-------- C:\Program Files\PopCap Games
2006-09-22 21:17 -------- d-------- C:\Program Files\Lavasoft
2006-09-22 18:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-22 18:16 -------- d-------- C:\Program Files\Adobe
2006-09-21 17:01 -------- d-------- C:\Program Files\@Last Software
2006-09-21 14:05 -------- d-------- C:\Documents and Settings\Scott\Application Data\Sun
2006-09-21 10:38 -------- d-------- C:\Documents and Settings\Scott\Application Data\AdobeUM
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\System
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-21 06:55 -------- d-------- C:\Program Files\Microsoft Office
2006-09-21 06:55 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-21 06:55 -------- d-------- C:\Documents and Settings\Scott\Application Data\Microsoft Web Folders
2006-09-21 06:53 -------- d-------- C:\Program Files\Java
2006-09-21 06:52 -------- d-------- C:\Program Files\LimeWire Acceleration Patch
2006-09-20 21:37 -------- d-------- C:\Documents and Settings\Scott\Application Data\Lavasoft
2006-09-20 19:22 -------- d-------- C:\Documents and Settings\Scott\Application Data\Autodesk
2006-09-20 19:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 19:16 -------- d-------- C:\Program Files\Autodesk
2006-09-20 19:15 -------- d-------- C:\Program Files\AutoCAD 2005
2006-09-20 19:15 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-09-19 22:01 -------- d-------- C:\Program Files\LimeWire
2006-09-19 21:59 -------- d-------- C:\Program Files\Common Files\Java
2006-09-19 21:42 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-19 21:18 -------- d-------- C:\Program Files\WinRAR
2006-09-19 21:18 -------- d-------- C:\Documents and Settings\Scott\Application Data\Help
2006-09-19 21:02 -------- d-------- C:\Documents and Settings\Scott\Application Data\Macromedia
2006-09-19 20:25 -------- d-------- C:\Documents and Settings\Scott\Application Data\Mozilla
2006-09-19 10:30 -------- d-------- C:\Program Files\Trend Micro
2006-09-17 18:02 -------- d-------- C:\Program Files\Common Files\Nero
2006-09-17 17:57 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-17 17:57 -------- d-------- C:\Program Files\Ahead
2006-09-17 17:48 -------- d-------- C:\Program Files\Windows Media Player
2006-09-17 17:39 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 17:38 -------- d-------- C:\Program Files\Messenger
2006-09-17 16:55 -------- d-------- C:\Program Files\Attansic
2006-09-17 16:43 -------- d-------- C:\Program Files\Realtek
2006-09-17 16:43 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-17 16:38 -------- d-------- C:\Program Files\VIA
2006-09-17 16:36 -------- d-------- C:\Documents and Settings\Scott\Application Data\Identities
2006-09-17 16:30 -------- d-------- C:\Program Files\xerox
2006-09-17 16:29 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-17 16:29 -------- d-------- C:\Program Files\NetMeeting
2006-09-17 16:29 -------- d-------- C:\Program Files\Common Files\Services
2006-09-17 16:28 -------- d-------- C:\Program Files\Movie Maker
2006-09-17 16:28 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-17 16:28 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-17 16:27 -------- d-------- C:\Program Files\Windows NT
2006-09-17 16:27 -------- d-------- C:\Program Files\Online Services
2006-09-17 16:27 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-17 16:27 -------- d-------- C:\Program Files\MSN
2006-09-17 10:18 62 --ahs---- C:\Documents and Settings\Scott\Application Data\desktop.ini
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Thu 10/05/2006 18:33:39.90
ComboFix.txt
ComboFix2.txt

And here is a new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:37:06 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\nwsgaaci.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1158533964219
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


And here is VundoFix.txt:


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 5:45:31 PM 10/3/2006

Listing files found while scanning....

C:\WINDOWS\system32\hkghknih.dll
C:\WINDOWS\system32\qomklkk.dll
C:\WINDOWS\system32\winhoo32.dll
C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}\services.dll
C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}\services.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hkghknih.dll
C:\WINDOWS\system32\hkghknih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomklkk.dll
C:\WINDOWS\system32\qomklkk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\winhoo32.dll
C:\WINDOWS\system32\winhoo32.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}\services.dll
C:\Program Files\Common Files\{50FAC5EE-0896-1033-0524-060124060001}\services.dll Has been deleted!

Attempting to delete C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}\services.dll
C:\Program Files\Common Files\{50FAC5EE-0897-1033-0524-060124060001}\services.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 5:55:34 PM 10/3/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 6:55:20 PM 10/4/2006

Listing files found while scanning....

No infected files were found.


VundoFix V6.1.6

Checking Java version...

Java version is 1.5.0.3

Java version is 1.5.0.6

Scan started at 5:36:18 PM 10/5/2006

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\system32\gmblsqiv.exe
C:\WINDOWS\system32\gmblsqiv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nwsgaaci.dll
C:\WINDOWS\system32\nwsgaaci.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jqjwfmtq.dll
C:\WINDOWS\system32\jqjwfmtq.dll Has been deleted!

Performing Repairs to the registry.
Done!


Thanks!
Scott
  • 0

#10
Wizard
Posted 05 October 2006 - 06:59 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets see what the F-Secure scan says and go from there.
  • 0

Advertisements

#11
cromulentone
Posted 05 October 2006 - 08:10 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

I ran the f-secure scan, and it found 2 files to be cleaned. I clicked to clean, and it froze up after cleaning one file (apologies, but I neglected to save a report). I ran the scan again and found 1 file. Below is the report from that scan.

Thanks!
Scott


Scanning Report
Thursday, October 05, 2006 19:43:39 - 20:07:17
Computer name: ALLEN-80C05617F
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 18341
System: 3846
Not scanned: 2
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-05
F-Secure Libra: 2.4.1, 2006-10-05
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Orion: 1.2.37, 2006-10-03
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 0259-24-212
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#12
Wizard
Posted 06 October 2006 - 03:00 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Dont worry about F-Secure,that happens sometimes when cleaning.


Scan fresh with Combo Fix and lets see where we are at?
  • 0

#13
cromulentone
Posted 06 October 2006 - 05:30 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is a fresh ComboFix log:

Scott - 06-10-06 17:29:06.96 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Scott\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-06 to 2006-10-06 ))))))))))))))))))))))))))))))))))


2006-10-04 19:30 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-10-04 19:30 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-10-04 19:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-10-04 19:30 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-10-03 17:41 823,560 ---hs---- C:\WINDOWS\system32\vvvwa.bak2
2006-10-01 22:03 836,440 ---hs---- C:\WINDOWS\system32\vvvwa.bak1
2006-09-22 21:50 34,528 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-09-21 17:01 339,968 --a------ C:\WINDOWS\system32\mpiwin32.dll
2006-09-21 17:01 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2006-09-20 20:12 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-09-19 22:01 61,440 --a------ C:\WINDOWS\system32\packet.dll
2006-09-19 19:56 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-09-19 19:55 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-09-19 19:55 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-09-19 19:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-19 19:55 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-09-19 10:18 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-09-19 10:18 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-09-17 17:57 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-17 17:57 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-17 17:57 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-17 17:57 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-17 17:57 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-17 17:57 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-17 17:00 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-17 16:55 31,104 -ra------ C:\WINDOWS\system32\drivers\atl01_xp.sys
2006-09-17 16:44 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-17 16:44 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-09-17 16:44 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-17 16:44 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-09-17 16:44 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-17 16:44 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-09-17 16:44 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-17 16:44 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-09-17 16:44 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2006-09-17 16:44 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-09-17 16:44 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-17 16:44 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-17 16:44 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-09-17 16:44 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-09-17 16:44 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2006-09-17 16:43 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2006-09-17 16:43 86,016 -r------- C:\WINDOWS\SoundMan.exe
2006-09-17 16:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2006-09-17 16:43 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2006-09-17 16:43 4,262,912 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2006-09-17 16:43 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2006-09-17 16:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-09-17 16:43 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2006-09-17 16:43 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2006-09-17 16:43 16,143,872 -r------- C:\WINDOWS\RTHDCPL.exe
2006-09-17 16:38 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2006-09-17 16:38 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2006-09-17 16:30 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-17 16:30 0 -rahs---- C:\MSDOS.SYS
2006-09-17 16:30 0 -rahs---- C:\IO.SYS
2006-09-17 16:30 0 --a------ C:\CONFIG.SYS
2006-09-17 16:30 0 --a------ C:\AUTOEXEC.BAT
2006-09-17 16:29 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-17 16:29 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-17 16:29 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-17 16:28 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-17 16:28 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-17 16:28 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-17 16:28 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-17 16:28 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-17 16:28 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-17 16:28 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-17 16:28 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-17 16:28 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-17 16:28 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-17 16:28 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-17 16:28 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-17 16:28 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-17 16:28 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-17 16:28 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-17 16:28 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-17 16:28 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-17 16:28 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-17 16:28 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-17 16:28 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-17 16:28 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-17 16:28 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-17 16:28 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-17 16:28 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-17 16:28 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-17 16:28 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-17 16:28 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-17 16:28 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-09-17 16:28 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-17 16:28 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-17 16:28 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-17 16:28 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-17 16:28 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-17 16:28 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-17 16:28 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-17 16:28 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-17 16:28 128,896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-09-17 16:28 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-17 16:28 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-17 16:28 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-17 16:28 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-17 16:28 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-17 16:27 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-17 16:27 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-17 16:27 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-17 16:27 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-17 16:27 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-17 16:27 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-17 16:27 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-17 16:27 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-17 16:27 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-17 16:27 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-17 16:27 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-17 16:27 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-17 16:27 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-17 16:27 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-17 16:27 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-17 16:27 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-17 16:27 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-17 16:27 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-17 16:27 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-17 16:27 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-17 16:27 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-17 16:27 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-17 16:27 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-17 16:27 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-17 16:27 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-17 16:27 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-17 16:27 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-17 16:27 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-17 16:27 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-17 16:27 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-17 16:27 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-17 16:27 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-17 16:27 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-17 16:27 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-17 16:27 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-17 16:27 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-17 16:27 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-17 16:27 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-17 16:27 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-17 16:27 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-17 16:27 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-17 16:27 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-17 16:27 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-17 16:27 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-17 16:27 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-17 16:27 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-17 16:27 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-17 16:27 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-17 16:27 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-17 16:27 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-17 16:27 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-17 16:27 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-17 16:27 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-17 16:27 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-17 16:27 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-17 16:27 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-17 16:27 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-17 16:27 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-17 16:27 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-17 16:27 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-17 16:27 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-17 16:27 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-17 16:27 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-17 16:27 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-17 16:27 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-17 16:27 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-17 16:27 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-17 16:27 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-17 16:27 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-17 16:27 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-17 16:27 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-17 16:27 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-17 16:27 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-17 16:27 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-17 16:27 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-17 16:27 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-17 16:27 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-17 16:27 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-17 16:27 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-17 16:27 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-17 16:27 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-17 16:27 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-17 10:24 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-17 10:24 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-17 10:19 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-09-17 10:18 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-09-17 10:18 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-09-17 10:18 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-09-17 10:18 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-17 10:18 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-09-17 10:18 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-09-17 10:18 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-09-17 10:18 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-09-17 10:18 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-09-17 10:18 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-17 10:18 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-17 10:18 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-09-17 10:18 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-17 10:18 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-17 10:18 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-09-17 10:05 61,184 -ra------ C:\WINDOWS\system32\drivers\mv614x.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-06 17:27 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-06 09:49 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-10-04 19:57 -------- d-------- C:\Program Files\Common Files
2006-10-02 19:18 -------- d-------- C:\Documents and Settings\Scott\Application Data\TrojanHunter
2006-10-02 18:42 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-02 18:39 -------- d-------- C:\Program Files\Internet Explorer
2006-10-02 18:38 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2006-10-01 21:53 -------- d-------- C:\Program Files\CleanUp!
2006-10-01 17:00 -------- d-------- C:\Program Files\DVD Shrink
2006-10-01 16:59 -------- d-------- C:\Program Files\DVD Decrypter
2006-10-01 16:28 -------- d---s---- C:\Documents and Settings\Scott\Application Data\Microsoft
2006-10-01 09:58 -------- d-------- C:\Documents and Settings\Scott\Application Data\Adobe
2006-09-25 18:11 -------- d-------- C:\Documents and Settings\Scott\Application Data\ICAClient
2006-09-25 18:02 -------- d-------- C:\Program Files\Citrix
2006-09-23 10:02 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-23 09:57 -------- d-------- C:\Program Files\LucasArts
2006-09-22 22:09 -------- d-------- C:\Program Files\PopCap Games
2006-09-22 21:17 -------- d-------- C:\Program Files\Lavasoft
2006-09-22 18:16 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-22 18:16 -------- d-------- C:\Program Files\Adobe
2006-09-21 17:01 -------- d-------- C:\Program Files\@Last Software
2006-09-21 14:05 -------- d-------- C:\Documents and Settings\Scott\Application Data\Sun
2006-09-21 10:38 -------- d-------- C:\Documents and Settings\Scott\Application Data\AdobeUM
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\System
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-21 06:57 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-21 06:55 -------- d-------- C:\Program Files\Microsoft Office
2006-09-21 06:55 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-21 06:55 -------- d-------- C:\Documents and Settings\Scott\Application Data\Microsoft Web Folders
2006-09-21 06:53 -------- d-------- C:\Program Files\Java
2006-09-21 06:52 -------- d-------- C:\Program Files\LimeWire Acceleration Patch
2006-09-20 21:37 -------- d-------- C:\Documents and Settings\Scott\Application Data\Lavasoft
2006-09-20 19:22 -------- d-------- C:\Documents and Settings\Scott\Application Data\Autodesk
2006-09-20 19:16 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-20 19:16 -------- d-------- C:\Program Files\Autodesk
2006-09-20 19:15 -------- d-------- C:\Program Files\AutoCAD 2005
2006-09-20 19:15 -------- d-------- C:\Program Files\AnswerWorks 4.0
2006-09-19 22:01 -------- d-------- C:\Program Files\LimeWire
2006-09-19 21:59 -------- d-------- C:\Program Files\Common Files\Java
2006-09-19 21:42 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-19 21:18 -------- d-------- C:\Program Files\WinRAR
2006-09-19 21:18 -------- d-------- C:\Documents and Settings\Scott\Application Data\Help
2006-09-19 21:02 -------- d-------- C:\Documents and Settings\Scott\Application Data\Macromedia
2006-09-19 20:25 -------- d-------- C:\Documents and Settings\Scott\Application Data\Mozilla
2006-09-19 10:30 -------- d-------- C:\Program Files\Trend Micro
2006-09-17 18:02 -------- d-------- C:\Program Files\Common Files\Nero
2006-09-17 17:57 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-17 17:57 -------- d-------- C:\Program Files\Ahead
2006-09-17 17:48 -------- d-------- C:\Program Files\Windows Media Player
2006-09-17 17:39 -------- d-------- C:\Program Files\Outlook Express
2006-09-17 17:38 -------- d-------- C:\Program Files\Messenger
2006-09-17 16:55 -------- d-------- C:\Program Files\Attansic
2006-09-17 16:43 -------- d-------- C:\Program Files\Realtek
2006-09-17 16:43 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-17 16:38 -------- d-------- C:\Program Files\VIA
2006-09-17 16:36 -------- d-------- C:\Documents and Settings\Scott\Application Data\Identities
2006-09-17 16:30 -------- d-------- C:\Program Files\xerox
2006-09-17 16:29 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-17 16:29 -------- d-------- C:\Program Files\NetMeeting
2006-09-17 16:29 -------- d-------- C:\Program Files\Common Files\Services
2006-09-17 16:28 -------- d-------- C:\Program Files\Movie Maker
2006-09-17 16:28 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-17 16:28 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-17 16:27 -------- d-------- C:\Program Files\Windows NT
2006-09-17 16:27 -------- d-------- C:\Program Files\Online Services
2006-09-17 16:27 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-17 16:27 -------- d-------- C:\Program Files\MSN
2006-09-17 10:18 62 --ahs---- C:\Documents and Settings\Scott\Application Data\desktop.ini
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-17 10:18 -------- d-------- C:\Program Files\Common Files\ODBC
2006-09-06 20:27 31248 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2006-09-06 20:27 197648 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2006-09-06 20:09 1051456 --a------ C:\WINDOWS\system32\drivers\VsapiNT.sys
2006-07-21 02:24 72704 --a------ C:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2005\\pccguide.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
@=""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Fri 10/06/2006 17:29:30.40
ComboFix.txt
ComboFix2.txt
ComboFix3.txt
  • 0

#14
Wizard
Posted 06 October 2006 - 06:37 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Go to the Site Below
http://www.billsway.com/vbspage/

Scroll down the page and locate the "Registry Search Tool"

Click the icon below the magnifying glass to download "RegSrch.zip"

Once downloaded,Right Click the Zip Folder and select "Extract All"

Double click on RegSrch.vbs

If you get a warning from your Anti Virus please ignore it and allow this to run.

When it starts, you will be prompted to enter a search phrase.


Enter D3B3C51E-8D11-4667-85B9-0930F519BED7 for a search of the registry and post the resulting log please.
  • 0

#15
cromulentone
Posted 06 October 2006 - 09:57 PM

cromulentone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

Here is my RegSrch Log:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "D3B3C51E-8D11-4667-85B9-0930F519BED7" 10/6/2006 9:56:25 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_USERS\S-1-5-21-1220945662-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{D3B3C51E-8D11-4667-85B9-0930F519BED7} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\

Thanks!
Scott
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP