Page 1 of 4 1234 LastLast
Results 1 to 10 of 34

Thread: Popups & Command Service

  1. 2006-10-30, 20:41 #1
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default Popups & Command Service

    I ran the eTrust Antivirus Scan and got about 40 files that said infected, all with the same infection "Win32/Virut.5127"

    Also, here is the hjt log file

    Code:
    
Logfile of HijackThis v1.99.1
Scan saved at 6:18:35 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
c:\nwnmff_e43.exe
C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160811155375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1160813055828
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\dmuiext.dll (file missing)
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\xysp3res.dll (file missing)
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\uwrcntra.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
    SpyBot has never been able to fix the Command Service program except in Windows Safe Mode, and it still comes back the next time I run a scan in normal windows mode.

    Let me know if any more information is needed!
  2. 2006-11-04, 12:29 #2
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Hello and welcome to the forum, sorry for the wait, logs are many and volunteers are few. If you still need help and are not receiving it at another forum, please do this.
    Please be sure you have completed all instructions in this link:
    "BEFORE you POST" -Preliminary Steps and scanning with SPYBOT-S&D
    http://forums.spybot.info/showthread.php?t=288

    Post a new HJT log using "post reply" to stay in this same topic. Please copy and paste your logs, do not code or quote them.
    I will take a look as soon as as possible after you post.

    Thanks
  3. 2006-11-04, 15:48 #3
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 2:15:46 PM, on 11/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6DC25841-9CD6-E455-80FB-B6693F8CDCB3} - C:\WINDOWS\system32\dsozhfmd.dll
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160811155375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160813055828
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\dmuiext.dll (file missing)
    O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\xysp3res.dll (file missing)
    O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\uwrcntra.dll (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  4. 2006-11-04, 15:51 #4
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    eTrust Antivirus Web Scanner
    Scan Results: 49546 files scanned. 1415 viruses were detected.

    File Infection Status Path
    ac3_0010.exe Win32/Virut.5127 infected C:\
    d2l_Install.exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\
    d2l_PlayD2.exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\
    jinstall.exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\ICD1.tmp\
    MTE3NDI6ODoxNg[1].exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\NoadwareBkupTemp\
    nwnmff_e[1].exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\Temporary Internet Files\Content.IE5\5U6V5ZOH\
    dfndrff_e_uit[1].exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\Temporary Internet Files\Content.IE5\87ZT1FE8\
    ac3_0010[1].exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\Temporary Internet Files\Content.IE5\B49W0BN0\
    drsmartload44a[1].exe Win32/Virut.5127 infected C:\Documents and Settings\Monica\Local Settings\Temp\Temporary Internet Files\Content.IE5\HWVWCE6J\


    ----

    I will refrain from posting all 1415 files here, unless you're sure that's what you want
  5. 2006-11-04, 18:19 #5
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Do you ever clean out your temp and temporany internet files? Looks like what you are showing me. You have a pretty good infection so let's start like this:

    How to make files and folders visible:
    Click Start > Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK. (leave that set as instructed until we finish)

    Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop. Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Now to be sure we got it all follow these instructions:
    http://ts.mcafeehelp.com/faq3.asp?docid=68085
    http://www.mvps.org/winhelp2002/delcache.htm

    1. Download ComboFix.exe using either of these links:

    * bleepingcomputer.com
    http://download.bleepingcomputer.com/sUBs/combofix.exe
    * techsupportforum.com
    http://www.techsupportforum.com/sectools/combofix.exe

    2. Double click on combofix.exe & follow the prompts.

    3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall If the log is large You might need to post half in one reply half in another.

    Post the combofix log and a new HJT log.

    Thanks
  6. 2006-11-04, 18:55 #6
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    Monica - 06-11-04 17:45:44.54 Service Pack 2
    ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Monica\Desktop"

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:

    [HKEY_CLASSES_ROOT\clsid\{C50124D6-0D9F-4E2E-8A4A-7124DD4D2941}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{C50124D6-0D9F-4E2E-8A4A-7124DD4D2941}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C50124D6-0D9F-4E2E-8A4A-7124DD4D2941}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{C50124D6-0D9F-4E2E-8A4A-7124DD4D2941}\InprocServer32]
    @="C:\\WINDOWS\\system32\\uwrcntra.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{55407D7F-9A6C-4FD3-B7D6-8FFA21A338DA}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{55407D7F-9A6C-4FD3-B7D6-8FFA21A338DA}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{55407D7F-9A6C-4FD3-B7D6-8FFA21A338DA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{55407D7F-9A6C-4FD3-B7D6-8FFA21A338DA}\InprocServer32]
    @="C:\\WINDOWS\\system32\\xysp3res.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{E23988BA-448B-4C8B-B594-A792E053B9F1}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{E23988BA-448B-4C8B-B594-A792E053B9F1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{E23988BA-448B-4C8B-B594-A792E053B9F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{E23988BA-448B-4C8B-B594-A792E053B9F1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\dmuiext.dll"
    "ThreadingModel"="Apartment"

