Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

problem removeing a win32/adware.virtumonde.neo [Closed]

Started by nick443 , Apr 22 2009 07:33 PM

  • This topic is locked This topic is locked

#1
nick443
Posted 22 April 2009 - 07:33 PM

nick443

    New Member

  • Member
  • Pip
  • 6 posts
first of i would like to say thanks for all and any help in advance

okay my problem is i cant seem to shake these three files

c:\windows\system32\ujmvaolw.temp
c:\windows\system32\gebtjcv.dll
c:\windows\system32\gjuccfe.ini

i have ran many diffrent types of spyware removers and can seem to get ride of them so any ideas and help will be greatly appreciated


Here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:46, on 4/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O4 - HKLM\..\Run: [RUNDLL32] C:\WINDOWS\TEMP\rundll32.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [d84ce00f] rundll32.exe "C:\WINDOWS\system32\wloavmju.dll",b
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.5.0.1145 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [[system]] C:\WINDOWS\system32\drivers\services.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.5.0.1145 (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)

--
End of file - 5355 bytes



and here is my smitfraudfix log


SmitFraudFix v2.412

Scan done at 18:03:54.82, Wed 04/22/2009
Run from C:\Documents and Settings\Nickolaus Bruce\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{186C36DA-D866-4898-8B59-2FD96404CE09}: DhcpNameServer=67.128.206.7 205.171.3.65
HKLM\SYSTEM\CS1\Services\Tcpip\..\{186C36DA-D866-4898-8B59-2FD96404CE09}: DhcpNameServer=67.128.206.7 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\..\{186C36DA-D866-4898-8B59-2FD96404CE09}: DhcpNameServer=67.128.206.7 205.171.3.65
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=67.128.206.7 205.171.3.65


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements

#2
Blade81
Posted 25 April 2009 - 08:03 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi

You seem to have P2P file sharing software installed there. Nowadays, major part of infections are received from P2P networks. That's why I recommend you install such programs like DNA Bittorrent. If you don't want to uninstall then you still have to keep them shut down during whole cleaning operation.



Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

  • 0

#3
nick443
Posted 26 April 2009 - 01:47 AM

nick443

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
DDS (Ver_09-03-16.01) - FAT32x86
Run by Nickolaus Bruce at 0:46:23.14 on Sun 04/26/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2551 [GMT -7:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hamachi\hamachi.exe
SVCHOST.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nickolaus Bruce\Desktop\dds.com

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x092e -f video -m logitech -d 11.5.0.1145
StartupFolder: c:\docume~1\nickol~1\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\nickol~1\applic~1\mozilla\firefox\profiles\vf0sko8i.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101760&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-22 64160]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-8-4 3584]

=============== Created Last 30 ================

2009-04-24 08:18 21,504 a------- c:\windows\system32\hidserv.dll
2009-04-24 08:18 21,504 a------- c:\windows\system32\dllcache\hidserv.dll
2009-04-24 08:18 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-04-24 08:18 10,368 a------- c:\windows\system32\dllcache\hidusb.sys
2009-04-24 08:18 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-04-24 08:18 60,032 a------- c:\windows\system32\dllcache\usbaudio.sys
2009-04-24 08:17 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-04-24 08:17 32,128 a------- c:\windows\system32\dllcache\usbccgp.sys
2009-04-23 00:58 <DIR> a-dshr-- C:\cmdcons
2009-04-23 00:56 161,792 a------- c:\windows\SWREG.exe
2009-04-23 00:56 98,816 a------- c:\windows\sed.exe
2009-04-22 17:26 <DIR> --d----- c:\program files\Trend Micro
2009-04-22 15:45 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-04-22 14:35 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-22 14:03 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-22 13:59 <DIR> --d-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-22 13:59 <DIR> --d----- c:\program files\Lavasoft
2009-04-22 13:43 1,152 a------- c:\windows\system32\windrv.sys
2009-04-22 13:41 <DIR> --d----- c:\docume~1\nickol~1\applic~1\GetRightToGo
2009-04-21 19:57 <DIR> --d----- c:\windows\system32\xlib254.dll
2009-04-21 19:57 <DIR> --d----- c:\windows\system32\append.dll
2009-04-21 19:54 57,344 a------- c:\windows\system32\digest32.dll
2009-04-21 19:45 53,248 a----r-- c:\windows\system32\InstMed.exe
2009-04-21 19:45 <DIR> --d----- c:\program files\common files\Logitech
2009-04-20 08:26 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-20 08:26 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-20 08:26 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-20 08:26 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-04-20 08:26 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-20 08:26 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-20 08:25 729,088 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-04-20 08:25 617,472 -------- c:\windows\system32\dllcache\advapi32.dll
2009-04-20 08:25 714,752 -------- c:\windows\system32\dllcache\ntdll.dll
2009-04-14 11:17 41,808 a------- c:\windows\system32\xfcodec.dll
2009-04-08 21:44 <DIR> --d----- C:\website
2009-04-08 13:53 <DIR> --d----- c:\program files\common files\Macromedia
2009-04-08 13:52 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-04 00:58 659,456 a------- c:\windows\system32\snapapi32.dll
2009-03-30 18:19 <DIR> --d----- c:\windows\RegisteredPackages
2009-03-30 18:09 <DIR> --d----- c:\program files\THQ
2009-03-30 16:44 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-03-30 16:26 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-28 16:19 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-28 16:19 <DIR> --d----- c:\program files\Hamachi
2009-03-28 00:10 <DIR> --d----- c:\docume~1\nickol~1\applic~1\GameRanger

==================== Find3M ====================

2009-03-25 16:09 1,149,754 a------- c:\windows\GPS 2008 ENGLISH DL Uninstaller.exe
2009-03-21 18:29 98,304 a------- c:\windows\DUMP575a.tmp
2009-03-21 07:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 07:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 17:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 17:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-03-02 00:39 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-02 00:39 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-02-27 21:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 03:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 03:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-19 22:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-17 20:07 98,304 a------- c:\windows\DUMP4963.tmp
2009-02-16 23:28 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-02-13 13:42 5,740 a------- c:\windows\system32\d3d9caps.dat
2009-02-13 08:22 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-13 07:34 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-02-09 05:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 05:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 05:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 05:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 04:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 04:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-07 19:02 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 04:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 04:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 04:08 2,189,056 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 04:06 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 03:39 35,328 a------- c:\windows\system32\dllcache\sc.exe
2009-02-06 03:32 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 12:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 12:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 0:46:45.76 ===============
  • 0

#4
nick443
Posted 26 April 2009 - 01:47 AM

nick443

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/13/2009 7:44:46 AM
System Uptime: 4/25/2009 4:52:45 PM (8 hours ago)

Motherboard: AOpen | | AK77-600N
Processor: AMD Athlon™ XP 2000+ | Socket A | 1665/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (FAT32) - 20 GiB total, 3.768 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is FIXED (NTFS) - 57 GiB total, 4.434 GiB free.
G: is FIXED (FAT32) - 9 GiB total, 7.497 GiB free.
H: is FIXED (NTFS) - 91 GiB total, 31.456 GiB free.
I: is FIXED (NTFS) - 90 GiB total, 60.077 GiB free.
J: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP40: 4/21/2009 8:06:46 PM - System Checkpoint
RP41: 4/21/2009 8:06:46 PM - System Checkpoint
RP42: 4/21/2009 8:06:46 PM - System Checkpoint
RP43: 4/21/2009 8:06:46 PM - System Checkpoint
RP44: 4/21/2009 8:06:46 PM - System Checkpoint
RP45: 4/21/2009 8:06:46 PM - System Checkpoint
RP46: 4/21/2009 8:06:47 PM - System Checkpoint
RP47: 4/21/2009 8:06:47 PM - Software Distribution Service 3.0
RP48: 4/21/2009 8:06:47 PM - System Checkpoint
RP49: 4/21/2009 8:06:47 PM - Software Distribution Service 3.0
RP50: 4/21/2009 8:06:47 PM - System Checkpoint
RP51: 4/21/2009 8:06:47 PM - System Checkpoint
RP52: 4/21/2009 8:06:47 PM - System Checkpoint
RP53: 4/21/2009 8:06:47 PM - System Checkpoint
RP54: 4/21/2009 8:06:47 PM - System Checkpoint
RP55: 4/21/2009 8:06:47 PM - System Checkpoint
RP56: 4/21/2009 8:06:48 PM - System Checkpoint
RP57: 4/21/2009 8:06:48 PM - System Checkpoint
RP58: 4/21/2009 8:06:48 PM - System Checkpoint
RP59: 4/21/2009 8:06:48 PM - System Checkpoint
RP60: 4/21/2009 8:06:48 PM - System Checkpoint
RP61: 4/21/2009 8:06:48 PM - System Checkpoint
RP62: 4/21/2009 8:06:48 PM - System Checkpoint
RP63: 4/21/2009 8:06:48 PM - System Checkpoint
RP64: 4/21/2009 8:06:48 PM - Installed DawnOfWar
RP65: 4/21/2009 8:06:49 PM - Installed Dawn Of War - Winter Assault
RP66: 4/21/2009 8:06:49 PM - Installed Dawn of War - Dark Crusade
RP67: 4/21/2009 8:06:49 PM - Installed DirectX 9.0
RP68: 4/21/2009 8:06:49 PM - Configured DawnOfWar
RP69: 4/21/2009 8:06:49 PM - Removed Dawn Of War - Winter Assault
RP70: 4/21/2009 8:06:49 PM - Installed DawnOfWar
RP71: 4/21/2009 8:06:49 PM - Installed Dawn of War - Soulstorm
RP72: 4/21/2009 8:06:49 PM - Installed DirectX
RP73: 4/21/2009 8:06:50 PM - Removed Dawn of War - Soulstorm
RP74: 4/21/2009 8:06:50 PM - Installed Dawn of War - Soulstorm
RP75: 4/21/2009 8:06:50 PM - Installed DirectX
RP76: 4/21/2009 8:06:50 PM - System Checkpoint
RP77: 4/21/2009 8:06:50 PM - System Checkpoint
RP78: 4/21/2009 8:06:51 PM - Installed Java™ 6 Update 13
RP79: 4/21/2009 8:06:51 PM - System Checkpoint
RP80: 4/21/2009 8:06:51 PM - System Checkpoint
RP81: 4/21/2009 8:06:51 PM - Installed Macromedia Dreamweaver 8
RP82: 4/21/2009 8:06:51 PM - Installed Macromedia Fireworks 8
RP83: 4/21/2009 8:06:51 PM - System Checkpoint
RP84: 4/21/2009 8:06:51 PM - Installed Logitech QuickCam
RP85: 4/21/2009 8:06:54 PM - Last known good configuration
RP86: 4/21/2009 8:44:59 PM - Logitech QuickCam v11.50.1145
RP87: 4/21/2009 9:18:36 PM - Removed Logitech QuickCam
RP88: 4/21/2009 9:38:26 PM - Restore Operation
RP89: 4/22/2009 2:43:14 AM - Removed Logitech QuickCam
RP90: 4/23/2009 12:57:00 AM - ComboFix created restore point
RP91: 4/23/2009 3:01:02 AM - Software Distribution Service 3.0
RP92: 4/24/2009 2:23:18 PM - System Checkpoint

==== Installed Programs ======================

AAC Decoder
AC3Filter (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
America's Army Deploy Client
America's Army Server Manager
AutoUpdate
BitTorrent
Critical Update for Windows Media Player 11 (KB959772)
Dawn of War - Dark Crusade
Dawn of War - Soulstorm
DawnOfWar
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
ESET NOD32 Antivirus
ESET Online Scanner
Full Tilt Poker
GameRanger
GameSpy Arcade
Gazillionaire III v3.04 (remove only)
Geo-Political Simulator
Guild Wars
H.264 Decoder
Hamachi 1.0.3.0
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
IDA Pro Advanced v5.2 with WinCE v5.0 debugger
Java™ 6 Update 13
Logitech QuickCam Driver Package
Logitech® Camera Driver
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Magic ISO Maker v5.4 (build 0239)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MKV Splitter
Mozilla Firefox (3.0.9)
MVision
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
NVIDIA Drivers
Realtek AC'97 Audio
SAGA
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Star Trek Armada II
Star Trek Armada II: Fleet Operations
Star Trek Starfleet Command III
Supreme Ruler 2020 5.5.8 Update
Supreme Ruler 2020 Global Crisis 6.5.8 Update
System Requirements Lab
Tropico
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR
WinZip 12.0
Xfire (remove only)
Xvid 1.1.2 final uninstall
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/22/2009 4:58:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/22/2009 4:58:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/22/2009 4:58:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 easdrv epfwtdir Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
4/22/2009 4:58:27 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2009 4:58:27 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2009 4:58:27 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2009 4:58:27 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/22/2009 1:37:24 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/22/2009 1:37:16 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
4/21/2009 8:49:14 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/21/2009 8:49:08 PM, error: Service Control Manager [7031] - The Eset Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/21/2009 8:30:02 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/21/2009 8:02:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
4/21/2009 8:02:08 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The system cannot find the file specified.
4/21/2009 8:02:08 PM, error: Service Control Manager [7000] - The Eset Nod32 Boot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:57:36 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Task Scheduler service to connect.
4/21/2009 7:57:36 PM, error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/21/2009 7:55:21 PM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file user32.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.1.2600.5512, the version of the system file is 5.1.2600.5512.
4/19/2009 3:45:41 PM, error: Dhcp [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0001803F9DE0 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/19/2009 12:52:29 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/19/2009 12:22:24 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/19/2009 12:07:24 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/19/2009 12:07:12 PM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\D.
4/19/2009 1:52:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================
  • 0

#5
Blade81
Posted 26 April 2009 - 04:09 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP

If you don't want to uninstall then you still have to keep them shut down during whole cleaning operation.

There was still P2P program running. As stated, please keep it disabled if you want me to help with cleaning.


I see you've run ComboFix there (not recommended to do without supervision!). Post contents of c:\ComboFix.txt file, please.
  • 0

#6
nick443
Posted 26 April 2009 - 12:07 PM

nick443

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
i have no p2p running my isp dosent allow p2p unless you consider hamachi p2p
  • 0

#7
nick443
Posted 26 April 2009 - 12:10 PM

nick443

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 09-04-25.A3 - Nickolaus Bruce 04/26/2009 11:14.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2579 [GMT -7:00]
Running from: c:\documents and settings\Nickolaus Bruce\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-24 15:18 . 2008-04-14 00:11 21504 ----a-w c:\windows\system32\hidserv.dll
2009-04-24 15:18 . 2008-04-14 00:11 21504 ----a-w c:\windows\system32\dllcache\hidserv.dll
2009-04-24 15:18 . 2008-04-13 18:45 10368 ----a-w c:\windows\system32\drivers\hidusb.sys
2009-04-24 15:18 . 2008-04-13 18:45 10368 ----a-w c:\windows\system32\dllcache\hidusb.sys
2009-04-24 15:18 . 2008-04-13 18:45 60032 ----a-w c:\windows\system32\drivers\USBAUDIO.sys
2009-04-24 15:18 . 2008-04-13 18:45 60032 ----a-w c:\windows\system32\dllcache\usbaudio.sys
2009-04-24 15:17 . 2008-04-13 18:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-24 15:17 . 2008-04-13 18:45 32128 ----a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-23 02:57 . 2009-04-23 02:57 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\ESET
2009-04-23 00:26 . 2009-04-23 00:26 -------- d-----w c:\program files\Trend Micro
2009-04-22 22:45 . 2009-04-22 22:45 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-22 21:35 . 2009-04-22 21:03 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-22 21:03 . 2009-04-22 21:03 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-22 20:59 . 2009-04-22 20:59 -------- d--h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-22 20:59 . 2009-04-22 20:59 -------- d-----w c:\program files\Lavasoft
2009-04-22 20:59 . 2009-04-22 20:59 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-22 20:47 . 2009-04-22 20:47 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-04-22 20:43 . 2009-04-22 20:43 1152 ----a-w c:\windows\system32\windrv.sys
2009-04-22 20:41 . 2009-04-22 20:41 -------- d-----w c:\documents and settings\Nickolaus Bruce\Application Data\GetRightToGo
2009-04-22 02:57 . 2009-04-22 02:57 -------- d-----w c:\windows\system32\xlib254.dll
2009-04-22 02:57 . 2009-04-22 02:57 -------- d-----w c:\windows\system32\append.dll
2009-04-22 02:57 . 2009-04-22 02:57 -------- d-----w c:\documents and settings\Nickolaus Bruce\Local Settings\Application Data\Logitech-LS
2009-04-22 02:54 . 2006-08-19 20:21 57344 ----a-w c:\windows\system32\digest32.dll
2009-04-22 02:45 . 2005-07-20 00:31 53248 ----a-r c:\windows\system32\InstMed.exe
2009-04-22 02:45 . 2009-04-22 02:45 -------- d-----w c:\program files\Common Files\Logitech
2009-04-20 15:26 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-20 15:26 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-20 15:26 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-20 15:26 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-20 15:26 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-20 15:26 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-20 15:25 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-20 15:25 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-20 15:25 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-14 18:17 . 2009-04-14 18:17 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-09 04:44 . 2009-04-09 04:44 -------- d-----w C:\website
2009-04-08 20:53 . 2009-04-08 20:53 -------- d-----w c:\program files\Common Files\Macromedia
2009-04-08 20:52 . 2009-04-08 20:52 -------- d-----w c:\windows\Downloaded Installations
2009-04-04 07:58 . 2006-08-10 07:09 659456 ----a-w c:\windows\system32\snapapi32.dll
2009-03-31 01:09 . 2009-03-31 01:09 -------- d-----w c:\program files\THQ
2009-03-31 01:09 . 2009-03-31 01:09 -------- d-----w c:\documents and settings\Nickolaus Bruce\Application Data\InstallShield
2009-03-30 23:44 . 2009-03-30 23:45 43520 ----a-w c:\windows\system32\CmdLineExt03.dll
2009-03-30 23:26 . 2009-03-31 17:19 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-28 23:19 . 2009-03-28 23:19 -------- d-----w c:\documents and settings\Nickolaus Bruce\Application Data\Hamachi
2009-03-28 23:19 . 2009-03-28 23:19 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-28 23:19 . 2009-03-28 23:19 -------- d-----w c:\program files\Hamachi
2009-03-28 07:10 . 2009-03-28 07:10 -------- d-----w c:\documents and settings\Nickolaus Bruce\Application Data\GameRanger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 18:17 . 2009-04-22 21:38 3354 ----a-w C:\aaw7boot.log
2009-04-23 01:06 . 2009-04-23 00:00 2171 ----a-w C:\rapport.txt
2009-04-22 02:24 . 2009-02-13 19:54 13544 ----a-w c:\documents and settings\Nickolaus Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 23:09 . 2009-03-25 23:09 1149754 ----a-w c:\windows\GPS 2008 ENGLISH DL Uninstaller.exe
2009-03-25 23:08 . 2009-03-25 23:08 -------- d-----w c:\program files\Common Files\Thraex Software
2009-03-22 22:35 . 2009-03-22 22:35 -------- d-----w c:\documents and settings\Nickolaus Bruce\Application Data\Datarescue
2009-03-22 01:29 . 2009-02-13 15:01 98304 ----a-w c:\windows\DUMP575a.tmp
2009-03-21 22:51 . 2009-03-21 22:51 -------- d-----w c:\program files\Xvid
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
2009-03-18 23:31 . 2009-03-18 23:31 -------- d-----w c:\program files\MagicISO
2009-03-09 12:19 . 2009-02-25 17:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 13:27 . 2009-03-07 13:27 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-06 14:22 . 2004-08-04 19:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 06:12 . 2009-03-03 06:12 -------- d-----w c:\program files\SystemRequirementsLab
2009-03-03 06:12 . 2009-03-03 06:12 -------- d-----w c:\documents and settings\Nickolaus Bruce\Application Data\SystemRequirementsLab
2009-03-03 00:18 . 2009-02-13 14:53 826368 ------w c:\windows\system32\dllcache\wininet.dll
2009-03-03 00:18 . 2004-08-04 19:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 07:39 . 2009-02-17 06:29 138624 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-02 07:39 . 2009-02-17 06:28 202352 ----a-w c:\windows\system32\PnkBstrB.exe
2009-02-28 04:54 . 2007-08-14 01:43 636072 ------w c:\windows\system32\dllcache\iexplore.exe
2009-02-20 10:20 . 2009-02-13 20:14 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2007-08-14 01:39 70656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-04 19:00 161792 ------w c:\windows\system32\dllcache\ieakui.dll
2009-02-18 03:07 . 2009-02-13 15:01 98304 ----a-w c:\windows\DUMP4963.tmp
2009-02-17 06:28 . 2009-02-17 06:28 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-02-13 20:42 . 2009-02-13 20:42 5740 ----a-w c:\windows\system32\d3d9caps.dat
2009-02-13 15:22 . 2009-02-13 14:37 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-13 15:16 . 2004-08-04 19:00 250048 --sha-r C:\ntldr
2009-02-13 14:34 . 2009-02-13 14:34 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-09 12:10 . 2004-08-04 19:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 19:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 19:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 19:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2009-02-13 14:53 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-04 19:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 02:02 . 2009-02-13 14:52 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-08 02:02 . 2004-08-04 05:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-04 19:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2009-02-13 14:53 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:08 . 2004-08-04 19:00 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 11:06 . 2009-02-13 14:53 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 10:39 . 2004-08-04 19:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-04 19:00 35328 ----a-w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2009-02-13 14:53 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-04 19:00 56832 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-23_08.04.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 18:18 . 2009-04-26 18:18 16384 c:\windows\Temp\Perflib_Perfdata_d60.dat
+ 2009-04-26 18:18 . 2009-04-26 18:18 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2009-02-13 14:51 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
- 2009-02-13 14:51 . 2007-07-27 16:41 26488 c:\windows\system32\spupdsvc.exe
+ 2009-02-13 20:07 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2009-02-13 20:07 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 19:00 . 2009-04-23 10:50 78114 c:\windows\system32\perfc009.dat
- 2004-08-04 19:00 . 2009-03-10 23:47 78114 c:\windows\system32\perfc009.dat
+ 2009-02-13 14:33 . 2008-06-12 14:23 91648 c:\windows\system32\mtxoci.dll
- 2009-02-13 14:33 . 2008-04-14 00:12 91648 c:\windows\system32\mtxoci.dll
- 2004-08-04 19:00 . 2008-04-14 00:12 66560 c:\windows\system32\mtxclu.dll
+ 2004-08-04 19:00 . 2008-06-12 14:23 66560 c:\windows\system32\mtxclu.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-02-13 14:33 . 2008-06-12 14:23 58880 c:\windows\system32\msdtclog.dll
- 2009-02-13 14:33 . 2008-04-14 00:12 58880 c:\windows\system32\msdtclog.dll
+ 2009-02-13 14:33 . 2004-08-04 12:00 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat
+ 2004-08-04 19:00 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-14 01:39 . 2009-02-20 10:20 13824 c:\windows\system32\ieudinit.exe
- 2007-08-14 01:39 . 2008-12-19 09:10 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 19:00 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 78336 c:\windows\system32\ieencode.dll
+ 2004-08-04 19:00 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 19:00 . 2008-12-19 09:10 70656 c:\windows\system32\ie4uinit.exe
+ 2007-08-14 01:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll
- 2007-08-14 01:36 . 2008-12-20 23:15 63488 c:\windows\system32\icardie.dll
+ 2007-08-14 01:36 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2007-08-14 01:36 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2009-02-13 20:14 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2009-02-13 20:14 . 2008-12-20 23:15 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-14 01:39 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-14 01:39 . 2008-12-20 23:15 44544 c:\windows\system32\dllcache\iernonce.dll
- 2007-08-14 01:45 . 2007-08-14 01:45 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-14 01:45 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2009-02-13 20:14 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-02-13 20:14 . 2008-12-20 23:15 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-04-23 10:46 . 2009-04-26 18:17 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-13 14:45 . 2009-04-26 18:17 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-13 14:45 . 2009-04-23 02:55 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-13 14:45 . 2009-04-26 18:17 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-02-13 14:45 . 2009-04-23 02:55 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-04-23 10:27 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\pngfilt.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 52224 c:\windows\ie7updates\KB963027-IE7\msfeedsbs.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 27648 c:\windows\ie7updates\KB963027-IE7\jsproxy.dll
+ 2009-04-23 10:27 . 2008-12-19 09:10 13824 c:\windows\ie7updates\KB963027-IE7\ieudinit.exe
+ 2009-04-23 10:27 . 2008-12-20 23:15 44544 c:\windows\ie7updates\KB963027-IE7\iernonce.dll
+ 2009-04-23 10:27 . 2008-04-14 00:11 81920 c:\windows\ie7updates\KB963027-IE7\ieencode.dll
+ 2009-04-23 10:27 . 2008-12-19 09:10 70656 c:\windows\ie7updates\KB963027-IE7\ie4uinit.exe
+ 2009-04-23 10:27 . 2008-12-20 23:15 63488 c:\windows\ie7updates\KB963027-IE7\icardie.dll
+ 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat
+ 2008-01-18 15:13 . 2008-01-18 15:13 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat
- 2004-08-04 19:00 . 2008-04-14 00:12 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 19:00 . 2008-12-16 12:30 354304 c:\windows\system32\winhttp.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 233472 c:\windows\system32\webcheck.dll
+ 2009-02-13 14:32 . 2009-02-06 10:10 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2009-02-13 14:32 . 2009-02-09 12:10 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2009-02-13 14:32 . 2009-02-09 12:10 473600 c:\windows\system32\wbem\fastprox.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 105984 c:\windows\system32\url.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll
- 2004-08-04 19:00 . 2009-03-10 23:47 462168 c:\windows\system32\perfh009.dat
+ 2004-08-04 19:00 . 2009-04-23 10:50 462168 c:\windows\system32\perfh009.dat
+ 2004-08-04 19:00 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 102912 c:\windows\system32\occache.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 193024 c:\windows\system32\msrating.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 459264 c:\windows\system32\msfeeds.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 459264 c:\windows\system32\msfeeds.dll
- 2009-02-13 14:33 . 2008-04-14 00:12 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-02-13 14:33 . 2008-06-12 14:23 161792 c:\windows\system32\msdtcuiu.dll
+ 2009-02-13 14:33 . 2008-06-12 14:23 956928 c:\windows\system32\msdtctm.dll
- 2009-02-13 14:33 . 2008-04-14 00:12 956928 c:\windows\system32\msdtctm.dll
+ 2009-02-13 14:33 . 2008-06-12 14:23 428032 c:\windows\system32\msdtcprx.dll
- 2004-08-04 19:00 . 2008-04-14 00:11 989696 c:\windows\system32\kernel32.dll
+ 2004-08-04 19:00 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2007-08-14 01:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 19:27 . 2009-02-20 18:09 383488 c:\windows\system32\ieapfltr.dll
- 2007-07-11 19:27 . 2008-12-20 23:15 383488 c:\windows\system32\ieapfltr.dll
+ 2004-08-04 19:00 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll
- 2004-08-04 19:00 . 2008-12-19 05:23 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll
+ 2008-12-16 12:30 . 2008-12-16 12:30 354304 c:\windows\system32\dllcache\winhttp.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 233472 c:\windows\system32\dllcache\webcheck.dll
- 2007-08-14 01:44 . 2008-12-20 23:15 105984 c:\windows\system32\dllcache\url.dll
+ 2007-08-14 01:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll
- 2007-08-14 01:44 . 2008-12-20 23:15 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:44 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-14 01:44 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-14 01:44 . 2008-12-20 23:15 193024 c:\windows\system32\dllcache\msrating.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-02-13 20:14 . 2009-02-20 18:09 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-02-13 20:14 . 2008-12-20 23:15 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 14:23 . 2008-06-12 14:23 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2009-02-13 20:14 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2007-08-14 01:39 . 2009-02-20 18:09 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-02-13 20:14 . 2008-12-20 23:15 383488 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-02-13 20:14 . 2009-02-20 18:09 383488 c:\windows\system32\dllcache\ieapfltr.dll
- 2007-08-14 01:39 . 2008-12-20 23:15 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-14 01:39 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2007-08-14 01:39 . 2008-12-20 23:15 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 01:39 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll
- 2007-08-14 01:54 . 2008-12-20 23:15 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-14 01:35 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-14 01:35 . 2008-12-20 23:15 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2007-08-14 01:35 . 2008-12-20 23:15 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-14 01:35 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2007-08-14 01:39 . 2008-12-20 23:15 124928 c:\windows\system32\dllcache\advpack.dll
+ 2007-08-14 01:39 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 124928 c:\windows\system32\advpack.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 826368 c:\windows\ie7updates\KB963027-IE7\wininet.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 233472 c:\windows\ie7updates\KB963027-IE7\webcheck.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 105984 c:\windows\ie7updates\KB963027-IE7\url.dll
+ 2009-04-23 10:27 . 2008-07-09 07:38 382840 c:\windows\ie7updates\KB963027-IE7\spuninst\updspapi.dll
+ 2009-04-23 10:27 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB963027-IE7\spuninst\spuninst.exe
+ 2009-04-23 10:27 . 2008-12-20 23:15 102912 c:\windows\ie7updates\KB963027-IE7\occache.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 671232 c:\windows\ie7updates\KB963027-IE7\mstime.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 193024 c:\windows\ie7updates\KB963027-IE7\msrating.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 477696 c:\windows\ie7updates\KB963027-IE7\mshtmled.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 459264 c:\windows\ie7updates\KB963027-IE7\msfeeds.dll
+ 2009-04-23 10:27 . 2008-12-19 05:25 634024 c:\windows\ie7updates\KB963027-IE7\iexplore.exe
+ 2009-04-23 10:27 . 2008-12-20 23:15 267776 c:\windows\ie7updates\KB963027-IE7\iertutil.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 384512 c:\windows\ie7updates\KB963027-IE7\iedkcs32.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 383488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dll
+ 2009-04-23 10:27 . 2008-12-19 05:23 161792 c:\windows\ie7updates\KB963027-IE7\ieakui.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 230400 c:\windows\ie7updates\KB963027-IE7\ieaksie.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 153088 c:\windows\ie7updates\KB963027-IE7\ieakeng.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 133120 c:\windows\ie7updates\KB963027-IE7\extmgr.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 214528 c:\windows\ie7updates\KB963027-IE7\dxtrans.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 347136 c:\windows\ie7updates\KB963027-IE7\dxtmsft.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 124928 c:\windows\ie7updates\KB963027-IE7\advpack.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 19:00 . 2008-12-20 23:15 1160192 c:\windows\system32\urlmon.dll
- 2004-08-04 19:00 . 2008-05-07 05:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-04 19:00 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2004-08-04 19:00 . 2009-02-20 18:09 3595264 c:\windows\system32\mshtml.dll
+ 2007-08-14 01:54 . 2009-02-20 18:09 6066176 c:\windows\system32\ieframe.dll
+ 2007-02-12 23:10 . 2008-07-09 14:25 2455488 c:\windows\system32\ieapfltr.dat
- 2007-02-12 23:10 . 2007-04-17 09:32 2455488 c:\windows\system32\ieapfltr.dat
- 2009-02-13 14:53 . 2008-12-20 23:15 1160192 c:\windows\system32\dllcache\urlmon.dll
+ 2009-02-13 14:53 . 2009-02-20 18:09 1160192 c:\windows\system32\dllcache\urlmon.dll
- 2008-05-07 05:12 . 2008-05-07 05:12 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2008-05-07 05:12 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-13 14:52 . 2009-02-20 18:09 3595264 c:\windows\system32\dllcache\mshtml.dll
+ 2009-02-13 20:14 . 2009-02-20 18:09 6066176 c:\windows\system32\dllcache\ieframe.dll
- 2009-02-13 20:14 . 2007-04-17 09:32 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-02-13 20:14 . 2008-07-09 14:25 2455488 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-04-23 10:27 . 2008-12-20 23:15 1160192 c:\windows\ie7updates\KB963027-IE7\urlmon.dll
+ 2009-04-23 10:27 . 2009-01-17 04:35 3594752 c:\windows\ie7updates\KB963027-IE7\mshtml.dll
+ 2009-04-23 10:27 . 2008-12-20 23:15 6066688 c:\windows\ie7updates\KB963027-IE7\ieframe.dll
+ 2009-04-23 10:27 . 2007-04-17 09:32 2455488 c:\windows\ie7updates\KB963027-IE7\ieapfltr.dat
+ 2009-02-13 14:53 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-02-13 14:53 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-13 14:53 . 2008-08-14 09:33 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-13 14:52 . 2009-02-08 02:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-13 14:52 . 2008-08-14 09:33 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2009-02-13 14:53 . 2008-08-14 10:09 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-13 14:53 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-02-13 20:10 . 2009-04-06 14:57 24921544 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-02-13 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 4608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-06 7561216]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-06 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-22 516440]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-04-06 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-10-12 439568]

c:\documents and settings\Nickolaus Bruce\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-3-28 625952]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, snapapi32.dll, digest32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Activision\\Star Trek Armada II Fleet Operations\\Data\\armada2.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"f:\\AA\\AADeployClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"f:\\AA\\System\\ArmyOps.exe"=
"c:\\WINDOWS\\System32\\javaw.exe"=
"f:\\IDA\\idag.exe"=
"f:\\IDA\\idag64.exe"=
"h:\\Supreme ruler GC\\SupremeRuler2020GC.exe"=
"C:0\\Supreme ruler GC\\SupremeRuler2020GC.exe"=
"c:\\Documents and Settings\\Nickolaus Bruce\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"h:\\Supreme ruler GC\\SupremeRuler2020.exe"=
"f:\\Supreme ruler GC\\SupremeRuler2020GC.exe"=
"h:\\40\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"h:\\40\\Soulstorm.exe"=
"c:\\WINDOWS\\system32\\nvsvc32.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4719:TCP"= 4719:TCP:4719

R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-04 3584]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-22 64160]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-22 953168]

.
Contents of the 'Scheduled Tasks' folder

2009-04-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:02]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Nickolaus Bruce\Application Data\Mozilla\Firefox\Profiles\vf0sko8i.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101760&l=dis
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 11:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2984)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\RUNDLL32.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\windows\SYSTEM32\NVSVC32.EXE
c:\windows\SYSTEM32\PNKBSTRA.EXE
c:\windows\SYSTEM32\SEARCHINDEXER.EXE
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-04-26 11:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 18:20
ComboFix2.txt 2009-04-23 08:06

Pre-Run: 3,966,337,024 bytes free
Post-Run: 4,016,373,760 bytes free

424 --- E O F --- 2009-04-23 10:39

Edited by nick443, 26 April 2009 - 12:22 PM.

  • 0

#8
Blade81
Posted 26 April 2009 - 12:37 PM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP

i have no p2p running my isp dosent allow p2p unless you consider hamachi p2p

Well, the logs say you have BitTorrent there and it's P2P file sharing client. So, might be better uninstall it as your isp doesn't allow such programs :)

Search for ComboFix2.txt file on your hard drive and post back its contents.
  • 0

#9
nick443
Posted 26 April 2009 - 05:22 PM

nick443

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
well bittorrent wasent running anytime i did any of my scans so i just unitalled it to stop any further problems because i never use it anymore and i can not find that file

i have the original one that i posted but no combofix2

Edited by nick443, 26 April 2009 - 05:24 PM.

  • 0

#10
Blade81
Posted 27 April 2009 - 05:07 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Hi again,


Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report & a fresh dds.txt log. How's the system running?
  • 0

#11
Blade81
Posted 06 May 2009 - 12:34 AM

Blade81

    Member

  • Member
  • PipPipPip
  • 722 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP