Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

jkxcnuoc.exe? [RESOLVED]


  • This topic is locked This topic is locked

#31
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Deckard's System Scanner v20071014.68
Run by Van on 2008-01-14 00:36:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
9: 2008-01-14 08:36:39 UTC - RP55 - Deckard's System Scanner Restore Point
8: 2008-01-14 03:19:23 UTC - RP54 - Installed SimCity™ Societies
7: 2008-01-14 03:18:57 UTC - RP53 - Installed Microsoft Visual C++ 2005 Redistributable
6: 2008-01-14 00:40:34 UTC - RP52 - Last known good configuration
5: 2008-01-14 00:40:31 UTC - RP51 - Last known good configuration


-- First Restore Point --
1: 2008-01-14 00:40:30 UTC - RP47 - GTG


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Van.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:19 AM, on 1/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AIM\aim .exe
C:\Program Files\DAEMON Tools Lite\daemon .exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Winamp\winamp .exe
C:\Documents and Settings\Van\Desktop\dss.exe
C:\DOCUME~1\Van\Desktop\Van.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqrr.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7860AFE9-FBA2-49F3-99B0-9066AFC1D10E} - C:\WINDOWS\system32\ssqrr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim .exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198621337000
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: qnhmhttd - qnhmhttd.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4083 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\van\locals~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 MSControlService (Microsoft cache control) - c:\windows\system32\windows (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00\9205291&0
Manufacturer: (Standard disk drives)
Name: Generic USB SD Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00\9205291&0
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01\9205291&1
Manufacturer: (Standard disk drives)
Name: Generic USB CF Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01\9205291&1
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02\9205291&2
Manufacturer: (Standard disk drives)
Name: Generic USB SM Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02\9205291&2
Service: disk

Class GUID: {4D36E967-E325-11CE-BFC1-08002BE10318}
Description: Disk drive
Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03\9205291&3
Manufacturer: (Standard disk drives)
Name: Generic USB MS Reader USB Device
PNP Device ID: USBSTOR\DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03\9205291&3
Service: disk

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_2A22103C&REV_01\4&1AF1648C&0&40F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_2A22103C&REV_01\4&1AF1648C&0&40F0
Service:


-- Files created between 2007-12-14 and 2008-01-14 -----------------------------

2008-01-14 00:34:14 155648 --a------ C:\WINDOWS\system32\NeroCheck .exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-14 00:31:52 0 d-------- C:\Program Files\Blaze Media Pro
2008-01-14 00:31:41 0 d-------- C:\Documents and Settings\All Users\Application Data\{0727B42B-1697-465F-8CDC-53A1EA7110EB}
2008-01-13 19:20:02 0 d-------- C:\Program Files\Electronic Arts
2008-01-13 16:40:21 348160 --a------ C:\WINDOWS\system32\ssqrr.exe
2008-01-13 16:40:20 6636 --ahs---- C:\WINDOWS\system32\rrqss.ini2
2008-01-13 16:40:17 344576 -----n--- C:\WINDOWS\system32\ssqrr.dll
2008-01-13 12:24:11 504832 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-13 01:22:12 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-01-12 14:32:07 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 14:31:50 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 14:31:50 0 d-------- C:\Documents and Settings\Van\Application Data\SUPERAntiSpyware.com
2008-01-11 14:23:09 0 d-------- C:\Documents and Settings\Van\Application Data\Ahead
2008-01-11 14:22:22 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2008-01-11 14:22:21 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-01-11 14:22:21 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-01-11 14:22:21 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-01-11 14:22:20 0 d-------- C:\Program Files\Common Files\Ahead
2008-01-11 14:22:14 0 d-------- C:\Program Files\Ahead
2008-01-09 00:03:27 0 d-------- C:\My Downloads
2008-01-09 00:02:43 0 d-------- C:\Program Files\BearShare
2008-01-05 01:44:29 0 d-------- C:\Documents and Settings\Van\Application Data\Help
2008-01-04 19:37:29 0 d-------- C:\Program Files\MemTurbo30
2008-01-04 19:13:35 0 --a------ C:\WINDOWS\system32\WowDone.dat
2008-01-04 19:13:34 30 --a------ C:\WINDOWS\system32\BHOFix.dat
2008-01-04 19:13:33 403 --a------ C:\WINDOWS\system32\drev.dat
2008-01-04 19:13:30 455 --a------ C:\WINDOWS\system32\temp02
2008-01-04 19:13:30 455 --a------ C:\WINDOWS\system32\temp00
2008-01-04 19:13:27 4 --a------ C:\WINDOWS\system32\SvcTarget.dat
2008-01-04 19:13:25 8192 --a------ C:\WINDOWS\system32\cfdummy
2008-01-04 19:13:24 20 --a------ C:\WINDOWS\system32\CCS.bat
2008-01-04 19:13:24 0 d-------- C:\Registry_backups
2008-01-04 19:13:12 49 --a------ C:\WINDOWS\system32\RenVMove.dat
2008-01-04 19:13:11 482 --a------ C:\WINDOWS\system32\RenVDel.dat
2008-01-04 19:13:09 0 --a------ C:\WINDOWS\system32\v-tmp.dat
2008-01-04 19:13:09 0 --a------ C:\WINDOWS\system32\BHO.dat
2008-01-04 19:13:08 12 --a------ C:\WINDOWS\system32\erunt.dat
2008-01-04 19:13:04 2490 --a------ C:\WINDOWS\system32\v_str.dat
2008-01-04 19:13:03 886 --a------ C:\WINDOWS\system32\v_wht.dat
2008-01-04 19:13:03 906 --a------ C:\WINDOWS\system32\v_sz.dat
2008-01-04 19:13:03 0 --a------ C:\WINDOWS\system32\fBoot.dat
2008-01-04 19:13:03 40 --a------ C:\WINDOWS\system32\d-del2AA.dat
2008-01-04 19:13:03 61 --a------ C:\WINDOWS\system32\catch_kB.dat
2008-01-04 19:13:03 7246 --a------ C:\WINDOWS\system32\catch_k.dat
2008-01-04 19:13:03 137 --a------ C:\WINDOWS\system32\auxx.bat
2008-01-04 19:13:01 1612 --a------ C:\WINDOWS\system32\errdbg.dat
2008-01-04 19:13:01 7030 --a------ C:\WINDOWS\system32\creg.dat
2008-01-04 19:12:58 391 --a------ C:\WINDOWS\system32\d-delA.dat
2008-01-04 19:12:56 0 --a------ C:\WINDOWS\system32\V-FilesB.dat
2008-01-02 22:10:03 0 d-------- C:\Program Files\Power MP3 WMA Converter
2008-01-02 01:55:58 0 d-------- C:\Temp
2007-12-31 03:37:13 0 dr-h----- C:\Documents and Settings\Van\Application Data\SecuROM
2007-12-31 03:29:24 0 d-------- C:\Program Files\Flagship Studios
2007-12-31 02:42:46 0 d-------- C:\Documents and Settings\Van\Application Data\Syntrillium
2007-12-31 02:41:16 0 d-------- C:\Program Files\coolpro2
2007-12-29 00:29:51 0 d-------- C:\Program Files\DivX
2007-12-28 01:46:15 0 d-------- C:\Documents and Settings\Van\Application Data\BearShare
2007-12-27 22:38:17 0 d-------- C:\Program Files\Sega
2007-12-27 22:29:58 0 d-------- C:\WINDOWS\system32\xlive
2007-12-27 22:14:53 0 d-------- C:\Documents and Settings\Van\Application Data\DAEMON Tools
2007-12-27 22:12:49 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-26 23:33:33 0 d-------- C:\nvram
2007-12-26 23:33:33 0 d-------- C:\cfg
2007-12-26 15:55:27 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-26 14:44:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 14:43:34 0 d-------- C:\Program Files\Lavasoft
2007-12-26 14:43:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 14:08:27 0 d-------- C:\Program Files\Bonjour
2007-12-26 14:03:38 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-26 11:58:02 0 d-------- C:\Program Files\Stardock
2007-12-25 18:47:40 0 d-------- C:\Documents and Settings\Van\Application Data\Media Player Classic
2007-12-25 18:44:28 0 d-------- C:\Program Files\Real Alternative
2007-12-25 18:44:28 0 d-------- C:\Documents and Settings\Van\Application Data\Real
2007-12-25 18:44:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-12-25 18:43:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 18:42:55 0 d-------- C:\Program Files\QuickTime Alternative
2007-12-25 18:42:38 0 d-------- C:\Program Files\Xvid
2007-12-25 18:39:40 164352 --a------ C:\WINDOWS\system32\unrar.dll
2007-12-25 18:39:38 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-12-25 18:39:38 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-12-25 18:39:37 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-12-25 18:39:37 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-12-25 18:39:37 564224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-12-25 18:39:37 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-12-25 18:39:37 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-12-25 18:39:37 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-12-25 18:39:36 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-25 18:39:36 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-25 18:39:36 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-25 18:39:35 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-25 18:39:33 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 15:37:00 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-25 15:28:30 0 d-------- C:\Program Files\World of Warcraft
2007-12-25 15:20:26 0 d-------- C:\Documents and Settings\Van\Application Data\Ventrilo
2007-12-25 15:16:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-25 15:16:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-25 15:13:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-12-25 15:11:48 0 d-------- C:\Documents and Settings\Van\Application Data\.BitTornado
2007-12-25 15:11:43 0 d-------- C:\Program Files\BitTornado
2007-12-25 14:57:21 0 d-------- C:\WINDOWS\RegisteredPackages
2007-12-25 14:56:43 0 d-------- C:\Program Files\Winamp
2007-12-25 14:56:43 0 d-------- C:\Documents and Settings\Van\Application Data\Winamp
2007-12-25 14:55:49 0 d-------- C:\Program Files\Ventrilo
2007-12-25 14:55:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-25 14:52:58 0 d-------- C:\WINDOWS\system32\RTCOM
2007-12-25 14:52:46 520192 --a------ C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-12-25 14:52:46 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-12-25 14:46:35 0 d-------- C:\WINDOWS\system32\Lang
2007-12-25 14:39:32 0 d-------- C:\WINDOWS\Downloaded Installations
2007-12-25 14:39:27 0 d-------- C:\Documents and Settings\Van\Application Data\WinRAR
2007-12-25 14:25:29 0 d-------- C:\WINDOWS\system32\PreInstall
2007-12-25 14:25:27 0 d--h----- C:\WINDOWS\$hf_mig$
2007-12-25 14:22:38 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-12-25 14:22:11 0 d---s---- C:\Documents and Settings\Van\UserData
2007-12-25 14:20:02 0 d-------- C:\Documents and Settings\Van\Application Data\Aim
2007-12-25 14:20:01 0 d-------- C:\Program Files\AWS
2007-12-25 14:19:58 0 d-------- C:\Program Files\Viewpoint
2007-12-25 14:19:58 0 d-------- C:\Program Files\AOD
2007-12-25 14:19:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 14:19:57 0 d-------- C:\Program Files\AIM
2007-12-25 14:15:44 0 d-------- C:\WINDOWS\nview
2007-12-25 14:15:27 0 d-------- C:\NVIDIA
2007-12-25 14:14:03 0 d-------- C:\Documents and Settings\Van\Application Data\Macromedia
2007-12-25 14:14:03 0 d-------- C:\Documents and Settings\Van\Application Data\Adobe
2007-12-25 14:13:32 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-12-25 14:13:31 0 d-------- C:\Program Files\Intel
2007-12-25 14:11:41 0 d-------- C:\Program Files\Realtek
2007-12-25 14:11:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-25 14:11:37 0 d-------- C:\Program Files\Common Files\InstallShield
2007-12-25 14:09:55 0 d-------- C:\Documents and Settings\Van\Application Data\Avant Profiles
2007-12-25 14:09:52 0 d-------- C:\Program Files\Avant Browser
2007-12-25 14:08:40 0 d-------- C:\Documents and Settings\Van\Application Data\Identities
2007-12-25 14:08:32 0 d--h----- C:\Documents and Settings\Van\Templates <TEMPLA~1>
2007-12-25 14:08:32 0 dr------- C:\Documents and Settings\Van\Start Menu <STARTM~1>
2007-12-25 14:08:32 0 dr-h----- C:\Documents and Settings\Van\SendTo
2007-12-25 14:08:32 0 dr-h----- C:\Documents and Settings\Van\Recent
2007-12-25 14:08:32 0 d--h----- C:\Documents and Settings\Van\PrintHood <PRINTH~1>
2007-12-25 14:08:32 3407872 --ah----- C:\Documents and Settings\Van\NTUSER.DAT
2007-12-25 14:08:32 0 d--h----- C:\Documents and Settings\Van\NetHood
2007-12-25 14:08:32 0 d-------- C:\Documents and Settings\Van\My Documents <MYDOCU~1>
2007-12-25 14:08:32 0 d--h----- C:\Documents and Settings\Van\Local Settings <LOCALS~1>
2007-12-25 14:08:32 0 dr------- C:\Documents and Settings\Van\Favorites <FAVORI~1>
2007-12-25 14:08:32 0 d-------- C:\Documents and Settings\Van\Desktop
2007-12-25 14:08:32 0 d---s---- C:\Documents and Settings\Van\Cookies
2007-12-25 14:08:32 0 dr-h----- C:\Documents and Settings\Van\Application Data <APPLIC~1>
2007-12-25 14:07:48 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-12-25 14:07:36 0 d-------- C:\WINDOWS\Prefetch
2007-12-25 14:07:35 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-12-25 14:07:35 1572864 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-12-25 14:07:35 0 d--h----- C:\Documents and Settings\LocalService\Local Settings <LOCALS~1>
2007-12-25 14:07:35 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-12-25 14:07:35 0 d-------- C:\Documents and Settings\LocalService\Application Data <APPLIC~1>
2007-12-25 14:07:35 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-12-25 14:07:07 1572864 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-12-25 14:07:07 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings <LOCALS~1>
2007-12-25 14:07:07 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-12-25 14:07:07 0 d-------- C:\Documents and Settings\NetworkService\Application Data <APPLIC~1>
2007-12-25 14:07:07 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-12-25 14:04:28 0 d-------- C:\WINDOWS\system32\xircom
2007-12-25 14:04:28 0 d-------- C:\Program Files\microsoft frontpage
2007-12-25 14:04:19 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-12-25 14:04:12 0 -rahs---- C:\MSDOS.SYS
2007-12-25 14:04:12 0 -rahs---- C:\IO.SYS
2007-12-25 14:04:12 0 --a------ C:\CONFIG.SYS
2007-12-25 14:04:12 0 --a------ C:\AUTOEXEC.BAT
2007-12-25 14:03:11 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-25 14:03:03 0 dr------- C:\WINDOWS\Offline Web Pages
2007-12-25 14:03:02 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-12-25 14:02:53 0 d--h----- C:\Program Files\WindowsUpdate
2007-12-25 14:02:35 0 d-------- C:\WINDOWS\system32\DirectX
2007-12-25 14:02:02 0 d---s---- C:\WINDOWS\Tasks
2007-12-25 14:02:01 0 d-------- C:\Program Files\Common Files\MSSoap
2007-12-25 14:01:57 0 d-------- C:\WINDOWS\srchasst
2007-12-25 14:01:56 0 d-------- C:\WINDOWS\system32\Macromed
2007-12-25 14:01:49 0 d-------- C:\Program Files\Movie Maker
2007-12-25 14:01:41 0 d-------- C:\WINDOWS\system32\Restore
2007-12-25 14:01:07 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-25 14:00:53 0 d-------- C:\WINDOWS\Registration
2007-12-25 14:00:47 0 d-------- C:\Program Files\Online Services
2007-12-25 14:00:42 0 d-------- C:\Program Files\Messenger
2007-12-25 14:00:39 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-25 14:00:01 0 d-------- C:\Program Files\Windows NT
2007-12-25 13:59:58 0 d-------- C:\WINDOWS\system32\MsDtc
2007-12-25 13:59:56 0 d-------- C:\WINDOWS\system32\Com
2007-12-25 05:48:50 0 d--hs---- C:\WINDOWS\Installer
2007-12-25 05:48:49 0 d-------- C:\Program Files\Common Files\ODBC
2007-12-25 05:48:46 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-12-25 05:48:45 0 dr------- C:\Program Files
2007-12-25 05:48:45 0 d-------- C:\Program Files\Common Files
2007-12-25 05:48:19 0 d--h----- C:\Documents and Settings\Default User\Templates <TEMPLA~1>
2007-12-25 05:48:19 0 dr------- C:\Documents and Settings\Default User\Start Menu <STARTM~1>
2007-12-25 05:48:19 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-12-25 05:48:19 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-12-25 05:48:19 0 d--h----- C:\Documents and Settings\Default User\PrintHood <PRINTH~1>
2007-12-25 05:48:19 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-12-25 05:48:19 0 d-------- C:\Documents and Settings\Default User\My Documents <MYDOCU~1>
2007-12-25 05:48:19 0 dr-h----- C:\Documents and Settings\Default User\Local Settings <LOCALS~1>
2007-12-25 05:48:19 0 d-------- C:\Documents and Settings\Default User\Favorites <FAVORI~1>
2007-12-25 05:48:19 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-12-25 05:48:19 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-12-25 05:48:19 0 d--h----- C:\Documents and Settings\All Users\Templates <TEMPLA~1>
2007-12-25 05:48:19 0 dr------- C:\Documents and Settings\All Users\Start Menu <STARTM~1>
2007-12-25 05:48:19 0 d-------- C:\Documents and Settings\All Users\Favorites <FAVORI~1>
2007-12-25 05:48:19 0 dr------- C:\Documents and Settings\All Users\Documents
2007-12-25 05:48:19 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-12-25 05:48:06 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-12-25 05:48:06 0 d-------- C:\WINDOWS\system32\CatRoot
2007-12-25 05:48:01 0 dr-h----- C:\Documents and Settings\Default User\Application Data <APPLIC~1>
2007-12-25 05:48:01 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-12-25 05:48:00 0 dr-h----- C:\Documents and Settings\All Users\Application Data <APPLIC~1>
2007-12-25 05:48:00 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-12-25 05:47:38 0 d--hs---- C:\System Volume Information
2007-12-25 05:47:38 0 d-------- C:\Documents and Settings
2007-12-25 05:41:32 0 d-------- C:\WINDOWS
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\WinSxS
2007-12-25 05:41:32 0 dr------- C:\WINDOWS\Web
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\twain_32
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\wins
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\wbem
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\usmt
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\spool
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\ShellExt
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\Setup
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\ras
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\oobe
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\npp
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\mui
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\inetsrv
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\IME
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\icsxml
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\ias
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\export
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\drivers
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-12-25 05:41:32 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\dhcp
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\config
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\3076
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\2052
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1054
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1042
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1041
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1037
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1033
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1031
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1028
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system32\1025
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\system
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\security
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Resources
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\repair
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Provisioning
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\PeerNet
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\pchealth
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\mui
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\msapps
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\msagent
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Media
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\java
2007-12-25 05:41:32 0 d--h----- C:\WINDOWS\inf
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\ime
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Help
2007-12-25 05:41:32 0 dr--s---- C:\WINDOWS\Fonts
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\ehome
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Driver Cache
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Debug
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Cursors
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Connection Wizard
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\Config
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\AppPatch
2007-12-25 05:41:32 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-01-10 10:28:34 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-12-25 05:48:19 62 --ahs---- C:\Documents and Settings\Van\Application Data\desktop.ini
2007-12-05 01:41:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-12-05 01:41:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 01:41:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-12-05 01:41:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-12-05 01:41:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 01:41:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-12-05 01:41:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7860AFE9-FBA2-49F3-99B0-9066AFC1D10E}]
01/13/2008 04:40 PM 344576 --------- C:\WINDOWS\system32\ssqrr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [01/10/2008 10:28 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"RTHDCPL"="RTHDCPL.EXE" [02/26/2007 03:03 PM C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/14/2008 12:34 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [01/14/2008 12:34 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [01/14/2008 12:34 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/14/2008 12:34 AM]

C:\Documents and Settings\Van\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\MemTurbo30\MemTurbo.exe [1/4/2008 7:37:30 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnhmhttd]
qnhmhttd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 12/26/2007 12:13 PM 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrr

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f9493c-c17e-11dc-be8f-004033e33c2b}]
AutoRun\command- F:\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-01-14 00:38:14 ------------
  • 0

Advertisements


#32
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.40GHz
CPU 1: Intel® Pentium® 4 CPU 3.40GHz
Percentage of Memory in Use: 21%
Physical Memory (total/avail): 2046.41 MiB / 1608.95 MiB
Pagefile Memory (total/avail): 1896.4 MiB / 1606.11 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.21 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 186.59 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is CDROM (UDF)
J: is Fixed (NTFS) - 149.05 GiB total, 1.43 GiB free.
K: is Fixed (NTFS) - 232.88 GiB total, 79.79 GiB free.

\\.\PHYSICALDRIVE0 - WDC WD2500JS-08NCB1 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:

\\.\PHYSICALDRIVE2 - SAMSUNG SP2514N USB Device - 232.88 GiB - 1 partition
\PARTITION0 - Installable File System - 232.88 GiB - K:

\\.\PHYSICALDRIVE1 - USB-HS WDC WD1600BB-56G USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - J:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Van\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=K0RR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HellgateEnv=C:\Program Files\Flagship Studios\Hellgate London\
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Van
LOGONSERVER=\\K0RR
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Van\LOCALS~1\Temp
TMP=C:\DOCUME~1\Van\LOCALS~1\Temp
USERDOMAIN=K0RR
USERNAME=Van
USERPROFILE=C:\Documents and Settings\Van
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Van (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Avant Browser (remove only) --> "C:\Program Files\Avant Browser\uninst.exe"
BearShare --> C:\PROGRA~1\BEARSH~2\UNWISE.EXE C:\PROGRA~1\BEARSH~2\INSTALL.LOG
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Blaze Media Pro --> "C:\Documents and Settings\All Users\Application Data\{0727B42B-1697-465F-8CDC-53A1EA7110EB}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
DeadAIM --> MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Hellgate: London --> MsiExec.exe /X{A2B4455D-1046-4732-BFBC-0821BEFC07BC}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Van\Desktop\HijackThis.exe" /uninstall
K-Lite Codec Pack 3.6.2 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
MemTurbo 3.0 --> C:\PROGRA~1\MEMTUR~1\UNWISE.EXE C:\PROGRA~1\MEMTUR~1\INSTALL.LOG
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power MP3 WMA Converter 2008, (ver 4.0) --> "C:\Program Files\Power MP3 WMA Converter\unins000.exe"
QuickTime Alternative 2.2.0 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.7.5 --> "C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Universe at War Earth Assault --> "C:\Program Files\InstallShield Installation Information\{D4658131-9D1A-4395-876D-968E38FE8ED5}\setup.exe" -runfromtemp -l0x0409 -removeonly
Universe at War Earth Assault --> MsiExec.exe /X{D4658131-9D1A-4395-876D-968E38FE8ED5}
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type254 / Success
Event Submitted/Written: 01/13/2008 01:33:03 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Services, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Event Record #/Type252 / Success
Event Submitted/Written: 01/13/2008 01:33:00 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Event Record #/Type250 / Success
Event Submitted/Written: 01/13/2008 01:32:58 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Event Record #/Type248 / Success
Event Submitted/Written: 01/13/2008 01:32:54 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a

Event Record #/Type246 / Success
Event Submitted/Written: 01/13/2008 01:32:35 AM
Event ID/Source: 1102 / .NET Runtime Optimization Service
Event Description:
.NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1430 / Warning
Event Submitted/Written: 01/14/2008 00:02:01 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type1410 / Error
Event Submitted/Written: 01/13/2008 01:37:19 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The combofix service failed to start due to the following error:
%%1053

Event Record #/Type1409 / Error
Event Submitted/Written: 01/13/2008 01:37:19 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the combofix service to connect.

Event Record #/Type1408 / Warning
Event Submitted/Written: 01/13/2008 01:27:33 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 004033E33C2B. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type1407 / Warning
Event Submitted/Written: 01/13/2008 01:26:27 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 004033E33C2B. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-01-14 00:38:14 ------------
  • 0

#33
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

  • 0

#34
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 08-01-05.1 - Van 2008-01-15 10:01:03.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1617 [GMT -8:00]
Running from: C:\Documents and Settings\Van\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos12.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos13.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos233.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos247.tmp
C:\pos248.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24C.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos252.tmp
C:\pos253.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25E.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos260.tmp
C:\pos261.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26A.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos26E.tmp
C:\pos26F.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27B.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos27E.tmp
C:\pos27F.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos288.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos298.tmp
C:\pos299.tmp
C:\pos29A.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A0.tmp
C:\pos2A1.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2AF.tmp
C:\pos2B.tmp
C:\pos2B0.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B6.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BC.tmp
C:\pos2BD.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C6.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CE.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos41.tmp
C:\pos42.tmp
C:\pos43.tmp
C:\pos44.tmp
C:\pos45.tmp
C:\pos46.tmp
C:\pos48.tmp
C:\pos49.tmp
C:\pos4A.tmp
C:\pos4B.tmp
C:\pos4C.tmp
C:\pos4D.tmp
C:\pos4E.tmp
C:\pos4F.tmp
C:\pos50.tmp
C:\pos51.tmp
C:\pos52.tmp
C:\pos53.tmp
C:\pos54.tmp
C:\pos55.tmp
C:\pos56.tmp
C:\pos57.tmp
C:\pos58.tmp
C:\pos59.tmp
C:\pos5A.tmp
C:\pos5B.tmp
C:\pos5C.tmp
C:\pos5D.tmp
C:\pos5E.tmp
C:\pos5F.tmp
C:\pos60.tmp
C:\pos61.tmp
C:\pos62.tmp
C:\pos63.tmp
C:\pos64.tmp
C:\pos65.tmp
C:\pos66.tmp
C:\pos67.tmp
C:\pos68.tmp
C:\pos69.tmp
C:\pos6A.tmp
C:\pos6B.tmp
C:\pos6C.tmp
C:\pos6D.tmp
C:\pos6E.tmp
C:\pos6F.tmp
C:\pos7.tmp
C:\pos70.tmp
C:\pos71.tmp
C:\pos72.tmp
C:\pos73.tmp
C:\pos74.tmp
C:\pos75.tmp
C:\pos76.tmp
C:\pos77.tmp
C:\pos78.tmp
C:\pos79.tmp
C:\pos7A.tmp
C:\pos7B.tmp
C:\pos7C.tmp
C:\pos7D.tmp
C:\pos7E.tmp
C:\pos7F.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos81.tmp
C:\pos82.tmp
C:\pos83.tmp
C:\pos84.tmp
C:\pos85.tmp
C:\pos86.tmp
C:\pos87.tmp
C:\pos88.tmp
C:\pos89.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos91.tmp
C:\pos92.tmp
C:\pos93.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAA.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\AIM\aim.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Winamp\winamp .exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ggtrmadh.dll
C:\WINDOWS\system32\ksrucvvs.dll
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\osusxjax.dll
C:\WINDOWS\system32\osusxjax.dllbox
C:\WINDOWS\system32\rgyalgrl.dll
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\rrqss.ini2
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\ssqrr.exe
C:\WINDOWS\system32\svvcursk.ini
C:\WINDOWS\system32\uvyyvgtv.exe

<pre>
"C:\Program Files\AIM\aim .exe" replaces infected copy of "C:\Program Files\AIM\aim.exe"
"C:\Program Files\DAEMON Tools Lite\daemon .exe" replaces infected copy of "C:\Program Files\DAEMON Tools Lite\daemon.exe"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe" replaces infected copy of "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"C:\Program Files\Winamp\winamp .exe" moved to QooBox
"C:\WINDOWS\system32\NeroCheck .exe" replaces infected copy of "C:\WINDOWS\system32\NeroCheck.exe"
</pre>
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))
.

2008-01-14 00:34 . 2008-01-15 09:58 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-14 00:31 . 2008-01-14 00:31 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-01-14 00:31 . 2008-01-14 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{0727B42B-1697-465F-8CDC-53A1EA7110EB}
2008-01-13 19:20 . 2008-01-13 19:20 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-13 19:20 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-13 01:22 . 2008-01-15 10:14 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-12 14:32 . 2008-01-12 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 14:31 . 2008-01-15 10:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 14:31 . 2008-01-12 14:31 <DIR> d-------- C:\Documents and Settings\Van\Application Data\SUPERAntiSpyware.com
2008-01-11 14:23 . 2008-01-11 14:23 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Ahead
2008-01-11 14:22 . 2008-01-11 14:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 14:22 . 2008-01-11 14:22 <DIR> d-------- C:\Program Files\Ahead
2008-01-11 14:22 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-01-11 14:22 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-01-11 14:22 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-01-11 14:22 . 2004-03-03 20:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-01-11 14:22 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-11 14:22 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-01-11 14:22 . 2004-03-03 20:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-01-09 00:03 . 2008-01-09 00:03 <DIR> d-------- C:\My Downloads
2008-01-09 00:02 . 2008-01-09 00:05 <DIR> d-------- C:\Program Files\BearShare
2008-01-08 19:44 . 2008-01-08 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 19:44 . 2008-01-08 19:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 16:25 . 2008-01-05 16:25 <DIR> d-------- C:\Deckard
2008-01-04 19:37 . 2008-01-04 19:37 <DIR> d-------- C:\Program Files\MemTurbo30
2008-01-04 19:12 . 2008-01-04 19:13 391 --a------ C:\WINDOWS\system32\d-delA.dat
2008-01-04 19:12 . 2008-01-04 19:12 0 --a------ C:\WINDOWS\system32\V-FilesB.dat
2008-01-04 17:40 . 2008-01-04 17:40 661,159 --a------ C:\catchme2008-01-04_190812.04.zip
2008-01-04 17:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 22:10 . 2008-01-04 16:32 <DIR> d-------- C:\Program Files\Power MP3 WMA Converter
2008-01-02 04:17 . 2008-01-04 17:30 403 --a------ C:\WINDOWS\wininit.ini
2008-01-02 01:55 . 2008-01-10 10:26 <DIR> d-------- C:\Temp
2007-12-31 18:29 . 2007-12-31 18:29 1 --a------ C:\WINDOWS\system32\DJ Doboy - Trancequility Megamix Volume 31.cue
2007-12-31 03:37 . 2007-12-31 03:37 <DIR> dr-h----- C:\Documents and Settings\Van\Application Data\SecuROM
2007-12-31 03:37 . 2007-12-31 03:37 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-31 03:29 . 2007-12-31 03:29 <DIR> d-------- C:\Program Files\Flagship Studios
2007-12-31 02:42 . 2007-12-31 02:42 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Syntrillium
2007-12-31 02:42 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-12-31 02:42 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-12-31 02:42 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-12-31 02:42 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-31 02:42 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2007-12-31 02:42 . 2007-12-31 02:42 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-31 02:41 . 2007-12-31 02:43 <DIR> d-------- C:\Program Files\coolpro2
2007-12-29 00:29 . 2007-12-29 00:29 <DIR> d-------- C:\Program Files\DivX
2007-12-28 01:46 . 2008-01-02 22:31 <DIR> d-------- C:\Documents and Settings\Van\Application Data\BearShare
2007-12-28 01:46 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-12-27 22:38 . 2007-12-27 22:38 <DIR> d-------- C:\Program Files\Sega
2007-12-27 22:30 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-27 22:30 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-27 22:30 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-27 22:30 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-27 22:30 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-27 22:29 . 2007-12-27 22:29 <DIR> d-------- C:\WINDOWS\system32\xlive
2007-12-27 22:29 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-27 22:29 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-27 22:29 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-27 22:29 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-12-27 22:14 . 2008-01-04 19:32 <DIR> d-------- C:\Documents and Settings\Van\Application Data\DAEMON Tools
2007-12-27 22:12 . 2007-12-27 22:12 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-26 23:33 . 2007-12-26 23:33 <DIR> d-------- C:\nvram
2007-12-26 15:55 . 2007-12-26 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-26 14:44 . 2007-12-26 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 14:43 . 2007-12-26 14:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-26 14:43 . 2007-12-26 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 14:08 . 2007-12-26 14:08 <DIR> d-------- C:\Program Files\Bonjour
2007-12-26 14:03 . 2007-12-26 14:03 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-26 11:58 . 2007-12-26 11:58 <DIR> d-------- C:\Program Files\Stardock
2007-12-26 11:46 . 2007-12-26 11:47 81 --------- C:\WINDOWS\WB.ini
2007-12-26 11:25 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-26 11:18 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-26 11:18 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-25 18:47 . 2007-12-25 18:47 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Media Player Classic
2007-12-25 18:44 . 2007-12-25 18:44 <DIR> d-------- C:\Program Files\Real Alternative
2007-12-25 18:43 . 2007-12-25 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 18:43 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-25 18:43 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-25 18:42 . 2007-12-25 18:42 <DIR> d-------- C:\Program Files\Xvid
2007-12-25 18:42 . 2007-12-25 18:43 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-25 18:42 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-25 18:39 . 2007-12-25 18:39 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 15:37 . 2007-12-25 15:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-25 15:28 . 2008-01-13 23:35 <DIR> d-------- C:\Program Files\World of Warcraft
2007-12-25 15:20 . 2007-12-25 15:21 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Ventrilo
2007-12-25 15:16 . 2007-12-26 16:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-25 15:11 . 2007-12-25 15:11 <DIR> d-------- C:\Program Files\BitTornado
2007-12-25 15:11 . 2007-12-25 15:11 <DIR> d-------- C:\Documents and Settings\Van\Application Data\.BitTornado
2007-12-25 13:59 . 2007-12-25 14:00 <DIR> d-------- C:\WINDOWS\system32\MsDtc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 18:14 --------- d-----w C:\Program Files\AIM
2008-01-15 18:12 --------- d-----w C:\Program Files\Winamp
2008-01-12 22:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-11 03:57 --------- d-----w C:\Program Files\AOD
2008-01-10 18:28 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-28 06:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 23:11 --------- d-----w C:\Documents and Settings\Van\Application Data\.BitTornado
2007-12-25 23:06 --------- d-----w C:\Documents and Settings\Van\Application Data\Winamp
2007-12-25 22:55 --------- d-----w C:\Program Files\Ventrilo
2007-12-25 22:52 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-25 22:52 --------- d-----w C:\Program Files\Realtek
2007-12-25 22:20 --------- d-----w C:\Program Files\AWS
2007-12-25 22:20 --------- d-----w C:\Documents and Settings\Van\Application Data\Aim
2007-12-25 22:19 --------- d-----w C:\Program Files\Viewpoint
2007-12-25 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 22:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 22:13 --------- d-----w C:\Program Files\Intel
2007-12-25 22:09 --------- d-----w C:\Program Files\Avant Browser
2007-12-25 22:09 --------- d-----w C:\Documents and Settings\Van\Application Data\Avant Profiles
2007-12-25 22:04 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-08 02:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-05 10:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 09:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 09:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 09:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 09:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 09:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 09:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 09:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 09:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 09:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 09:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 09:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 09:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 09:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 09:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 09:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 09:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 09:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 09:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 09:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 09:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 09:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 09:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 09:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 09:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 09:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 09:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 09:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 09:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 09:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-12-04 10:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-30 07:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-30 07:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-13_13.40.31.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-14 03:19:48 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-01-14 03:19:49 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-01-14 03:19:49 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-01-14 03:19:40 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:41 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:43 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:43 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:44 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:44 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:45 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:45 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:46 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:49 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-01-14 03:19:50 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-01-14 03:19:50 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-01-14 03:19:50 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-01-14 03:19:51 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-01-14 03:19:47 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-01-14 03:26:07 12,017,664 ----a-r C:\WINDOWS\Installer\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}\SimCitySocieties.exe
+ 2005-03-19 00:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2005-03-19 00:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
+ 2005-03-19 00:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll
+ 2004-09-29 20:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 00:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll
+ 2005-03-19 00:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll
+ 2005-03-19 00:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll
+ 2005-03-19 00:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll
+ 2005-03-19 00:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll
+ 2004-12-01 23:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-02-06 03:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-03-19 01:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-05-26 23:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-07-23 01:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-09-28 22:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll
+ 2005-12-06 01:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-02-03 15:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-03-31 19:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll
+ 2006-09-28 19:57:48 660,480 ----a-w C:\WINDOWS\system32\AdjMmsEng.dll
+ 2003-01-04 22:58:12 643,072 ----a-w C:\WINDOWS\system32\AppUpdate.dll
+ 2005-10-21 12:23:24 151,552 ----a-w C:\WINDOWS\system32\AVICreator.dll
+ 2005-02-22 15:37:48 589,824 ----a-w C:\WINDOWS\system32\CDDBControl.dll
+ 2005-02-22 15:36:50 765,952 ----a-w C:\WINDOWS\system32\CDDBUI.dll
+ 2005-10-15 02:10:24 65,536 ----a-w C:\WINDOWS\system32\comLyricGetter.dll
+ 2005-02-06 03:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll
+ 2005-03-19 01:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll
+ 2005-05-26 23:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll
+ 2005-07-23 03:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll
+ 2005-12-06 02:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll
+ 2006-02-03 16:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll
+ 2006-03-31 20:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll
+ 2006-09-29 00:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll
+ 2006-11-29 21:06:18 3,426,072 ----a-w C:\WINDOWS\system32\d3dx9_32.dll
+ 2006-09-21 14:36:34 155,648 ----a-w C:\WINDOWS\system32\DirectEncode.dll
+ 2006-05-31 21:40:18 167,936 ----a-w C:\WINDOWS\system32\DSKernel2.dll
+ 2006-09-21 14:33:08 237,568 ----a-w C:\WINDOWS\system32\erdmpg-5.2.dll
+ 2006-09-21 14:30:12 2,287,458 ----a-w C:\WINDOWS\system32\erdmpg-enc.dll
+ 2006-09-21 14:28:42 30,693 ----a-w C:\WINDOWS\system32\erdmpg-int.dll
+ 2006-09-21 14:30:24 268,242 ----a-w C:\WINDOWS\system32\erdmpg-parse.dll
+ 2001-08-23 21:00:00 1,700,352 ----a-w C:\WINDOWS\system32\gdiplus.dll
+ 2001-01-06 05:38:10 12,288 ----a-w C:\WINDOWS\system32\httperr.dll
+ 2005-11-05 23:34:50 145,408 ----a-w C:\WINDOWS\system32\Lame.exe
+ 2003-08-07 19:01:50 237,568 ----a-w C:\WINDOWS\system32\lame_enc.dll
+ 2006-06-01 14:39:30 110,592 ----a-w C:\WINDOWS\system32\LDECMPG22.dll
+ 2006-05-31 15:52:54 135,168 ----a-w C:\WINDOWS\system32\LDECMPG2KRN2.dll
+ 2006-06-01 14:39:20 159,744 ----a-w C:\WINDOWS\system32\LENCMPG22.dll
+ 2006-06-01 14:38:36 172,032 ----a-w C:\WINDOWS\system32\LENCMPG2KRN2.dll
+ 2006-05-28 22:31:26 405,504 ----a-w C:\WINDOWS\system32\LEncMPG4Krn.dll
+ 2006-05-28 22:31:52 155,648 ----a-w C:\WINDOWS\system32\lencmpga2.dll
+ 2003-08-26 18:22:48 102,400 ----a-w C:\WINDOWS\system32\LMAVol.dll
+ 2006-05-28 22:31:58 61,440 ----a-w C:\WINDOWS\system32\LMMpg1Mx2.dll
+ 2006-05-28 22:32:04 73,728 ----a-w C:\WINDOWS\system32\LMMpg2Mx2.dll
+ 2003-09-08 20:52:06 94,208 ----a-w C:\WINDOWS\system32\LMVAdd.dll
+ 2003-09-08 20:52:24 135,168 ----a-w C:\WINDOWS\system32\LMVClr.dll
+ 2003-09-08 20:52:56 102,400 ----a-w C:\WINDOWS\system32\LMVClrRp.dll
+ 2003-08-26 18:09:40 94,208 ----a-w C:\WINDOWS\system32\LMVDblck.dll
+ 2003-08-26 18:10:18 86,016 ----a-w C:\WINDOWS\system32\LMVEdgEnh.dll
+ 2003-08-26 18:10:28 118,784 ----a-w C:\WINDOWS\system32\LMVEmbs.dll
+ 2003-08-26 18:10:24 98,304 ----a-w C:\WINDOWS\system32\LMVGamma.dll
+ 2003-08-26 18:21:26 253,952 ----a-w C:\WINDOWS\system32\LMVMiscFX.dll
+ 2003-08-26 18:22:32 106,496 ----a-w C:\WINDOWS\system32\LMVMosc.dll
+ 2003-08-26 18:21:32 258,048 ----a-w C:\WINDOWS\system32\LMVMtnFX.dll
+ 2003-09-08 20:53:14 131,072 ----a-w C:\WINDOWS\system32\LMVRGBxf.dll
+ 2003-08-26 18:22:40 94,208 ----a-w C:\WINDOWS\system32\LMVRot.dll
+ 2006-05-28 22:33:52 139,264 ----a-w C:\WINDOWS\system32\LMVRsz2.dll
+ 2003-08-26 18:22:44 155,648 ----a-w C:\WINDOWS\system32\LMVTOvLy.dll
+ 2003-08-26 18:22:46 94,208 ----a-w C:\WINDOWS\system32\LMVUsMsk.dll
+ 2002-07-23 17:19:18 319,488 ----a-w C:\WINDOWS\system32\LTCML13n.dll
+ 2006-05-25 03:58:22 147,456 ----a-w C:\WINDOWS\system32\LTDVDBrn2.dll
+ 2006-05-29 17:00:02 200,704 ----a-w C:\WINDOWS\system32\LTDvdWrt2.dll
+ 2006-05-23 12:35:22 1,814,528 ----a-w C:\WINDOWS\system32\ltmm15_n.dll
- 2008-01-06 06:52:24 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-01-14 09:46:48 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
+ 2006-10-21 16:59:59 262,144 ----a-w C:\WINDOWS\system32\Manipulate.dll
+ 2006-09-21 14:43:24 143,360 ----a-w C:\WINDOWS\system32\MPEGCreator.dll
+ 2000-07-15 04:00:00 77,824 ----a-w C:\WINDOWS\system32\MSBIND.DLL
- 2002-12-18 21:46:26 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2002-01-05 19:37:26 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2004-01-12 07:00:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2005-11-17 17:57:30 258,560 ----a-w C:\WINDOWS\system32\MusicTagsAX.dll
+ 2004-11-04 17:31:24 479,744 ----a-w C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
+ 2005-06-01 16:16:22 778,240 ----a-w C:\WINDOWS\system32\NCTAudioCompress2.dll
+ 2005-07-21 17:33:30 2,846,720 ----a-w C:\WINDOWS\system32\NCTAudioCompress3.dll
+ 2005-06-01 15:54:02 634,880 ----a-w C:\WINDOWS\system32\NCTAudioEditor2.dll
+ 2005-06-01 16:11:04 877,568 ----a-w C:\WINDOWS\system32\NCTAudioFile2.dll
+ 2005-06-16 00:04:46 90,112 ----a-w C:\WINDOWS\system32\NCTAudioFormatSettings3.dll
+ 2003-12-08 16:16:21 327,680 ----a-w C:\WINDOWS\system32\NCTAudioGrabber2.dll
+ 2005-06-01 16:15:42 966,144 ----a-w C:\WINDOWS\system32\NCTAudioInformation2.dll
+ 2005-06-01 16:11:48 467,456 ----a-w C:\WINDOWS\system32\NCTAudioPlayer2.dll
+ 2005-06-01 16:12:12 467,968 ----a-w C:\WINDOWS\system32\NCTAudioRecord2.dll
+ 2005-05-31 20:02:34 522,752 ----a-w C:\WINDOWS\system32\NCTAudioTransform2.dll
+ 2005-03-28 19:54:44 478,208 ----a-w C:\WINDOWS\system32\NCTAudioVisualization2.dll
+ 2005-06-07 22:11:26 382,464 ----a-w C:\WINDOWS\system32\NCTAVIFile.dll
+ 2005-03-18 19:01:46 626,688 ----a-w C:\WINDOWS\system32\NCTImageFile.dll
+ 2005-07-19 21:53:48 249,856 ----a-w C:\WINDOWS\system32\NCTQuickTimeFile.dll
+ 2005-04-14 23:07:48 780,288 ----a-w C:\WINDOWS\system32\NCTVideoCompress.dll
+ 2005-07-08 22:31:48 495,104 ----a-w C:\WINDOWS\system32\NCTVideoCoreM.dll
+ 2005-06-29 20:28:40 188,416 ----a-w C:\WINDOWS\system32\NCTVideoFile.dll
+ 2005-03-30 20:05:06 636,416 ----a-w C:\WINDOWS\system32\NCTVideoTransform.dll
+ 2005-05-26 16:00:34 403,968 ----a-w C:\WINDOWS\system32\NCTWMAFile2.dll
+ 2005-07-01 22:09:00 215,552 ----a-w C:\WINDOWS\system32\NCTWMVFile.dll
+ 2006-06-15 14:27:10 65,536 ----a-w C:\WINDOWS\system32\NMSAccess.exe
+ 2006-10-16 10:58:38 1,085,440 ----a-w C:\WINDOWS\system32\NMSDVDX.dll
+ 2006-10-16 10:58:18 1,110,016 ----a-w C:\WINDOWS\system32\NMSDVDXU.dll
+ 2002-07-19 16:48:22 157,696 ----a-w C:\WINDOWS\system32\OggEnc.exe
+ 2003-10-29 14:43:44 253,952 ----a-w C:\WINDOWS\system32\SkinBoxer43.dll
+ 2004-02-01 19:21:56 97,280 ----a-w C:\WINDOWS\system32\Uncommon.dll
+ 2004-06-24 22:48:08 139,264 ----a-w C:\WINDOWS\system32\voltoCDX.dll
+ 2005-10-30 15:02:18 200,704 ----a-w C:\WINDOWS\system32\WMVCreator.dll
+ 2006-02-03 16:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll
+ 2007-03-05 20:42:18 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll
+ 2006-02-03 16:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll
+ 2006-03-31 20:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll
+ 2006-05-31 15:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll
+ 2006-07-28 17:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll
+ 2006-09-29 00:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll
+ 2006-12-08 20:02:00 251,672 ----a-w C:\WINDOWS\system32\xactengine2_5.dll
+ 2007-01-24 23:27:30 255,848 ----a-w C:\WINDOWS\system32\xactengine2_6.dll
+ 2006-03-31 20:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll
+ 2006-07-28 17:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll
+ 2005-12-06 02:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll
+ 2006-12-02 06:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 08:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 08:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 08:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 08:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 08:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 08:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 08:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 08:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 08:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 08:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 08:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 08:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 08:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 08:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [2008-01-15 09:58 61440]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-15 09:58 1318912]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-15 09:58 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2008-01-10 10:28 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2008-01-15 09:58 155648]

C:\Documents and Settings\Van\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\MemTurbo30\MemTurbo.exe [2008-01-04 19:37:30]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnhmhttd]
qnhmhttd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-12-26 12:13 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f9493c-c17e-11dc-be8f-004033e33c2b}]
\Shell\AutoRun\command - F:\Autorun.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 10:15:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-15 10:16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-15 18:16:55
ComboFix2.txt 2008-01-13 21:40:45
ComboFix3.txt 2008-01-13 02:26:36
ComboFix4.txt 2008-01-10 21:01:10
ComboFix5.txt 2008-01-10 18:31:06
  • 0

#35
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

dirlook::
C:\Documents and Settings\All Users\Application Data\{0727B42B-1697-465F-8CDC-53A1EA7110EB}

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnhmhttd]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0f9493c-c17e-11dc-be8f-004033e33c2b}]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also post a new HijackThis log
  • 0

#36
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
http://www.freewebs....rr/ComboFix.txt

sorry for the delayed response, got called out on a business trip.

scanning kasbersky right now, and will post a new HJT log with that.

really long combofix log, a lot of deletions.

thanks for the help btw, i really appreciate this.

Edited by k0rrupt, 19 January 2008 - 02:28 PM.

  • 0

#37
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you attach the ComboFix report and do the other steps
  • 0

#38
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
yep. did so.

scan's at 34% right now, seems like it's gonna be a while so i'm going to head out to work, will post a reply at the end of the day or so.
  • 0

#39
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
http://www.freewebs..../kasbersky.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:01:16 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Van\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198621337000
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4975 bytes
  • 0

#40
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
We are nearly done now

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Van\Desktop\Windoblinds6\Windoblinds6\SWBv6\windowblinds600_enhanced.exe/data0000.cab

Folder::
C:\catchme2008-01-04_190812.04.zip
J:\Programs\Windows Genuine Advantage Validation v1.7.18.1\WgaTray.exe/data0002
C:\Documents and Settings\Van\Desktop\Windoblinds6\Windoblinds6\SWBv6\windowblinds600_enhanced.exe/data0000.cab

Driver::
MSControlService


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall




Also tell me how your PC is running
  • 0

Advertisements


#41
k0rrupt

k0rrupt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ComboFix 08-01-18.4 - Van 2008-01-21 14:40:38.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1433 [GMT -8:00]
Running from: C:\Documents and Settings\Van\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Van\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Van\Desktop\Windoblinds6\Windoblinds6\SWBv6\windowblinds600_enhanced.exe/data0000.cab
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\catchme2008-01-04_190812.04.zip\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSCONTROLSERVICE
-------\MSControlService


((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-18 09:28 . 2008-01-18 09:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-18 09:28 . 2008-01-18 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-15 12:53 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-01-15 12:50 . 2008-01-15 12:50 <DIR> d-------- C:\Program Files\MSBuild
2008-01-15 12:50 . 2008-01-15 12:50 <DIR> d-------- C:\Program Files\Microsoft Works
2008-01-15 12:49 . 2008-01-15 12:49 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-01-15 12:47 . 2008-01-15 12:47 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-01-15 12:46 . 2008-01-15 12:49 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-15 12:45 . 2008-01-15 12:45 <DIR> dr-h----- C:\MSOCache
2008-01-15 12:45 . 2008-01-15 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-14 00:31 . 2008-01-14 00:31 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-01-14 00:31 . 2008-01-14 00:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{0727B42B-1697-465F-8CDC-53A1EA7110EB}
2008-01-13 19:20 . 2008-01-13 19:20 <DIR> d-------- C:\Program Files\Electronic Arts
2008-01-13 19:20 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-01-13 01:22 . 2008-01-18 01:57 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-01-12 14:32 . 2008-01-12 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-12 14:31 . 2008-01-18 01:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-12 14:31 . 2008-01-12 14:31 <DIR> d-------- C:\Documents and Settings\Van\Application Data\SUPERAntiSpyware.com
2008-01-11 14:23 . 2008-01-11 14:23 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Ahead
2008-01-11 14:22 . 2008-01-11 14:22 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-11 14:22 . 2008-01-11 14:22 <DIR> d-------- C:\Program Files\Ahead
2008-01-11 14:22 . 2001-07-06 13:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-01-11 14:22 . 2001-07-06 11:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-01-11 14:22 . 2001-07-06 17:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-01-11 14:22 . 2004-03-03 20:30 125,184 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys
2008-01-11 14:22 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-01-11 14:22 . 2001-06-26 07:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-01-11 14:22 . 2004-03-03 20:30 5,504 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-01-09 00:03 . 2008-01-09 00:03 <DIR> d-------- C:\My Downloads
2008-01-09 00:02 . 2008-01-09 00:05 <DIR> d-------- C:\Program Files\BearShare
2008-01-08 19:44 . 2008-01-08 19:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-08 19:44 . 2008-01-08 19:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-05 16:25 . 2008-01-05 16:25 <DIR> d-------- C:\Deckard
2008-01-04 19:37 . 2008-01-04 19:37 <DIR> d-------- C:\Program Files\MemTurbo30
2008-01-04 19:12 . 2008-01-04 19:13 391 --a------ C:\WINDOWS\system32\d-delA.dat
2008-01-04 19:12 . 2008-01-04 19:12 0 --a------ C:\WINDOWS\system32\V-FilesB.dat
2008-01-04 17:40 . 2008-01-04 17:40 661,159 --a------ C:\catchme2008-01-04_190812.04.zip
2008-01-04 17:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 22:10 . 2008-01-04 16:32 <DIR> d-------- C:\Program Files\Power MP3 WMA Converter
2008-01-02 04:17 . 2008-01-04 17:30 403 --a------ C:\WINDOWS\wininit.ini
2008-01-02 01:55 . 2008-01-10 10:26 <DIR> d-------- C:\Temp
2007-12-31 18:29 . 2007-12-31 18:29 1 --a------ C:\WINDOWS\system32\DJ Doboy - Trancequility Megamix Volume 31.cue
2007-12-31 03:37 . 2007-12-31 03:37 <DIR> dr-h----- C:\Documents and Settings\Van\Application Data\SecuROM
2007-12-31 03:37 . 2007-12-31 03:37 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-12-31 03:29 . 2007-12-31 03:29 <DIR> d-------- C:\Program Files\Flagship Studios
2007-12-31 02:42 . 2007-12-31 02:42 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Syntrillium
2007-12-31 02:42 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-12-31 02:42 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-12-31 02:42 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-12-31 02:42 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-12-31 02:42 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx
2007-12-31 02:42 . 2007-12-31 02:42 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-31 02:41 . 2007-12-31 02:43 <DIR> d-------- C:\Program Files\coolpro2
2007-12-29 00:29 . 2007-12-29 00:29 <DIR> d-------- C:\Program Files\DivX
2007-12-28 01:46 . 2008-01-02 22:31 <DIR> d-------- C:\Documents and Settings\Van\Application Data\BearShare
2007-12-28 01:46 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-12-27 22:38 . 2007-12-27 22:38 <DIR> d-------- C:\Program Files\Sega
2007-12-27 22:30 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-12-27 22:30 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-12-27 22:30 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-12-27 22:30 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-12-27 22:30 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-12-27 22:29 . 2007-12-27 22:29 <DIR> d-------- C:\WINDOWS\system32\xlive
2007-12-27 22:29 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-12-27 22:29 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-12-27 22:29 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-12-27 22:29 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-12-27 22:14 . 2008-01-04 19:32 <DIR> d-------- C:\Documents and Settings\Van\Application Data\DAEMON Tools
2007-12-27 22:12 . 2007-12-27 22:12 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-12-26 23:33 . 2007-12-26 23:33 <DIR> d-------- C:\nvram
2007-12-26 15:55 . 2007-12-26 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-12-26 14:44 . 2007-12-26 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-26 14:43 . 2007-12-26 14:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-26 14:43 . 2007-12-26 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-26 14:08 . 2007-12-26 14:08 <DIR> d-------- C:\Program Files\Bonjour
2007-12-26 14:03 . 2007-12-26 14:03 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-26 11:58 . 2007-12-26 11:58 <DIR> d-------- C:\Program Files\Stardock
2007-12-26 11:46 . 2007-12-26 11:47 81 --------- C:\WINDOWS\WB.ini
2007-12-26 11:25 . 2007-07-11 15:06 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-12-26 11:18 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-12-26 11:18 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-12-25 18:47 . 2007-12-25 18:47 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Media Player Classic
2007-12-25 18:44 . 2007-12-25 18:44 <DIR> d-------- C:\Program Files\Real Alternative
2007-12-25 18:43 . 2007-12-25 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-25 18:43 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-25 18:43 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2007-12-25 18:42 . 2007-12-25 18:42 <DIR> d-------- C:\Program Files\Xvid
2007-12-25 18:42 . 2007-12-25 18:43 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-12-25 18:42 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2007-12-25 18:39 . 2007-12-25 18:39 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 15:37 . 2007-12-25 15:37 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-12-25 15:28 . 2008-01-16 15:54 <DIR> d-------- C:\Program Files\World of Warcraft
2007-12-25 15:20 . 2007-12-25 15:21 <DIR> d-------- C:\Documents and Settings\Van\Application Data\Ventrilo
2007-12-25 15:16 . 2007-12-26 16:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-12-25 15:11 . 2007-12-25 15:11 <DIR> d-------- C:\Program Files\BitTornado
2007-12-25 15:11 . 2007-12-25 15:11 <DIR> d-------- C:\Documents and Settings\Van\Application Data\.BitTornado
2007-12-25 13:59 . 2007-12-25 14:00 <DIR> d-------- C:\WINDOWS\system32\MsDtc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 08:33 --------- d-----w C:\Program Files\Viewpoint
2008-01-18 17:28 --------- d-----w C:\Program Files\AOD
2008-01-18 17:28 --------- d-----w C:\Program Files\AIM
2008-01-18 17:15 --------- d-----w C:\Program Files\Winamp
2008-01-12 22:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-10 18:28 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-12-28 06:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 23:11 --------- d-----w C:\Documents and Settings\Van\Application Data\.BitTornado
2007-12-25 23:06 --------- d-----w C:\Documents and Settings\Van\Application Data\Winamp
2007-12-25 22:55 --------- d-----w C:\Program Files\Ventrilo
2007-12-25 22:52 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-12-25 22:52 --------- d-----w C:\Program Files\Realtek
2007-12-25 22:20 --------- d-----w C:\Program Files\AWS
2007-12-25 22:20 --------- d-----w C:\Documents and Settings\Van\Application Data\Aim
2007-12-25 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-25 22:15 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-25 22:13 --------- d-----w C:\Program Files\Intel
2007-12-25 22:09 --------- d-----w C:\Program Files\Avant Browser
2007-12-25 22:09 --------- d-----w C:\Documents and Settings\Van\Application Data\Avant Profiles
2007-12-25 22:04 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-08 02:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-05 10:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-12-05 09:41 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-12-05 09:41 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-12-05 09:41 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-12-05 09:41 7,435,392 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-12-05 09:41 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 09:41 6,549,504 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-12-05 09:41 5,773,568 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 09:41 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-12-05 09:41 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 09:41 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-12-05 09:41 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-12-05 09:41 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-12-05 09:41 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-12-05 09:41 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-12-05 09:41 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-12-05 09:41 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 09:41 3,710,976 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 09:41 3,420,160 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-12-05 09:41 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 09:41 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-12-05 09:41 2,498,560 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-12-05 09:41 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-12-05 09:41 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 09:41 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-12-05 09:41 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-12-05 09:41 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-12-05 09:41 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-12-05 09:41 1,228,800 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-12-05 09:41 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-12-05 09:41 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-12-04 10:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-30 07:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-30 07:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-18_ 2.01.40.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-18 09:00:36 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-21 22:40:27 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-18 09:00:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-21 22:40:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-18 09:00:36 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-21 22:40:28 1,404,928 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-18 09:00:36 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-21 22:40:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-18 09:00:37 3,366,912 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-21 22:40:28 3,440,640 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-18 09:00:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-21 22:40:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2002-01-05 19:37:26 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2002-12-18 21:46:26 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2004-06-07 12:53 61440]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [ ]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2008-01-10 10:28 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 16125440 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [ ]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-28 12:12 144896]

C:\Documents and Settings\Van\Start Menu\Programs\Startup\
MemTurbo.lnk - C:\Program Files\MemTurbo30\MemTurbo.exe [2008-01-04 19:37:30]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-12-26 12:13 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 14:45:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-21 14:48:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 22:48:25
ComboFix2.txt 2008-01-18 10:02:01
ComboFix3.txt 2008-01-15 18:16:58
ComboFix4.txt 2008-01-13 21:40:45
ComboFix5.txt 2008-01-13 02:26:36


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:57 PM, on 1/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avant Browser\avant.exe
C:\Documents and Settings\Van\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blingo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198621337000
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4841 bytes

theres significant lag between page transitions while i'm browsing the web sometimes, other than that, doesn't seem to be as problemful as before.
  • 0

#42
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean ! We need to do a few things

You can delete the tools that we used

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

* I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
AVG makes an excellent free antivirus client, as do AntiVir or avast!.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#43
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP