User Name Password Register
DaniWeb IT Discussion Community
Home
Forums
Tutorials
Blogs
Link Directory
All
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 456,233 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,778 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Join our community!
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 1545 | Replies: 17
Reply
Page 2 of 2 < 1 2
Join Date: Nov 2007
Posts: 9
Reputation: Kheftiu is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
Kheftiu Kheftiu is offline Offline
Newbie Poster

Re: Slow computer/lots of errors/ Virus?

  #11  
Nov 12th, 2007
Combofix:

ComboFix 07-11-08.1 - Sam 2007-11-12 17:15:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1116 [GMT -5:00]
Running from: C:\Documents and Settings\Sam\Desktop\combofix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\opqss.bak1
C:\WINDOWS\system32\opqss.bak2
C:\WINDOWS\system32\opqss.ini
C:\WINDOWS\system32\opqss.ini2
C:\WINDOWS\system32\opqss.tmp
C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\prutv.tmp
C:\WINDOWS\system32\ssqpo.dll
C:\WINDOWS\system32\vturp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-11 21:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-11 21:13 <DIR> d-------- C:\WINDOWS\pss
2007-11-11 19:28 4,434 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 19:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 19:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 19:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 19:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 19:27 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 06:50 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-10 16:56 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\AVG7
2007-11-10 16:37 <DIR> d-------- C:\Program Files\Opera
2007-11-10 16:07 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2007-11-10 16:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-10 12:34 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-10 12:34 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-10 12:34 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-10 12:34 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-10 12:34 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-10 12:34 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-10 12:34 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-10 12:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-10 11:49 166,496 --a------ C:\WINDOWS\system32\msdtexch.dll
2007-11-10 11:48 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-10 11:43 532 --a------ C:\WINDOWS\system32\msftedswc.dll
2007-11-10 08:13 156,336 --a------ C:\WINDOWS\draste.exe
2007-11-09 22:24 91,824 --a------ C:\WINDOWS\system32\mskvtns.dll
2007-11-09 12:47 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Apple Computer
2007-11-09 12:45 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Nero
2007-11-08 22:51 161,344 --a------ C:\Documents and Settings\Sam\Application Data\pcant.exe
2007-11-08 15:30 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-07 23:25 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-07 23:25 <DIR> d----c--- C:\Temp\mZOr
2007-10-30 06:34 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\Nero
2007-10-30 05:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Nero
2007-10-29 17:41 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Nero
2007-10-29 17:39 <DIR> d-------- C:\Program Files\Nero
2007-10-29 17:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-29 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-23 17:17 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-10-23 17:17 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-10-23 17:17 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 17:14 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2007-10-23 17:14 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2007-10-23 17:14 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-10-23 17:14 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2007-10-23 17:14 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2007-10-23 17:10 <DIR> d-------- C:\Program Files\Pinnacle
2007-10-23 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-23 17:08 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\InstallShield
2007-10-21 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-21 18:02 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-20 19:09 <DIR> d-------- C:\Program Files\WiFiConnector
2007-10-20 19:05 162,816 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS
2007-10-17 05:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-17 05:49 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-16 16:04 <DIR> d----c--- C:\VundoFix Backups
2007-10-15 16:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 16:22 <DIR> d-------- C:\Program Files\Hijack
2007-10-15 15:42 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-10-14 19:19 <DIR> d-------- C:\Program Files\RegCure
2007-10-14 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-14 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-14 15:47 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-12 22:21 --------- d-----w C:\Documents and Settings\Sam\Application Data\uTorrent
2007-11-10 22:39 --------- d-----w C:\Program Files\uTorrent
2007-11-10 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-10 18:35 --------- d-----w C:\Program Files\AIM6
2007-11-04 03:02 --------- d-----w C:\Program Files\Viewpoint
2007-11-04 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-28 23:22 --------- d-----w C:\Documents and Settings\Sam\Application Data\AdobeUM
2007-10-23 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 13:23 --------- d-----w C:\Documents and Settings\Stepahanie\Application Data\AdobeUM
2007-10-19 18:01 --------- d-----w C:\Program Files\America Online 9.0
2007-10-13 16:21 --------- d-----w C:\Documents and Settings\Sam\Application Data\Apple Computer
2007-10-07 03:00 --------- d-----w C:\Documents and Settings\Sam\Application Data\iolo
2007-10-07 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-07 01:58 --------- d-----w C:\Documents and Settings\Sam\Application Data\PC Tools
2007-10-06 03:58 --------- d-----w C:\Program Files\Lavasoft
2007-10-06 03:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-06 01:18 1,499,299 --sha-w C:\WINDOWS\system32\rtutv.ini2
2007-10-06 01:01 1,505,112 --sha-w C:\WINDOWS\system32\rtutv.bak2
2007-10-04 19:44 --------- d-----w C:\Program Files\iTunes
2007-10-04 19:44 --------- d-----w C:\Program Files\iPod
2007-10-03 18:43 1,516,933 --sha-w C:\WINDOWS\system32\rtutv.bak1
2007-10-03 03:06 10 ----a-w C:\Program Files\.autoreg
2007-09-30 03:21 --------- d-----w C:\Documents and Settings\Michael\Application Data\MEGAUPLOADTOOLBAR
2007-09-27 23:47 --------- d-----w C:\Program Files\BuddyList Ops
2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 13:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-17 19:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 19:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 19:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-09-17 14:05 --------- dc----w C:\Documents and Settings\Adam\Application Data\MEGAUPLOADTOOLBAR
2007-09-17 13:56 --------- dc-h--w C:\Documents and Settings\Adam\Application Data\GTek
2007-09-13 06:32 --------- d-----w C:\Program Files\Apple Software Update
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2007-08-13 23:54 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-13 23:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:54 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:45 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
2007-08-13 23:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:44 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
2007-08-13 23:42 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
2007-08-13 23:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:39 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
2007-08-13 23:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-08-13 23:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:36 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
2007-08-13 23:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:32 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
2007-08-13 23:18 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-08-13 23:01 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
2007-06-18 03:05:42 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-11-10_11.41.48.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-11 15:15:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2007-11-12 02:22:05 5,832,704 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2007-11-12 02:22:05 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2007-11-11 15:15:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2007-11-12 02:21:50 5,832,704 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2007-11-12 02:21:50 16,384 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2004-08-04 09:00:00 61,440 -c--a-w C:\WINDOWS\ie7\admparse.dll
+ 2004-08-04 09:00:00 99,840 -c--a-w C:\WINDOWS\ie7\advpack.dll
+ 2004-08-04 09:00:00 35,328 -c--a-w C:\WINDOWS\ie7\corpol.dll
+ 2006-06-03 11:40:49 33,792 -c--a-w C:\WINDOWS\ie7\custsat.dll
+ 2007-08-22 12:55:30 357,888 -c--a-w C:\WINDOWS\ie7\dxtmsft.dll
+ 2007-08-22 12:55:31 205,824 -c--a-w C:\WINDOWS\ie7\dxtrans.dll
+ 2007-08-22 12:55:31 55,808 -c--a-w C:\WINDOWS\ie7\extmgr.dll
+ 2004-08-04 09:00:00 38,912 -c--a-w C:\WINDOWS\ie7\hmmapi.dll
+ 2004-08-04 09:00:00 34,304 -c--a-w C:\WINDOWS\ie7\ie4uinit.exe
+ 2004-08-04 09:00:00 139,264 -c--a-w C:\WINDOWS\ie7\ieakeng.dll
+ 2004-08-04 09:00:00 216,576 -c--a-w C:\WINDOWS\ie7\ieaksie.dll
+ 2004-08-04 09:00:00 221,184 -c--a-w C:\WINDOWS\ie7\ieakui.dll
+ 2004-08-04 09:00:00 323,584 -c--a-w C:\WINDOWS\ie7\iedkcs32.dll
+ 2007-08-21 10:19:39 18,432 -c--a-w C:\WINDOWS\ie7\iedw.exe
+ 2004-08-04 09:00:00 81,920 -c--a-w C:\WINDOWS\ie7\ieencode.dll
+ 2007-08-22 12:55:32 251,904 -c--a-w C:\WINDOWS\ie7\iepeers.dll
+ 2004-08-04 09:00:00 48,640 -c--a-w C:\WINDOWS\ie7\iernonce.dll
+ 2004-08-04 09:00:00 62,976 -c--a-w C:\WINDOWS\ie7\iesetup.dll
+ 2004-08-04 09:00:00 93,184 -c--a-w C:\WINDOWS\ie7\iexplore.exe
+ 2004-08-04 09:00:00 35,840 -c--a-w C:\WINDOWS\ie7\imgutil.dll
+ 2007-08-22 12:55:32 96,256 -c--a-w C:\WINDOWS\ie7\inseng.dll
+ 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\ie7\jscript.dll
+ 2007-08-22 12:55:32 16,384 -c--a-w C:\WINDOWS\ie7\jsproxy.dll
+ 2004-08-04 09:00:00 22,016 -c--a-w C:\WINDOWS\ie7\licmgr10.dll
+ 2004-08-04 09:00:00 29,184 -c--a-w C:\WINDOWS\ie7\mshta.exe
+ 2007-08-22 12:55:36 3,064,832 -c--a-w C:\WINDOWS\ie7\mshtml.dll
+ 2007-08-22 12:55:37 449,024 -c--a-w C:\WINDOWS\ie7\mshtmled.dll
+ 2004-08-04 09:00:00 56,832 -c--a-w C:\WINDOWS\ie7\mshtmler.dll
+ 2004-08-04 09:00:00 146,432 -c--a-w C:\WINDOWS\ie7\msls31.dll
+ 2007-08-22 12:55:37 146,432 -c--a-w C:\WINDOWS\ie7\msrating.dll
+ 2007-08-22 12:55:38 532,480 -c--a-w C:\WINDOWS\ie7\mstime.dll
+ 2004-08-04 09:00:00 96,256 -c--a-w C:\WINDOWS\ie7\occache.dll
+ 2007-08-22 12:55:38 39,424 -c--a-w C:\WINDOWS\ie7\pngfilt.dll
+ 2007-08-13 23:54:42 32,960 -c--a-w C:\WINDOWS\ie7\spuninst\iecustom.dll
+ 2007-08-13 23:52:06 66,048 -c--a-w C:\WINDOWS\ie7\spuninst\ieResetIcons.exe
+ 2006-09-06 22:43:16 213,216 -c--a-w C:\WINDOWS\ie7\spuninst\spuninst.exe
+ 2006-09-06 22:43:18 371,424 -c--a-w C:\WINDOWS\ie7\spuninst\updspapi.dll
+ 2004-08-04 09:00:00 37,888 -c--a-w C:\WINDOWS\ie7\url.dll
+ 2007-08-22 12:55:43 617,984 -c--a-w C:\WINDOWS\ie7\urlmon.dll
+ 2004-08-04 09:00:00 417,792 -c--a-w C:\WINDOWS\ie7\vbscript.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\ie7\vgx.dll
+ 2004-08-04 09:00:00 276,480 -c--a-w C:\WINDOWS\ie7\webcheck.dll
+ 2007-08-22 12:55:44 665,600 -c--a-w C:\WINDOWS\ie7\wininet.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:54:10 765,952 -c----w C:\WINDOWS\ie7updates\KB938127-IE7\vgx.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll
+ 2007-08-13 23:39:00 123,904 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\advpack.dll.000
+ 2007-08-13 23:35:38 214,528 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\dxtrans.dll
+ 2007-08-13 23:54:10 131,584 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\extmgr.dll
+ 2007-08-13 23:36:26 61,952 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\icardie.dll
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe
+ 2007-08-13 23:39:06 54,784 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ie4uinit.exe.000
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll
+ 2007-08-13 23:39:26 152,064 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakeng.dll.000
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll
+ 2007-08-13 23:39:54 229,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieaksie.dll.000
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll
+ 2007-08-13 22:56:54 161,792 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieakui.dll.000
+ 2007-02-12 21:10:12 2,451,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dat
+ 2007-07-11 17:27:48 383,488 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieapfltr.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll
+ 2007-08-13 23:39:50 382,976 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iedkcs32.dll.000
+ 2007-08-13 23:54:10 6,049,280 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieframe.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll
+ 2007-08-13 23:39:10 43,008 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iernonce.dll.000
+ 2007-08-13 23:34:04 266,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iertutil.dll
+ 2007-08-13 23:39:10 13,312 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\ieudinit.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe
+ 2007-08-13 23:43:56 622,080 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe.000
+ 2007-08-13 23:54:10 27,136 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\jsproxy.dll
+ 2007-08-13 23:54:10 458,752 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeeds.dll
+ 2007-08-13 23:54:10 50,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msfeedsbs.dll
+ 2007-08-13 23:54:12 3,578,368 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtml.dll
+ 2007-08-13 23:54:10 475,648 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mshtmled.dll
+ 2007-08-13 23:44:26 192,000 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\msrating.dll
+ 2007-08-13 23:54:10 670,720 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\mstime.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll
+ 2007-08-13 23:44:06 101,376 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\occache.dll.000
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\updspapi.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll
+ 2007-08-13 23:44:30 105,984 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\url.dll.000
+ 2007-08-13 23:54:10 1,162,240 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\urlmon.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll
+ 2007-08-13 23:54:10 231,424 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\webcheck.dll.000
+ 2007-08-13 23:54:10 818,688 -c----w C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
- 2007-11-09 17:47:12 102,400 ----a-r C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe
+ 2007-11-10 17:38:19 102,400 ----a-r C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe
+ 2006-06-03 11:40:49 33,792 ------w C:\WINDOWS\network diagnostic\custsat.dll
+ 2006-10-10 12:44:50 557,568 ------w C:\WINDOWS\network diagnostic\xpnetdiag.exe
- 2004-08-04 09:00:00 99,840 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2007-08-20 10:04:34 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2004-08-04 09:00:00 59,904 ----a-w C:\WINDOWS\system32\dllcache\ipv6mon.dll
- 2007-06-26 15:13:22 851,968 ------w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-07-12 23:31:54 765,952 ----a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-11-10 21:04:36 821,856 ----a-w C:\WINDOWS\system32\drivers\avg7core.sys
+ 2007-11-10 21:04:38 4,224 ----a-w C:\WINDOWS\system32\drivers\avg7rsw.sys
+ 2007-11-10 21:04:39 27,776 ----a-w C:\WINDOWS\system32\drivers\avg7rsxp.sys
+ 2007-11-10 21:04:41 3,968 ----a-w C:\WINDOWS\system32\drivers\avgclean.sys
+ 2007-11-10 21:04:41 19,904 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
+ 2007-11-10 21:04:41 4,960 ----a-w C:\WINDOWS\system32\drivers\avgtdi.sys
- 2007-08-22 12:55:30 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-08-13 23:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-08-22 12:55:31 205,824 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-08-20 10:04:34 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2007-08-22 12:55:31 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 132,608 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-08-20 10:04:34 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2006-06-29 13:05:44 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
- 2004-08-04 09:00:00 34,304 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-17 10:20:54 63,488 ------w C:\WINDOWS\system32\ie4uinit.exe
- 2004-08-04 09:00:00 139,264 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2007-08-20 10:04:34 153,088 ------w C:\WINDOWS\system32\ieakeng.dll
- 2004-08-04 09:00:00 216,576 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2007-08-20 10:04:35 230,400 ------w C:\WINDOWS\system32\ieaksie.dll
- 2004-08-04 09:00:00 221,184 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2007-08-17 07:34:25 161,792 ------w C:\WINDOWS\system32\ieakui.dll
+ 2007-04-17 09:32:38 2,455,488 ----a-w C:\WINDOWS\system32\ieapfltr.dat
+ 2007-08-20 10:04:35 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2004-08-04 09:00:00 323,584 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:35 384,512 ------w C:\WINDOWS\system32\iedkcs32.dll
+ 2007-08-20 10:04:37 6,058,496 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2007-08-22 12:55:32 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-08-13 23:54:10 191,488 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2004-08-04 09:00:00 48,640 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 44,544 ------w C:\WINDOWS\system32\iernonce.dll
+ 2007-08-20 10:04:38 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2007-08-17 10:20:54 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2007-08-13 23:54:10 180,736 ----a-w C:\WINDOWS\system32\ieui.dll
- 2007-08-22 12:55:32 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2007-08-13 23:39:02 92,672 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-08-13 23:38:04 491,520 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-08-22 12:55:32 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-08-20 10:04:39 27,648 ------w C:\WINDOWS\system32\jsproxy.dll
- 2007-06-11 17:34:00 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2007-06-11 20:34:34 2,115,816 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
- 2007-06-11 17:34:00 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-06-11 20:34:40 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-11-11 06:43:40 45,218 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
+ 2007-08-20 10:04:39 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2007-08-20 10:04:39 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-13 23:36:40 12,288 ----a-w C:\WINDOWS\system32\msfeedssync.exe
- 2007-08-22 12:55:36 3,064,832 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-08-20 20:34:42 3,584,512 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-08-22 12:55:37 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-20 10:04:41 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-08-22 12:55:37 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-08-20 10:04:41 193,024 ------w C:\WINDOWS\system32\msrating.dll
- 2007-08-22 12:55:38 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2007-08-20 10:04:42 671,232 ------w C:\WINDOWS\system32\mstime.dll
+ 2006-06-28 22:59:26 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
+ 2006-06-29 13:05:44 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
- 2004-08-04 09:00:00 96,256 ----a-w C:\WINDOWS\system32\occache.dll
+ 2007-08-20 10:04:42 102,400 ------w C:\WINDOWS\system32\occache.dll
- 2007-11-10 12:01:31 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-12 15:22:51 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-10 12:01:31 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-12 15:22:51 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-08-22 12:55:38 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-08-13 23:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2006-11-29 21:21:29 370,688 ----a-w C:\WINDOWS\system32\swsc.exe
+ 2007-11-12 00:27:40 40,960 ----a-w C:\WINDOWS\system32\swsc.exe
- 2006-12-01 09:20:32 212,480 ----a-w C:\WINDOWS\system32\swxcacls.exe
+ 2007-11-12 00:27:40 79,360 ----a-w C:\WINDOWS\system32\swxcacls.exe
- 2004-08-04 09:00:00 37,888 ----a-w C:\WINDOWS\system32\url.dll
+ 2007-08-20 10:04:42 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2007-08-22 12:55:43 617,984 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-08-20 10:04:42 1,152,000 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 09:00:00 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
+ 2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
- 2004-08-04 09:00:00 276,480 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-20 10:04:42 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2007-08-13 23:45:16 206,336 ----a-w C:\WINDOWS\system32\WinFXDocObj.exe
- 2007-08-22 12:55:44 665,600 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-08-20 10:04:43 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2006-07-14 15:51:51 121,856 ----a-w C:\WINDOWS\system32\xmllite.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0CAEDDBE-0628-4061-BB79-1324A3452C5C}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Online Services\mewo555077.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{20ee8607-a14d-41a3-910e-b6f84b4c91c7}]
C:\WINDOWS\system32\bqcftces.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F78B9AC-6E6C-4968-70BB-8A43CA1CA3FC}]
C:\Program Files\Messenger\qujawi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A075D70-BFB9-4A0C-85FD-DBEA2ECCCC84}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Online Services\mewo4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
C:\WINDOWS\system32\jkkifgg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8BA0B389-F517-41BB-80D6-7DFC6F237557}]
2007-08-02 08:43 282624 --a------ C:\Program Files\Online Services\mewo83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DABCE839-3831-3818-AF3A-3837BCD324D2}]
2007-11-09 22:24 91824 --a------ C:\WINDOWS\system32\mskvtns.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 08:43]
"SigmatelSysTrayApp"="stsystra.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 02:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 07:54 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 15:47]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"HostManager"="C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe" [2006-09-25 19:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"snp2std"="C:\WINDOWS\vsnp2std.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-14 20:02]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"{06-68-84-4B-ZN}"="c:\windows\system32\dwdsrngt.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 16:04]
"683068e4"="C:\WINDOWS\system32\vkkoyfkc.dll" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 16:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 18:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 14:41]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-10-20 19:09:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\jkkifgg.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkifgg]
jkkifgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winxtx32]
winxtx32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-06 16:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-12 22:23:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-08 13:50:15 C:\WINDOWS\Tasks\RegCure.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 17:24:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\ATWPKT2.SYS"
.
Completion time: 2007-11-12 17:26:34 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-10 11:42
C:\ComboFix3.txt ... 2007-10-15 16:39
.
--- E O F ---







Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:01 PM, on 11/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\DOCUME~1\Sam\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijack\HiJackThis.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CAEDDBE-0628-4061-BB79-1324A3452C5C} - C:\Program Files\Online Services\mewo555077.dll
O2 - BHO: {7c19c4b4-8f6b-e019-3a14-d41a7068ee02} - {20ee8607-a14d-41a3-910e-b6f84b4c91c7} - C:\WINDOWS\system32\bqcftces.dll (file missing)
O2 - BHO: 0 - {3F78B9AC-6E6C-4968-70BB-8A43CA1CA3FC} - C:\Program Files\Messenger\qujawi.dll (file missing)
O2 - BHO: (no name) - {4A075D70-BFB9-4A0C-85FD-DBEA2ECCCC84} - C:\Program Files\Online Services\mewo4444.dll
O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\jkkifgg.dll (file missing)
O2 - BHO: (no name) - {8BA0B389-F517-41BB-80D6-7DFC6F237557} - C:\Program Files\Online Services\mewo83122.dll
O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mskvtns.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [{06-68-84-4B-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [683068e4] rundll32.exe "C:\WINDOWS\system32\vkkoyfkc.dll",b
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: jkkifgg - jkkifgg.dll (file missing)
O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11196 bytes
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 8,016
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 23
Solved Threads: 455
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Slow computer/lots of errors/ Virus?

  #12  
Nov 13th, 2007
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\system32\mskvtns.dll
C:\WINDOWS\system32\pvmjpg30.dll

====

A. Please RUN HijackThis
  1. Click the SCAN button to produce a log.

  2. Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {0CAEDDBE-0628-4061-BB79-1324A3452C5C} - C:\Program Files\Online Services\mewo555077.dll
    O2 - BHO: {7c19c4b4-8f6b-e019-3a14-d41a7068ee02} - {20ee8607-a14d-41a3-910e-b6f84b4c91c7} - C:\WINDOWS\system32\bqcftces.dll (file missing)
    O2 - BHO: 0 - {3F78B9AC-6E6C-4968-70BB-8A43CA1CA3FC} - C:\Program Files\Messenger\qujawi.dll (file missing)
    O2 - BHO: (no name) - {4A075D70-BFB9-4A0C-85FD-DBEA2ECCCC84} - C:\Program Files\Online Services\mewo4444.dll
    O2 - BHO: (no name) - {4CB8F4B4-5F66-4D9E-BC3B-184596A58824} - C:\WINDOWS\system32\jkkifgg.dll (file missing)
    O2 - BHO: (no name) - {8BA0B389-F517-41BB-80D6-7DFC6F237557} - C:\Program Files\Online Services\mewo83122.dll
    O2 - BHO: (no name) - {DABCE839-3831-3818-AF3A-3837BCD324D2} - C:\WINDOWS\system32\mskvtns.dll

    O4 - HKLM\..\Run: [{06-68-84-4B-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
    O4 - HKLM\..\Run: [683068e4] rundll32.exe "C:\WINDOWS\system32\vkkoyfkc.dll",b

    O20 - Winlogon Notify: jkkifgg - jkkifgg.dll (file missing)
    O20 - Winlogon Notify: winxtx32 - winxtx32.dll (file missing)

  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.


B. 1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Help with Code Tags 
File::
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\vkkoyfkc.dll
c:\windows\system32\dwdsrngt.exe
Folder::
C:\Program Files\Online Services


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://i5.photobucket.com/albums/y15...1/CFScript.gif


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Nov 2007
Posts: 9
Reputation: Kheftiu is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
Kheftiu Kheftiu is offline Offline
Newbie Poster

Re: Slow computer/lots of errors/ Virus?

  #13  
Nov 13th, 2007
Results for C:\WINDOWS\system32\pvmjpg30.dll:

Scan taken on 13 Nov 2007 21:02:08 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


When I tried scanning C:\WINDOWS\system32\mskvtns.dll
This came up:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file



Combofix:

ComboFix 07-11-08.1 - Sam 2007-11-13 16:15:28.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1414 [GMT -5:00]
Running from: C:\Documents and Settings\Sam\Desktop\combofix.exe
Command switches used :: C:\Documents and Settings\Sam\Desktop\CFScript.txt
* Created a new restore point

FILE
c:\windows\system32\dwdsrngt.exe
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2
C:\WINDOWS\system32\vkkoyfkc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Online Services
C:\Program Files\Online Services\Refer me to more Internet Service Providers.lnk
C:\Program Files\Online Services\Use MSN Explorer to sign up for Internet Access (US only).lnk
C:\WINDOWS\system32\rtutv.bak1
C:\WINDOWS\system32\rtutv.bak2
C:\WINDOWS\system32\rtutv.ini2

.
((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.

2007-11-13 16:12 0 --a------ C:\Documents and Settings\Sam\.exe
2007-11-11 21:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-11 21:13 <DIR> d-------- C:\WINDOWS\pss
2007-11-11 19:28 4,434 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 19:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 19:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 19:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 19:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 19:27 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 06:50 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-10 16:56 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\AVG7
2007-11-10 16:37 <DIR> d-------- C:\Program Files\Opera
2007-11-10 16:07 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2007-11-10 16:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-10 12:34 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-10 12:34 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-10 12:34 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-10 12:34 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-10 12:34 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-10 12:34 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-10 12:34 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-10 12:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-10 11:49 171,936 --a------ C:\WINDOWS\system32\msdtexch.dll
2007-11-10 11:48 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-10 11:43 769 --a------ C:\WINDOWS\system32\msftedswc.dll
2007-11-10 08:13 156,336 --a------ C:\WINDOWS\draste.exe
2007-11-09 12:47 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Apple Computer
2007-11-09 12:45 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Nero
2007-11-08 22:51 161,344 --a------ C:\Documents and Settings\Sam\Application Data\pcant.exe
2007-11-08 15:30 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-07 23:25 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-07 23:25 <DIR> d----c--- C:\Temp\mZOr
2007-10-30 06:34 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\Nero
2007-10-30 05:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Nero
2007-10-29 17:41 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Nero
2007-10-29 17:39 <DIR> d-------- C:\Program Files\Nero
2007-10-29 17:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-29 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-23 17:17 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-10-23 17:17 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-10-23 17:17 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 17:14 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2007-10-23 17:14 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2007-10-23 17:14 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-10-23 17:14 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2007-10-23 17:14 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2007-10-23 17:10 <DIR> d-------- C:\Program Files\Pinnacle
2007-10-23 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-23 17:08 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\InstallShield
2007-10-21 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-21 18:02 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-20 19:09 <DIR> d-------- C:\Program Files\WiFiConnector
2007-10-20 19:05 162,816 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS
2007-10-17 05:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-17 05:49 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-16 16:04 <DIR> d----c--- C:\VundoFix Backups
2007-10-15 16:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 16:22 <DIR> d-------- C:\Program Files\Hijack
2007-10-15 15:42 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-10-14 19:19 <DIR> d-------- C:\Program Files\RegCure
2007-10-14 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-14 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-14 15:47 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 21:12 0 ----a-w C:\Documents and Settings\Sam\.exe
2007-11-13 12:54 --------- d-----w C:\Documents and Settings\Sam\Application Data\uTorrent
2007-11-10 22:39 --------- d-----w C:\Program Files\uTorrent
2007-11-10 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-10 18:35 --------- d-----w C:\Program Files\AIM6
2007-11-04 03:02 --------- d-----w C:\Program Files\Viewpoint
2007-11-04 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-28 23:22 --------- d-----w C:\Documents and Settings\Sam\Application Data\AdobeUM
2007-10-25 17:46 142 ----a-w C:\Program Files\page.html
2007-10-23 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 13:23 --------- d-----w C:\Documents and Settings\Stepahanie\Application Data\AdobeUM
2007-10-19 18:01 --------- d-----w C:\Program Files\America Online 9.0
2007-10-13 16:21 --------- d-----w C:\Documents and Settings\Sam\Application Data\Apple Computer
2007-10-07 03:00 --------- d-----w C:\Documents and Settings\Sam\Application Data\iolo
2007-10-07 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-07 01:58 --------- d-----w C:\Documents and Settings\Sam\Application Data\PC Tools
2007-10-06 03:58 --------- d-----w C:\Program Files\Lavasoft
2007-10-06 03:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-04 19:44 --------- d-----w C:\Program Files\iTunes
2007-10-04 19:44 --------- d-----w C:\Program Files\iPod
2007-10-03 03:06 10 ----a-w C:\Program Files\.autoreg
2007-09-30 03:21 --------- d-----w C:\Documents and Settings\Michael\Application Data\MEGAUPLOADTOOLBAR
2007-09-27 23:47 --------- d-----w C:\Program Files\BuddyList Ops
2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 13:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-17 19:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 19:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 19:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-09-17 14:05 --------- dc----w C:\Documents and Settings\Adam\Application Data\MEGAUPLOADTOOLBAR
2007-09-17 13:56 --------- dc-h--w C:\Documents and Settings\Adam\Application Data\GTek
2007-09-13 06:32 --------- d-----w C:\Program Files\Apple Software Update
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-13 23:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-08-13 23:54 413,696 ------w C:\WINDOWS\system32\dllcache\vbscript.dll
2007-08-13 23:54 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
2007-08-13 23:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2007-08-13 23:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-08-13 23:54 156,160 ------w C:\WINDOWS\system32\dllcache\msls31.dll
2007-08-13 23:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-08-13 23:45 78,336 ------w C:\WINDOWS\system32\dllcache\ieencode.dll
2007-08-13 23:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-08-13 23:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-08-13 23:44 40,960 ------w C:\WINDOWS\system32\dllcache\licmgr10.dll
2007-08-13 23:42 17,408 ------w C:\WINDOWS\system32\dllcache\corpol.dll
2007-08-13 23:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2007-08-13 23:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-08-13 23:39 71,680 ------w C:\WINDOWS\system32\dllcache\admparse.dll
2007-08-13 23:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-08-13 23:39 55,296 ------w C:\WINDOWS\system32\dllcache\iesetup.dll
2007-08-13 23:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2007-08-13 23:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-08-13 23:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-08-13 23:36 36,352 ------w C:\WINDOWS\system32\dllcache\imgutil.dll
2007-08-13 23:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-08-13 23:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2007-08-13 23:32 45,568 ------w C:\WINDOWS\system32\dllcache\mshta.exe
2007-08-13 23:18 60,416 ------w C:\WINDOWS\system32\dllcache\hmmapi.dll
2007-08-13 23:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-08-13 23:01 48,128 ------w C:\WINDOWS\system32\dllcache\mshtmler.dll
2007-06-18 03:05:42 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-11-12_17.25.42.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-12 15:22:51 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-12 22:28:16 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-12 15:22:51 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-12 22:28:16 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-12 22:23:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-14 08:43]
"SigmatelSysTrayApp"="stsystra.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 02:12]
"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47]
"MBMon"="CTMBHA.DLL" [2005-05-19 07:54 C:\WINDOWS\system32\CTMBHA.DLL]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 15:47]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" []
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 07:50]
"HostManager"="C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe" [2006-09-25 19:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"snp2std"="C:\WINDOWS\vsnp2std.exe" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-14 20:02]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 08:51]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 16:04]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 16:40 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 18:39]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" []
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 14:41]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 14:35]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-10-20 19:09:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 16:01:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-13 14:52:46 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-11-08 13:50:15 C:\WINDOWS\Tasks\RegCure.job"
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-13 16:17:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-13 16:17:54
C:\ComboFix2.txt ... 2007-11-12 17:26
C:\ComboFix3.txt ... 2007-11-10 11:42
.
--- E O F ---







New HJT:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:29 PM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijack\HiJackThis.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180058179\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [SetDefaultMIDI] MIDIDef.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [Words] C:\Program Files\Words\Words.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [ISMModule4] "C:\Program Files\ISM\ISMModule4.exe" (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [WinAVX] C:\WINDOWS\system32\WinAvXX.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [Ultimate Cleaner] "C:\Program Files\Ultimate Cleaner\UltimateCleaner.exe" hide (User 'Stepahanie')
O4 - HKUS\S-1-5-21-1488046231-4255717838-2118716322-1007\..\Run: [Undefined] C:\WINDOWS\system32\winter.exe (User 'Stepahanie')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11047 bytes
Reply With Quote  
Join Date: Feb 2004
Location: Oztralya
Posts: 8,016
Reputation: crunchie is a jewel in the rough crunchie is a jewel in the rough crunchie is a jewel in the rough 
Rep Power: 23
Solved Threads: 455
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Slow computer/lots of errors/ Virus?

  #14  
Nov 14th, 2007
This should do you;

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the following text in the code box:

Help with Code Tags 
File::
C:\WINDOWS\system32\mskvtns.dll

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://i5.photobucket.com/albums/y15...1/CFScript.gif

Referring to the image above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Post another hijackthis log too if the removal was successful. Let me know how your pc is now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster

Please do not PM me for help. Instead, post in the public forum where others may benefit.
Reply With Quote  
Join Date: Nov 2007
Posts: 9
Reputation: Kheftiu is an unknown quantity at this point 
Rep Power: 0
Solved Threads: 0
Kheftiu Kheftiu is offline Offline
Newbie Poster

Re: Slow computer/lots of errors/ Virus?

  #15  
Nov 14th, 2007
ComboFix 07-11-08.1 - Sam 2007-11-14 18:02:02.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1354 [GMT -5:00]
Running from: C:\Documents and Settings\Sam\Desktop\combofix.exe
Command switches used :: C:\Documents and Settings\Sam\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\mskvtns.dll
.

((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
.
2007-11-13 16:12 0 --a------ C:\Documents and Settings\Sam\.exe
2007-11-11 21:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-11 21:13 <DIR> d-------- C:\WINDOWS\pss
2007-11-11 19:28 4,434 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-11 19:27 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-11-11 19:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-11-11 19:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-11-11 19:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-11-11 19:27 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-11-11 06:50 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\AVG7
2007-11-10 16:56 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\AVG7
2007-11-10 16:37 <DIR> d-------- C:\Program Files\Opera
2007-11-10 16:07 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\AVG7
2007-11-10 16:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-10 12:34 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-10 12:34 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-10 12:34 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-10 12:34 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-10 12:34 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-10 12:34 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-10 12:34 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-10 12:34 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-10 11:49 171,936 --a------ C:\WINDOWS\system32\msdtexch.dll
2007-11-10 11:48 <DIR> d-------- C:\Program Files\RegCleaner
2007-11-10 11:43 769 --a------ C:\WINDOWS\system32\msftedswc.dll
2007-11-09 12:47 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Apple Computer
2007-11-09 12:45 <DIR> d----c--- C:\Documents and Settings\Adam\Application Data\Nero
2007-11-08 22:51 161,344 --a------ C:\Documents and Settings\Sam\Application Data\pcant.exe
2007-11-08 15:30 <DIR> d-------- C:\Program Files\E404 Helper
2007-11-07 23:25 <DIR> d-------- C:\WINDOWS\system32\Mz08r
2007-11-07 23:25 <DIR> d----c--- C:\Temp\mZOr
2007-10-30 06:34 <DIR> d-------- C:\Documents and Settings\Stepahanie\Application Data\Nero
2007-10-30 05:32 <DIR> d-------- C:\Documents and Settings\Michael\Application Data\Nero
2007-10-29 17:41 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\Nero
2007-10-29 17:39 <DIR> d-------- C:\Program Files\Nero
2007-10-29 17:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-10-29 17:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-23 17:17 1,712,128 --a------ C:\WINDOWS\system32\GDIPLUS.DLL
2007-10-23 17:17 401,408 --a------ C:\WINDOWS\system32\pvmjpg30.dll
2007-10-23 17:17 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-10-23 17:14 196,096 --a------ C:\WINDOWS\system32\macd32.dll
2007-10-23 17:14 138,752 --a------ C:\WINDOWS\system32\mase32.dll
2007-10-23 17:14 136,192 --a------ C:\WINDOWS\system32\mamc32.dll
2007-10-23 17:14 57,856 --a------ C:\WINDOWS\system32\masd32.dll
2007-10-23 17:14 27,648 --a------ C:\WINDOWS\system32\ma32.dll
2007-10-23 17:10 <DIR> d-------- C:\Program Files\Pinnacle
2007-10-23 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2007-10-23 17:08 <DIR> d-------- C:\Documents and Settings\Sam\Application Data\InstallShield
2007-10-21 18:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2007-10-21 18:02 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2007-10-20 19:09 <DIR> d-------- C:\Program Files\WiFiConnector
2007-10-20 19:05 162,816 --a------ C:\WINDOWS\system32\drivers\RT25USBAP.SYS
2007-10-17 05:53 <DIR> d-------- C:\Program Files\CCleaner
2007-10-17 05:49 <DIR> d--h----- C:\WINDOWS\PIF
2007-10-16 16:04 <DIR> d----c--- C:\VundoFix Backups
2007-10-15 16:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-15 16:22 <DIR> d-------- C:\Program Files\Hijack
2007-10-15 15:42 <DIR> d----c--- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-10-14 19:19 <DIR> d-------- C:\Program Files\RegCure
2007-10-14 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-10-14 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-10-14 15:47 <DIR> d-------- C:\Program Files\Spyware Doctor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 22:50 --------- d-----w C:\Documents and Settings\Sam\Application Data\uTorrent
2007-11-13 21:12 0 ----a-w C:\Documents and Settings\Sam\.exe
2007-11-10 22:39 --------- d-----w C:\Program Files\uTorrent
2007-11-10 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-10 18:35 --------- d-----w C:\Program Files\AIM6
2007-11-04 03:02 --------- d-----w C:\Program Files\Viewpoint
2007-11-04 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-11-04 03:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-10-28 23:22 --------- d-----w C:\Documents and Settings\Sam\Application Data\AdobeUM
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 17:46 142 ----a-w C:\Program Files\page.html
2007-10-23 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 13:23 --------- d-----w C:\Documents and Settings\Stepahanie\Application Data\AdobeUM
2007-10-19 18:01 --------- d-----w C:\Program Files\America Online 9.0
2007-10-13 16:21 --------- d-----w C:\Documents and Settings\Sam\Application Data\Apple Computer
2007-10-07 03:00 --------- d-----w C:\Documents and Settings\Sam\Application Data\iolo
2007-10-07 03:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2007-10-07 01:58 --------- d-----w C:\Documents and Settings\Sam\Application Data\PC Tools
2007-10-06 03:58 --------- d-----w C:\Program Files\Lavasoft
2007-10-06 03:58 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-06 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-04 19:44 --------- d-----w C:\Program Files\iTunes
2007-10-04 19:44 --------- d-----w C:\Program Files\iPod
2007-10-03 03:06 10 ----a-w C:\Program Files\.autoreg
2007-09-30 03:21 --------- d-----w C:\Documents and Settings\Michael\Application Data\MEGAUPLOADTOOLBAR
2007-09-27 23:47 --------- d-----w C:\Program Files\BuddyList Ops
2007-09-24 13:05 132,904 ----a-w C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-24 13:05 11,304 ----a-w C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-20 13:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-09-20 13:55 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-09-20 13:55 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-09-17 19:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 19:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 19:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\VsapiNT.sys
2007-09-17 14:05 --------- dc----w C:\Documents and Settings\Adam\Application Data\MEGAUPLOADTOOLBAR
2007-09-17 13:56 --------- dc-h--w C:\Documents and Settings\Adam\Application Data\GTek
2007-08-22 12:55 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-08-22 12:55 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-08-22 12:55 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-08-22 12:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-08-22 12:55 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 20:34 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-18 03:05:42 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot_2007-11-12_17.25.42.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-12 15:22:51 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-14 22:56:38 62,032 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-11-12 15:22:51 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-14 22:56:38 402,426 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-12-19 21:52:18 8,453,632 ----a