PDA

View Full Version : really messed up



gsimo
2007-12-03, 20:24
My laptop is really infected with viruses and spyware. I cant get them off so I'm trying this. here is my Hyjack this log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23:40 AM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ioerdthb.exe
C:\WINDOWS\System32\winlogon.scr
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\xzewllcq.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [SystemSv12] C:\WINDOWS\system32\newmaxxsv234.exe
O4 - HKLM\..\Run: [mstaskmgr.exe] C:\WINDOWS\system32\mstaskmgr.exe
O4 - HKLM\..\Run: [CONEXANT] C:\WINDOWS\snymsico.exe
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\dcbcg.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [runtime.exe] C:\WINDOWS\system32\runtime.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [runtime.exe] C:\WINDOWS\system32\runtime.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [104ca286] rundll32.exe "C:\WINDOWS\system32\rsoasxed.dll",b
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKCU\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\RunOnce: [ati] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYUS_ZNxdm813
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://smtp.aesgeo.com:8090/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://smtp.aesgeo.com/BusinessPortal/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://smtp.aesgeo.com/businessportal/portal/shell/SDClientTools.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54AA1815-ACFB-4202-8191-69560FB7B7BD}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D84D36-6C81-4785-AC79-E1C7D89F1807}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9ED05A70-5261-4FB5-881A-B400DB4E1C52}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: sndvol32.dll
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - - C:\WINDOWS\system32\vrepdbml.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe (file missing)

--
End of file - 16042 bytes

ken545
2007-12-04, 02:00
gsimo,

Welcome to the forum, let me tell ya, you have real mess here, I am trying to figure out how this thing even starts up at all. You have one heavily infected computer and one of the trojans is a downloader so I would strongly suggest that outside of posting here that you stay off the internet as to not download additional trojans.



Your computer has been hijacked by the lovely people in the Ukraine, you are infected with Wareout.


85.255.112.200 - 85.255.127.255
Inhoster hosting company
OOO Inhoster, Poltavskij Shliax 24, Kharkiv, 61000, Ukraine

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
FixWareout Subratam (http://downloads.subratam.org/Fixwareout.exe)
FixWareout Lonny (http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe)

Save it to your desktop and run it.
Click Next, then Install,
Then make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.

Save the contents of the logfile C:\fixwareout\report.txt and post it into your next reply.



Now lets check some settings on your system. For (2000/XP) Only)


Go to Start > control panel.
If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections.
Then right click on your default connection, usually local area connection for cable and dsl.
Left click on properties.
Click the Networking tab.
Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems





Next Go start> Run type cmd and hit OK
Type in ipconfig /flushdns then hit enter
(that space between g and / is needed)
Type exit hit enter




Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up




Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall



This is important, do this before you post a HJT log
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe<-- Right click on Hijackthis.exe ( looks like a man with a spyglass )and rename it to Scanner.exe

Let me see the Wareout report, the Combofix report and a new HJT log in normal windows please renamed to Scanner.exe

gsimo
2007-12-05, 03:15
Hey Ken. Thanks for the help so far. Anyway, here are the fixwareout and combofix reports and a new Hyjack This log. I didn't really understand the process of renaming hyjackthis.exe to scanner.exe. Maybe you could explain again. Also the combofix report doesn't have that much info. I hope its right. maybe i did something wrong. Let me know what you think.

Greg

Username "Greg Simons" - 12/03/2007 16:47:11 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Saving 'hklm\software\microsoft\windows\currentversion\run' to 'run1.hiv' was not successful

HKLM\SOFTWARE\~\Winlogon\ "System"="kdyuo.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.58 85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{54AA1815-ACFB-4202-8191-69560FB7B7BD}
"nameserver"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{64D84D36-6C81-4785-AC79-E1C7D89F1807}
"nameserver"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9ED05A70-5261-4FB5-881A-B400DB4E1C52}
"nameserver"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{9ED05A70-5261-4FB5-881A-B400DB4E1C52}
"DhcpNameServer"="85.255.114.58,85.255.112.222" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{E931E111-69AB-45F3-8D9C-1520BA8F8757}
"DhcpNameServer"="85.255.114.58,85.255.112.222" <Value cleared.

Successfully flushed the DNS Resolver Cache.



ComboFix 07-12-02.7 - Greg Simons 2007-12-04 15:52:31.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.517 [GMT -8:00]
Running from: C:\Documents and Settings\Greg Simons\Local Settings\Temporary Internet Files\Content.IE5\DEK93MLK\ComboFix[1].exe
.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02, on 2007-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
C:\WINDOWS\System32\drivers\sysdrv.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Zango /fleok=1D8A83A5C5E0117D9EAA75760EA83FA5EF80752B9499803B2A2303766A - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O2 - BHO: (no name) - {5162D371-98F8-492B-AA70-92E6F2C51E42} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O2 - BHO: {4e02fc33-ab5c-a9ea-2584-45780ab116d6} - {6d611ba0-8754-4852-ae9a-c5ba33cf20e4} - C:\WINDOWS\system32\ngmlutye.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98CC82BB-6094-4852-B34C-55856B6EF489} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\xzewllcq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C93B10A2-D053-41BE-BF8D-831B3750A35C} - C:\WINDOWS\system32\dsound3.dll (file missing)
O2 - BHO: (no name) - {E21316B3-E77B-43D7-A044-4E145AB6BEEA} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {ED203331-9C33-49D8-8714-D24A366A04EC} - C:\WINDOWS\system32\gebaxxu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\xzewllcq.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [CreateCD_Reminder] "C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe"
O4 - HKLM\..\Run: [VAIO Recovery] "C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Switcher.exe] "C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\system32\ctfmona.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [SystemSv12] C:\WINDOWS\system32\newmaxxsv234.exe
O4 - HKLM\..\Run: [mstaskmgr.exe] C:\WINDOWS\system32\mstaskmgr.exe
O4 - HKLM\..\Run: [CONEXANT] C:\WINDOWS\snymsico.exe
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\dcbcg.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [runtime.exe] C:\WINDOWS\system32\runtime.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [runtime.exe] C:\WINDOWS\system32\runtime.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Salestart] "C:\Program Files\Common Files\BestsellerAntivirus\bm.exe" dm=http://bestsellerantivirus.com; ad=http://bestsellerantivirus.com
O4 - HKCU\..\Run: [rtasks] C:\Program Files\BestsellerAntivirus\rtasks.exe
O4 - HKCU\..\Run: [104ca286] rundll32.exe "C:\WINDOWS\system32\nyxsonml.dll",b
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\RunOnce: [ati] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYUS_ZNxdm813
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O10 - Unknown file in Winsock LSP: winsck2.dll
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://smtp.aesgeo.com:8090/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://smtp.aesgeo.com/BusinessPortal/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://smtp.aesgeo.com/businessportal/portal/shell/SDClientTools.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - Winlogon Notify: gebaxxu - gebaxxu.dll (file missing)
O20 - Winlogon Notify: md4hsh - C:\WINDOWS\SYSTEM32\md4hsh.dll
O20 - Winlogon Notify: xzewllcq - C:\WINDOWS\SYSTEM32\xzewllcq.dll
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe (file missing)

--
End of file - 16770 bytes

ken545
2007-12-05, 04:27
Greg,

FYI The thieves that have written the Vundo trojan have written it to go undetected by HJT and by renaming it to something else if Vundo is present it will then show up on your log.......and it did :red:

Removing Wareout was just the tip of the iceburg, you still have some major infections on this system.

I am going to have you run about 3 different scanners, it doesn't look like you ran Combofix correctly so drag it to the trash and we are going to redownload it in a bit.


Winsockxpfix (http://www.snapfiles.com/get/winsockxpfix.html)
Your malware infection is playing around with your internet connection, I want you to download this program to your desktop and in the event of running LSPfix you lose your connection, run this tool to repair it.



Please download LSPFix (http://www.cexx.org/LSPFix.exe)
Disconnect from the internet.
Go to where you downloaded LSPFix and run the LSPFix.exe by double clicking on it.
Check the I know what I'm doing box.
In the Keep box you should see one or more instances of winsck2.dll
Select every instance of winsck2.dll and move each one to the Remove box by clicking the >> button.
When you are done click Finish.

LSP Tutorial (http://www.bleepingcomputer.com/tutorials/tutorial59.html) <-- If you need it.



Download VundoFix (http://www.atribune.org/ccount/click.php?id=4 ) to your desktop

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




Please download SuperAntiSpyware (http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.


Combofix should remove most of this garbage, download a fresh copy
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall



Take your time and run these scans in order,

this is what I need to see

1. Vundofix log
2. SAS log
3. Combofix log
4. New HJT log

gsimo
2007-12-06, 03:40
Ok. Here are the 4 logs you requested. I think the combofix worked this time. Computer seems to work better now. I can actually start it in normal windows instead of safe mode. I have to send this in several emails i think. Thanks


VundoFix V6.7.0

Checking Java version...

Scan started at 14:01:26 2007-12-05

Listing files found while scanning....

C:\windows\system32\tjlnomvq.dll
C:\WINDOWS\system32\xzewllcq.dll
C:\windows\system32\xzewllcq.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\tjlnomvq.dll
C:\windows\system32\tjlnomvq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xzewllcq.dll
C:\WINDOWS\system32\xzewllcq.dll Could not be deleted.

Attempting to delete C:\windows\system32\xzewllcq.dllbox
C:\windows\system32\xzewllcq.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.0

Checking Java version...

Scan started at 14:37:36 2007-12-05

Listing files found while scanning....

C:\windows\system32\xzewllcq.dll
C:\windows\system32\xzewllcq.dllbox

Beginning removal...

Attempting to delete C:\windows\system32\xzewllcq.dll
C:\windows\system32\xzewllcq.dll Could not be deleted.

Attempting to delete C:\windows\system32\xzewllcq.dllbox
C:\windows\system32\xzewllcq.dllbox Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

gsimo
2007-12-06, 05:47
Here is the first half of the combofix file. these file seem too big to do all at once

ComboFix 07-12-02.7 - Greg Simons 2007-12-05 16:53:36.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.352 [GMT -8:00]
Running from: C:\Documents and Settings\Greg Simons\Desktop\ComboFix.exe
Other Deletions

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\Greg Simons\Application Data\install.dat
C:\Documents and Settings\Greg Simons\Application Data\install_en[1].exe
C:\Documents and Settings\Greg Simons\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Greg Simons\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Greg Simons\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Greg Simons\Local Settings\Application Data.\n.ini
C:\Documents and Settings\Greg Simons\Local Settings\Application Data\n.ini
C:\Program Files\BestsellerAntivirus\history.db
C:\Program Files\BestsellerAntivirus\ResErrors.log
C:\Program Files\FunWebProducts\ScreenSaver\Images\043407DE.urr
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\WINDOWS\noskrnl.config
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\22325594541.dll
C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\adspqfvx.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\dexsaosr.ini
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\drivers\uqaqnmhj.dat
C:\WINDOWS\system32\dsound3.dll
C:\WINDOWS\system32\gebaxxu.dll
C:\WINDOWS\system32\inf\scrsys071205.scr
C:\WINDOWS\system32\inf\scrsys16_071205.dll
C:\WINDOWS\system32\ioerdthb.exe
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\lmnosxyn.ini
C:\WINDOWS\system32\ltrjrrtq.dll
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\ngmlutye.dll
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\nrxvqira.dll
C:\WINDOWS\system32\nyxsonml.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\qgnwbtju.dll
C:\WINDOWS\system32\rsoasxed.dll
C:\WINDOWS\system32\runtime.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vrepdbml.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\wepkruxi.exe
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\xmoewdnd.exe
C:\WINDOWS\system32\xvfqpsda.ini
C:\WINDOWS\system32\xzewllcq.dllbox
.
---- Previous Run -------
.
C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Greg Simons\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\Greg Simons\Application Data\Install.dat
C:\Documents and Settings\Greg Simons\Application Data\install_en[1].exe
C:\Documents and Settings\Greg Simons\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Greg Simons\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Greg Simons\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Greg Simons\Local Settings\Application Data.\n.ini
C:\Documents and Settings\Greg Simons\Local Settings\Application Data\n.ini
C:\Program Files\BestsellerAntivirus
C:\Program Files\BestsellerAntivirus\history.db
C:\Program Files\BestsellerAntivirus\ResErrors.log
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\043407DE.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\UGA6P
C:\WINDOWS\noskrnl.config
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\22325594541.dll
C:\WINDOWS\system32\4_exception.nls
C:\WINDOWS\system32\adspqfvx.dll
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\dexsaosr.ini
C:\WINDOWS\system32\dllh8jkd1q2.exe
C:\WINDOWS\system32\dllh8jkd1q8.exe
C:\WINDOWS\system32\ioerdthb.exe
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\lmnosxyn.ini
C:\WINDOWS\system32\ltrjrrtq.dll
C:\WINDOWS\system32\n.ini
C:\WINDOWS\system32\ngmlutye.dll
C:\WINDOWS\system32\noskrnl.sys
C:\WINDOWS\system32\nrxvqira.dll
C:\WINDOWS\system32\nyxsonml.dll
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.ini2
C:\WINDOWS\system32\qgnwbtju.dll
C:\WINDOWS\system32\rsoasxed.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\vrepdbml.exe
C:\WINDOWS\system32\vx.tll
C:\WINDOWS\system32\wepkruxi.exe
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\xmoewdnd.exe
C:\WINDOWS\system32\xvfqpsda.ini
C:\WINDOWS\system32\xzewllcq.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_ASC3550P
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_DRIVER
-------\LEGACY_ERLWGTRG
-------\LEGACY_LDRSVC
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\asc3550p
-------\DomainService
-------\Driver
-------\erlwgtrg
-------\ldrsvc


-------\erlwgtrg

gsimo
2007-12-06, 05:50
Here's the second half
Files Created from 2007-11-06 to 2007-12-06

2007-12-05 15:36 . 2007-12-05 15:41 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-05 15:36 . 2007-12-05 15:36 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\SUPERAntiSpyware.com
2007-12-05 15:36 . 2007-12-05 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-05 15:24 . 2007-12-05 15:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 14:01 . 2007-12-05 15:11 <DIR> d-------- C:\VundoFix Backups
2007-12-05 13:46 . 2007-12-05 16:57 <DIR> d-------- C:\WINDOWS\system32\inf
2007-12-05 13:46 . 2007-12-05 16:37 205,824 --a------ C:\WINDOWS\system32\mwisys32_071205.dll
2007-12-05 13:46 . 2007-12-05 13:46 104,632 --a------ C:\WINDOWS\system32\877281
2007-12-05 13:46 . 2007-12-05 13:46 104,632 --a------ C:\WINDOWS\system\sslxpes071205.exe
2007-12-05 13:46 . 2007-12-05 13:46 25,088 --a------ C:\WINDOWS\system32\lwisys16_071205.dll
2007-12-05 13:46 . 2007-12-05 16:37 483 --a------ C:\WINDOWS\pwisys.ini
2007-12-05 13:46 . 2007-12-05 15:35 183 --a------ C:\WINDOWS\system32\mywehit.ini
2007-12-05 13:46 . 2007-12-05 15:35 179 --a------ C:\WINDOWS\system32\mywehit.ini.tmp
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\boa1.dat
2007-12-04 18:46 . 2007-12-04 18:46 53,248 --a------ C:\WINDOWS\system32\rasmoesa.dll
2007-12-04 17:45 . 2007-12-04 17:45 6,129 --a------ C:\WINDOWS\system32\3867296
2007-12-04 16:45 . 2007-12-04 16:45 6,129 --a------ C:\WINDOWS\system32\266640
2007-12-03 09:37 . 2007-12-03 09:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 20:42 . 2004-10-08 07:26 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-02 20:07 . 2007-12-02 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2007-12-02 19:24 . 2007-12-02 19:24 231,593 --a------ C:\WINDOWS\system32\991734
2007-12-02 19:11 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-02 18:05 . 2007-12-02 18:05 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-02 17:04 . 2004-08-04 04:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-12-02 17:04 . 2004-08-04 04:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-02 17:04 . 2004-08-04 04:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-02 17:02 . 2004-08-04 04:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2007-12-02 17:01 . 2004-08-04 04:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2007-12-02 17:00 . 2004-08-04 04:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-02 16:59 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-02 16:58 . 2003-03-24 16:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2007-12-02 16:58 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2007-12-02 16:58 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2007-12-02 16:58 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2007-12-02 16:58 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2007-12-02 16:55 . 2007-12-02 16:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-02 13:06 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-12-02 12:46 . 2004-08-04 04:00 1,086,058 -ra------ C:\WINDOWS\SETF5.tmp
2007-12-02 12:46 . 2004-08-04 04:00 1,042,903 -ra------ C:\WINDOWS\SETF2.tmp
2007-12-02 12:46 . 2004-08-04 04:00 13,753 -ra------ C:\WINDOWS\SET101.tmp
2007-12-02 12:46 . 2004-08-04 04:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2007-12-01 19:59 . 2007-12-01 19:59 9,225 --a------ C:\WINDOWS\system32\189078
2007-12-01 13:31 . 2007-12-01 13:31 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-30 15:13 . 2007-11-30 15:17 <DIR> d-------- C:\Program Files\PC Doc Pro
2007-11-30 15:13 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2007-11-30 15:13 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-11-30 15:13 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2007-11-29 17:20 . 2007-11-29 17:20 0 --a------ C:\WINDOWS\system32\345640
2007-11-28 18:45 . 2007-11-28 18:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-28 18:43 . 2004-11-29 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-28 18:43 . 2004-11-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-11-28 18:43 . 2004-11-29 12:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-11-28 18:43 . 2004-11-29 12:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2007-11-28 18:43 . 2007-06-11 11:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek

gsimo
2007-12-06, 05:51
2007-11-28 08:24 . 2007-11-28 08:24 18,944 --a------ C:\WINDOWS\system32\44460421
2007-11-28 07:23 . 2007-11-28 07:23 8,965 --a------ C:\WINDOWS\system32\40804359
2007-11-28 06:19 . 2007-11-28 06:19 8,965 --a------ C:\WINDOWS\system32\36987953
2007-11-28 05:11 . 2007-11-28 05:11 8,965 --a------ C:\WINDOWS\system32\32882500
2007-11-28 04:10 . 2007-11-28 04:10 8,965 --a------ C:\WINDOWS\system32\29202515
2007-11-28 03:09 . 2007-11-28 03:09 8,965 --a------ C:\WINDOWS\system32\25564515
2007-11-28 02:08 . 2007-11-28 02:08 8,965 --a------ C:\WINDOWS\system32\21886250
2007-11-27 20:06 . 2007-11-27 20:06 6,656 --a------ C:\WINDOWS\system32\md4hsh.dll
2007-11-27 20:06 . 2007-12-05 15:13 2,032 --a------ C:\WINDOWS\system32\nvnati.sys
2007-11-25 13:43 . 2007-11-25 14:13 100 --a------ C:\WINDOWS\system32\config.xml
2007-11-24 16:27 . 2007-11-24 16:27 18,944 --a------ C:\WINDOWS\system32\549984
2007-11-24 16:27 . 2007-11-28 08:24 12,800 --a------ C:\WINDOWS\system32\dialsv32.dll
2007-11-23 11:35 . 2007-11-23 11:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-23 10:42 . 2007-11-23 10:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Program Files\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-23 10:41 . 2007-06-21 18:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-11-23 10:41 . 2007-06-21 18:43 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-23 10:41 . 2007-06-21 18:43 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-23 10:41 . 2007-06-21 18:43 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-23 10:41 . 2007-06-21 18:43 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-11-22 19:43 . 2007-11-22 19:43 10,240 --a------ C:\WINDOWS\system32\winsck2.dll
2007-11-22 10:37 . 2007-11-22 10:37 0 --a------ C:\WINDOWS\system32\717960140
2007-11-22 10:20 . 2007-11-22 10:20 29 --a------ C:\WINDOWS\system32\epftorig.tmp
2007-11-22 10:17 . 2007-11-22 10:17 27,648 --a------ C:\WINDOWS\system32\winlogon.scr
2007-11-22 10:17 . 2007-11-22 10:17 27,648 --ahs---- C:\WINDOWS\system32\drivers\sysdrv.exe
2007-11-22 10:17 . 2007-11-22 10:17 27,648 ---hs---- C:\Documents and Settings\Greg Simons\scvhost.exe
2007-11-22 10:15 . 2007-11-24 18:19 45,072 --a------ C:\WINDOWS\taskmon.exe
2007-11-22 10:14 . 2004-08-04 04:00 98,816 --a------ C:\WINDOWS\system32\dsound3.2
2007-11-22 10:14 . 2004-08-04 04:00 94,720 --a------ C:\WINDOWS\system32\dsound3.1
2007-11-22 10:13 . 2007-11-23 15:05 <DIR> d-------- C:\Program Files\AntiVirusPro
2007-11-22 10:13 . 2007-11-22 10:13 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\Anti-Virus-Pro.com
2007-11-18 19:10 . 2007-11-18 19:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-18 19:10 . 2007-11-18 19:10 1,409 --a------ C:\WINDOWS\QTFont.for

Find3M Report
.
2007-12-01 21:31 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 02:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-11-22 19:12 --------- d-----w C:\Program Files\Lx_cats
2007-11-22 18:52 --------- d-----w C:\Program Files\LimeWire
2007-10-14 00:06 --------- d-----w C:\Documents and Settings\Greg Simons\Application Data\SecondLife
2007-10-12 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Reg Loading Points
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98CC82BB-6094-4852-B34C-55856B6EF489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C87FA4A3-2474-4a3f-B413-67D515905024}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 20:28]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"runtime.exe"="C:\WINDOWS\system32\runtime.exe" []
"main"="C:\WINDOWS\System32\drivers\sysdrv.exe" [2007-11-22 10:17]
"default"="C:\Documents and Settings\Greg Simons\scvhost.exe" [2007-11-22 10:17]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"sysinit"="C:\WINDOWS\System32\drivers\sysdrv.exe" [2007-11-22 10:17]
"ati"="C:\Documents and Settings\Greg Simons\scvhost.exe" [2007-11-22 10:17]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\md4hsh]
md4hsh.dll 2007-11-27 20:06 6656 C:\WINDOWS\system32\md4hsh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-08-11 18:09 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 nvnati;NVidia XTLayer gateway;\??\C:\WINDOWS\system32\nvnati.sys
S2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe
S3 echodap;echodap;C:\WINDOWS\system32\drivers\echodap.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\system32\noskrnl.sys
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\Drivers\RIOXDRV.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 00:47:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-02 14:44:49 C:\WINDOWS\Tasks\wrSpySweeper_L4A6B66CAE26944958548900A3A7338E9.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L4A6B66CAE26944958548900A3A7338E9
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 17:07:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
main = C:\WINDOWS\System32\drivers\sysdrv.exe???????????7?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
default = C:\Documents and Settings\Greg Simons\scvhost.exe???"???????????InternetReadFile????????????@???HoudsoduBmnrdI`oemd?0???0??? ???e???@???@???????@???#???????????InternetCloseHandle?P???????8???SdfNqdoJdx@????????? ???A???????????????8???????????????RegOpenKeyA?????\???<???SdfRduW`mtdDy@?????????? ???????????????????<???????????????RegSetValueExA??p???????8???SdfBmnrdJdx?0???0??? ???y???@???@???????8???????????????RegCloseKey?h???h???$???Running Applications$???7???????&???C:\WINDOWS\System32\drivers\sysdrv.exe?????????? ???sysdrv.exe??????X???8???TRDSQSNGHMD????????? ???E???????????????8???????????????USERPROFILE?6???????%???C:\Documents and Settings\Greg Simons???????????<???BNLSTUDSO@LD????x???x??? ???????????????????<???????????????COMRUTERNAME????6???????%???C:\Documents and Settings\Greg Simons???6???????&???C:\WINDOWS\System32\drivers\sysdrv.exe??????????????windir?????????? ???C:\WINDOWS??????????????????????????????\S??h???h???$???Running Applications$???????????????ystem32?"???????????C:\WINDOWS\System32?2??????? ???C:\WINDOWS\System32\winlogon.scr????"???????????\drivers\sysdrv.exe?.???????????C:\WINDOWS\System32\recl.txt????????????????\scvhost.exe????X???X???,???]vhomnfno/rbs???H???H???????,??????????? ???\winlogon.scr???6???????&???C:\WINDOWS\System32\drivers\sysdrv.exe??????????????C:\W????????????????C:\W????????????????c:\?H???H???????????????????????\recl.txt???>???????.???273457705C:\Documents and Settings\Greg Simons?????????? ???1807258085??>???????.???Software\Microsoft\Windows\CurrentVersion\Run\??>???????.???Software\Microsoft\Windows\CurrentVersion\Run\???????????6?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
sysinit = C:\WINDOWS\System32\drivers\sysdrv.exe??????????L6??/?product=viagra????????????,6?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
ati = C:\Documents and Settings\Greg Simons\scvhost.exe???"???????????InternetCloseHandle?P???????8???SdfNqdoJdx@????????? ???A???????????????8???????????????RegOpenKeyA?????\???<???SdfRduW`mtdDy@?????????? ???????????????????<???????????????RegSetValueExA??p???????8???SdfBmnrdJdx?0???0??? ???y???@???@???????8???????????????RegCloseKey?h???h???$???Running Applications$???7???????&???C:\WINDOWS\System32\drivers\sysdrv.exe?????????? ???sysdrv.exe??????????8???TRDSQSNGHMD????????? ???E???????????????8???????????????USERPROFILE?6???????%???C:\Documents and Settings\Greg Simons???????????<???BNLSTUDSO@LD????x???x??? ???????????????????<???????????????COMRUTERNAME????6???????%???C:\Documents and Settings\Greg Simons???6???????&???C:\WINDOWS\System32\drivers\sysdrv.exe??????????????windir?????????? ???C:\WINDOWS??,???,???????????????????????\S??&???????????Get free viagra now !???????????????ystem32?"???????????C:\WINDOWS\System32?2??????? ???C:\WINDOWS\System32\winlogon.scr????"???????????\drivers\sysdrv.exe?.???????????C:\WINDOWS\System32\recl.txt????????????????\scvhost.exe????.???????????C:\WINDOWS\System32\recl.txt???????????? ???\winlogon.scr???6???????&???C:\WINDOWS\System32\drivers\sysdrv.exe??????????????C:\W????????????????C:\W????????????????c:\?????????????msg?????????????\recl.txt???>???????.???273457705C:\Documents and Settings\Greg Simons?????????? ???1807258085??>???????.???Software\Microsoft\Windows\CurrentVersion\Run\??>???????.???Software\Microsoft\Windows\CurrentVersion\Run\??.???????????C:\WINDOWS\System32\recl.txt????H???H???????????C???????2???SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\??B???????2???SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\??????????@6??agra????????????,6?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...
scan completed successfully
hidden files: 0
Completion time: 2007-12-05 17:09:55 - machine was rebooted

gsimo
2007-12-06, 05:54
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:16:03 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\Documents and Settings\Greg Simons\scvhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\winlogon.scr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe
C:\WINDOWS\System32\drivers\sysdrv.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98CC82BB-6094-4852-B34C-55856B6EF489} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [runtime.exe] C:\WINDOWS\system32\runtime.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\RunOnce: [ati] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZBzeb032YYUS_ZNxdm813
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://smtp.aesgeo.com:8090/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://smtp.aesgeo.com/BusinessPortal/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://smtp.aesgeo.com/businessportal/portal/shell/SDClientTools.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: md4hsh - C:\WINDOWS\SYSTEM32\md4hsh.dll
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe (file missing)

--
End of file - 14123 bytes

gsimo
2007-12-06, 05:57
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/05/2007 at 04:25 PM

Application Version : 3.9.1008

Core Rules Database Version : 3355
Trace Rules Database Version: 1354

Scan type : Complete Scan
Total Scan Time : 00:43:37

Memory items scanned : 594
Memory threats detected : 3
Registry items scanned : 6318
Registry threats detected : 201
File items scanned : 33406
File threats detected : 469

Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\XZEWLLCQ.DLL
C:\WINDOWS\SYSTEM32\XZEWLLCQ.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xzewllcq
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0006189.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\SSQPP.DLL
C:\WINDOWS\SYSTEM32\SSQPP.DLL
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{E21316B3-E77B-43D7-A044-4E145AB6BEEA}
HKCR\CLSID\{E21316B3-E77B-43D7-A044-4E145AB6BEEA}
HKCR\CLSID\{E21316B3-E77B-43D7-A044-4E145AB6BEEA}\InprocServer32
HKCR\CLSID\{E21316B3-E77B-43D7-A044-4E145AB6BEEA}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{ED203331-9C33-49D8-8714-D24A366A04EC}
HKCR\CLSID\{ED203331-9C33-49D8-8714-D24A366A04EC}
HKCR\CLSID\{ED203331-9C33-49D8-8714-D24A366A04EC}\InprocServer32
HKCR\CLSID\{ED203331-9C33-49D8-8714-D24A366A04EC}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\GEBAXXU.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E21316B3-E77B-43D7-A044-4E145AB6BEEA}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{ED203331-9C33-49D8-8714-D24A366A04EC}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{ED203331-9C33-49D8-8714-D24A366A04EC}

Trojan.Downloader-UPNP/Fake
C:\WINDOWS\SYSTEM32\DRIVERS\DCBCG.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\DCBCG.EXE
[_] C:\WINDOWS\SYSTEM32\DRIVERS\DCBCG.EXE
C:\WINDOWS\Prefetch\DCBCG.EXE-1012E8EB.pf

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}

Unclassified.Unknown Origin/System
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5162D371-98F8-492B-AA70-92E6F2C51E42}
HKCR\CLSID\{5162D371-98F8-492B-AA70-92E6F2C51E42}
HKCR\CLSID\{5162D371-98F8-492B-AA70-92E6F2C51E42}\InprocServer32
HKCR\CLSID\{5162D371-98F8-492B-AA70-92E6F2C51E42}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\PMKJK.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Greg Simons\Cookies\greg simons@doubleclick[2].txt
C:\Documents and Settings\Greg Simons\Cookies\greg simons@bestsellerantivirus[2].txt
C:\Documents and Settings\Greg Simons\Cookies\greg simons@msnportal.112.2o7[1].txt
C:\Documents and Settings\Greg Simons\Cookies\greg simons@specificclick[1].txt

Adware.180solutions/ZangoSearch
C:\Program Files\Zango Programs\Chess\Chess\book.txt
C:\Program Files\Zango Programs\Chess\Chess
C:\Program Files\Zango Programs\Chess\Chess.exe
C:\Program Files\Zango Programs\Chess\D3DDevice.LOG
C:\Program Files\Zango Programs\Chess\Fonts\Arial.J5F
C:\Program Files\Zango Programs\Chess\Fonts\Arial.tga
C:\Program Files\Zango Programs\Chess\Fonts\Courier New.J5F
C:\Program Files\Zango Programs\Chess\Fonts\Courier New.TGA
C:\Program Files\Zango Programs\Chess\Fonts
C:\Program Files\Zango Programs\Chess\Lua 5.0.txt
C:\Program Files\Zango Programs\Chess\manual\contents.htm
C:\Program Files\Zango Programs\Chess\manual\foreword.htm
C:\Program Files\Zango Programs\Chess\manual\front.htm
C:\Program Files\Zango Programs\Chess\manual\history.htm
C:\Program Files\Zango Programs\Chess\manual\images\bishop_move.gif
C:\Program Files\Zango Programs\Chess\manual\images\castl.gif
C:\Program Files\Zango Programs\Chess\manual\images\king_move.gif
C:\Program Files\Zango Programs\Chess\manual\images\knight_move.gif
C:\Program Files\Zango Programs\Chess\manual\images\manual_logo.jpg
C:\Program Files\Zango Programs\Chess\manual\images\nf3.gif
C:\Program Files\Zango Programs\Chess\manual\images\pawn_cap.gif
C:\Program Files\Zango Programs\Chess\manual\images\pawn_move.gif
C:\Program Files\Zango Programs\Chess\manual\images\queen_move.gif
C:\Program Files\Zango Programs\Chess\manual\images\ranks_files.gif
C:\Program Files\Zango Programs\Chess\manual\images\rook_move.gif
C:\Program Files\Zango Programs\Chess\manual\images\splash2.gif
C:\Program Files\Zango Programs\Chess\manual\images\start.gif
C:\Program Files\Zango Programs\Chess\manual\images\tile2.jpg
C:\Program Files\Zango Programs\Chess\manual\images
C:\Program Files\Zango Programs\Chess\manual\index.htm
C:\Program Files\Zango Programs\Chess\manual\notation.htm
C:\Program Files\Zango Programs\Chess\manual\pc_game.htm
C:\Program Files\Zango Programs\Chess\manual\rules.htm
C:\Program Files\Zango Programs\Chess\manual\strategy.htm
C:\Program Files\Zango Programs\Chess\manual\styles.css
C:\Program Files\Zango Programs\Chess\manual
C:\Program Files\Zango Programs\Chess\ML_Eula.txt
C:\Program Files\Zango Programs\Chess\Models\Scaled_Pine.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_bishop.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_bishop_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_gameboard.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_king.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_king_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_knight.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_knight_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_pawn.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_pawn_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_queen.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_queen_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_rook.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_rook_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set1_tabletop.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_bishop.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_bishop_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_gameboard.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_king.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_king_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_knight.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_knight_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_pawn.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_pawn_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_queen.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_queen_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_rook.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_rook_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set2_tabletop.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_bishop.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_bishop_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_gameboard.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_king.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_king_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_knight.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_knight_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_pawn.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_pawn_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_queen.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_queen_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_rook.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_rook_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set3_tabletop.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_bishop.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_bishop_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_gameboard.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_king.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_king_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_knight.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_knight_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_pawn.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_pawn_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_queen.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_queen_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_rook.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_rook_blk.b3d
C:\Program Files\Zango Programs\Chess\Models\set4_tabletop.b3d
C:\Program Files\Zango Programs\Chess\Models\square_h.b3d
C:\Program Files\Zango Programs\Chess\Models\square_L.b3d
C:\Program Files\Zango Programs\Chess\Models\square_m.b3d
C:\Program Files\Zango Programs\Chess\Models\square_o.b3d
C:\Program Files\Zango Programs\Chess\Models\square_shadow.b3d
C:\Program Files\Zango Programs\Chess\Models\square_x.b3d
C:\Program Files\Zango Programs\Chess\Models
C:\Program Files\Zango Programs\Chess\Music\Chess Blues.ogg
C:\Program Files\Zango Programs\Chess\Music\Chess Menu.ogg
C:\Program Files\Zango Programs\Chess\Music\Medieval Chess.ogg
C:\Program Files\Zango Programs\Chess\Music\Modern Chess.ogg
C:\Program Files\Zango Programs\Chess\Music\Space Chess.ogg
C:\Program Files\Zango Programs\Chess\Music
C:\Program Files\Zango Programs\Chess\ogg_vorbis.txt
C:\Program Files\Zango Programs\Chess\Scripts\checkmate_disp.lua
C:\Program Files\Zango Programs\Chess\Scripts\checkmate_disp_blk.lua
C:\Program Files\Zango Programs\Chess\Scripts\checkmate_disp_wht.lua
C:\Program Files\Zango Programs\Chess\Scripts\Check_disp.lua
C:\Program Files\Zango Programs\Chess\Scripts\Check_disp_black.lua
C:\Program Files\Zango Programs\Chess\Scripts\check_disp_off.lua
C:\Program Files\Zango Programs\Chess\Scripts\Check_disp_white.lua
C:\Program Files\Zango Programs\Chess\Scripts\Clean_up.lua
C:\Program Files\Zango Programs\Chess\Scripts\clock.lua
C:\Program Files\Zango Programs\Chess\Scripts\Clock_lose_disp_black.lua
C:\Program Files\Zango Programs\Chess\Scripts\Clock_lose_disp_white.lua
C:\Program Files\Zango Programs\Chess\Scripts\clock_off.lua
C:\Program Files\Zango Programs\Chess\Scripts\Credits.lua
C:\Program Files\Zango Programs\Chess\Scripts\CustomPiece.lua
C:\Program Files\Zango Programs\Chess\Scripts\CustomPieces.lua
C:\Program Files\Zango Programs\Chess\Scripts\Draw.lua
C:\Program Files\Zango Programs\Chess\Scripts\Escape.lua
C:\Program Files\Zango Programs\Chess\Scripts\Exit.lua
C:\Program Files\Zango Programs\Chess\Scripts\GameOptions.lua
C:\Program Files\Zango Programs\Chess\Scripts\HostGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\Hotkeys.lua
C:\Program Files\Zango Programs\Chess\Scripts\Hotkeys_off.lua
C:\Program Files\Zango Programs\Chess\Scripts\Hotseat.lua
C:\Program Files\Zango Programs\Chess\Scripts\info_display.lua
C:\Program Files\Zango Programs\Chess\Scripts\InGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\JoinGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\Loading.lua
C:\Program Files\Zango Programs\Chess\Scripts\LoadSinglePlyrGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\MainMenu.lua
C:\Program Files\Zango Programs\Chess\Scripts\ML.lua

gsimo
2007-12-06, 05:59
C:\Program Files\Zango Programs\Chess\Scripts\MplyrDropout.lua
C:\Program Files\Zango Programs\Chess\Scripts\MultiplayerGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\NewSinglePlyrGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\Opponent.lua
C:\Program Files\Zango Programs\Chess\Scripts\opp_update.lua
C:\Program Files\Zango Programs\Chess\Scripts\Options.lua
C:\Program Files\Zango Programs\Chess\Scripts\pieceshotsetup.lua
C:\Program Files\Zango Programs\Chess\Scripts\PlayerData.lua
C:\Program Files\Zango Programs\Chess\Scripts\PlayerData_off.lua
C:\Program Files\Zango Programs\Chess\Scripts\p_dragon_fire.lua
C:\Program Files\Zango Programs\Chess\Scripts\RestoreGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\runtime_functions.lua
C:\Program Files\Zango Programs\Chess\Scripts\SaveGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set1Env.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set1Pieces.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set2Env.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set2Pieces.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set3Env.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set3Pieces.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set4Env.lua
C:\Program Files\Zango Programs\Chess\Scripts\Set4Pieces.lua
C:\Program Files\Zango Programs\Chess\Scripts\SetPiece1.lua
C:\Program Files\Zango Programs\Chess\Scripts\SetUpBoard.lua
C:\Program Files\Zango Programs\Chess\Scripts\Speed.lua
C:\Program Files\Zango Programs\Chess\Scripts\Stalemate.lua
C:\Program Files\Zango Programs\Chess\Scripts\Standard.lua
C:\Program Files\Zango Programs\Chess\Scripts\StandardPieces.lua
C:\Program Files\Zango Programs\Chess\Scripts\StartGame.lua
C:\Program Files\Zango Programs\Chess\Scripts\StartGUI.lua
C:\Program Files\Zango Programs\Chess\Scripts\TestGUI.lua
C:\Program Files\Zango Programs\Chess\Scripts\TestGUI2.lua
C:\Program Files\Zango Programs\Chess\Scripts\text.lua
C:\Program Files\Zango Programs\Chess\Scripts\Tutorial.lua
C:\Program Files\Zango Programs\Chess\Scripts\tut_bishop.lua
C:\Program Files\Zango Programs\Chess\Scripts\tut_king.lua
C:\Program Files\Zango Programs\Chess\Scripts\tut_knight.lua
C:\Program Files\Zango Programs\Chess\Scripts\tut_pawn.lua
C:\Program Files\Zango Programs\Chess\Scripts\tut_queen.lua
C:\Program Files\Zango Programs\Chess\Scripts\tut_rook.lua
C:\Program Files\Zango Programs\Chess\Scripts\UpdateNewgameUI.lua
C:\Program Files\Zango Programs\Chess\Scripts
C:\Program Files\Zango Programs\Chess\Sounds\bishop.wav
C:\Program Files\Zango Programs\Chess\Sounds\button.wav
C:\Program Files\Zango Programs\Chess\Sounds\castle.wav
C:\Program Files\Zango Programs\Chess\Sounds\check.wav
C:\Program Files\Zango Programs\Chess\Sounds\checkmate.wav
C:\Program Files\Zango Programs\Chess\Sounds\Clock.wav
C:\Program Files\Zango Programs\Chess\Sounds\draw.wav
C:\Program Files\Zango Programs\Chess\Sounds\enpassant.wav
C:\Program Files\Zango Programs\Chess\Sounds\king.wav
C:\Program Files\Zango Programs\Chess\Sounds\knight.wav
C:\Program Files\Zango Programs\Chess\Sounds\pawn.wav
C:\Program Files\Zango Programs\Chess\Sounds\promotion.wav
C:\Program Files\Zango Programs\Chess\Sounds\queen.wav
C:\Program Files\Zango Programs\Chess\Sounds\rook.wav
C:\Program Files\Zango Programs\Chess\Sounds\stalemate.wav
C:\Program Files\Zango Programs\Chess\Sounds\temp.wav
C:\Program Files\Zango Programs\Chess\Sounds
C:\Program Files\Zango Programs\Chess\Textures\4test.tga
C:\Program Files\Zango Programs\Chess\Textures\benedeti_tiled_test.jpg
C:\Program Files\Zango Programs\Chess\Textures\BlueClouds01.jpg
C:\Program Files\Zango Programs\Chess\Textures\board1_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\board1_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\board1_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\board2_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\board2_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\board2_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\board3_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\board3_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\board3_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\board5_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\board5_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\board5_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\chess_black.bmp
C:\Program Files\Zango Programs\Chess\Textures\chess_interstellar_gameboard.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_interstellar_gamepieces_black.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_interstellar_gamepieces_white.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_medieval_gameboard.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_medieval_gamepieces_black.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_medieval_gamepieces_white.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_medieval_tabletop.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_modern_gameboard.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_modern_gamepieces_black.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_modern_gamepieces_white.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_modern_tabletop.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_set.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_square_h.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_square_L.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_square_L2.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_square_m.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_square_o.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_square_x.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_traditional_gameboard.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_traditional_gamepieces_black.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_traditional_gamepieces_white.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_traditional_tabletop.tga
C:\Program Files\Zango Programs\Chess\Textures\chess_white.bmp
C:\Program Files\Zango Programs\Chess\Textures\clock_frame.bmp
C:\Program Files\Zango Programs\Chess\Textures\fire.dds
C:\Program Files\Zango Programs\Chess\Textures\HandCursor.tga
C:\Program Files\Zango Programs\Chess\Textures\ingame_shadow.tga
C:\Program Files\Zango Programs\Chess\Textures\marble_multi.tga
C:\Program Files\Zango Programs\Chess\Textures\marble_white.tga
C:\Program Files\Zango Programs\Chess\Textures\Mission12-new color.jpg
C:\Program Files\Zango Programs\Chess\Textures\pinetree01.tga
C:\Program Files\Zango Programs\Chess\Textures\set1_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\set1_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\set1_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\set2_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\set2_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\set2_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\set3_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\set3_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\set3_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\set5_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\set5_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\set5_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\sky_test2.jpg
C:\Program Files\Zango Programs\Chess\Textures\stars3.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_back_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_back_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_back_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_castle.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_checkmate.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_checkmate_blk_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_checkmate_wht_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_check_blk.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_check_wht.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_credits_ml_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_credits_ml_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_credits_ml_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_credits_ml_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_draw_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_enpassant.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_exitgame_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_exitgame_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_exitgame_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_resume_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_resume_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_resume_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_savegame_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_savegame_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_escape_savegame_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_exit_return_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_exit_return_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_exit_return_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_exit_windows_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_exit_windows_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_exit_windows_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_gopt_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_little_black_box.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_loading_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_load_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_load_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_load_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_main_board_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_board_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_board_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_credits_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_credits_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_credits_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_exit_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_exit_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_exit_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_goptions_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_goptions_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_goptions_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_loadsplyr_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_loadsplyr_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_loadsplyr_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_mplyr_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_mplyr_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_mplyr_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_splyr_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_splyr_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_main_splyr_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mpdropout_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_blk_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_blk_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_blk_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_wht_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_wht_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_hostgame_wht_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_joingame_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_joingame_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_joingame_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_mplyr_text_bg.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_nsplyr_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_okay_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_okay_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_okay_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_01_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_01_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_01_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_01_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_02_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_02_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_02_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_02_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_03_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_03_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_03_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_03_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_04_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_04_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_04_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_04_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_05_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_05_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_05_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_05_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_06_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_06_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_06_hv.jpg
C:\Program Files\Zango

gsimo
2007-12-06, 06:01
Programs\Chess\Textures\ui_opponent_06_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_07_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_07_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_07_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_07_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_08_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_08_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_08_dn_hv.jpg.src
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_08_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_08_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_09_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_09_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_09_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_09_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_10_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_10_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_10_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_10_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_11_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_11_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_11_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_11_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_human_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_human_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_human_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_human_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_mphuman_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_mphuman_dn_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_mphuman_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_opponent_mphuman_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_outoftime_blk.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_outoftime_blk_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_outoftime_wht.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_outoftime_wht_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_pawn_black.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_pawn_white.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_play_dn.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_play_hv.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_play_up.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_promotion.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_say_dn.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_say_hv.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_say_up.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_set_blank_dn.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_set_blank_hv.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_set_blank_up.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_set_x_dn.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_set_x_hv.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_set_x_up.bmp
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_blitz_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_casual_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_ingame.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_off.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_on.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_quick_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_regulation_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_speed_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_speed_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_stalemate.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_stalemate_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_1_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_2_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_3_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_bishop.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_dn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_hv.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_ingame.tga
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_king.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_knight.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_off.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_on.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_pawn.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_queen.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_rook.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_tutorial_up.jpg
C:\Program Files\Zango Programs\Chess\Textures\ui_withoutlogo_bg.jpg
C:\Program Files\Zango Programs\Chess\Textures\wood_tabletop1.jpg
C:\Program Files\Zango Programs\Chess\Textures
C:\Program Files\Zango Programs\Chess
C:\Program Files\Zango Programs\Common\Zango.ico
C:\Program Files\Zango Programs\Common
C:\Program Files\Zango Programs
HKLM\Software\Zango Programs
HKLM\Software\Zango Programs\Chess
HKLM\Software\Zango Programs\Chess#TARGETDIR
C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX_ZANGOSA.DLL

Adware.180solutions/Search Assistant
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32

Adware.180solutions/Seekmo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07AA283A-43D7-4CBE-A064-32A21112D94D}
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKU\S-1-5-21-2615875869-2051102613-741420604-1006\Software\Microsoft\Internet Explorer\Explorer Bars\{93B0FA7B-50F6-41B4-AC7E-612A72CE8C3C}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07AA283A-43D7-4CBE-A064-32A21112D94D} [ Zango ]

Adware.Zango Toolbar/Hb
HKCR\CoreSrv.CoreServices
HKCR\CoreSrv.CoreServices\CLSID
HKCR\CoreSrv.CoreServices\CurVer
HKCR\CoreSrv.CoreServices.1
HKCR\CoreSrv.CoreServices.1\CLSID
HKCR\CoreSrv.LfgAx
HKCR\CoreSrv.LfgAx\CLSID
HKCR\CoreSrv.LfgAx\CurVer
HKCR\CoreSrv.LfgAx.1
HKCR\CoreSrv.LfgAx.1\CLSID
HKCR\HBMain.CommBand
HKCR\HBMain.CommBand\CLSID
HKCR\HBMain.CommBand\CurVer
HKCR\HBMain.CommBand.1
HKCR\HBMain.CommBand.1\CLSID
HKCR\hbr.HbMain
HKCR\hbr.HbMain\CLSID
HKCR\hbr.HbMain\CurVer
HKCR\hbr.HbMain.1
HKCR\hbr.HbMain.1\CLSID
HKCR\HostOL.MailAnim
HKCR\HostOL.MailAnim\CLSID
HKCR\HostOL.MailAnim\CurVer
HKCR\HostOL.MailAnim.1
HKCR\HostOL.MailAnim.1\CLSID
HKCR\HostOL.WebmailSend
HKCR\HostOL.WebmailSend\CLSID
HKCR\HostOL.WebmailSend\CurVer
HKCR\HostOL.WebmailSend.1
HKCR\HostOL.WebmailSend.1\CLSID
HKCR\InstIE.HbInstObj
HKCR\InstIE.HbInstObj\CLSID
HKCR\InstIE.HbInstObj\CurVer
HKCR\InstIE.HbInstObj.1
HKCR\InstIE.HbInstObj.1\CLSID
HKCR\Srv.CoreServices
HKCR\Srv.CoreServices\CLSID
HKCR\Srv.CoreServices\CurVer
HKCR\Srv.CoreServices.1
HKCR\Srv.CoreServices.1\CLSID
HKCR\Toolbar.HtmlMenuUI
HKCR\Toolbar.HtmlMenuUI\CLSID
HKCR\Toolbar.HtmlMenuUI\CurVer
HKCR\Toolbar.HtmlMenuUI.1
HKCR\Toolbar.HtmlMenuUI.1\CLSID
HKCR\Toolbar.ToolbarCtl
HKCR\Toolbar.ToolbarCtl\CLSID
HKCR\Toolbar.ToolbarCtl\CurVer
HKCR\Toolbar.ToolbarCtl.1
HKCR\Toolbar.ToolbarCtl.1\CLSID
HKCR\Zango.DesktopFlash
HKCR\Zango.DesktopFlash\CLSID
HKCR\Zango.DesktopFlash\CurVer
HKCR\Zango.DesktopFlash.1
HKCR\Zango.DesktopFlash.1\CLSID
HKCR\ZangoAX.ClientDetector
HKCR\ZangoAX.ClientDetector\CLSID
HKCR\ZangoAX.ClientDetector\CurVer
HKCR\ZangoAX.ClientDetector.1
HKCR\ZangoAX.ClientDetector.1\CLSID
HKCR\ZangoAX.UserProfiles
HKCR\ZangoAX.UserProfiles\CLSID
HKCR\ZangoAX.UserProfiles\CurVer
HKCR\ZangoAX.UserProfiles.1
HKCR\ZangoAX.UserProfiles.1\CLSID
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}\Implemented Categories
HKCR\CLSID\{BF1BF02C-5A86-4ECF-ADAC-472C54C4D21E}\Implemented Categories\{62975EAF-DC2A-42DE-BB1C-98B00A67FBBA}
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid
HKCR\Interface\{00B77587-BE1B-4201-B8E9-09FCF50AB771}\ProxyStubClsid32
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid
HKCR\Interface\{067C6A37-72EA-4437-863A-5BE20C246F3C}\ProxyStubClsid32
HKCR\Interface\{1230CF51-6BC4-4A23-B3F1-C7CF0AFED619}
HKCR\Interface\{1230CF51-6BC4-4A23-B3F1-C7CF0AFED619}\ProxyStubClsid
HKCR\Interface\{1230CF51-6BC4-4A23-B3F1-C7CF0AFED619}\ProxyStubClsid32
HKCR\Interface\{1985FCE1-4043-4346-AE70-D0A0CD90BDD3}
HKCR\Interface\{1985FCE1-4043-4346-AE70-D0A0CD90BDD3}\ProxyStubClsid
HKCR\Interface\{1985FCE1-4043-4346-AE70-D0A0CD90BDD3}\ProxyStubClsid32
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid
HKCR\Interface\{1A2AF056-1FE1-47CA-993D-5D09D18E674E}\ProxyStubClsid32
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid
HKCR\Interface\{2B81F920-6660-4F76-93BF-B1C67BF5D1A0}\ProxyStubClsid32
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}\ProxyStubClsid
HKCR\Interface\{2E623B96-B166-4C70-8169-820761794299}\ProxyStubClsid32
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid
HKCR\Interface\{34E29700-0D13-46AA-B9A5-ACE68E21A091}\ProxyStubClsid32
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid
HKCR\Interface\{3661AF2D-C27B-499C-9BCF-66C8502A3806}\ProxyStubClsid32
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid
HKCR\Interface\{3F0915B8-B238-4C2D-AD1E-60DB1E14D27A}\ProxyStubClsid32
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid
HKCR\Interface\{49155DAE-C471-40FA-98EE-B2B3CAD115CE}\ProxyStubClsid32
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid
HKCR\Interface\{4D783385-0DDA-4188-A529-C97DC3D67CBD}\ProxyStubClsid32
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid
HKCR\Interface\{4E8B851B-05B0-4BAF-B24D-D0DFE88DDED3}\ProxyStubClsid32
HKCR\Interface\{50C3E2B3-4FD7-4CB9-91F9-641A6E6B3689}
HKCR\Interface\{50C3E2B3-4FD7-4CB9-91F9-641A6E6B3689}\ProxyStubClsid
HKCR\Interface\{50C3E2B3-4FD7-4CB9-91F9-641A6E6B3689}\ProxyStubClsid32
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid
HKCR\Interface\{5A4737A8-B92A-4E54-970E-C2891D98CE3F}\ProxyStubClsid32
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid
HKCR\Interface\{62B0B239-F9AC-4A5B-BFAE-62C7A23F7627}\ProxyStubClsid32
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid
HKCR\Interface\{6E10479B-31E8-4A3B-81B1-DDAF39097F19}\ProxyStubClsid32
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid
HKCR\Interface\{726F0AB9-B842-4AE4-90C7-230E233E6A99}\ProxyStubClsid32
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid
HKCR\Interface\{99123AC9-7DDA-4C82-B252-44C2804BF392}\ProxyStubClsid32
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid
HKCR\Interface\{ACE99E77-AA2A-43C2-8C9D-CAF2020FDF2B}\ProxyStubClsid32
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid
HKCR\Interface\{B247F5BF-BD9D-4ECD-8FC1-365F36A1FDA1}\ProxyStubClsid32
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid
HKCR\Interface\{B9CC2B92-5611-453F-8381-8B6F72D9C0B8}\ProxyStubClsid32
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid
HKCR\Interface\{BBBFB891-98AE-4678-86F3-BD5A2EED86C9}\ProxyStubClsid32
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid
HKCR\Interface\{C4543E64-1498-410D-8E72-4744EEA99AB9}\ProxyStubClsid32
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid
HKCR\Interface\{E0FB1610-B25B-49F6-BE20-751B2F230E6F}\ProxyStubClsid32
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid
HKCR\Interface\{E420A65F-9984-4B8C-9FA9-1ED69D3B0A13}\ProxyStubClsid32
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid
HKCR\Interface\{EA58C2EA-BE26-49DD-9B9A-C8E4E5CA7791}\ProxyStubClsid32
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid
HKCR\Interface\{FCA28AC5-C1E1-4D67-A5AE-C44D6C374D9F}\ProxyStubClsid32
HKCR\AppId\ZangoSA_df.exe
HKCR\AppId\ZangoSA_df.exe#AppID
HKCR\AppId\{DBF00E12-281C-4dc8-A7EC-1FF45182439B}

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DOCUMENTS AND SETTINGS\GREG SIMONS\LOCAL SETTINGS\TEMP\QRJATYDI.EXE
C:\QOOBOX\QUARANTINE\C\DOCUMENTS AND SETTINGS\GREG SIMONS\APPLICATION DATA\INSTALL_EN[1].EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004125.EXE

Trojan.Downloader-Gen/DDC
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VREPDBML.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WEPKRUXI.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004132.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004133.EXE

Adware.Vundo/Traff-2
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004134.EXE

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004135.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004136.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004137.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004138.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{0803D443-492F-46D4-A7CD-A0F2180414C9}\RP1\A0004139.DLL

Trojan.Downloader-CSRSS/Fake
C:\WINDOWS\SYSTEM32\WBEM\CSRSS.EXE

ken545
2007-12-06, 12:07
Do this.

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: (no name) - {98CC82BB-6094-4852-B34C-55856B6EF489} - (no file)
O2 - BHO: Flash Module - {C87FA4A3-2474-4a3f-B413-67D515905024} - rasmoesa.dll (file missing)
O4 - HKCU\..\Run: [runtime.exe] C:\WINDOWS\system32\runtime.exe
O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\Run: [default] C:\Documents and Settings\Greg Simons\scvhost.exe
O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\sysdrv.exe
O4 - HKCU\..\RunOnce: [ati] C:\Documents and Settings\Greg Simons\scvhost.exe

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...2YYUS_ZNxdm813


O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab

O20 - Winlogon Notify: md4hsh - C:\WINDOWS\SYSTEM32\md4hsh.dll




Please download OTMoveIt (http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe) by OldTimer.


Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):




C:\WINDOWS\System32\winlogon.scr
C:\WINDOWS\System32\drivers\sysdrv.exe
C:\Documents and Settings\Greg Simons\scvhost.exe
C:\WINDOWS\system32\runtime.exe
C:\WINDOWS\SYSTEM32\md4hsh.dll

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button.
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it into your next reply.
Close OTMoveIt


If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



I would like you to run Combofix again and post the OtMoveIt log, the NEW Combofix log and a new HJT log please

gsimo
2007-12-06, 20:47
Things seem to be getting better. I couldn't find all the lines you had written when i did the HJT scan. found some of them and had it fix them. Not sure why the others weren't there. Here are the logs

ComboFix 07-12-02.7 - Greg Simons 2007-12-06 10:32:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382 [GMT -8:00]
Running from: C:\Documents and Settings\Greg Simons\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))
.

2007-12-05 15:36 . 2007-12-05 17:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-05 15:36 . 2007-12-05 15:36 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\SUPERAntiSpyware.com
2007-12-05 15:36 . 2007-12-05 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-05 15:24 . 2007-12-05 15:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 14:01 . 2007-12-05 15:11 <DIR> d-------- C:\VundoFix Backups
2007-12-05 13:46 . 2007-12-05 16:57 <DIR> d-------- C:\WINDOWS\system32\inf
2007-12-05 13:46 . 2007-12-05 16:37 205,824 --a------ C:\WINDOWS\system32\mwisys32_071205.dll
2007-12-05 13:46 . 2007-12-05 13:46 104,632 --a------ C:\WINDOWS\system32\877281
2007-12-05 13:46 . 2007-12-05 13:46 104,632 --a------ C:\WINDOWS\system\sslxpes071205.exe
2007-12-05 13:46 . 2007-12-05 13:46 25,088 --a------ C:\WINDOWS\system32\lwisys16_071205.dll
2007-12-05 13:46 . 2007-12-05 16:37 483 --a------ C:\WINDOWS\pwisys.ini
2007-12-05 13:46 . 2007-12-05 15:35 183 --a------ C:\WINDOWS\system32\mywehit.ini
2007-12-05 13:46 . 2007-12-05 15:35 179 --a------ C:\WINDOWS\system32\mywehit.ini.tmp
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\boa1.dat
2007-12-04 17:45 . 2007-12-04 17:45 6,129 --a------ C:\WINDOWS\system32\3867296
2007-12-04 16:45 . 2007-12-04 16:45 6,129 --a------ C:\WINDOWS\system32\266640
2007-12-03 09:37 . 2007-12-03 09:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 20:42 . 2004-10-08 07:26 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-02 20:07 . 2007-12-02 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2007-12-02 19:24 . 2007-12-02 19:24 231,593 --a------ C:\WINDOWS\system32\991734
2007-12-02 19:11 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-02 18:05 . 2007-12-02 18:05 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-02 17:04 . 2004-08-04 04:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-12-02 17:04 . 2004-08-04 04:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-02 17:04 . 2004-08-04 04:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-02 17:02 . 2004-08-04 04:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2007-12-02 17:01 . 2004-08-04 04:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2007-12-02 17:00 . 2004-08-04 04:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-02 16:59 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-02 16:58 . 2003-03-24 16:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2007-12-02 16:58 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2007-12-02 16:58 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2007-12-02 16:58 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2007-12-02 16:58 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2007-12-02 16:55 . 2007-12-02 16:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-02 13:06 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-12-02 12:46 . 2004-08-04 04:00 1,086,058 -ra------ C:\WINDOWS\SETF5.tmp
2007-12-02 12:46 . 2004-08-04 04:00 1,042,903 -ra------ C:\WINDOWS\SETF2.tmp
2007-12-02 12:46 . 2004-08-04 04:00 13,753 -ra------ C:\WINDOWS\SET101.tmp
2007-12-02 12:46 . 2004-08-04 04:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2007-12-01 19:59 . 2007-12-01 19:59 9,225 --a------ C:\WINDOWS\system32\189078
2007-12-01 13:31 . 2007-12-01 13:31 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-30 15:13 . 2007-11-30 15:17 <DIR> d-------- C:\Program Files\PC Doc Pro
2007-11-30 15:13 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2007-11-30 15:13 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-11-30 15:13 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2007-11-29 17:20 . 2007-11-29 17:20 0 --a------ C:\WINDOWS\system32\345640
2007-11-28 18:45 . 2007-11-28 18:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-28 18:43 . 2004-11-29 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-28 18:43 . 2004-11-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-11-28 18:43 . 2004-11-29 12:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-11-28 18:43 . 2004-11-29 12:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2007-11-28 18:43 . 2007-06-11 11:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-28 08:24 . 2007-11-28 08:24 18,944 --a------ C:\WINDOWS\system32\44460421
2007-11-28 07:23 . 2007-11-28 07:23 8,965 --a------ C:\WINDOWS\system32\40804359
2007-11-28 06:19 . 2007-11-28 06:19 8,965 --a------ C:\WINDOWS\system32\36987953
2007-11-28 05:11 . 2007-11-28 05:11 8,965 --a------ C:\WINDOWS\system32\32882500
2007-11-28 04:10 . 2007-11-28 04:10 8,965 --a------ C:\WINDOWS\system32\29202515
2007-11-28 03:09 . 2007-11-28 03:09 8,965 --a------ C:\WINDOWS\system32\25564515
2007-11-28 02:08 . 2007-11-28 02:08 8,965 --a------ C:\WINDOWS\system32\21886250
2007-11-27 20:06 . 2007-12-05 15:13 2,032 --a------ C:\WINDOWS\system32\nvnati.sys
2007-11-25 13:43 . 2007-11-25 14:13 100 --a------ C:\WINDOWS\system32\config.xml
2007-11-24 16:27 . 2007-11-24 16:27 18,944 --a------ C:\WINDOWS\system32\549984
2007-11-24 16:27 . 2007-11-28 08:24 12,800 --a------ C:\WINDOWS\system32\dialsv32.dll
2007-11-23 11:35 . 2007-11-23 11:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-23 10:42 . 2007-11-23 10:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Program Files\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-23 10:41 . 2007-06-21 18:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-11-23 10:41 . 2007-06-21 18:43 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-23 10:41 . 2007-06-21 18:43 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-23 10:41 . 2007-06-21 18:43 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-23 10:41 . 2007-06-21 18:43 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-11-22 19:43 . 2007-11-22 19:43 10,240 --a------ C:\WINDOWS\system32\winsck2.dll
2007-11-22 10:37 . 2007-11-22 10:37 0 --a------ C:\WINDOWS\system32\717960140
2007-11-22 10:20 . 2007-11-22 10:20 29 --a------ C:\WINDOWS\system32\epftorig.tmp
2007-11-22 10:15 . 2007-11-24 18:19 45,072 --a------ C:\WINDOWS\taskmon.exe
2007-11-22 10:14 . 2004-08-04 04:00 98,816 --a------ C:\WINDOWS\system32\dsound3.2
2007-11-22 10:14 . 2004-08-04 04:00 94,720 --a------ C:\WINDOWS\system32\dsound3.1
2007-11-22 10:13 . 2007-11-23 15:05 <DIR> d-------- C:\Program Files\AntiVirusPro
2007-11-22 10:13 . 2007-11-22 10:13 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\Anti-Virus-Pro.com
2007-11-18 19:10 . 2007-11-18 19:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-18 19:10 . 2007-11-18 19:10 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 21:31 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 02:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-11-22 19:12 --------- d-----w C:\Program Files\Lx_cats
2007-11-22 18:52 --------- d-----w C:\Program Files\LimeWire
2007-10-14 00:06 --------- d-----w C:\Documents and Settings\Greg Simons\Application Data\SecondLife
2007-10-12 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
1999-10-18 17:51 69,120 ----a-w C:\WINDOWS\inf\Colprofs.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 20:28]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-08-11 18:09 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 nvnati;NVidia XTLayer gateway;\??\C:\WINDOWS\system32\nvnati.sys
S2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe
S3 echodap;echodap;C:\WINDOWS\system32\drivers\echodap.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\system32\noskrnl.sys
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\Drivers\RIOXDRV.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 17:47:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-02 14:44:49 C:\WINDOWS\Tasks\wrSpySweeper_L4A6B66CAE26944958548900A3A7338E9.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L4A6B66CAE26944958548900A3A7338E9
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-06 10:36:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-06 10:37:32
C:\ComboFix2.txt ... 2007-12-05 17:09
.
--- E O F ---

gsimo
2007-12-06, 20:51
File/Folder C:\WINDOWS\System32\winlogon.scr not found.
File/Folder C:\WINDOWS\System32\drivers\sysdrv.exe not found.
File/Folder C:\Documents and Settings\Greg Simons\scvhost.exe not found.
File/Folder C:\WINDOWS\system32\runtime.exe not found.
File/Folder C:\WINDOWS\SYSTEM32\md4hsh.dll not found.

Created on 12/06/2007 10:30:06



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:14 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://smtp.aesgeo.com:8090/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://smtp.aesgeo.com/BusinessPortal/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://smtp.aesgeo.com/businessportal/portal/shell/SDClientTools.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe (file missing)

--
End of file - 13355 bytes

ken545
2007-12-07, 02:25
Hello

Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint manager or anything that has to do with Viewpoint, at the present time its not malicious ( this may change in the future ) and installs without your knowledge or consent , uses system resources and is not used for anything.


Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above File::



File::
C:\WINDOWS\system32\mwisys32_071205.dll
C:\WINDOWS\system\sslxpes071205.exe
C:\WINDOWS\system32\lwisys16_071205.dll
C:\WINDOWS\pwisys.ini
C:\WINDOWS\system32\mywehit.ini
C:\WINDOWS\system32\mywehit.ini.tmp
C:\WINDOWS\system32\winsck2.dll

Folder::
C:\Program Files\AntiVirusPro


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

gsimo
2007-12-07, 21:52
Here they are. Thanks


ComboFix 07-12-02.7 - Greg Simons 2007-12-07 9:45:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.203 [GMT -8:00]
Running from: C:\Documents and Settings\Greg Simons\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Greg Simons\Desktop\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\pwisys.ini
C:\WINDOWS\system\sslxpes071205.exe
C:\WINDOWS\system32\lwisys16_071205.dll
C:\WINDOWS\system32\mwisys32_071205.dll
C:\WINDOWS\system32\mywehit.ini
C:\WINDOWS\system32\mywehit.ini.tmp
C:\WINDOWS\system32\winsck2.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AntiVirusPro
C:\WINDOWS\pwisys.ini
C:\WINDOWS\system\sslxpes071205.exe
C:\WINDOWS\system32\_000016_.tmp.dll
C:\WINDOWS\system32\_000017_.tmp.dll
C:\WINDOWS\system32\_000019_.tmp.dll
C:\WINDOWS\system32\_000023_.tmp.dll
C:\WINDOWS\system32\lwisys16_071205.dll
C:\WINDOWS\system32\mwisys32_071205.dll
C:\WINDOWS\system32\mywehit.ini
C:\WINDOWS\system32\mywehit.ini.tmp
C:\WINDOWS\system32\winsck2.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-07 to 2007-12-07 )))))))))))))))))))))))))))))))
.

2007-12-06 14:49 . 2004-10-08 08:26 159,744 --a------ C:\WINDOWS\system32\igfxres.dll
2007-12-06 14:40 . 2007-12-06 14:40 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-05 15:36 . 2007-12-05 17:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-12-05 15:36 . 2007-12-05 15:36 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\SUPERAntiSpyware.com
2007-12-05 15:36 . 2007-12-05 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-05 15:24 . 2007-12-05 15:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-05 14:01 . 2007-12-05 15:11 <DIR> d-------- C:\VundoFix Backups
2007-12-05 13:46 . 2007-12-05 16:57 <DIR> d-------- C:\WINDOWS\system32\inf
2007-12-05 13:46 . 2007-12-05 13:46 104,632 --a------ C:\WINDOWS\system32\877281
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\rc.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\cs.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-12-04 18:48 . 2007-12-04 18:48 1 --a------ C:\WINDOWS\system32\boa1.dat
2007-12-04 17:45 . 2007-12-04 17:45 6,129 --a------ C:\WINDOWS\system32\3867296
2007-12-04 16:45 . 2007-12-04 16:45 6,129 --a------ C:\WINDOWS\system32\266640
2007-12-03 09:37 . 2007-12-03 09:37 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-02 20:07 . 2007-12-02 20:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Logitech
2007-12-02 19:24 . 2007-12-02 19:24 231,593 --a------ C:\WINDOWS\system32\991734
2007-12-02 19:11 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-02 18:05 . 2007-12-02 18:05 12,598 --a------ C:\WINDOWS\system32\wpa.bak
2007-12-02 17:04 . 2004-08-04 04:00 48,256 --a--c--- C:\WINDOWS\system32\dllcache\w32.dll
2007-12-02 17:04 . 2004-08-04 04:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll
2007-12-02 17:04 . 2004-08-04 04:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys
2007-12-02 17:02 . 2004-08-04 04:00 482,304 --a--c--- C:\WINDOWS\system32\dllcache\pintlgnt.ime
2007-12-02 17:01 . 2004-08-04 04:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2007-12-02 17:00 . 2004-08-04 04:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2007-12-02 16:59 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2007-12-02 16:58 . 2003-03-24 16:52 188,480 --a--c--- C:\WINDOWS\system32\dllcache\cfgwiz.exe
2007-12-02 16:58 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\author.dll
2007-12-02 16:58 . 2003-03-24 16:52 20,540 --a--c--- C:\WINDOWS\system32\dllcache\admin.dll
2007-12-02 16:58 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\author.exe
2007-12-02 16:58 . 2003-03-24 16:52 16,439 --a--c--- C:\WINDOWS\system32\dllcache\admin.exe
2007-12-02 16:55 . 2007-12-02 16:55 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2007-12-02 16:54 . 2007-12-02 16:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2007-12-02 13:06 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-12-02 12:46 . 2004-08-04 04:00 1,086,058 -ra------ C:\WINDOWS\SETF5.tmp
2007-12-02 12:46 . 2004-08-04 04:00 1,042,903 -ra------ C:\WINDOWS\SETF2.tmp
2007-12-02 12:46 . 2004-08-04 04:00 13,753 -ra------ C:\WINDOWS\SET101.tmp
2007-12-02 12:46 . 2004-08-04 04:00 7,334 --a--c--- C:\WINDOWS\system32\dllcache\wmerrenu.cat
2007-12-01 19:59 . 2007-12-01 19:59 9,225 --a------ C:\WINDOWS\system32\189078
2007-12-01 13:31 . 2007-12-01 13:31 <DIR> d-------- C:\Program Files\Windows Live Favorites
2007-11-30 15:13 . 2007-11-30 15:17 <DIR> d-------- C:\Program Files\PC Doc Pro
2007-11-30 15:13 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2007-11-30 15:13 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2007-11-30 15:13 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2007-11-29 17:20 . 2007-11-29 17:20 0 --a------ C:\WINDOWS\system32\345640
2007-11-28 18:45 . 2007-11-28 18:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-28 18:43 . 2004-11-29 12:43 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-28 18:43 . 2004-11-20 18:16 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2007-11-28 18:43 . 2004-11-29 12:37 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intuit
2007-11-28 18:43 . 2004-11-29 12:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2007-11-28 18:43 . 2007-06-11 11:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-11-28 08:24 . 2007-11-28 08:24 18,944 --a------ C:\WINDOWS\system32\44460421
2007-11-28 07:23 . 2007-11-28 07:23 8,965 --a------ C:\WINDOWS\system32\40804359
2007-11-28 06:19 . 2007-11-28 06:19 8,965 --a------ C:\WINDOWS\system32\36987953
2007-11-28 05:11 . 2007-11-28 05:11 8,965 --a------ C:\WINDOWS\system32\32882500
2007-11-28 04:10 . 2007-11-28 04:10 8,965 --a------ C:\WINDOWS\system32\29202515
2007-11-28 03:09 . 2007-11-28 03:09 8,965 --a------ C:\WINDOWS\system32\25564515
2007-11-28 02:08 . 2007-11-28 02:08 8,965 --a------ C:\WINDOWS\system32\21886250
2007-11-27 20:06 . 2007-12-05 15:13 2,032 --a------ C:\WINDOWS\system32\nvnati.sys
2007-11-25 13:43 . 2007-11-25 14:13 100 --a------ C:\WINDOWS\system32\config.xml
2007-11-24 16:27 . 2007-11-24 16:27 18,944 --a------ C:\WINDOWS\system32\549984
2007-11-24 16:27 . 2007-11-28 08:24 12,800 --a------ C:\WINDOWS\system32\dialsv32.dll
2007-11-23 11:35 . 2007-11-23 11:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-23 10:42 . 2007-11-23 10:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Program Files\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\Webroot
2007-11-23 10:41 . 2007-11-30 13:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-11-23 10:41 . 2007-06-21 18:57 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-11-23 10:41 . 2007-06-21 18:43 160,056 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-11-23 10:41 . 2007-06-21 18:43 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-11-23 10:41 . 2007-06-21 18:43 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-11-23 10:41 . 2007-06-21 18:43 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-11-22 10:37 . 2007-11-22 10:37 0 --a------ C:\WINDOWS\system32\717960140
2007-11-22 10:20 . 2007-11-22 10:20 29 --a------ C:\WINDOWS\system32\epftorig.tmp
2007-11-22 10:15 . 2007-11-24 18:19 45,072 --a------ C:\WINDOWS\taskmon.exe
2007-11-22 10:14 . 2004-08-04 04:00 98,816 --a------ C:\WINDOWS\system32\dsound3.2
2007-11-22 10:14 . 2004-08-04 04:00 94,720 --a------ C:\WINDOWS\system32\dsound3.1
2007-11-22 10:13 . 2007-11-22 10:13 <DIR> d-------- C:\Documents and Settings\Greg Simons\Application Data\Anti-Virus-Pro.com
2007-11-18 19:10 . 2007-11-18 19:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-18 19:10 . 2007-11-18 19:10 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 17:35 --------- d-----w C:\Program Files\Viewpoint
2007-12-07 17:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-12-01 21:31 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-27 02:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2007-11-22 19:12 --------- d-----w C:\Program Files\Lx_cats
2007-11-22 18:52 --------- d-----w C:\Program Files\LimeWire
2007-10-14 00:06 --------- d-----w C:\Documents and Settings\Greg Simons\Application Data\SecondLife
2007-10-12 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
.

((((((((((((((((((((((((((((( snapshot@2007-12-05_17.09.17.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890046\spuninst.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB890046\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890046\update\updspapi.dll
- 2005-02-25 02:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
+ 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB890859\spmsg.dll
- 2005-02-25 02:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
+ 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB890859\spuninst.exe
- 2005-02-25 02:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
+ 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB890859\update\spcustom.dll
- 2005-02-25 02:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
+ 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\update.exe
- 2005-02-25 02:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
+ 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB890859\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB893756\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB893756\spuninst.exe
- 2005-07-08 02:27:08 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-07-08 03:27:08 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB893756\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB894391\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB894391\spuninst.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB894391\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB894391\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB896358\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896358\spuninst.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB896358\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896358\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896423\spuninst.exe
- 2005-06-29 23:54:32 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-06-30 00:54:32 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB896423\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB896428\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB896428\spuninst.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB896428\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB896428\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB899587\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899587\spuninst.exe
- 2005-06-29 23:54:32 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
+ 2005-06-30 00:54:32 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB899587\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB899591\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB899591\spuninst.exe
- 2005-06-29 23:54:32 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-06-30 00:54:32 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB899591

gsimo
2007-12-07, 22:01
\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB899591\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB900725\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB900725\spuninst.exe
- 2005-09-27 00:36:24 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
+ 2005-09-27 01:36:24 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB900725\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB901017\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901017\spuninst.exe
- 2005-09-09 23:26:26 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
+ 2005-09-10 00:26:26 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB901017\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB901214\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB901214\spuninst.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB901214\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB901214\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB902400\spuninst.exe
- 2005-07-26 02:21:18 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
+ 2005-07-26 03:21:18 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB902400\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB904706\spuninst.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB904706\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB904706\update\updspapi.dll
- 2005-02-25 03:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
+ 2005-02-25 04:35:06 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB905749\spmsg.dll
- 2005-02-25 03:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
+ 2005-02-25 04:35:06 209,632 ----a-w C:\WINDOWS\$hf_mig$\KB905749\spuninst.exe
- 2005-08-23 01:01:30 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
+ 2005-08-23 02:01:30 30,720 -c--a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
- 2005-02-25 03:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
+ 2005-02-25 04:35:06 22,240 -c--a-w C:\WINDOWS\$hf_mig$\KB905749\update\spcustom.dll
- 2005-02-25 03:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
+ 2005-02-25 04:35:06 718,048 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\update.exe
- 2005-02-25 03:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
+ 2005-02-25 04:35:08 371,936 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\updspapi.dll
- 2006-05-14 08:48:18 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
+ 2006-06-22 10:36:52 180,736 ----a-w C:\WINDOWS\$hf_mig$\KB911280\SP2QFE\rasmans.dll
- 2005-10-12 23:16:49 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
+ 2005-10-12 23:12:25 14,048 -c--a-w C:\WINDOWS\$hf_mig$\KB911280\spmsg.dll
- 2005-10-12 23:16:49 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB911280\spuninst.exe
- 2005-10-12 23:16:49 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
+ 2005-10-12 23:12:25 22,752 -c--a-w C:\WINDOWS\$hf_mig$\KB911280\update\spcustom.dll
- 2005-10-12 23:16:51 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\update.exe
- 2005-10-12 23:16:56 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB911280\update\updspapi.dll
+ 2007-03-09 13:58:57 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\agentdpv.dll
+ 2007-03-09 11:28:00 248,320 ----a-w C:\WINDOWS\$hf_mig$\KB932168\SP2QFE\xpsp3res.dll
+ 2006-01-19 19:29:19 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spmsg.dll
+ 2006-01-19 19:29:19 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB932168\spuninst.exe
+ 2006-01-19 19:29:19 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\spcustom.dll
+ 2006-01-19 19:29:19 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\update.exe
+ 2006-01-19 19:29:19 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB932168\update\updspapi.dll
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-08-22 12:55:28 1,022,976 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\browseui.dll
+ 2007-08-22 12:55:29 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\cdfview.dll
+ 2007-08-22 12:55:30 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\danim.dll
+ 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\extmgr.dll
+ 2007-08-21 10:19:39 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iedw.exe
+ 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\iepeers.dll
+ 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\inseng.dll
+ 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\jsproxy.dll
+ 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtml.dll
+ 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mshtmled.dll
+ 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\msrating.dll
+ 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\mstime.dll
+ 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\pngfilt.dll
+ 2007-08-22 12:55:40 1,498,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shdocvw.dll
+ 2007-08-22 12:55:41 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\shlwapi.dll
+ 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\urlmon.dll
+ 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
+ 2007-08-21 10:13:33 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB939653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB939653\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
- 2005-03-21 22:00:20 2,890,240 -c--a-w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
+ 2004-08-04 12:00:00 2,804,224 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msi.dll
+ 2004-08-04 12:00:00 77,312 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
+ 2004-08-04 12:00:00 331,264 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msihnd.dll
+ 2004-08-04 12:00:00 884,736 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msimsg.dll
+ 2004-08-04 12:00:00 44,032 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msisip.dll
- 2005-05-04 21:45:26 209,632 -c--a-w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
+ 2005-05-04 22:45:26 209,632 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- 2005-05-04 21:45:28 371,936 -c--a-w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
+ 2005-05-04 22:45:28 371,936 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
+ 2006-02-15 00:22:26 142,464 ------w C:\WINDOWS\Driver Cache\i386\aec.sys
+ 2006-03-17 00:33:10 262,784 ------w C:\WINDOWS\Driver Cache\i386\http.sys
+ 2006-06-14 08:47:45 172,416 ------w C:\WINDOWS\Driver Cache\i386\kmixer.sys
+ 2006-05-05 09:41:45 453,120 ------w C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
+ 2007-02-28 09:08:48 2,136,064 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2006-06-14 08:47:46 6,400 ------w C:\WINDOWS\Driver Cache\i386\splitter.sys
+ 2006-06-14 09:00:45 82,944 ------w C:\WINDOWS\Driver Cache\i386\wdmaud.sys
- 2004-08-04 12:00:00 1,032,192 ----a-w C:\WINDOWS\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
- 2004-08-04 12:00:00 10,752 ----a-w C:\WINDOWS\hh.exe
+ 2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
- 2004-08-04 12:00:00 41,984 ----a-w C:\WINDOWS\msagent\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 ----a-w C:\WINDOWS\msagent\agentdp2.dll
- 2004-08-04 12:00:00 58,880 ----a-w C:\WINDOWS\msagent\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 ----a-w C:\WINDOWS\msagent\agentdpv.dll
- 2004-08-04 12:00:00 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 ----a-w C:\WINDOWS\msagent\agentsvr.exe
+ 2007-07-31 03:19:20 92,504 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\cdm.dll
+ 2007-07-31 03:19:36 549,720 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuapi.dll
+ 2007-07-31 03:19:16 53,080 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuauclt.exe
+ 2007-07-31 03:19:42 1,712,984 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuaueng.dll
+ 2007-07-31 03:19:32 325,976 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wucltui.dll
+ 2007-07-31 03:18:40 33,624 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wups.dll
a-w

gsimo
2007-12-07, 22:08
- 2004-08-04 12:00:00 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
- 2004-08-04 12:00:00 56,832 ----a-w C:\WINDOWS\system32\authz.dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
- 2004-08-04 12:00:00 1,016,832 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
- 2004-08-04 12:00:00 229,888 ----a-w C:\WINDOWS\system32\catsrv.dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
- 2004-08-04 12:00:00 628,224 ----a-w C:\WINDOWS\system32\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
- 2004-08-04 12:00:00 150,528 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-08-22 13:12:15 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\cdm.dll
+ 2007-07-31 03:19:20 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
- 2004-08-04 12:00:00 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
- 2004-08-04 12:00:00 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
+ 2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
- 2004-08-04 12:00:00 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
- 2004-08-04 12:00:00 501,248 ----a-w C:\WINDOWS\system32\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
- 2004-08-04 12:00:00 62,464 ----a-w C:\WINDOWS\system32\colbact.dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
- 2004-08-04 12:00:00 195,584 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
+ 2005-07-26 04:39:44 195,072 ----a-w C:\WINDOWS\system32\Com\comadmin.dll
- 2004-08-04 12:00:00 611,328 ----a-w C:\WINDOWS\system32\comctl32.dll
+ 2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
- 2004-08-04 12:00:00 82,432 ----a-w C:\WINDOWS\system32\comrepl.dll
+ 2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 ----a-w C:\WINDOWS\system32\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
- 2004-08-04 12:00:00 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
+ 2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
- 2004-08-04 12:00:00 1,053,696 ----a-w C:\WINDOWS\system32\danim.dll
+ 2007-08-22 13:12:16 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 ----a-w C:\WINDOWS\system32\dhcpcsvc.dll
- 2004-08-04 12:00:00 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
+ 2006-08-16 11:58:05 100,352 -c--a-w C:\WINDOWS\system32\dllcache\6to4svc.dll
- 2004-08-04 12:00:00 41,984 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
+ 2006-10-12 14:02:52 42,496 -c--a-w C:\WINDOWS\system32\dllcache\agentdp2.dll
- 2004-08-04 12:00:00 58,880 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
+ 2007-03-09 13:46:24 57,344 -c--a-w C:\WINDOWS\system32\dllcache\agentdpv.dll
- 2004-08-04 12:00:00 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
+ 2006-10-12 11:09:53 256,512 -c--a-w C:\WINDOWS\system32\dllcache\agentsvr.exe
- 2004-08-04 12:00:00 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
+ 2005-03-02 18:09:29 56,832 -c--a-w C:\WINDOWS\system32\dllcache\authz.dll
- 2004-08-04 12:00:00 1,016,832 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-08-22 13:12:15 1,022,976 -c--a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2004-08-04 12:00:00 229,888 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
+ 2005-07-26 04:39:42 225,792 -c--a-w C:\WINDOWS\system32\dllcache\catsrv.dll
- 2004-08-04 12:00:00 628,224 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
+ 2005-07-26 04:39:43 625,152 -c--a-w C:\WINDOWS\system32\dllcache\catsrvut.dll
- 2004-08-04 12:00:00 150,528 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-08-22 13:12:15 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2007-07-31 03:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2004-08-04 12:00:00 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
+ 2005-09-10 01:53:41 2,067,968 -c--a-w C:\WINDOWS\system32\dllcache\cdosys.dll
- 2004-08-04 12:00:00 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
+ 2006-06-22 05:06:29 69,120 -c--a-w C:\WINDOWS\system32\dllcache\ciodm.dll
- 2004-08-04 12:00:00 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
+ 2005-07-26 04:39:43 110,080 -c--a-w C:\WINDOWS\system32\dllcache\clbcatex.dll
- 2004-08-04 12:00:00 501,248 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
+ 2005-07-26 04:39:43 498,688 -c--a-w C:\WINDOWS\system32\dllcache\clbcatq.dll
- 2004-08-04 12:00:00 62,464 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
+ 2005-07-26 04:39:43 60,416 -c--a-w C:\WINDOWS\system32\dllcache\colbact.dll
- 2004-08-04 12:00:00 195,584 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
+ 2005-07-26 04:39:44 195,072 -c--a-w C:\WINDOWS\system32\dllcache\comadmin.dll
- 2004-08-04 12:00:00 611,328 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
+ 2006-08-25 15:45:58 617,472 -c--a-w C:\WINDOWS\system32\dllcache\comctl32.dll
- 2004-08-04 12:00:00 82,432 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
+ 2005-07-26 04:39:44 97,792 -c--a-w C:\WINDOWS\system32\dllcache\comrepl.dll
- 2004-08-04 12:00:00 1,251,840 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
+ 2005-07-26 04:39:44 1,267,200 -c--a-w C:\WINDOWS\system32\dllcache\comsvcs.dll
- 2004-08-04 12:00:00 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
+ 2005-07-26 04:39:45 540,160 -c--a-w C:\WINDOWS\system32\dllcache\comuid.dll
- 2004-08-04 12:00:00 1,053,696 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-08-22 13:12:16 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
+ 2006-05-19 12:59:41 111,616 -c--a-w C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
- 2004-08-04 12:00:00 81,408 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
+ 2007-05-16 15:12:00 86,528 -c--a-w C:\WINDOWS\system32\dllcache\directdb.dll
- 2004-08-04 12:00:00 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2006-06-26 17:37:10 148,480 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-04 12:00:00 498,205 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
+ 2006-08-22 12:05:26 498,742 -c--a-w C:\WINDOWS\system32\dllcache\dxmasf.dll
- 2004-08-04 12:00:00 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00:00 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
+ 2005-07-26 04:39:45 243,200 -c--a-w C:\WINDOWS\system32\dllcache\es.dll
- 2004-08-04 12:00:00 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
+ 2005-10-20 22:20:03 1,082,368 -c--a-w C:\WINDOWS\system32\dllcache\esent.dll
- 2004-08-04 12:00:00 1,032,192 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
+ 2007-06-13 10:23:07 1,033,216 -c--a-w C:\WINDOWS\system32\dllcache\explorer.exe
- 2004-08-04 12:00:00 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-08-22 13:12:16 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2004-08-04 12:00:00 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
+ 2006-08-21 12:21:06 16,896 -c--a-w C:\WINDOWS\system32\dllcache\fltlib.dll
- 2004-08-04 12:00:00 22,528 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
+ 2006-08-21 09:14:58 23,040 -c--a-w C:\WINDOWS\system32\dllcache\fltmc.exe
- 2004-08-04 12:00:00 124,800 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
+ 2006-08-21 09:14:58 128,896 -c--a-w C:\WINDOWS\system32\dllcache\fltmgr.sys
- 2004-08-04 12:00:00 79,360 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
+ 2005-10-17 21:14:45 80,896 -c--a-w C:\WINDOWS\system32\dllcache\fontsub.dll
- 2004-08-04 12:00:00 278,016 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
+ 2007-06-19 13:31:19 282,112 -c--a-w C:\WINDOWS\system32\dllcache\gdi32.dll
- 2004-08-04 12:00:00 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
+ 2005-05-26 23:22:01 10,752 -c--a-w C:\WINDOWS\system32\dllcache\hh.exe
- 2004-08-04 12:00:00 38,912 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 -c--a-w C:\WINDOWS\system32\dllcache\hhsetup.dll
- 2004-08-04 12:00:00 77,850 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
+ 2006-07-21 08:24:43 72,704 -c--a-w C:\WINDOWS\system32\dllcache\hlink.dll
- 2004-08-04 12:00:00 253,952 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
+ 2005-06-29 01:46:00 254,976 -c--a-w C:\WINDOWS\system32\dllcache\icm32.dll
- 2004-08-04 12:00:00 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-08-21 10:30:45 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2004-08-04 12:00:00 249,344 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-08-22 13:12:16 251,392 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2004-08-04 12:00:00 678,400 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2004-08-04 12:00:00 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-08-22 13:12:16 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2004-08-04 12:00:00 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 -c--a-w C:\WINDOWS\system32\dllcache\iphlpapi.dll
- 2004-08-04 12:00:00 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
+ 2004-09-29 22:28:37 134,912 -c--a-w C:\WINDOWS\system32\dllcache\ipnat.sys
- 2004-08-04 12:00:00 143,872 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
+ 2005-05-27 02:04:27 155,136 -c--a-w C:\WINDOWS\system32\dllcache\itircl.dll
- 2004-08-04 12:00:00 134,144 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2005-05-27 02:04:27 137,216 -c--a-w C:\WINDOWS\system32\dllcache\itss.dll
+ 2006-06-01 18:47:07 163,840 -c----w C:\WINDOWS\system32\dllcache\jgdw400.dll
+ 2006-06-01 18:47:07 27,648 -c----w C:\WINDOWS\system32\dllcache\jgpl400.dll
- 2004-08-04 12:00:00 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2004-08-04 12:00:00 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00:00 294,400 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
+ 2005-06-15 17:49:30 295,936 -c--a-w C:\WINDOWS\system32\dllcache\kerberos.dll
- 2004-08-04 12:00:00 983,552 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2007-04-16 15:52:53 984,576 -c--a-w C:\WINDOWS\system32\dllcache\kernel32.dll
+ 2006-06-14 08:47:45 172,416 -c----w C:\WINDOWS\system32\dllcache\kmixer.sys
- 2004-08-04 12:00:00 18,944 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 -c--a-w C:\WINDOWS\system32\dllcache\linkinfo.dll
- 2004-08-04 12:00:00 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2006-08-17 12:28:27 721,920 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2004-08-04 12:00:00 39,936 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
+ 2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\dllcache\mf3216.dll
- 2004-08-04 12:00:00 924,432 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 -c--a-w C:\WINDOWS\system32\dllcache\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 -c--a-w C:\WINDOWS\system32\dllcache\mfc42u.dll
- 2004-08-04 12:00:00 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2005-07-25 23:46:57 7,680 -c--a-w C:\WINDOWS\system32\dllcache\migregdb.exe
+ 2004-08-04 06:58:34 23,040 -c--a-w C:\WINDOWS\system32\dllcache\mouclass.sys
+ 2001-08-17 21:48:00 12,160 -c--a-w C:\WINDOWS\system32\dllcache\mouhid.sys
+ 2006-05-05 09:41:45 453,120 -c----w C:\WINDOWS\system32\dllcache\mrxsmb.sys
- 2004-08-04 12:00:00 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
+ 2006-03-23 05:44:21 143,360 -c--a-w C:\WINDOWS\system32\dllcache\msadco.dll
- 2004-08-04 12:00:00 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
+ 2006-12-26 13:07:23 536,576 -c--a-w C:\WINDOWS\system32\dllcache\msado15.dll
- 2004-08-04 12:00:00 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
+ 2006-12-26 13:07:23 180,224 -c--a-w C:\WINDOWS\system32\dllcache\msadomd.dll
- 2004-08-04 12:00:00 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
+ 2006-12-26 13:07:23 200,704 -c--a-w C:\WINDOWS\system32\dllcache\msadox.dll
- 2004-08-04 12:00:00 73,728 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
+ 2005-06-29 01:46:00 74,240 -c--a-w C:\WINDOWS\system32\dllcache\mscms.dll
- 2004-08-04 12:00:00 425,472 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 -c--a-w C:\WINDOWS\system32\dllcache\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 -c--a-w C:\WINDOWS\system32\dllcache\msdtctm.dll
- 2004-08-04 12:00:00 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 -c--a-w C:\WINDOWS\system32\dllcache\msdtcuiu.dll
- 2004-08-04 12:00:00 537,088 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
+ 2006-11-27 14:54:06 539,136 -c--a-w C:\WINDOWS\system32\dllcache\msftedit.dll
- 2004-08-04 12:00:00 3,003,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2004-08-04 12:00:00 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00:00 2,804,224 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
+ 2007-04-18 16:12:23 2,854,400 -c--a-w C:\WINDOWS\system32\dllcache\msi.dll
- 2004-08-04 12:00:00 77,312 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
+ 2005-05-04 22:45:36 78,848 -c--a-w C:\WINDOWS\system32\dllcache\msiexec.exe
- 2004-08-04 12:00:00 331,264 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
+ 2005-05-04 22:45:36 271,360 -c--a-w C:\WINDOWS\system32\dllcache\msihnd.dll
- 2004-08-04 12:00:00 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
+ 2005-05-04 22:45:36 884,736 -c--a-w C:\WINDOWS\system32\dllcache\msimsg.dll
- 2004-08-04 12:00:00 44,032 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
+ 2005-05-04 22:45:36 15,360 -c--a-w C:\WINDOWS\system32\dllcache\msisip.dll
- 2004-08-04 12:00:00 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
+ 2006-12-26 13:07:23 102,400 -c--a-w C:\WINDOWS\system32\dllcache\msjro.dll
- 2004-08-04 12:00:00 1,311,232 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
+ 2007-05-16 15:12:08 1,314,816 -c--a-w C:\WINDOWS\system32\dllcache\msoe.dll
- 2004-08-04 12:00:00 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-08-22 13:12:17 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 12:00:00 530,432 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-08-22 13:12:17 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 12:00:00 1,236,480 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll

gsimo
2007-12-07, 22:09
+ 2007-06-26 06:08:16 1,104,896 -c--a-w C:\WINDOWS\system32\dllcache\msxml3.dll
- 2004-08-04 12:00:00 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 -c--a-w C:\WINDOWS\system32\dllcache\mtxclu.dll
- 2004-08-04 12:00:00 90,112 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 -c--a-w C:\WINDOWS\system32\dllcache\mtxoci.dll
- 2004-08-04 12:00:00 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
+ 2006-08-17 12:28:27 332,288 -c--a-w C:\WINDOWS\system32\dllcache\netapi32.dll
- 2004-08-04 12:00:00 198,144 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
+ 2005-08-22 18:29:46 197,632 -c--a-w C:\WINDOWS\system32\dllcache\netman.dll
- 2004-08-04 12:00:00 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
+ 2005-11-30 00:27:06 364,544 -c--a-w C:\WINDOWS\system32\dllcache\npdsplay.dll
- 2004-08-04 12:00:00 574,592 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-09 11:10:35 574,464 -c--a-w C:\WINDOWS\system32\dllcache\ntfs.sys
+ 2007-02-28 09:08:48 2,136,064 -c----w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
+ 2007-02-28 08:38:55 2,057,600 -c----w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
+ 2007-02-28 08:38:57 2,015,744 -c----w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
+ 2007-02-28 09:10:57 2,180,352 -c----w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
- 2004-08-04 12:00:00 144,384 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 -c--a-w C:\WINDOWS\system32\dllcache\nwprovau.dll
- 2004-08-04 12:00:00 1,281,536 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 -c--a-w C:\WINDOWS\system32\dllcache\ole32.dll
- 2004-08-04 12:00:00 553,472 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2004-08-04 12:00:00 68,608 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
+ 2005-07-26 04:39:48 74,752 -c--a-w C:\WINDOWS\system32\dllcache\olecli32.dll
- 2004-08-04 12:00:00 34,304 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 -c--a-w C:\WINDOWS\system32\dllcache\olecnv32.dll
- 2004-08-04 12:00:00 117,760 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
+ 2006-10-16 16:15:00 122,880 -c--a-w C:\WINDOWS\system32\dllcache\oledlg.dll
- 2004-08-04 12:00:00 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00:00 1,287,680 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2005-08-30 03:54:26 1,287,168 -c--a-w C:\WINDOWS\system32\dllcache\quartz.dll
- 2004-08-04 12:00:00 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
+ 2006-06-22 05:06:30 1,435,648 -c--a-w C:\WINDOWS\system32\dllcache\query.dll
- 2004-08-04 12:00:00 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 -c--a-w C:\WINDOWS\system32\dllcache\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
+ 2006-06-22 10:47:18 181,248 -c--a-w C:\WINDOWS\system32\dllcache\rasmans.dll
- 2004-08-04 12:00:00 176,512 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
+ 2006-05-05 09:47:57 174,592 -c--a-w C:\WINDOWS\system32\dllcache\rdbss.sys
- 2004-08-04 12:00:00 139,400 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 -c--a-w C:\WINDOWS\system32\dllcache\rdpwd.sys
- 2004-08-04 12:00:00 431,616 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
+ 2006-11-27 14:54:06 433,152 -c--a-w C:\WINDOWS\system32\dllcache\riched20.dll
- 2004-08-04 12:00:00 200,064 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2004-08-04 12:00:00 581,120 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 -c--a-w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
+ 2005-07-26 04:39:49 397,824 -c--a-w C:\WINDOWS\system32\dllcache\rpcss.dll
- 2004-08-04 12:00:00 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
+ 2007-04-25 14:21:15 144,896 -c--a-w C:\WINDOWS\system32\dllcache\schannel.dll
- 2004-08-04 12:00:00 1,483,264 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00:00 8,384,000 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c--a-w C:\WINDOWS\system32\dllcache\shell32.dll
- 2004-08-04 12:00:00 473,600 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 -c--a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00:00 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 -c--a-w C:\WINDOWS\system32\dllcache\shsvcs.dll
+ 2006-06-14 08:47:46 6,400 -c----w C:\WINDOWS\system32\dllcache\splitter.sys
- 2004-08-04 12:00:00 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 -c--a-w C:\WINDOWS\system32\dllcache\spoolsv.exe
- 2004-08-04 12:00:00 336,256 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2006-08-14 10:34:41 332,928 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2004-08-04 12:00:00 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 -c--a-w C:\WINDOWS\system32\dllcache\srvsvc.dll
- 2004-08-04 12:00:00 246,302 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
+ 2006-08-21 17:52:08 246,814 -c--a-w C:\WINDOWS\system32\dllcache\strmdll.dll
- 2004-08-04 12:00:00 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
+ 2006-10-19 13:56:32 713,216 -c--a-w C:\WINDOWS\system32\dllcache\sxs.dll
- 2004-08-04 12:00:00 210,432 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
+ 2005-10-17 21:14:46 118,272 -c--a-w C:\WINDOWS\system32\dllcache\t2embed.dll
- 2004-08-04 12:00:00 246,272 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 -c--a-w C:\WINDOWS\system32\dllcache\tapisrv.dll
- 2004-08-04 12:00:00 359,040 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2004-08-04 12:00:00 223,616 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2004-08-04 12:00:00 75,264 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
+ 2005-05-10 23:45:48 75,776 -c--a-w C:\WINDOWS\system32\dllcache\telnet.exe
- 2004-08-04 12:00:00 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
+ 2005-07-26 04:39:49 101,376 -c--a-w C:\WINDOWS\system32\dllcache\txflog.dll
- 2004-08-04 12:00:00 118,272 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 -c--a-w C:\WINDOWS\system32\dllcache\umpnpmgr.dll
- 2004-08-04 12:00:00 209,408 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
+ 2007-04-23 10:32:54 364,160 -c--a-w C:\WINDOWS\system32\dllcache\update.sys
- 2004-08-04 12:00:00 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
+ 2007-02-05 20:17:02 185,344 -c--a-w C:\WINDOWS\system32\dllcache\upnphost.dll
- 2004-08-04 12:00:00 601,088 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-08-22 13:12:18 615,424 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 577,024 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
+ 2007-03-08 15:36:28 577,536 -c--a-w C:\WINDOWS\system32\dllcache\user32.dll
- 2004-08-04 12:00:00 848,384 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2004-08-04 12:00:00 504,832 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
+ 2007-05-16 15:12:12 510,976 -c--a-w C:\WINDOWS\system32\dllcache\wab32.dll
- 2004-08-04 12:00:00 84,992 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2007-05-16 15:12:15 85,504 -c--a-w C:\WINDOWS\system32\dllcache\wabimp.dll
+ 2006-06-14 09:00:45 82,944 -c----w C:\WINDOWS\system32\dllcache\wdmaud.sys
- 2004-08-04 12:00:00 67,584 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
+ 2006-01-04 03:35:05 68,096 -c--a-w C:\WINDOWS\system32\dllcache\webclnt.dll
- 2004-08-04 12:00:00 333,312 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 -c--a-w C:\WINDOWS\system32\dllcache\wiaservc.dll
- 2004-08-04 12:00:00 1,835,904 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2007-03-08 13:47:48 1,843,584 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2004-08-04 12:00:00 656,384 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-08-22 13:12:18 658,944 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2004-08-04 12:00:00 290,816 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
+ 2007-03-17 13:43:01 292,864 -c--a-w C:\WINDOWS\system32\dllcache\winsrv.dll
- 2004-08-04 12:00:00 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 -c--a-w C:\WINDOWS\system32\dllcache\wkssvc.dll
- 2004-08-11 09:45:04 5,550,080 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-04-30 16:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-11 09:45:06 2,362,104 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-04 12:00:00 430,592 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2007-07-31 03:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2004-08-04 12:00:00 111,104 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2007-07-31 03:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2007-07-31 03:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2004-08-04 12:00:00 112,640 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2007-07-31 03:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2004-08-04 12:00:00 36,864 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2007-07-31 03:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2004-08-04 12:00:00 120,320 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2007-07-31 03:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
- 2004-08-04 12:00:00 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 -c--a-w C:\WINDOWS\system32\dllcache\xolehlp.dll
- 2004-08-04 12:00:00 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2006-06-26 17:37:10 148,480 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 12:00:00 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
+ 2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
- 2004-08-04 12:00:00 124,800 ----a-w C:\WINDOWS\system32\drivers\fltMgr.sys
+ 2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
- 2004-08-04 12:00:00 263,040 ----a-w C:\WINDOWS\system32\drivers\http.sys
+ 2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
- 2004-10-08 15:54:56 752,093 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
+ 2004-10-08 16:54:56 752,093 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
- 2004-08-04 12:00:00 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
+ 2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
- 2004-08-04 12:00:00 171,776 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
+ 2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
- 2004-08-04 12:00:00 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
+ 2004-08-04 06:58:34 23,040 ----a-w C:\WINDOWS\system32\drivers\mouclass.sys
- 2004-08-04 12:00:00 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
+ 2001-08-17 21:48:00 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
- 2004-08-04 12:00:00 451,456 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
+ 2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
- 2004-08-04 12:00:00 574,592 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
+ 2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
- 2004-08-04 12:00:00 176,512 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
+ 2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
- 2004-08-04 12:00:00 139,400 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
+ 2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
- 2004-08-04 12:00:00 200,064 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys
+ 2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
- 2004-08-04 07:07:48 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
+ 2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
- 2004-08-04 12:00:00 336,256 ----a-w C:\WINDOWS\system32\drivers\srv.sys
+ 2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
- 2004-08-04 12:00:00 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-08-04 12:00:00 223,616 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
+ 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
- 2004-08-04 12:00:00 209,408 ----a-w C:\WINDOWS\system32\drivers\update.sys
+ 2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
- 2004-08-04 12:00:00 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
+ 2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
- 2004-08-04 12:00:00 498,205 ----a-w C:\WINDOWS\system32\dxmasf.dll
+ 2006-08-22 12:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
- 2004-08-04 12:00:00 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-22 13:12:16 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2004-08-04 12:00:00 201,728 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-22 13:12:16 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2004-08-04 12:00:00 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
- 2004-08-04 12:00:00 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
- 2004-08-04 12:00:00 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-22 13:12:16 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2004-08-04 12:00:00 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
+ 2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
- 2004-08-04 12:00:00 22,528 ----a-w C:\WINDOWS\system32\fltMc.exe
+ 2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
- 2007-12-02 21:21:46 170,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-12-07 18:05:02 170,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-08-04 12:00:00 79,360 ----a-w C:\WINDOWS\system32\fontsub.dll
+ 2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
- 2004-08-04 12:00:00 278,016 ----a-w C:\WINDOWS\system32\gdi32.dll
+ 2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
- 2004-10-08 15:26:26 118,784 ----a-w C:\WINDOWS\system32\hccutils.dll
+ 2004-10-08 16:26:26 118,784 ----a-w C:\WINDOWS\system32\hccutils.dll
- 2004-08-04 12:00:00 38,912 ----a-w C:\WINDOWS\system32\hhsetup.dll
+ 2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
- 2004-10-08 15:27:22 126,976 ----a-w C:\WINDOWS\system32\hkcmd.exe
+ 2004-10-08 16:27:22 126,976 ----a-w C:\WINDOWS\system32\hkcmd.exe
- 2004-08-04 12:00:00 77,850 ----a-w C:\WINDOWS\system32\hlink.dll
+ 2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
- 2004-08-04 12:00:00 345,088 ----a-w C:\WINDOWS\system32\hypertrm.dll
+ 2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
- 2004-10-08 15:54:18 770,107 ----a-w C:\WINDOWS\system32\ialmdd5.dll
+ 2004-10-08 16:54:18 770,107 ----a-w C:\WINDOWS\system32\ialmdd5.dll
- 2004-10-08 15:47:16 153,275 ----a-w C:\WINDOWS\system32\ialmdev5.dll
+ 2004-10-08 16:47:16 153,275 ----a-w C:\WINDOWS\system32\ialmdev5.dll
- 2004-10-08 15:47:26 101,436 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
+ 2004-10-08 16:47:26 101,436 ----a-w C:\WINDOWS\system32\ialmdnt5.dll
- 2004-10-08 15:46:48 495,616 ----a-w C:\WINDOWS\system32\ialmgdev.dll
+ 2004-10-08 16:46:48 495,616 ----a-w C:\WINDOWS\system32\ialmgdev.dll
- 2004-10-08 15:45:08 2,289,664 ----a-w C:\WINDOWS\system32\ialmgicd.dll
+ 2004-10-08 16:45:08 2,289,664 ----a-w C:\WINDOWS\system32\ialmgicd.dll
- 2004-10-08 15:47:28 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
+ 2004-10-08 16:47:28 49,152 ----a-w C:\WINDOWS\system32\ialmrem.dll
- 2004-10-08 15:47:32 38,463 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
+ 2004-10-08 16:47:32 38,463 ----a-w C:\WINDOWS\system32\ialmrnt5.dll
- 2004-08-04 12:00:00 253,952 ----a-w C:\WINDOWS\system32\icm32.dll
+ 2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
- 2004-08-04 12:00:00 249,344 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-22 13:12:16 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-10-08 15:29:04 495,616 ----a-w C:\WINDOWS\system32\igfxcfg.exe
+ 2004-10-08 16:29:04 495,616 ----a-w C:\WINDOWS\system32\igfxcfg.exe
- 2004-10-08 15:26:18 139,264 ----a-w C:\WINDOWS\system32\igfxdev.dll
+ 2004-10-08 16:26:18 139,264 ----a-w C:\WINDOWS\system32\igfxdev.dll
- 2004-10-08 15:29:48 45,056 ----a-w C:\WINDOWS\system32\igfxdgps.dll
+ 2004-10-08 16:29:48 45,056 ----a-w C:\WINDOWS\system32\igfxdgps.dll
- 2004-10-08 15:29:46 151,552 ----a-w C:\WINDOWS\system32\igfxdiag.exe
+ 2004-10-08 16:29:46 151,552 ----a-w C:\WINDOWS\system32\igfxdiag.exe
- 2004-10-08 15:26:02 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
+ 2004-10-08 16:26:02 86,016 ----a-w C:\WINDOWS\system32\igfxdo.dll
- 2004-10-08 15:30:30 225,280 ----a-w C:\WINDOWS\system32\igfxeud.dll
+ 2004-10-08 16:30:30 225,280 ----a-w C:\WINDOWS\system32\igfxeud.dll
- 2004-10-08 15:31:36 36,864 ----a-w C:\WINDOWS\system32\igfxexps.dll
+ 2004-10-08 16:31:36 36,864 ----a-w C:\WINDOWS\system32\igfxexps.dll
- 2004-10-08 15:31:34 106,496 ----a-w C:\WINDOWS\system32\igfxext.exe
+ 2004-10-08 16:31:34 106,496 ----a-w C:\WINDOWS\system32\igfxext.exe
- 2004-10-08 15:27:10 126,976 ----a-w C:\WINDOWS\system32\igfxhk.dll
+ 2004-10-08 16:27:10 126,976 ----a-w C:\WINDOWS\system32\igfxhk.dll
- 2004-10-08 15:31:00 225,280 ----a-w C:\WINDOWS\system32\igfxpph.dll
+ 2004-10-08 16:31:00 225,280 ----a-w C:\WINDOWS\system32\igfxpph.dll
- 2004-10-08 15:26:38 1,245,184 ----a-w C:\WINDOWS\system32\igfxress.dll
+ 2004-10-08 16:26:38 1,245,184 ----a-w C:\WINDOWS\system32\igfxress.dll
- 2004-10-08 15:27:00 344,064 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
+ 2004-10-08 16:27:00 344,064 ----a-w C:\WINDOWS\system32\igfxsrvc.dll
- 2004-10-08 15:31:26 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
+ 2004-10-08 16:31:26 155,648 ----a-w C:\WINDOWS\system32\igfxtray.exe
- 2004-10-08 15:31:58 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
+ 2004-10-08 16:31:58 114,688 ----a-w C:\WINDOWS\system32\igfxzoom.exe
- 2004-08-04 12:00:00 678,400 ----a-w C:\WINDOWS\system32\inetcomm.dll

gsimo
2007-12-07, 22:10
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2004-08-04 12:00:00 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-22 13:12:16 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2004-08-04 12:00:00 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi.dll
- 2004-08-04 12:00:00 143,872 ----a-w C:\WINDOWS\system32\itircl.dll
+ 2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
- 2004-08-04 12:00:00 134,144 ----a-w C:\WINDOWS\system32\itss.dll
+ 2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\jgdw400.dll
+ 2006-06-01 18:47:07 163,840 ----a-w C:\WINDOWS\system32\jgdw400.dll
- 2004-08-04 12:00:00 42,496 ----a-w C:\WINDOWS\system32\jgpl400.dll
+ 2006-06-01 18:47:07 27,648 ----a-w C:\WINDOWS\system32\jgpl400.dll
- 2004-08-04 12:00:00 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2004-08-04 12:00:00 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-22 13:12:16 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2004-08-04 12:00:00 294,400 ----a-w C:\WINDOWS\system32\kerberos.dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
- 2004-08-04 12:00:00 983,552 ----a-w C:\WINDOWS\system32\kernel32.dll
+ 2007-04-16 15:52:53 984,576 ----a-w C:\WINDOWS\system32\kernel32.dll
- 2004-08-04 12:00:00 18,944 ----a-w C:\WINDOWS\system32\linkinfo.dll
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
- 2004-08-04 12:00:00 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2004-08-04 12:00:00 39,936 ----a-w C:\WINDOWS\system32\mf3216.dll
+ 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
- 2004-08-04 12:00:00 924,432 ----a-w C:\WINDOWS\system32\mfc40u.dll
+ 2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
- 2004-08-04 12:00:00 1,024,000 ----a-w C:\WINDOWS\system32\mfc42u.dll
+ 2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
- 2004-08-04 12:00:00 73,728 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2004-08-04 12:00:00 425,472 ----a-w C:\WINDOWS\system32\msdtcprx.dll
+ 2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
- 2004-08-04 12:00:00 949,248 ----a-w C:\WINDOWS\system32\msdtctm.dll
+ 2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
- 2004-08-04 12:00:00 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
+ 2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
- 2004-08-04 12:00:00 537,088 ----a-w C:\WINDOWS\system32\msftedit.dll
+ 2006-11-27 14:54:06 539,136 ----a-w C:\WINDOWS\system32\msftedit.dll
- 2004-08-04 12:00:00 3,003,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-22 13:12:17 3,058,176 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2004-08-04 12:00:00 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-22 13:12:17 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 12:00:00 2,804,224 ----a-w C:\WINDOWS\system32\msi.dll
+ 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
- 2004-08-04 12:00:00 77,312 ----a-w C:\WINDOWS\system32\msiexec.exe
+ 2005-05-04 22:45:36 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
- 2004-08-04 12:00:00 331,264 ----a-w C:\WINDOWS\system32\msihnd.dll
+ 2005-05-04 22:45:36 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
- 2004-08-04 12:00:00 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
+ 2005-05-04 22:45:36 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
- 2004-08-04 12:00:00 44,032 ----a-w C:\WINDOWS\system32\msisip.dll
+ 2005-05-04 22:45:36 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
- 2004-08-04 12:00:00 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-22 13:12:17 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 12:00:00 530,432 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-22 13:12:17 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2005-05-25 10:40:00 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2004-08-04 12:00:00 1,236,480 ----a-w C:\WINDOWS\system32\msxml3.dll
+ 2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
- 2004-08-04 12:00:00 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll
- 2004-08-04 12:00:00 90,112 ----a-w C:\WINDOWS\system32\mtxoci.dll
+ 2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
- 2004-08-04 12:00:00 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32.dll
- 2004-08-04 12:00:00 198,144 ----a-w C:\WINDOWS\system32\netman.dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
- 2004-08-04 12:00:00 2,056,832 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
+ 2007-02-28 08:38:55 2,057,600 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
- 2004-08-04 12:00:00 2,180,992 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
+ 2007-02-28 09:10:57 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
- 2004-08-04 12:00:00 144,384 ----a-w C:\WINDOWS\system32\nwprovau.dll
+ 2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
- 2004-10-08 15:32:02 69,632 ----a-w C:\WINDOWS\system32\oemdspif.dll
+ 2004-10-08 16:32:02 69,632 ----a-w C:\WINDOWS\system32\oemdspif.dll
- 2004-08-04 12:00:00 1,281,536 ----a-w C:\WINDOWS\system32\ole32.dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
- 2004-08-04 12:00:00 553,472 ----a-w C:\WINDOWS\system32\oleaut32.dll
+ 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2004-08-04 12:00:00 68,608 ----a-w C:\WINDOWS\system32\olecli32.dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
- 2004-08-04 12:00:00 34,304 ----a-w C:\WINDOWS\system32\olecnv32.dll
+ 2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
- 2004-08-04 12:00:00 117,760 ----a-w C:\WINDOWS\system32\oledlg.dll
+ 2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
- 2007-12-03 02:07:34 54,850 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-07 18:10:16 54,850 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-03 02:07:34 385,256 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-07 18:10:16 385,256 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2004-08-04 12:00:00 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-22 13:12:17 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2004-08-04 12:00:00 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
- 2004-08-04 12:00:00 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
+ 2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
- 2004-08-04 12:00:00 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp.dll
- 2004-08-04 12:00:00 174,080 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans.dll
+ 2005-05-20 23:01:00 36,480 ----a-w C:\WINDOWS\system32\ReinstallBackups\0018\DriverFiles\LHidUsbK.sys
- 2004-08-04 12:00:00 431,616 ----a-w C:\WINDOWS\system32\riched20.dll
+ 2006-11-27 14:54:06 433,152 ----a-w C:\WINDOWS\system32\riched20.dll
- 2004-08-04 12:00:00 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2004-08-04 12:00:00 395,776 ----a-w C:\WINDOWS\system32\rpcss.dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
- 2004-08-04 12:00:00 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
+ 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
- 2004-08-04 12:00:00 1,483,264 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-08-22 13:12:18 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2004-08-04 12:00:00 8,384,000 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2004-08-04 12:00:00 473,600 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-08-22 13:12:18 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2004-08-04 12:00:00 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs.dll
- 2007-07-31 02:18:40 33,624 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
+ 2007-07-31 03:18:40 33,624 -c--a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.0.6000.381\wups.dll
- 2004-08-04 12:00:00 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
+ 2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
- 2004-08-04 12:00:00 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
+ 2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
- 2004-08-04 12:00:00 246,302 ----a-w C:\WINDOWS\system32\strmdll.dll
+ 2006-08-21 17:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
- 2004-08-04 12:00:00 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
- 2004-08-04 12:00:00 210,432 ----a-w C:\WINDOWS\system32\t2embed.dll
+ 2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
- 2004-08-04 12:00:00 246,272 ----a-w C:\WINDOWS\system32\tapisrv.dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
- 2004-08-04 12:00:00 75,264 ----a-w C:\WINDOWS\system32\telnet.exe
+ 2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
- 2004-08-04 12:00:00 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
+ 2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
- 2004-08-04 12:00:00 118,272 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
- 2004-08-04 12:00:00 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
+ 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
- 2004-08-04 12:00:00 601,088 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-22 13:12:18 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 577,024 ----a-w C:\WINDOWS\system32\user32.dll
+ 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
- 2004-08-04 12:00:00 67,584 ----a-w C:\WINDOWS\system32\webclnt.dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
- 2004-08-04 12:00:00 333,312 ----a-w C:\WINDOWS\system32\wiaservc.dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc.dll
- 2004-08-04 12:00:00 1,835,904 ----a-w C:\WINDOWS\system32\win32k.sys
+ 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
- 2004-08-04 12:00:00 656,384 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-22 13:12:18 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
- 2004-08-04 12:00:00 290,816 ----a-w C:\WINDOWS\system32\winsrv.dll
+ 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
- 2004-08-04 12:00:00 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
+ 2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
- 2004-08-11 09:45:04 5,550,080 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2007-04-30 16:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-11 09:45:06 2,362,104 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
- 2004-08-04 12:00:00 430,592 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 03:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
- 2004-08-04 12:00:00 111,104 ----a-w C:\WINDOWS\system32\wuauclt.exe
+ 2007-07-31 03:19:16 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
- 2004-08-04 12:00:00 1,134,592 ----a-w C:\WINDOWS\system32\wuaueng.dll
+ 2007-07-31 03:19:42 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
- 2004-08-04 12:00:00 112,640 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 03:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
- 2004-08-04 12:00:00 36,864 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 03:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
- 2004-08-04 12:00:00 120,320 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2007-07-31 03:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
- 2004-08-04 12:00:00 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
+ 2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
- 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2006-08-25 15:45:55 1,054,208 ----a-w C:\WINDOWS\WinSxS\InstallTemp\6455090\comctl32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2006-12-01 20:28]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 10:01]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 04:00 C:\WINDOWS\system32\rundll32.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 C:\WINDOWS\KHALMNPR.Exe]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-05-15 19:46]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 08:31]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 08:27]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 09:17]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2006-11-16 16:54:32]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-08-11 18:09 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Service Pack 1]

R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R1 nvnati;NVidia XTLayer gateway;\??\C:\WINDOWS\system32\nvnati.sys
S2 wwEngineSvc;Window Washer Engine;C:\Program Files\Webroot\Washer\WasherSvc.exe
S3 echodap;echodap;C:\WINDOWS\system32\drivers\echodap.sys
S3 noskrnl.sys;noskrnl.sys;\??\C:\WINDOWS\system32\noskrnl.sys
S3 RIOXDRV;SONICblue Rio generic driver XP+;C:\WINDOWS\system32\Drivers\RIOXDRV.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-07 18:47:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-12-06 23:15:47 C:\WINDOWS\Tasks\wrSpySweeper_L4A6B66CAE26944958548900A3A7338E9.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_L4A6B66CAE26944958548900A3A7338E9
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- C:\
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 11:23:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-07 11:26:55 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-06 10:37
C:\ComboFix3.txt ... 2007-12-05 17:09
.
--- E O F ---

gsimo
2007-12-07, 22:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:11 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - https://smtp.aesgeo.com:8090/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196981991688
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://smtp.aesgeo.com/BusinessPortal/msrdp.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc3.webresponse.one.microsoft.com/media/xp/TLIEFlash.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BA11E984-66D3-11D3-9196-006008105FA5} (SDClientHelper Class) - https://smtp.aesgeo.com/businessportal/portal/shell/SDClientTools.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3913.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Unknown owner - C:\Program Files\Webroot\Washer\WasherSvc.exe (file missing)

--
End of file - 13852 bytes

ken545
2007-12-07, 22:13
You can manually delete both of these.

C:\WINDOWS\system32\d3d9caps.dat
C:\VundoFix Backups



Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://www.java.com/en/download/manual.jsp) and install the update
Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future


How is your system behaving now??

gsimo
2007-12-08, 00:41
Seems to be running better. Still have some problem with internet explorer. Stops responding and has to be shut down using ctrl alt del. Ohter than that its much better. Thanks

ken545
2007-12-08, 01:23
Glad things are better :bigthumb:

Your Internet Explorer is outdated, they have a newer version that you can download and install. IE7 Its more secure than IE6 and it may correct your problem with it closing.

http://www.microsoft.com/windows/products/winfamily/ie/default.mspx




How did I get infected in the first place ? Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
TonyKlein CastleCops (http://www.castlecops.com/postlite7736-.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.

Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community

Spybot Search and Destroy 1.5 (http://www.safer-networking.org/en/download/)
Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.

Spyware Blaster (http://www.javacoolsoftware.com/spywareblaster.html) It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.

Spyware Guard (http://www.javacoolsoftware.com/spywareguard.html) It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.

IE-Spyad (http://www.pcworld.com/downloads/file/fid,23332-order,1-page,1-c,antispywaretools/description.html)
IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

Firefox 2.0.0.6 (http://www.mozilla.org/products/firefox/) It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

Zone Alarm (http://www.pcworld.com/downloads/file_description/0,fid,7228,00.asp) Here is a free Firewall from Zone Labs, I wouldn't access the internet without it.


Glad we could help

Safe Surfn
Ken

gsimo
2007-12-08, 06:52
Well thanks for all the help. Really appreciate it. I'm still trying to download ie7 but i'm having problems with my current internet explorer. Also should i leave all those programs on my computer like combofix, HJT, and all the others? Thanks

ken545
2007-12-08, 14:44
Good Morning,

You can leave HJT installed in case you need it in the future. You can also leave SuperAntiSpyware installed.

You can drag Vundofix, Fixwareout to the trash as they are updated on a regular basis.


Go to Start > Run and copy and paste ComboFix /u into the box
Make sure there's a space between Combofix and /
Then hit enter.
This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.



Why don't you try installing the Firefox browser, I have been using it for years and only use IE when I absolutely have to. You can try downloading IE7 to your desktop with Firefox and then close out Firefox and install IE7


You can also try posting here for help. they will be better or assist you with windows issues as this forum is for malware removal only.

Windows Tech Support Forums

PcPitStop (http://pcpitstop.com/) <-- You can take your system in for a checkup here.
Windows Helpnet (http://www.windowsbbs.com/) <-- Excellent XP Forum


Ken:p:

gsimo
2007-12-08, 23:07
Ok i'll try it. Again, thanks for the help. i really really appreciate it. Take it easy

Greg

ken545
2007-12-09, 03:45
Your more than welcome Greg :santa: Have a Happy Holiday