HELP!!! I think its eatting my comp!!!!!!!

[schatten789]

Ok I got a virus and its locked everything in the control panel and when I click on anything in it it says "This operation has been cancelled due to restrictions in effect on this computer.Please contact your system administrator." Its slowing down my computer and locking it up. It is putting casino and online dating adds on my desktop. Windows keeps making balloons pop up in the bottom right hand corner. When I try to click on anything in control panel and ever some other places a pop up comes up saying this.I keep getting fake popups trying to get me to download what looks like fake antispyware.

I have don scans with several different programs and nothing has fixed it.

I just tryed to find control panel and I cant find it!!! I think it deleting stuff please help!!!!!!!!!

 

[massahwahl]

I would get a hijackthis log and post. Members here are good about telling you what to remove from it.

 

[schatten789]

Ok I think I got the log, tell me if this isnt right.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:36 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\Program Files\OneStepSearch\onestep.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\WINDOWS\Explorer.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
I:\WINDOWS\shell.exe
I:\Program Files\OneStepSearch\onestep.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\system32\Rundll32.exe
I:\WINDOWS\system32\rundll32.exe
I:\WINDOWS\system32\regsvr32.exe
I:\Program Files\SecCenter\scprot4.exe
I:\Program Files\ATITool\ATITool.exe
I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\rundll32.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\Program Files\Grisoft\AVG7\avgcc.exe
I:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe I:\WINDOWS\shell.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpySweeper] "I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [nmfudsro] "rundll32.exe" "I:\Program Files\nmfudsro\xmrilirk.dll",Init
O4 - HKLM\..\Run: [tmncfany] regsvr32 /u "I:\Documents and Settings\All Users\Application Data\tmncfany.dll"
O4 - HKLM\..\Run: [SC2] "I:\Program Files\SecCenter\scprot4.exe"
O4 - HKLM\..\Run: [CTDrive] "rundll32.exe" I:\WINDOWS\system32\drvtor.dll,startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] I:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [Aim6] "I:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [STYLEXP] "I:\Program Files\TGTSoft\StyleXP\StyleXP.exe" -Hide
O4 - HKCU\..\Run: [SIDEBAR] "I:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKCU\..\Run: [Spoolsv] I:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ATITool.lnk = I:\Program Files\ATITool\ATITool.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - I:\Program Files\OneStepSearch\onestep.exe
O23 - Service: StyleXPService - Unknown owner - I:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6028 bytes

 

[schatten789]

ok I just made some progress!!!

I just downloaded this program that let me take the restrictions so I now I can get in to the control panel and everything that was locked. I still want to find the virus that locked it.


This is the program I found it in a reply to a google question where the person had the exact same virus.

http://www.dougknox.com/xp/utils/xp_securityconsole.htm

 

[ceewi1]

Your logfile is showing signs of multiple infections, please do the following.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a RiskTool; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between good and malicious use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please reboot to Safe Mode (tap F8 just before Windows starts to load and select Safe Mode from the list).

Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press Enter to delete infected files.

You will be prompted :

Registry cleaning - Do you want to clean the registry ?; answer Yes by typing Y and press Enter in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer Yes by typing Y and press Enter.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Once done,

1. Please download this file - Combofix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

Finally, please navigate to I:\Program Files\Trend Micro\HijackThis and rename HijackThis.exe to scanner.exe (or anything else that's not HijackThis.exe) and post a new HijackThis log.

Please post

• The Smitfraudfix report
• The ComboFix report
• A new HijackThis log

 

[schatten789]

Im still getting the pop ups when I start up the computer. I got a screen shot of the boxes that pop up if that helps.

Here is the hijackthis log (renamed to HyJakeTis)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:12 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\Program Files\OneStepSearch\onestep.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
I:\WINDOWS\Explorer.EXE
I:\Program Files\OneStepSearch\onestep.exe
I:\WINDOWS\system32\Rundll32.exe
I:\Program Files\Steam\Steam.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Trend Micro\HijackThis\HyJakeTis.exe

O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - I:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {7722642D-C56A-55E4-6E7E-07D5462CC3EE} - I:\Program Files\Zubslwjj\etlcyqkc.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpySweeper] "I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1350WStatusDisplay] I:\WINDOWS\system32\MSTMON_Q.EXE
O4 - HKCU\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
O20 - Winlogon Notify: wvutqqq - I:\WINDOWS\SYSTEM32\wvutqqq.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - I:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5381 bytes



Here is the smitfraudfix log

SmitFraudFix v2.256

Scan done at 16:16:49.06, Wed 11/28/2007
Run from I:\Documents and Settings\Blake\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 atdmt.com
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net
10.18.250.4 banners.fastclick.net
10.18.250.4 click.atdmt.com
10.18.250.4 clicks.atdmt.com
10.18.250.4 engine.awaps.net
10.18.250.4 fastclick.net
10.18.250.4 ftp.avp.ch
10.18.250.4 ftp.kasperskylab.ru
10.18.250.4 updates5.kaspersky-labs.com
10.18.250.4 www.awaps.net
10.18.250.4 www.viruslist.ru

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

I:\WINDOWS\shell.exe Deleted
I:\WINDOWS\system32\printer.exe Deleted
I:\WINDOWS\system32\spoolvs.exe Deleted
I:\WINDOWS\system32\drvtor.dll Deleted
I:\DOCUME~1\Blake\STARTM~1\Programs\Startup\findfast.exe Deleted
I:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\autorun.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0448D644-E40F-4B6C-9031-E2A1C375D2B9}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{1B1830DA-4043-48A1-8139-B9490A4B4B3E}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0448D644-E40F-4B6C-9031-E2A1C375D2B9}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1B1830DA-4043-48A1-8139-B9490A4B4B3E}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0448D644-E40F-4B6C-9031-E2A1C375D2B9}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{1B1830DA-4043-48A1-8139-B9490A4B4B3E}: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.94.156.1 68.94.157.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
"Startup"="MCPSystemStartup"


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

 

[schatten789]

Here is the combofix log

ComboFix 07-11-29.2 - Blake 2007-11-28 16:37:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.207 [GMT -6:00]
Running from: I:\Documents and Settings\Blake\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Program Files\3269.exe
I:\Program Files\SecCenter
I:\Program Files\SecCenter\scprot4.exe
I:\Program Files\smss.exe
I:\Program Files\ucleaner_setup.exe
I:\Program Files\xloader10181.exe
I:\WINDOWS\system32\cdeeg.ini
I:\WINDOWS\system32\cdeeg.ini2
I:\WINDOWS\system32\drvtorr.dll
I:\WINDOWS\system32\geedc.dll
I:\WINDOWS\system32\opnmlli.dll
I:\WINDOWS\system32\tpcwdoia
I:\WINDOWS\system32\tpcwdoia\bg1.gif
I:\WINDOWS\system32\tpcwdoia\bgtop.gif
I:\WINDOWS\system32\tpcwdoia\bottom1.gif
I:\WINDOWS\system32\tpcwdoia\essentials.gif
I:\WINDOWS\system32\tpcwdoia\icon1.ico
I:\WINDOWS\system32\tpcwdoia\install1.gif
I:\WINDOWS\system32\tpcwdoia\left1.gif
I:\WINDOWS\system32\tpcwdoia\li.gif
I:\WINDOWS\system32\tpcwdoia\logo.gif
I:\WINDOWS\system32\tpcwdoia\main.htm
I:\WINDOWS\system32\tpcwdoia\mainframe.htm
I:\WINDOWS\system32\tpcwdoia\reinstall1.gif
I:\WINDOWS\system32\tpcwdoia\right1.gif
I:\WINDOWS\system32\tpcwdoia\s1.htm
I:\WINDOWS\system32\tpcwdoia\s2.htm
I:\WINDOWS\system32\tpcwdoia\s3.htm
I:\WINDOWS\system32\tpcwdoia\SMTop1.gif
I:\WINDOWS\system32\tpcwdoia\SMTop2.gif
I:\WINDOWS\system32\tpcwdoia\SMTop3.gif
I:\WINDOWS\system32\tpcwdoia\SMTop4.gif
I:\WINDOWS\system32\tpcwdoia\soft1_off.gif
I:\WINDOWS\system32\tpcwdoia\soft1_off_ext.gif
I:\WINDOWS\system32\tpcwdoia\soft1_on.gif
I:\WINDOWS\system32\tpcwdoia\soft1_on_ext.gif
I:\WINDOWS\system32\tpcwdoia\soft2_off.gif
I:\WINDOWS\system32\tpcwdoia\soft2_off_ext.gif
I:\WINDOWS\system32\tpcwdoia\soft2_on.gif
I:\WINDOWS\system32\tpcwdoia\soft2_on_ext.gif
I:\WINDOWS\system32\tpcwdoia\soft3_off.gif
I:\WINDOWS\system32\tpcwdoia\soft3_off_ext.gif
I:\WINDOWS\system32\tpcwdoia\soft3_on.gif
I:\WINDOWS\system32\tpcwdoia\soft3_on_ext.gif
I:\WINDOWS\system32\tpcwdoia\softbottom_off.gif
I:\WINDOWS\system32\tpcwdoia\softbottom_on.gif
I:\WINDOWS\system32\tpcwdoia\softleft_off.gif
I:\WINDOWS\system32\tpcwdoia\softleft_on.gif
I:\WINDOWS\system32\tpcwdoia\top1.gif
I:\WINDOWS\system32\tpcwdoia\top2.gif
I:\WINDOWS\system32\tpcwdoia\tpcwdoia1.exe
I:\WINDOWS\system32\tpcwdoia\tpcwdoia2.exe
I:\WINDOWS\system32\tpcwdoia\tpcwdoia3.exe
I:\WINDOWS\system32\tpcwdoia\turnoff1.gif
I:\WINDOWS\system32\tpcwdoia\turnon1.gif

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-28 16:16 . 2003-06-05 20:13 53,248 --a------ I:\WINDOWS\system32\Process.exe
2007-11-28 16:16 . 2004-07-31 17:50 51,200 --a------ I:\WINDOWS\system32\dumphive.exe
2007-11-28 16:11 . 2007-11-28 16:11 <DIR> d-------- I:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-28 15:29 . 2004-08-03 23:01 25,856 --a------ I:\WINDOWS\system32\drivers\usbprint.sys
2007-11-27 16:08 . 2007-11-27 16:08 143 --a------ I:\WINDOWS\system32\mcrh.tmp
2007-11-26 19:06 . 2007-11-26 19:06 261,160 --a------ I:\WINDOWS\system32\ddayw.dll
2007-11-26 18:54 . 2007-11-26 18:54 <DIR> d-------- I:\Program Files\E404 Helper
2007-11-26 18:54 . 2007-11-26 18:54 22,528 --a------ I:\Program Files\e404.exe
2007-11-26 18:54 . 2007-11-26 19:20 10,240 --a------ I:\Program Files\spoolsv.exe
2007-11-26 18:52 . 2007-11-26 18:52 <DIR> d-------- I:\Program Files\Zubslwjj
2007-11-26 18:52 . 2007-11-26 18:52 <DIR> d-------- I:\Program Files\nmfudsro
2007-11-26 18:52 . 2007-11-26 18:52 110,592 --a------ I:\Documents and Settings\All Users\Application Data\tmncfany.dll
2007-11-23 13:55 . 2004-08-03 23:10 38,912 --a------ I:\WINDOWS\system32\drivers\avc.sys
2007-11-18 00:01 . 2007-11-18 00:02 <DIR> d-------- I:\Program Files\Motorola Phone Tools
2007-11-14 20:06 . 2007-11-14 20:06 <DIR> d-------- I:\Program Files\Total Video Converter
2007-11-14 20:06 . 2000-05-22 22:58 608,448 --a------ I:\WINDOWS\system32\comctl32.ocx
2007-11-14 19:44 . 2007-11-14 19:49 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2007-11-14 19:42 . 2007-11-14 19:54 <DIR> d-------- I:\Program Files\NCH Swift Sound
2007-11-12 20:39 . 2007-11-12 20:39 <DIR> d-------- I:\Program Files\Windows Media Connect 2
2007-11-12 20:38 . 2007-11-12 20:38 <DIR> d-------- I:\WINDOWS\system32\drivers\UMDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 22:42 --------- d-----w I:\Program Files\Steam
2007-11-27 01:35 --------- d-----w I:\Program Files\SUPERAntiSpyware
2007-11-27 00:28 --------- d-----w I:\Program Files\Morpheus
2007-11-18 06:02 --------- d-----w I:\Program Files\Avanquest update
2007-11-18 06:01 --------- d--h--w I:\Program Files\InstallShield Installation Information
2007-11-18 06:00 22,768 ----a-w I:\WINDOWS\system32\drivers\usbsermpt.sys
2007-11-02 12:13 --------- d-----w I:\Program Files\OneStepSearch
2007-10-28 16:55 --------- d-----w I:\Program Files\Desktop Sidebar
2007-10-28 16:51 --------- d-----w I:\Program Files\TGTSoft
2007-10-28 16:03 --------- d-----w I:\Program Files\AIM6
2007-10-28 16:02 --------- d-----w I:\Program Files\Viewpoint
2007-10-28 16:02 --------- d-----w I:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-28 14:24 --------- d-----w I:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-24 02:49 --------- d-----w I:\Program Files\FLV Player
2007-10-23 20:24 --------- d-----w I:\Program Files\Stardock
2007-10-23 20:24 --------- d-----w I:\Program Files\Common Files\Stardock
2007-10-23 20:04 --------- d-----w I:\Program Files\themexp
2007-10-21 17:49 --------- d-----w I:\Program Files\Creative
2007-10-08 18:29 --------- d-----w I:\Documents and Settings\All Users\Application Data\ZangoSA
2007-10-08 18:21 --------- d-----w I:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
.

((((((((((((((((((((((((((((( snapshot_2007-09-21_160404.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w I:\WINDOWS\AppPatch\acadproc.dll
- 2007-07-20 05:47:22 109,056 ----a-w I:\WINDOWS\catchme.exe
+ 2007-11-27 09:58:11 140,288 ----a-w I:\WINDOWS\catchme.exe
- 1999-10-10 09:00:00 41,984 ------w I:\WINDOWS\Ctregrun.exe
+ 1999-10-10 17:00:00 41,984 ------w I:\WINDOWS\Ctregrun.exe
- 2007-06-13 19:27:08 38,428 ----a-w I:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2007-10-28 16:02:38 38,428 ----a-w I:\WINDOWS\Downloaded Program Files\unagiuninst.exe
+ 2007-10-24 02:49:41 473,600 ----a-w I:\WINDOWS\FLV Player\uninstall.exe
- 2004-08-04 12:00:00 208,896 ----a-w I:\WINDOWS\inf\unregmp2.exe
+ 2006-11-02 00:31:34 315,904 ----a-w I:\WINDOWS\inf\unregmp2.exe
- 2007-06-17 05:11:58 51,200 ----a-w I:\WINDOWS\NirCmd.exe
+ 2007-06-17 06:11:58 51,200 ----a-w I:\WINDOWS\NirCmd.exe
+ 2004-08-04 12:00:00 159,232 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2004-08-04 12:00:00 52,224 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2004-08-04 12:00:00 201,728 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2004-08-04 12:00:00 356,352 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2004-08-04 12:00:00 245,760 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2004-08-04 12:00:00 27,136 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2004-08-04 12:00:00 23,552 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2004-10-11 16:20:30 161,792 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2004-10-11 16:20:30 25,088 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2004-10-11 16:20:30 169,472 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2004-10-11 16:20:30 360,176 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2004-10-11 16:20:30 311,296 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2004-10-11 16:20:32 28,160 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2004-10-11 16:20:32 33,792 ----a-w I:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2004-10-11 16:20:30 47,104 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2004-10-11 16:20:30 15,872 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2004-10-11 16:20:30 38,912 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2004-10-11 16:20:38 38,912 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2004-10-11 16:20:38 61,952 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2004-10-11 16:20:38 114,176 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2004-10-11 16:20:38 331,776 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2004-10-11 16:20:38 66,560 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2004-10-11 16:20:38 327,680 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2004-10-11 16:20:38 10,752 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2004-10-11 16:20:38 18,944 ----a-w I:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2004-08-04 12:00:00 408,064 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2004-08-04 12:00:00 759,296 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2004-08-04 12:00:00 484,864 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2004-08-04 12:00:00 809,984 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2004-10-11 16:20:30 379,120 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2004-10-11 16:20:34 773,368 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2004-10-11 16:20:34 531,192 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2004-10-11 16:20:36 1,181,944 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2004-10-11 16:20:36 868,600 ----a-w I:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-04 12:00:00 6,656 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2004-08-04 12:00:00 103,936 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2004-08-04 12:00:00 237,568 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2004-08-04 12:00:00 670,720 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2004-08-04 12:00:00 230,400 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2004-08-04 12:00:00 151,552 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2004-08-04 12:00:00 1,050,624 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2004-08-04 12:00:00 1,119,744 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2004-08-04 12:00:00 896,512 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2006-12-07 23:02:24 2,174,976 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2004-08-04 12:00:00 1,001,472 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2004-10-11 16:20:30 6,656 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2004-10-11 16:20:30 96,768 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2004-10-11 16:20:30 221,184 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2004-10-11 16:20:30 712,704 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2004-10-11 16:20:30 224,256 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2004-10-11 16:20:32 344,064 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2004-10-11 16:20:32 290,816 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2004-10-11 16:20:32 150,016 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2004-10-11 16:20:32 1,026,048 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2004-10-11 16:20:34 1,116,160 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2004-10-11 16:20:36 936,960 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2004-10-11 16:20:36 1,509,376 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2004-10-11 16:20:36 2,362,104 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2004-10-11 16:20:38 999,424 ----a-w I:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2004-08-04 12:00:00 286,208 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2004-08-04 12:00:00 299,520 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2004-08-04 12:00:00 87,040 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2004-08-04 12:00:00 695,296 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2004-08-04 12:00:00 259,072 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2004-10-11 16:20:30 230,912 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2004-10-11 16:20:30 253,688 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2004-10-11 16:20:30 95,232 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2004-10-11 16:20:30 533,504 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2004-10-11 16:20:30 141,312 ----a-w I:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2005-04-27 13:09:01 95,744 ----a-w I:\WINDOWS\Resources\ScreenSavers\Cyclone.scr
+ 2005-04-27 13:09:01 294,912 ----a-w I:\WINDOWS\Resources\ScreenSavers\Euphoria.scr
+ 2005-04-27 13:09:02 81,408 ----a-w I:\WINDOWS\Resources\ScreenSavers\FieldLines.scr
+ 2005-04-27 13:09:02 77,824 ----a-w I:\WINDOWS\Resources\ScreenSavers\Flocks.scr
+ 2005-04-27 13:09:02 69,632 ----a-w I:\WINDOWS\Resources\ScreenSavers\Flux.scr
+ 2005-04-27 13:09:02 294,912 ----a-w I:\WINDOWS\Resources\ScreenSavers\Helios.scr
+ 2005-04-27 13:09:02 1,724,416 ----a-w I:\WINDOWS\Resources\ScreenSavers\Lattice.scr
+ 2005-04-27 13:09:02 90,112 ----a-w I:\WINDOWS\Resources\ScreenSavers\OpenAL32.dll
+ 2005-04-27 13:09:02 57,344 ----a-w I:\WINDOWS\Resources\ScreenSavers\Plasma.scr
+ 2005-04-27 13:09:03 5,906,432 ----a-w I:\WINDOWS\Resources\ScreenSavers\Skyrocket.scr
+ 2005-04-27 13:09:03 69,632 ----a-w I:\WINDOWS\Resources\ScreenSavers\SolarWinds.scr
+ 2007-11-28 21:44:53 8,124 ----a-w I:\WINDOWS\SoftwareDistribution\EventCache\{6F7AE490-2E99-4C8C-A9D6-8255014298C8}.bin
+ 2007-11-27 04:26:46 7,316 ----a-w I:\WINDOWS\SoftwareDistribution\EventCache\{EA358CB2-A189-4C13-9F07-103EFC8D43E4}.bin
- 2004-08-04 12:00:00 8,192 ----a-w I:\WINDOWS\system32\asferror.dll
+ 2006-10-19 03:47:08 7,168 ----a-w I:\WINDOWS\system32\asferror.dll
+ 2006-10-19 03:47:08 276,992 ------w I:\WINDOWS\system32\audiodev.dll
- 2004-08-04 12:00:00 286,208 ----a-w I:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 03:47:10 542,720 ----a-w I:\WINDOWS\system32\blackbox.dll
- 2004-08-04 12:00:00 159,232 ----a-w I:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 03:47:10 229,376 ----a-w I:\WINDOWS\system32\cewmdm.dll
- 2004-08-04 12:00:00 8,192 -c--a-w I:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 03:47:08 7,168 -c--a-w I:\WINDOWS\system32\dllcache\asferror.dll
+ 2004-08-04 05:10:12 38,912 -c--a-w I:\WINDOWS\system32\dllcache\avc.sys
- 2004-08-04 12:00:00 286,208 -c--a-w I:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 03:47:10 542,720 -c--a-w I:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-08-04 12:00:00 159,232 -c--a-w I:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 03:47:10 229,376 -c--a-w I:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-08-04 12:00:00 299,520 -c--a-w I:\WINDOWS\system32\dllcache\drmclien.dll
+ 2004-10-11 16:20:30 253,688 -c--a-w I:\WINDOWS\system32\dllcache\drmclien.dll
- 2004-08-04 12:00:00 87,040 -c--a-w I:\WINDOWS\system32\dllcache\drmstor.dll
+ 2004-10-11 16:20:30 95,232 -c--a-w I:\WINDOWS\system32\dllcache\drmstor.dll
- 2004-08-04 12:00:00 695,296 -c--a-w I:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 03:47:10 991,744 -c--a-w I:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-08-04 12:00:00 6,656 -c--a-w I:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 03:47:14 11,264 -c--a-w I:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-08-04 12:00:00 103,936 -c--a-w I:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 02:03:58 100,864 -c--a-w I:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 12:00:00 310,272 -c--a-w I:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 03:47:14 4,096 -c--a-w I:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 12:00:00 384,512 -c--a-w I:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 03:47:14 4,096 -c--a-w I:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 12:00:00 240,640 -c--a-w I:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 03:47:14 4,096 -c--a-w I:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-08-04 12:00:00 368,640 -c--a-w I:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 03:47:14 243,712 -c--a-w I:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-04 12:00:00 259,072 -c--a-w I:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 03:47:16 179,712 -c--a-w I:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-08-04 12:00:00 52,224 -c--a-w I:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 03:47:16 27,136 -c--a-w I:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-08-04 12:00:00 201,728 -c--a-w I:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 03:47:16 175,616 -c--a-w I:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-08-04 12:00:00 356,352 -c--a-w I:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-19 03:47:16 414,208 -c--a-w I:\WINDOWS\system32\dllcache\msscp.dll
- 2004-08-04 12:00:00 245,760 -c--a-w I:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 03:47:16 321,536 -c--a-w I:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-08-04 12:00:00 237,568 -c--a-w I:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 03:47:18 211,456 -c--a-w I:\WINDOWS\system32\dllcache\qasf.dll
- 2004-08-04 12:00:00 774,144 -c--a-w I:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-02 00:31:38 1,669,120 -c--a-w I:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 12:00:00 208,896 -c--a-w I:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-11-02 00:31:34 315,904 -c--a-w I:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2004-08-04 05:01:26 25,856 -c--a-w I:\WINDOWS\system32\dllcache\usbprint.sys
- 2004-08-04 12:00:00 408,064 -c--a-w I:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 03:47:18 757,248 -c--a-w I:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-08-04 12:00:00 670,720 -c--a-w I:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 03:47:18 1,117,696 -c--a-w I:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2004-08-04 12:00:00 230,400 -c--a-w I:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 03:47:18 222,208 -c--a-w I:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-08-04 12:00:00 27,136 -c--a-w I:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 03:47:18 33,792 -c--a-w I:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-08-04 12:00:00 23,552 -c--a-w I:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 03:47:18 37,376 -c--a-w I:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-08-04 12:00:00 168,448 -c--a-w I:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 03:47:20 227,328 -c--a-w I:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-08-04 12:00:00 151,552 -c--a-w I:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 03:47:20 157,184 -c--a-w I:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-08-04 12:00:00 1,050,624 -c--a-w I:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 03:47:20 937,984 -c--a-w I:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 07:22:16 4,734,976 -c--a-w I:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-19 03:47:20 10,834,432 -c--a-w I:\WINDOWS\system32\dllcache\wmp.dll
- 2004-08-04 12:00:00 114,688 -c--a-w I:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 03:47:20 242,688 -c--a-w I:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-08-04 12:00:00 98,304 -c--a-w I:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 03:47:20 96,256 -c--a-w I:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-04 12:00:00 233,472 -c--a-w I:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 03:47:20 314,880 -c--a-w I:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-08-04 12:00:00 73,728 -c--a-w I:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 03:46:20 64,000 -c--a-w I:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-08-04 12:00:00 2,940,928 -c--a-w I:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 03:47:20 8,231,936 -c--a-w I:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-08-04 12:00:00 102,400 -c--a-w I:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 03:47:20 99,840 -c--a-w I:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-08-04 12:00:00 759,296 -c--a-w I:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 03:47:22 4,096 -c--a-w I:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-08-04 12:00:00 1,119,744 -c--a-w I:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 03:47:22 4,096 -c--a-w I:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-08-04 12:00:00 484,864 -c--a-w I:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 03:47:22 603,648 -c--a-w I:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-08-04 12:00:00 896,512 -c--a-w I:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 03:47:22 1,329,152 -c--a-w I:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 23:02:24 2,174,976 -c--a-w I:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 03:47:22 2,450,944 -c--a-w I:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-08-04 12:00:00 809,984 -c--a-w I:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 03:47:22 4,096 -c--a-w I:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-08-04 12:00:00 1,001,472 -c--a-w I:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 03:47:22 4,096 -c--a-w I:\WINDOWS\system32\dllcache\wmvdmoe2.dll
- 2007-06-25 23:18:50 820,928 ----a-w I:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-11-27 21:30:16 821,856 ----a-w I:\WINDOWS\system32\drivers\avg7core.sys
+ 2006-10-19 03:47:22 671,232 ------w I:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll
+ 2006-10-19 02:00:00 38,528 ----a-w I:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-09-29 00:55:50 77,568 ------w I:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-09-29 01:00:34 82,944 ------w I:\WINDOWS\system32\drivers\WudfRd.sys
- 2004-08-04 12:00:00 299,520 ----a-w I:\WINDOWS\system32\drmclien.dll
+ 2004-10-11 16:20:30 253,688 ----a-w I:\WINDOWS\system32\drmclien.dll
- 2004-08-04 12:00:00 87,040 ----a-w I:\WINDOWS\system32\drmstor.dll
+ 2004-10-11 16:20:30 95,232 ----a-w I:\WINDOWS\system32\drmstor.dll
+ 2006-10-19 02:00:46 249,856 ------w I:\WINDOWS\system32\drmupgds.exe
- 2004-08-04 12:00:00 695,296 ----a-w I:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 03:47:10 991,744 ----a-w I:\WINDOWS\system32\drmv2clt.dll
- 2007-05-21 11:48:01 95,864 ----a-w I:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-16 01:09:37 96,664 ----a-w I:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-28 17:18:56 2,192,640 ----a-w I:\WINDOWS\system32\kernel1.exe
- 2004-08-04 12:00:00 6,656 ----a-w I:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 03:47:14 11,264 ----a-w I:\WINDOWS\system32\LAPRXY.dll
- 2004-08-04 12:00:00 103,936 ----a-w I:\WINDOWS\system32\logagent.exe

 

[schatten789]

+ 2006-10-19 02:03:58 100,864 ----a-w I:\WINDOWS\system32\logagent.exe
+ 2004-11-19 03:13:02 36,864 ----a-w I:\WINDOWS\system32\MCMM___Q.DLL
+ 2006-10-19 03:47:14 212,992 ------w I:\WINDOWS\system32\MFPLAT.dll
+ 2004-11-19 03:13:02 23,552 ----a-w I:\WINDOWS\system32\MGDI32_Q.DLL
+ 2004-11-19 03:13:02 9,728 ----a-w I:\WINDOWS\system32\MICM___Q.DLL
+ 2004-11-19 03:13:02 13,824 ----a-w I:\WINDOWS\system32\MIMF32_Q.DLL
+ 2004-11-19 03:13:02 49,152 ----a-w I:\WINDOWS\system32\MINFIN_Q.EXE
+ 2004-12-06 08:57:38 77,824 ----a-w I:\WINDOWS\system32\MLMON__Q.DLL
+ 2004-11-19 03:13:02 18,848 ----a-w I:\WINDOWS\system32\MLPTDR_Q.SYS
+ 2006-10-19 03:47:14 259,072 ------w I:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 12:00:00 310,272 ----a-w I:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w I:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 03:47:14 317,440 ------w I:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 12:00:00 384,512 ----a-w I:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w I:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 03:47:14 259,072 ------w I:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 12:00:00 240,640 ----a-w I:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 03:47:14 4,096 ----a-w I:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 21:28:42 312,128 ------w I:\WINDOWS\system32\msdelta.dll
- 2004-08-04 12:00:00 259,072 ----a-w I:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 03:47:16 179,712 ----a-w I:\WINDOWS\system32\msnetobj.dll
- 2004-08-04 12:00:00 52,224 ----a-w I:\WINDOWS\system32\mspmsnsv.dll
+ 2006-10-19 03:47:16 27,136 ----a-w I:\WINDOWS\system32\mspmsnsv.dll
- 2004-08-04 12:00:00 201,728 ----a-w I:\WINDOWS\system32\mspmsp.dll
+ 2006-10-19 03:47:16 175,616 ----a-w I:\WINDOWS\system32\mspmsp.dll
+ 2004-11-19 03:13:02 51,200 ----a-w I:\WINDOWS\system32\MSPOOL_Q.DLL
- 2004-08-04 12:00:00 356,352 ----a-w I:\WINDOWS\system32\msscp.dll
+ 2006-10-19 03:47:16 414,208 ----a-w I:\WINDOWS\system32\msscp.dll
+ 2004-11-19 03:13:04 1,490,944 ----a-w I:\WINDOWS\system32\MSTMON_Q.DLL
+ 2004-11-22 03:42:38 163,840 ----a-w I:\WINDOWS\system32\MSTMON_Q.EXE
- 2004-08-04 12:00:00 245,760 ----a-w I:\WINDOWS\system32\mswmdm.dll
+ 2006-10-19 03:47:16 321,536 ----a-w I:\WINDOWS\system32\mswmdm.dll
+ 2000-10-20 06:05:42 25,088 ----a-w I:\WINDOWS\system32\msxml3a.dll
+ 2004-11-19 03:13:06 19,456 ----a-w I:\WINDOWS\system32\MTAG32_Q.DLL
+ 2004-11-19 03:13:06 147,456 ----a-w I:\WINDOWS\system32\MUINST_Q.EXE
- 2007-08-30 22:32:00 62,344 ----a-w I:\WINDOWS\system32\perfc009.dat
+ 2007-11-28 22:26:18 62,344 ----a-w I:\WINDOWS\system32\perfc009.dat
- 2007-08-30 22:32:00 401,064 ----a-w I:\WINDOWS\system32\perfh009.dat
+ 2007-11-28 22:26:18 401,064 ----a-w I:\WINDOWS\system32\perfh009.dat
+ 2006-10-19 03:47:18 284,160 ------w I:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 03:47:18 101,888 ------w I:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 03:47:18 166,912 ------w I:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 03:47:18 132,096 ------w I:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 03:47:18 199,168 ------w I:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-04 12:00:00 237,568 ----a-w I:\WINDOWS\system32\qasf.dll
+ 2006-10-19 03:47:18 211,456 ----a-w I:\WINDOWS\system32\qasf.dll
+ 2007-11-27 04:27:11 49,056 ----a-w I:\WINDOWS\system32\Restore\rstrlog.dat
- 2006-12-10 20:10:02 14,640 ------w I:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 23:58:48 14,640 ------w I:\WINDOWS\system32\spmsg.dll
+ 2004-11-19 03:13:02 36,864 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MCMM___Q.DLL
+ 2004-11-19 03:13:02 65,536 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MDDM32_Q.DLL
+ 2004-11-19 03:13:02 118,784 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MDDMUI_Q.DLL
+ 2004-11-19 03:13:02 23,552 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MGDI32_Q.DLL
+ 2004-11-19 03:13:02 9,728 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MICM___Q.DLL
+ 2004-11-19 03:13:02 13,824 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MIMF32_Q.DLL
+ 2004-11-19 03:13:02 34,816 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFN5_Q.DLL
+ 2004-11-19 03:13:02 10,240 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MIMFPR_Q.DLL
+ 2004-11-19 03:13:02 126,976 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MLTSRV_Q.DLL
+ 2004-11-19 03:13:02 28,672 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MNT5UI_Q.DLL
+ 2004-11-19 03:13:02 40,960 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MQDPRT_Q.DLL
+ 2004-11-19 03:13:02 77,824 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSD32__Q.DLL
+ 2004-11-19 03:13:02 32,768 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSDIMF_Q.DLL
+ 2004-11-22 03:43:04 151,552 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSDMLT_Q.DLL
+ 2004-11-19 03:13:02 40,960 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSPL32_Q.EXE
+ 2004-11-19 03:13:02 51,200 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSPOOL_Q.DLL
+ 2004-11-19 03:13:02 131,072 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSR32__Q.DLL
+ 2004-11-19 03:13:06 696,320 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MSUMLT_Q.DLL
+ 2004-11-19 03:13:06 19,456 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MTAG32_Q.DLL
+ 2004-11-19 03:13:06 147,456 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\3\MUINST_Q.EXE
+ 2004-11-19 03:13:02 36,864 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MCMM___Q.DLL
+ 2004-11-19 03:13:02 65,536 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MDDM32_Q.DLL
+ 2004-11-19 03:13:02 118,784 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MDDMUI_Q.DLL
+ 2004-11-19 03:13:02 23,552 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MGDI32_Q.DLL
+ 2004-11-19 03:13:02 9,728 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MICM___Q.DLL
+ 2004-11-19 03:13:02 13,824 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MIMF32_Q.DLL
+ 2004-11-19 03:13:02 34,816 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MIMFN5_Q.DLL
+ 2004-11-19 03:13:02 10,240 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MIMFPR_Q.DLL
+ 2004-11-19 03:13:02 126,976 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MLTSRV_Q.DLL
+ 2004-11-19 03:13:02 28,672 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MNT5UI_Q.DLL
+ 2004-11-19 03:13:02 40,960 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MQDPRT_Q.DLL
+ 2004-11-19 03:13:02 77,824 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSD32__Q.DLL
+ 2004-11-19 03:13:02 32,768 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSDIMF_Q.DLL
+ 2004-11-22 03:43:04 151,552 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSDMLT_Q.DLL
+ 2004-11-19 03:13:02 40,960 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSPL32_Q.EXE
+ 2004-11-19 03:13:02 51,200 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSPOOL_Q.DLL
+ 2004-11-19 03:13:02 131,072 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSR32__Q.DLL
+ 2004-11-19 03:13:06 696,320 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MSUMLT_Q.DLL
+ 2004-11-19 03:13:06 19,456 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MTAG32_Q.DLL
+ 2004-11-19 03:13:06 147,456 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\konica_minoltapp13508e8c\MUINST_Q.EXE
+ 2004-11-19 03:13:02 36,864 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MCMM___Q.DLL
+ 2004-11-19 03:13:02 65,536 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MDDM32_Q.DLL
+ 2004-11-19 03:13:02 118,784 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MDDMUI_Q.DLL
+ 2004-11-19 03:13:02 23,552 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MGDI32_Q.DLL
+ 2004-11-19 03:13:02 9,728 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MICM___Q.DLL
+ 2004-11-19 03:13:02 13,824 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MIMF32_Q.DLL
+ 2004-11-19 03:13:02 34,816 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MIMFN5_Q.DLL
+ 2004-11-19 03:13:02 10,240 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MIMFPR_Q.DLL
+ 2004-11-19 03:13:02 126,976 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MLTSRV_Q.DLL
+ 2004-11-19 03:13:02 28,672 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MNT5UI_Q.DLL
+ 2004-11-19 03:13:02 40,960 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MQDPRT_Q.DLL
+ 2004-11-19 03:13:02 77,824 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MSD32__Q.DLL
+ 2004-11-19 03:13:02 32,768 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MSDIMF_Q.DLL
+ 2004-11-22 03:43:04 151,552 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MSDMLT_Q.DLL
+ 2004-11-19 03:13:02 51,200 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MSPOOL_Q.DLL
+ 2004-11-19 03:13:02 131,072 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MSR32__Q.DLL
+ 2004-11-19 03:13:06 696,320 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MSUMLT_Q.DLL
+ 2004-11-19 03:13:06 19,456 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MTAG32_Q.DLL
+ 2004-11-19 03:13:06 147,456 ----a-w I:\WINDOWS\system32\spool\drivers\w32x86\MUINST_Q.EXE
+ 2004-11-19 03:13:02 10,240 ----a-w I:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR_Q.DLL
- 2005-06-28 15:21:34 22,752 ----a-w I:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 23:58:48 23,856 ----a-w I:\WINDOWS\system32\spupdsvc.exe
+ 2006-04-27 22:49:30 288,417 ----a-w I:\WINDOWS\system32\SrchSTS.exe
- 2007-07-22 23:39:27 279,552 ----a-w I:\WINDOWS\system32\swreg.exe
+ 2007-07-23 00:39:27 279,552 ----a-w I:\WINDOWS\system32\swreg.exe
+ 2006-10-19 03:58:00 8,704 ----a-w I:\WINDOWS\system32\uwdf.exe
+ 2007-09-06 05:22:24 289,144 ----a-w I:\WINDOWS\system32\VCCLSID.exe
+ 2006-10-19 03:47:18 4,096 ----a-w I:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 03:58:00 8,704 ----a-w I:\WINDOWS\system32\wdfmgr.exe
- 2004-08-04 12:00:00 408,064 ----a-w I:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 03:47:18 757,248 ----a-w I:\WINDOWS\system32\WMADMOD.dll
- 2004-08-04 12:00:00 670,720 ----a-w I:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 03:47:18 1,117,696 ----a-w I:\WINDOWS\system32\WMADMOE.dll
- 2004-08-04 12:00:00 230,400 ----a-w I:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 03:47:18 222,208 ----a-w I:\WINDOWS\system32\WMASF.dll
- 2004-08-04 12:00:00 27,136 ----a-w I:\WINDOWS\system32\wmdmlog.dll
+ 2006-10-19 03:47:18 33,792 ----a-w I:\WINDOWS\system32\wmdmlog.dll
- 2004-08-04 12:00:00 23,552 ----a-w I:\WINDOWS\system32\wmdmps.dll
+ 2006-10-19 03:47:18 37,376 ----a-w I:\WINDOWS\system32\wmdmps.dll
+ 2006-10-19 03:47:18 429,056 ----a-w I:\WINDOWS\system32\wmdrmdev.dll
+ 2006-10-19 03:47:20 348,672 ----a-w I:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 03:47:20 535,040 ------w I:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 12:00:00 168,448 ----a-w I:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 03:47:20 227,328 ----a-w I:\WINDOWS\system32\wmerror.dll
- 2004-08-04 12:00:00 151,552 ----a-w I:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 03:47:20 157,184 ----a-w I:\WINDOWS\system32\wmidx.dll
- 2004-08-04 12:00:00 1,050,624 ----a-w I:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 03:47:20 937,984 ----a-w I:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 07:22:16 4,734,976 ----a-w I:\WINDOWS\system32\wmp.dll
+ 2006-10-19 03:47:20 10,834,432 ----a-w I:\WINDOWS\system32\wmp.dll
- 2004-08-04 12:00:00 114,688 ----a-w I:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 03:47:20 242,688 ----a-w I:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 12:00:00 233,472 ----a-w I:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 03:47:20 314,880 ----a-w I:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 03:47:20 295,936 ------w I:\WINDOWS\system32\wmpeffects.dll
+ 2006-10-19 03:47:20 1,661,440 ------w I:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 12:00:00 2,940,928 ----a-w I:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 03:47:20 8,231,936 ----a-w I:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 03:47:20 613,376 ------w I:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 03:47:20 130,048 ------w I:\WINDOWS\system32\wmpps.dll
- 2004-08-04 12:00:00 102,400 ----a-w I:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 03:47:20 99,840 ----a-w I:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 03:47:20 204,288 ------w I:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-04 12:00:00 759,296 ----a-w I:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w I:\WINDOWS\system32\wmsdmod.dll
- 2004-08-04 12:00:00 1,119,744 ----a-w I:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w I:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-04 12:00:00 484,864 ----a-w I:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 03:47:22 603,648 ----a-w I:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-04 12:00:00 896,512 ----a-w I:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 03:47:22 1,329,152 ----a-w I:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-10-19 03:47:22 4,096 ----a-w I:\WINDOWS\system32\WMVADVD.dll
+ 2006-10-19 03:47:22 4,096 ----a-w I:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 23:02:24 2,174,976 ----a-w I:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 03:47:22 2,450,944 ----a-w I:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 03:47:22 1,543,680 ------w I:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-04 12:00:00 809,984 ----a-w I:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 03:47:22 4,096 ----a-w I:\WINDOWS\system32\wmvdmod.dll
- 2004-08-04 12:00:00 1,001,472 ----a-w I:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 03:47:22 4,096 ----a-w I:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 03:47:22 1,574,912 ------w I:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 03:47:22 1,382,912 ------w I:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 03:47:22 767,488 ------w I:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 03:47:22 656,896 ------w I:\WINDOWS\system32\WMVXENCD.dll
+ 2006-10-19 03:47:22 629,760 ----a-w I:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 03:47:22 35,840 ----a-w I:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 03:47:22 154,624 ----a-w I:\WINDOWS\system32\wpdmtp.dll
+ 2004-10-11 16:20:38 331,776 ----a-w I:\WINDOWS\system32\wpdmtpdr.dll
+ 2006-10-19 03:47:22 63,488 ----a-w I:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 03:47:22 2,603,008 ------w I:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 02:00:14 17,408 ------w I:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 03:47:22 38,400 ------w I:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 03:47:22 133,632 ------w I:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-10-19 03:47:22 356,352 ----a-w I:\WINDOWS\system32\wpdsp.dll
+ 2004-10-11 16:20:38 10,752 ----a-w I:\WINDOWS\system32\wpdtrace.dll
+ 2007-10-04 05:36:46 25,600 ----a-w I:\WINDOWS\system32\WS2Fix.exe
+ 2006-09-29 02:13:26 95,344 ------w I:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-09-29 00:56:38 146,432 ------w I:\WINDOWS\system32\WudfHost.exe
+ 2006-09-29 00:56:16 165,376 ------w I:\WINDOWS\system32\WudfPlatform.dll
+ 2006-09-29 00:56:14 55,808 ------w I:\WINDOWS\system32\WudfSvc.dll
+ 2006-09-29 00:56:38 316,416 ------w I:\WINDOWS\system32\WUDFx.dll
+ 2007-11-27 00:52:12 34,304 ----a-w I:\WINDOWS\system32\wvutqqq.dll
+ 2005-09-23 04:49:12 95,744 ----a-w I:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7722642D-C56A-55E4-6E7E-07D5462CC3EE}]
2007-11-26 18:52 110592 --a------ I:\Program Files\Zubslwjj\etlcyqkc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"Steam"="I:\Program Files\Steam\Steam.exe" [2007-11-20 16:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"="Rundll32 P17.dll" []
"UpdReg"="I:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"BootSkin Startup Jobs"="I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 15:21]
"LogonStudio"="I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 17:38]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 11:45 I:\WINDOWS\KHALMNPR.Exe]
"SpySweeper"="I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2006-08-03 19:02]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="I:\WINDOWS\system32\MSTMON_Q.EXE" [2004-11-21 21:42]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="I:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-27 15:30]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= I:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
I:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 I:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
I:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2005-01-31 14:13 49152 I:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winghy32]
winghy32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvutqqq]
wvutqqq.dll 2007-11-26 18:52 34304 I:\WINDOWS\system32\wvutqqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=I:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^G^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=I:\Documents and Settings\G\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=I:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\I:^Documents and Settings^G^Start Menu^Programs^Startup^D-Odometer.lnk]
path=I:\Documents and Settings\G\Start Menu\Programs\Startup\D-Odometer.lnk
backup=I:\WINDOWS\pss\D-Odometer.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2006-09-13 10:00 700416 --------- I:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
I:\Program Files\Ipwindows\ipwins.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
I:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
I:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
I:\Program Files\Logitech\Profiler\lwemon.exe /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2007-05-23 09:12 1314816 --a------ I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WUSB54Gv2]
2004-04-19 09:19 24576 --a------ I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe

R1 ATITool;ATITool Overclocking Utility;I:\WINDOWS\system32\DRIVERS\ATITool.sys
R2 MLPTDR_Q;MLPTDR_Q;\??\I:\WINDOWS\system32\MLPTDR_Q.SYS
R2 OneStep Search Service;OneStep Search Service;"I:\Program Files\OneStepSearch\onestep.exe" "I:\Program Files\OneStepSearch\onestep.dll" Service
R3 P17;Sound Blaster Audigy;I:\WINDOWS\system32\drivers\P17.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;I:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;I:\WINDOWS\system32\drivers\WmXlCore.sys
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;I:\WINDOWS\system32\DRIVERS\AN983.sys
S3 WmFilter;Logitech Gaming HID Filter Driver;I:\WINDOWS\system32\drivers\WmFilter.sys
S3 WmHidLo;Logitech Gaming USB Filter Driver;I:\WINDOWS\system32\drivers\WmHidLo.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;I:\WINDOWS\system32\drivers\WmVirHid.sys

.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 16:42:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 16:44:26 - machine was rebooted
I:\ComboFix-quarantined-files.txt ... 2007-09-21 15:04
I:\ComboFix2.txt ... 2007-09-21 15:04
.
--- E O F ---

 

[ceewi1]

We're making progress, that's removed a lot of the malware, but there's still more to do.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entries:

• O2 - BHO: (no name) - {7722642D-C56A-55E4-6E7E-07D5462CC3EE} - I:\Program Files\Zubslwjj\etlcyqkc.dll
• O20 - Winlogon Notify: winghy32 - winghy32.dll (file missing)
• O20 - Winlogon Notify: wvutqqq - I:\WINDOWS\SYSTEM32\wvutqqq.dll

Please close all open windows except for HijackThis and choose Fix checked

Please set Windows to show hidden files:

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View Tab.
• Under the Hidden files and folders heading select Show hidden files and folders.
• Uncheck the Hide protected operating system files (recommended) option.
• Click Yes to confirm.
• Click OK.

Please delete the following files (where still present):

• 
  [*]I:\WINDOWS\system32\mcrh.tmp
  [*]I:\WINDOWS\system32\ddayw.dll
  [*]I:\Program Files\e404.exe
  [*]I:\Program Files\spoolsv.exe
  [*]I:\Documents and Settings\All Users\Application Data\tmncfany.dll
  [*]I:\WINDOWS\system32\wvutqqq.dll

Please delete the following folders:

• 
  [*]I:\Program Files\E404 Helper
  [*]I:\Program Files\Zubslwjj
  [*]I:\Program Files\nmfudsro

Please reboot and post a new HijackThis log.

 

[schatten789]

Thanks alot man this has helped SOOOO much. It looks like everything it back to normal, no more popups or icons being put on my desktop, and no more balloons poping up from the task bar.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:17 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\spoolsv.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\Program Files\Viewpoint\Common\ViewpointService.exe
I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
I:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\Rundll32.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
I:\WINDOWS\system32\mshta.exe
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\Trend Micro\HijackThis\HyJakeTis.exe

O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - I:\WINDOWS\system32\wvutqqq.dll (file missing)
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - I:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] I:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "I:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "I:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Steam] "I:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] I:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - I:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OneStep Search Service - Unknown owner - I:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - I:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv2SVC - GEMTEKS - I:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 4944 bytes

 

[ceewi1]

Glad to help, your logfile appears to be clean, just a few final things.

Your logfile indicates that you have Viewpoint Manager installed.
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything bad. It is known to be intrusive, but there is some possibility that it is now being used by those companies to give them info about your habits. It is not considered spyware since this is not clear, but I would not tolerate it on my machine if I didn't install it.

I suggest you remove it. To do so, click on Start -> Control Panel -> Add or Remove Programs. Click on Viewpoint Manager and click Remove.

Please run HijackThis and choose Do a system scan only.

Place a check next to the following entry:

• O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - I:\WINDOWS\system32\wvutqqq.dll (file missing)

If you chose to remove Viewpoint Manager, please also place a check next to the following entry (if still present):

• O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - I:\Program Files\Viewpoint\Common\ViewpointService.exe

Please close all open windows except for HijackThis and choose Fix checked

Also, Your Java Runtime Environment is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update:
Updating Java:

• Go to Start > Control Panel double-click on the Software icon > Add or Remove Programs.
• Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
  It should have next icon next to it:
  
  
  Select it and click Remove.
• Then Download and install the newest version from here:
  • 
    http://www.java.com/en/download/manual.jsp

 

[schatten789]

Thank you very much! You really know your stuff.

I cant even tell I got any infection now. I did delete the viewpoint manager, I dont remember installing it and have never used it but, it has been on my computer for a long time. I never deleted it because I didnt know what it was.


Thanks again