    [HKEY_CLASSES_ROOT\clsid\{D9655593-5C48-4C76-A4DC-605E230FB4A5}]
    @=""
    "IDEx"="ADDRC:\\mc44a35.exe"

    [HKEY_CLASSES_ROOT\clsid\{D9655593-5C48-4C76-A4DC-605E230FB4A5}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D9655593-5C48-4C76-A4DC-605E230FB4A5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{D9655593-5C48-4C76-A4DC-605E230FB4A5}\InprocServer32]
    @="C:\\WINDOWS\\system32\\SBCVRT32.DLL"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    Granting sedebugprivilege to Administrators ... successful


    ((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dxclib303562752.dll
    C:\Documents and Settings\Monica\Application Data\Dxccwrd.dll
    C:\Documents and Settings\Monica\Application Data\Dxcdmns.dll
    C:\Documents and Settings\Monica\Application Data\Dxcknwrd.dll
    C:\Documents and Settings\Monica\Application Data\Dxcuknwrd.dll
    C:\WINDOWS\system32\bkd.exe
    C:\Program Files\DeluxeCommunications\Dxc.exe
    C:\Program Files\DeluxeCommunications\DxcBho.dll
    C:\Program Files\DeluxeCommunications\DxcCore.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    C:\WINDOWS\system32\dxclib303562752.dll
    C:\Program Files\DeluxeCommunications\Dxc.exe
    C:\Program Files\DeluxeCommunications\DxcBho.dll
    C:\Program Files\DeluxeCommunications\DxcCore.dll
    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\drsmartload.exe
    C:\deskbar_e42.exe
    C:\deskbar_e44.exe
    C:\deskbar_e45.exe
    C:\deskbar_e46.exe
    C:\nwnmff_e43.exe
    C:\nwnmff_e44.exe
    C:\nwnmff_e45.exe
    C:\ac3_0010.exe
    C:\RDFX4.exe
    C:\WINDOWS\wallpap.exe
    C:\WINDOWS\system32\wnsintsv.exe
    C:\Program Files\Deskbar
    C:\WINDOWS\TW9uaWNhIEdyZWdvcnk

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\Documents and Settings\Monica\My Documents\SMANTE~1
    C:\QooBox\Purity\Documents and Settings\Monica\My Documents\SMANTE~1\?hkntfs.exe
    C:\QooBox\Purity\Program Files\YSTEM3~1
    C:\QooBox\Purity\Program Files\YSTEM3~1\arpa.exe
    C:\QooBox\Purity\Program Files\YSTEM3~1\YSTEM3~1
  7. 2006-11-04, 18:56 #7
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    ((((((((((((((((((((((((((((((( Files Created from 2006-10-04 to 2006-11-04 ))))))))))))))))))))))))))))))))))


    2006-11-04 17:52 688,369 --a------ C:\deskbar_e48.exe
    2006-11-04 17:52 421,888 --a------ C:\dfndrff_e48.exe
    2006-11-04 17:52 28,672 --a------ C:\mc44a48.exe
    2006-11-04 17:52 251,352 --a------ C:\deskbar.exe
    2006-11-04 17:47 65,536 --a------ C:\drsmartload.exe
    2006-11-02 07:29 32,768 --a------ C:\mc44a46.exe
    2006-11-02 00:01 442,368 --a------ C:\windows.exe
    2006-11-02 00:00 32,768 --a------ C:\mc44a45.exe
    2006-10-31 07:06 32,768 --a------ C:\mc44a44.exe
    2006-10-31 00:02 32,768 --a------ C:\mc44a43.exe
    2006-10-31 00:02 131,072 --a------ C:\WINDOWS\system32\dsozhfmd.dll
    2006-10-31 00:01 96,768 --------- C:\WINDOWS\system32\dxclib303562752.dll
    2006-10-30 00:00 118,784 --a------ C:\WINDOWS\v1201.exe
    2006-10-27 17:29 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2006-10-27 17:29 102,400 --a------ C:\WINDOWS\DIIUnin.exe
    2006-10-27 17:14 904,496 --a------ C:\WINDOWS\system32\drivers\ha10kx2k.sys
    2006-10-27 17:14 645,392 --a------ C:\WINDOWS\system32\drivers\ctac32k.sys
    2006-10-27 17:14 606,208 --a------ C:\WINDOWS\system32\ctsblfx.dll
    2006-10-27 17:14 6,096 --a------ C:\WINDOWS\system32\drivers\ctprxy2k.sys
    2006-10-27 17:14 585,728 --a------ C:\WINDOWS\system32\ctaudfx.dll
    2006-10-27 17:14 366,160 --a------ C:\WINDOWS\system32\drivers\ctaud2k.sys
    2006-10-27 17:14 36,864 --a------ C:\WINDOWS\system32\sfman32.dll
    2006-10-27 17:14 332,800 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2006-10-27 17:14 178,672 --a------ C:\WINDOWS\system32\drivers\ctoss2k.sys
    2006-10-27 17:14 15,840 --a------ C:\WINDOWS\system32\drivers\pfmodnt.sys
    2006-10-27 17:14 148,432 --a------ C:\WINDOWS\system32\drivers\haP16v2k.sys
    2006-10-27 17:14 145,488 --a------ C:\WINDOWS\system32\drivers\emupia2k.sys
    2006-10-27 17:14 114,688 --a------ C:\WINDOWS\system32\commonfx.dll
    2006-10-27 16:42 49,664 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2006-10-27 16:42 30,720 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2006-10-24 20:21 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-10-24 18:33 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2006-10-19 23:00 5,840 --a------ C:\WINDOWS\system32\w10a6288c.dll
    2006-10-19 10:02 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
    2006-10-19 10:02 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
    2006-10-19 10:02 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
    2006-10-17 13:33 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-10-17 13:33 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-10-17 13:33 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-10-17 13:33 180,736 --------- C:\WINDOWS\system32\ieui.dll
    2006-10-17 13:05 211,968 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:58 61,952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 12:58 17,920 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 12:57 266,752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 12:27 380,928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-14 18:01 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2006-10-14 17:10 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
    2006-10-14 17:10 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
    2006-10-14 17:10 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
    2006-10-14 09:55 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-10-14 09:35 217,088 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-10-14 09:35 217,088 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-10-14 09:34 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
    2006-10-14 09:33 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
    2006-10-14 09:32 37,376 --a------ C:\WINDOWS\system32\hpz3l3xu.dll
    2006-10-14 09:32 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2006-10-14 09:31 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
    2006-10-14 09:31 77,824 --a------ C:\WINDOWS\system32\HPZipm12.exe
    2006-10-14 09:31 69,632 --a------ C:\WINDOWS\system32\HPZinw12.exe
    2006-10-14 09:31 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
    2006-10-14 09:31 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
    2006-10-14 09:31 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
    2006-10-14 09:14 98,304 --a------ C:\WINDOWS\Updreg.EXE
    2006-10-14 09:14 84,992 --------- C:\WINDOWS\system32\SFCVRT32.DLL
    2006-10-14 09:14 82,432 --------- C:\WINDOWS\system32\CTWFLT32.DLL
    2006-10-14 09:14 54,784 --------- C:\WINDOWS\system32\INETWH32.DLL
    2006-10-14 09:14 53,552 --------- C:\WINDOWS\CTCCW.DLL
    2006-10-14 09:14 47,616 --------- C:\WINDOWS\Ctregrun.exe
    2006-10-14 09:14 312,320 --a------ C:\WINDOWS\IsUninst.exe
    2006-10-14 09:14 26,768 --------- C:\WINDOWS\system32\CTL3D.DLL
    2006-10-14 09:14 24,976 --------- C:\WINDOWS\CTRES.DLL
    2006-10-14 09:14 149,504 --------- C:\WINDOWS\system32\MFCANS32.DLL
    2006-10-14 09:14 108,032 --------- C:\WINDOWS\system32\MFCUIA32.DLL
    2006-10-14 09:13 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-10-14 09:13 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2006-10-14 09:13 69,632 --a------ C:\WINDOWS\system32\ctcoinst.dll
    2006-10-14 09:13 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-10-14 09:13 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-10-14 09:13 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-10-14 09:13 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-10-14 09:13 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-10-14 09:13 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2006-10-14 09:13 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
    2006-10-14 09:13 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-10-14 09:13 20,480 --a------ C:\WINDOWS\INRES.DLL
    2006-10-14 09:13 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-10-14 09:13 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-10-14 09:13 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-10-14 09:13 143,360 --a------ C:\WINDOWS\system32\ctdvinst.dll
    2006-10-14 09:13 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-10-14 09:13 130,288 --a------ C:\WINDOWS\system32\drivers\ctsfm2k.sys
    2006-10-14 09:13 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
    2006-10-14 09:12 65,536 --a------ C:\WINDOWS\system32\a3d.dll
    2006-10-14 09:12 466,944 --a------ C:\WINDOWS\system32\CTDC0001.DLL
    2006-10-14 09:12 327,680 --a------ C:\WINDOWS\system32\CTDC0000.DLL
    2006-10-14 09:12 159,744 --a------ C:\WINDOWS\system32\CTOSUSER.DLL
    2006-10-14 09:12 139,264 --a------ C:\WINDOWS\system32\CTDCIFCE.DLL
    2006-10-14 09:12 114,688 --a------ C:\WINDOWS\system32\PIAPROXY.DLL
    2006-10-14 09:12 110,592 --a------ C:\WINDOWS\system32\CTDPROXY.DLL
    2006-10-14 08:47 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2006-10-14 08:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2006-10-14 08:14 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-10-14 08:14 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-10-14 08:13 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-10-14 08:13 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2006-10-14 08:12 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-10-14 08:12 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-10-14 08:12 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-10-14 08:12 74,752 --a------ C:\WINDOWS\system32\storprop.dll
    2006-10-14 08:12 74,752 --a------ C:\WINDOWS\notepad.exe
    2006-10-14 08:12 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-10-14 08:12 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-10-14 08:12 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-10-14 08:12 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-10-14 08:12 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-10-14 08:12 20,992 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-10-14 08:12 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-10-14 08:12 17,408 --------- C:\WINDOWS\system32\spnpinst.exe
    2006-10-14 08:12 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-10-14 08:12 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-10-14 08:12 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-10-14 08:04 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
    2006-10-14 07:47 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
    2006-10-14 07:47 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
    2006-10-14 07:47 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
    2006-10-14 07:47 31,744 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
    2006-10-14 07:43 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
    2006-10-14 07:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-10-14 07:34 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
    2006-10-14 07:34 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
    2006-10-14 07:34 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
    2006-10-14 07:34 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-10-14 07:33 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-10-14 07:33 41,240 --a------ C:\WINDOWS\system32\wups.dll
    2006-10-14 07:33 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-10-14 07:33 18,200 --a------ C:\WINDOWS\system32\wups2.dll
    2006-10-14 07:33 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-10-14 07:33 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-10-14 07:30 15,781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
    2006-10-14 07:29 909,312 --a------ C:\WINDOWS\system32\AegisE5.dll
    2006-10-14 07:29 7,040 --a------ C:\WINDOWS\system32\bcmwlntp.sys
    2006-10-14 07:29 69,632 --a------ C:\WINDOWS\system32\bcmwld2k.exe
    2006-10-14 07:29 69,632 --a------ C:\WINDOWS\system32\BCMLogon.dll
    2006-10-14 07:29 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
    2006-10-14 07:29 602,112 --a------ C:\WINDOWS\system32\bcmwltry.exe
    2006-10-14 07:29 57,344 --a------ C:\WINDOWS\system32\bcmwlhom.exe
    2006-10-14 07:29 53,248 --a------ C:\WINDOWS\system32\wltrysvc.exe
    2006-10-14 07:29 338,176 --a------ C:\WINDOWS\system32\drivers\BCMWL5.SYS
    2006-10-14 07:29 274,432 --a------ C:\WINDOWS\system32\PlugPlayPCIDevice.exe
    2006-10-14 07:29 155,648 --a------ C:\WINDOWS\system32\bcmwlu00.exe
    2006-10-14 07:29 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
    2006-10-14 07:29 118,784 --a------ C:\WINDOWS\system32\AegisI5.exe
    2006-10-14 07:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-10-14 07:25 0 -rahs---- C:\MSDOS.SYS
    2006-10-14 07:25 0 -rahs---- C:\IO.SYS
    2006-10-14 07:25 0 --a------ C:\CONFIG.SYS
    2006-10-14 07:25 0 --a------ C:\AUTOEXEC.BAT
    2006-10-14 07:23 81,920 --a------ C:\WINDOWS\system32\isign32.dll
    2006-10-14 07:23 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-10-14 07:23 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-10-14 07:23 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-10-14 07:23 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-10-14 07:23 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-10-14 07:23 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-10-14 07:23 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-10-14 07:23 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-10-14 07:23 48,128 --a------ C:\WINDOWS\system32\inetres.dll
    2006-10-14 07:23 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-10-14 07:23 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-10-14 07:23 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-10-14 07:23 40,960 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-10-14 07:23 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-10-14 07:23 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-10-14 07:23 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-10-14 07:23 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-10-14 07:23 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-10-14 07:23 274,944 --a------ C:\WINDOWS\system32\mstask.dll
    2006-10-14 07:23 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-10-14 07:23 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-10-14 07:23 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-10-14 07:23 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-10-14 07:23 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-10-14 07:23 17,920 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-10-14 07:23 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-10-14 07:23 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-10-14 07:23 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-10-14 07:23 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-10-14 07:22 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-10-14 07:22 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-10-14 07:22 86,016 --a------ C:\WINDOWS\system32\charmap.exe
    2006-10-14 07:22 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-10-14 07:22 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-10-14 07:22 72,704 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-10-14 07:22 62,464 --a------ C:\WINDOWS\system32\sol.exe
    2006-10-14 07:22 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-10-14 07:22 60,928 --a------ C:\WINDOWS\system32\freecell.exe
    2006-10-14 07:22 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-10-14 07:22 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-10-14 07:22 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-10-14 07:22 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-10-14 07:22 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-10-14 07:22 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-10-14 07:22 39,424 --a------ C:\WINDOWS\system32\regini.exe
    2006-10-14 07:22 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-10-14 07:22 27,648 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-10-14 07:22 26,624 --a------ C:\WINDOWS\system32\msg.exe
    2006-10-14 07:22 26,112 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-10-14 07:22 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-10-14 07:22 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-10-14 07:22 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-10-14 07:22 22,528 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-10-14 07:22 22,528 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-10-14 07:22 22,016 --a------ C:\WINDOWS\system32\tskill.exe
    2006-10-14 07:22 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-10-14 07:22 21,504 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-10-14 07:22 20,992 --a------ C:\WINDOWS\system32\logoff.exe
    2006-10-14 07:22 20,480 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-10-14 07:22 20,480 --a------ C:\WINDOWS\system32\tscon.exe
    2006-10-14 07:22 20,480 --a------ C:\WINDOWS\system32\shadow.exe
    2006-10-14 07:22 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-10-14 07:22 189,440 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-10-14 07:22 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-10-14 07:22 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-10-14 07:22 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-10-14 07:22 15,360 --a------ C:\WINDOWS\system32\reset.exe
    2006-10-14 07:22 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-10-14 07:22 144,384 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-10-14 07:22 137,216 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-10-14 07:22 132,608 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-10-14 07:22 125,440 --a------ C:\WINDOWS\system32\winmine.exe
    2006-10-14 07:22 120,320 --a------ C:\WINDOWS\system32\calc.exe
    2006-10-14 07:22 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-10-14 07:22 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-10-14 07:22 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-10-14 07:22 11,776 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-10-14 07:22 11,264 --a------ C:\WINDOWS\system32\write.exe
    2006-10-14 07:22 10,752 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-10-14 07:22 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-10-14 07:21 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-10-14 07:21 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-10-14 07:21 68,096 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-10-14 07:21 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-10-14 07:21 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-10-14 07:21 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-10-14 07:21 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-10-14 07:21 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-10-14 07:21 544,256 --a------ C:\WINDOWS\system32\spider.exe
    2006-10-14 07:21 50,176 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-10-14 07:21 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-10-14 07:21 413,184 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-10-14 07:21 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
  8. 2006-11-04, 18:57 #8
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    2006-10-14 07:21 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-10-14 07:21 348,672 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-10-14 07:21 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-10-14 07:21 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-10-14 07:21 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-10-14 07:21 19,456 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-10-14 07:21 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-10-14 07:21 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-10-14 07:21 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-10-14 07:21 146,432 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-10-14 07:21 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-10-14 07:21 129,024 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-10-14 07:21 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-10-14 07:21 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-10-14 07:21 108,544 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-10-14 07:21 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-02 19:12 -------- d-------- C:\Documents and Settings\Monica\Application Data\AdobeUM
    2006-11-02 19:10 -------- d-------- C:\Documents and Settings\Monica\Application Data\Adobe
    2006-11-02 19:09 -------- d-------- C:\Program Files\Common Files\Adobe
    2006-11-02 19:08 1215 --a------ C:\Documents and Settings\Monica\Application Data\AdobeDLM.log
    2006-11-02 19:08 0 --a------ C:\Documents and Settings\Monica\Application Data\dm.ini
    2006-11-02 19:08 -------- d-------- C:\Program Files\Adobe
    2006-11-02 19:02 -------- d-------- C:\Program Files\Common Files
    2006-11-02 18:27 -------- d-------- C:\Program Files\Windows Live Safety Center
    2006-11-02 18:25 -------- d-------- C:\Program Files\MSN Messenger
    2006-10-31 07:17 -------- d-------- C:\Program Files\Internet Explorer
    2006-10-31 00:01 -------- d-------- C:\Program Files\DeluxeCommunications
    2006-10-31 00:00 -------- d--h----- C:\Program Files\WindowsUpdate
    2006-10-30 18:01 -------- d-------- C:\Program Files\DAEMON Tools
    2006-10-30 00:00 -------- d-------- C:\Program Files\MSN Gaming Zone
    2006-10-30 00:00 -------- d-------- C:\Program Files\MSN
    2006-10-28 06:42 -------- d-------- C:\Program Files\Common Files\rukr
    2006-10-27 17:42 -------- d-------- C:\Program Files\Diablo II
    2006-10-27 16:43 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-10-27 16:42 -------- d-------- C:\Program Files\Creative
    2006-10-24 21:17 -------- d-------- C:\Documents and Settings\Monica\Application Data\My Games
    2006-10-24 20:22 -------- d-------- C:\Program Files\Firaxis Games
    2006-10-24 16:48 -------- d-------- C:\Program Files\NoAdware4
    2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-10-17 13:01 18944 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-10-17 13:00 60416 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 12:56 51200 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-10-14 09:58 -------- d-------- C:\Program Files\WinAce
    2006-10-14 09:58 -------- d-------- C:\Program Files\Sony
    2006-10-14 09:52 -------- d---s---- C:\Documents and Settings\Monica\Application Data\Microsoft
    2006-10-14 09:41 -------- d-------- C:\Program Files\Common Files\Sonic Shared
    2006-10-14 09:41 -------- d-------- C:\Program Files\Common Files\HP
    2006-10-14 09:36 -------- d-------- C:\Program Files\HP
    2006-10-14 09:36 -------- d-------- C:\Program Files\Hewlett-Packard
    2006-10-14 09:33 -------- d-------- C:\Documents and Settings\Monica\Application Data\Macromedia
    2006-10-14 09:27 -------- d-------- C:\Documents and Settings\Monica\Application Data\HP
    2006-10-14 09:13 -------- d-------- C:\Documents and Settings\Monica\Application Data\Creative
    2006-10-14 09:11 -------- d-------- C:\Program Files\Common Files\InstallShield
    2006-10-14 09:02 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-10-14 09:01 -------- d-------- C:\Program Files\Windows Media Player
    2006-10-14 08:49 -------- d-------- C:\Program Files\Outlook Express
    2006-10-14 08:49 -------- d-------- C:\Program Files\Messenger
    2006-10-14 08:49 -------- d-------- C:\Program Files\Common Files\System
    2006-10-14 08:19 -------- d-------- C:\Program Files\Movie Maker
    2006-10-14 08:18 -------- d-------- C:\Program Files\Windows NT
    2006-10-14 08:18 -------- d-------- C:\Program Files\NetMeeting
    2006-10-14 08:12 62 --ahs---- C:\Documents and Settings\Monica\Application Data\desktop.ini
    2006-10-14 08:12 -------- d-------- C:\Program Files\Common Files\SpeechEngines
    2006-10-14 08:12 -------- d-------- C:\Program Files\Common Files\ODBC
    2006-10-14 07:29 -------- d-------- C:\Program Files\BT Voyager
    2006-10-14 07:28 -------- d--h----- C:\Program Files\Uninstall Information
    2006-10-14 07:28 -------- d-------- C:\Documents and Settings\Monica\Application Data\Identities
    2006-10-14 07:25 -------- d-------- C:\Program Files\xerox
    2006-10-14 07:25 -------- d-------- C:\Program Files\microsoft frontpage
    2006-10-14 07:23 -------- d-------- C:\Program Files\Common Files\Services
    2006-10-14 07:23 -------- d-------- C:\Program Files\Common Files\MSSoap
    2006-10-14 07:22 -------- d-------- C:\Program Files\Online Services
    2006-10-14 07:22 -------- d-------- C:\Program Files\ComPlus Applications
    2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
    2006-08-25 15:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
    2006-08-21 12:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-08-21 09:14 28672 --a------ C:\WINDOWS\system32\fltmc.exe
    2006-08-16 11:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
    2006-08-11 20:45 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
    2006-08-11 20:45 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
    2006-08-11 20:45 5611520 --a------ C:\WINDOWS\system32\nvdisps.dll
    2006-08-11 20:45 5251072 --a------ C:\WINDOWS\system32\nvdispsr.dll
    2006-08-11 20:45 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
    2006-08-11 20:45 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
    2006-08-11 20:45 3039232 --a------ C:\WINDOWS\system32\nvgames.dll
    2006-08-11 20:45 2953216 --a------ C:\WINDOWS\system32\nvvitvsr.dll
    2006-08-11 20:45 2928640 --a------ C:\WINDOWS\system32\nvgamesr.dll
    2006-08-11 20:45 2904064 --a------ C:\WINDOWS\system32\nvvitvs.dll
    2006-08-11 20:45 2859008 --a------ C:\WINDOWS\system32\nvmoblsr.dll
    2006-08-11 20:45 266240 --a------ C:\WINDOWS\system32\nvrsesm.dll
    2006-08-11 20:45 258048 --a------ C:\WINDOWS\system32\nvrsko.dll
    2006-08-11 20:45 249856 --a------ C:\WINDOWS\system32\nvrssl.dll
    2006-08-11 20:45 249856 --a------ C:\WINDOWS\system32\nvrssk.dll
    2006-08-11 20:45 249856 --a------ C:\WINDOWS\system32\nvrshu.dll
    2006-08-11 20:45 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
    2006-08-11 20:45 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
    2006-08-11 20:45 1732608 --a------ C:\WINDOWS\system32\nvwssr.dll
    2006-08-11 20:45 1236992 --a------ C:\WINDOWS\system32\nvwss.dll
    2006-08-11 20:44 323584 --a------ C:\WINDOWS\system32\nvrshe.dll
    2006-08-11 20:44 323584 --a------ C:\WINDOWS\system32\nvrsar.dll
    2006-08-11 20:44 274432 --a------ C:\WINDOWS\system32\nvrses.dll
    2006-08-11 20:44 274432 --a------ C:\WINDOWS\system32\nvrsel.dll
    2006-08-11 20:44 266240 --a------ C:\WINDOWS\system32\nvrspt.dll
    2006-08-11 20:44 262144 --a------ C:\WINDOWS\system32\nvrsja.dll
    2006-08-11 20:44 249856 --a------ C:\WINDOWS\system32\nvrstr.dll
    2006-08-11 20:44 249856 --a------ C:\WINDOWS\system32\nvrspl.dll
    2006-08-11 20:44 249856 --a------ C:\WINDOWS\system32\nvrsno.dll
    2006-08-11 20:44 241664 --a------ C:\WINDOWS\system32\nvrscs.dll
    2006-08-11 20:44 155648 --a------ C:\WINDOWS\system32\nvcolor.exe
    2006-08-11 20:43 86016 --a------ C:\WINDOWS\system32\nvmctray.dll
    2006-08-11 20:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
    2006-08-11 20:43 802816 --a------ C:\WINDOWS\system32\nvcplui.exe
    2006-08-11 20:43 7630848 --a------ C:\WINDOWS\system32\nvcpl.dll
    2006-08-11 20:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
    2006-08-11 20:43 450560 --a------ C:\WINDOWS\system32\nvappbar.exe
    2006-08-11 20:43 434176 --a------ C:\WINDOWS\system32\keystone.exe
    2006-08-11 20:43 335872 --a------ C:\WINDOWS\system32\nvwrses.dll
    2006-08-11 20:43 335872 --a------ C:\WINDOWS\system32\nvwrsel.dll
    2006-08-11 20:43 327680 --a------ C:\WINDOWS\system32\nvwrsfr.dll
    2006-08-11 20:43 327680 --a------ C:\WINDOWS\system32\nvwrsesm.dll
    2006-08-11 20:43 323584 --a------ C:\WINDOWS\system32\nvwrspt.dll
    2006-08-11 20:43 323584 --a------ C:\WINDOWS\system32\nvwrsit.dll
    2006-08-11 20:43 319488 --a------ C:\WINDOWS\system32\nvwrsptb.dll
    2006-08-11 20:43 319488 --a------ C:\WINDOWS\system32\nvwrsnl.dll
    2006-08-11 20:43 315392 --a------ C:\WINDOWS\system32\nvwrsru.dll
    2006-08-11 20:43 315392 --a------ C:\WINDOWS\system32\nvwrshu.dll
    2006-08-11 20:43 311296 --a------ C:\WINDOWS\system32\nvwrsde.dll
    2006-08-11 20:43 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
    2006-08-11 20:43 303104 --a------ C:\WINDOWS\system32\nvwrstr.dll
    2006-08-11 20:43 303104 --a------ C:\WINDOWS\system32\nvwrssl.dll
    2006-08-11 20:43 303104 --a------ C:\WINDOWS\system32\nvwrsfi.dll
    2006-08-11 20:43 299008 --a------ C:\WINDOWS\system32\nvwrssk.dll
    2006-08-11 20:43 299008 --a------ C:\WINDOWS\system32\nvwrsno.dll
    2006-08-11 20:43 294912 --a------ C:\WINDOWS\system32\nvwrssv.dll
    2006-08-11 20:43 294912 --a------ C:\WINDOWS\system32\nvwrspl.dll
    2006-08-11 20:43 294912 --a------ C:\WINDOWS\system32\nvwrsda.dll
    2006-08-11 20:43 286720 --a------ C:\WINDOWS\system32\nvwrseng.dll
    2006-08-11 20:43 286720 --a------ C:\WINDOWS\system32\nvwrscs.dll
    2006-08-11 20:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
    2006-08-11 20:43 282624 --a------ C:\WINDOWS\system32\nvwrsar.dll
    2006-08-11 20:43 278528 --a------ C:\WINDOWS\system32\nvwrshe.dll
    2006-08-11 20:43 278528 --a------ C:\WINDOWS\system32\nvrsfr.dll
    2006-08-11 20:43 274432 --a------ C:\WINDOWS\system32\nvrsit.dll
    2006-08-11 20:43 270336 --a------ C:\WINDOWS\system32\nvrsde.dll
    2006-08-11 20:43 266240 --a------ C:\WINDOWS\system32\nvrsnl.dll
    2006-08-11 20:43 262144 --a------ C:\WINDOWS\system32\nvrsru.dll
    2006-08-11 20:43 262144 --a------ C:\WINDOWS\system32\nvrsptb.dll
    2006-08-11 20:43 245760 --a------ C:\WINDOWS\system32\nvrssv.dll
    2006-08-11 20:43 245760 --a------ C:\WINDOWS\system32\nvrsda.dll
    2006-08-11 20:43 241664 --a------ C:\WINDOWS\system32\nvrsfi.dll
    2006-08-11 20:43 241664 --a------ C:\WINDOWS\system32\nvrseng.dll
    2006-08-11 20:43 221184 --a------ C:\WINDOWS\system32\nvrszhc.dll
    2006-08-11 20:43 212992 --a------ C:\WINDOWS\system32\nvwrsja.dll
    2006-08-11 20:43 196608 --a------ C:\WINDOWS\system32\nvwrsko.dll
    2006-08-11 20:43 196608 --a------ C:\WINDOWS\system32\nvapi.dll
    2006-08-11 20:43 167936 --a------ C:\WINDOWS\system32\nvwrszht.dll
    2006-08-11 20:43 1662976 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
    2006-08-11 20:43 163840 --a------ C:\WINDOWS\system32\nvwrszhc.dll
    2006-08-11 20:43 1527808 --a------ C:\WINDOWS\system32\nwiz.exe
    2006-08-11 20:43 1470464 --a------ C:\WINDOWS\system32\nview.dll
    2006-08-11 20:43 1347584 --a------ C:\WINDOWS\system32\nvdspsch.exe
    2006-08-11 20:43 122880 --a------ C:\WINDOWS\system32\nvrszht.dll
    2006-08-11 20:43 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
    2006-08-11 20:43 1011712 --a------ C:\WINDOWS\system32\nvcpluir.dll
    2006-08-11 20:42 5636096 --a------ C:\WINDOWS\system32\nvoglnt.dll
    2006-08-11 20:42 4496128 --a------ C:\WINDOWS\system32\nv4_disp.dll
    2006-08-11 20:42 35840 --a------ C:\WINDOWS\system32\nvcodins.dll
    2006-08-11 20:42 35840 --a------ C:\WINDOWS\system32\nvcod.dll
    2006-08-11 20:42 163907 --a------ C:\WINDOWS\system32\nvsvc32.exe
  9. 2006-11-04, 18:57 #9
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
    "Creative MediaSource Go"="C:\\Program Files\\Creative\\MediaSource\\GO\\CTCMSGo.exe /SCB"
    "RemoteCenter"="C:\\Program Files\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
    C:\sUBs\aa.txt

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SBDrvDet"="C:\\Program Files\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
    "UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
    "SpybotSnD"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix /autoclose /waitstart"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
    "keyboard"="c:\\\\kybrdff_e48.exe"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="C:\\Program Files\\MSN Gaming Zone\\kykekobyz.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=hex:01,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "Source"="C:\\Program Files\\MSN\\hohyh.html"
    "SubscribedURL"=""
    "FriendlyName"=""
    "Flags"=dword:00002000
    "Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
    03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
    "CurrentState"=hex:01,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
    00,00,01,00,00,00
    "RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    00,00,00,00,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "rkur"="c:\\141ts.exe"
    "Tbpr"="\"C:\\PROGRA~1\\YSTEM3~1\\arpa.exe\" -vt yazr"
    "Qzylfbvx"="C:\\Documents and Settings\\Monica\\My Documents\\S?mantec\\?hkntfs.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "rkur"="c:\\141ts.exe"
    "Tbpr"="\"C:\\PROGRA~1\\YSTEM3~1\\arpa.exe\" -vt yazr"
    "Qzylfbvx"="C:\\Documents and Settings\\Monica\\My Documents\\S?mantec\\?hkntfs.exe"
    C:\sUBs\aa.txt

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

    Completion time: 06-11-04 17:53:00.81
    C:\ComboFix.txt ... 06-11-04 17:53
    C:\ComboFix2.txt ... 06-11-04 17:29
  10. 2006-11-04, 18:58 #10
    Darkgecko
    Darkgecko is offline
    Junior Member
    Join Date
    Oct 2006
    Posts
    21

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 5:58:24 PM, on 11/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    c:\nwnmff_e48.exe
    C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {6DC25841-9CD6-E455-80FB-B6693F8CDCB3} - C:\WINDOWS\system32\dsozhfmd.dll
    O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix /autoclose /waitstart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e48.exe
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160811155375
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1160813055828
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - AppInit_DLLs: dxclib303562752.dll
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9uaWNhIEdyZWdvcnk\command.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules