 |
 |
| Blasted With Viruses and Malware: Here are the logs |
| 
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 11-20-2007 2:47 (GMT +1) |   | PLEASE NOTE THAT I TRIED TO RUN COMBOFIX, BUT THE VERSION IS OUTDATED. I FOLLOWED ALL OTHER INSTRUCTIONS ON THE "BEFORE POSTING A LOG" THREAD. THANK YOU!!
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:25:35 PM 11/19/2007
+ Scan result:
Nothing found.
::Report end
********************************* ROOTCHK-(21-09-07)-LOG, by ejvindh
Mon 11/19/2007 19:34:06.00
The rootkits that are detected by this tool were not found.
********************************* ROOTCHK-LOG-end
catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 19:34:07
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden services: 0
hidden files: 0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:43 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\abcgtjou.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KG\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.32.59.211:80->UnitedStates(TX,SanAntonio) <supports POST>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rphgdijr.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a8932382] rundll32.exe "C:\WINDOWS\system32\twmcpqgu.dll",b
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\abcgtjou.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 8547 bytes | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14307
| Posted 11-20-2007 5:59 (GMT +1) | | Hello 
It´s a bug in combofix.
Please download Combofix:
NB. Set Your clock to 16/11 /2007
Close all other browser windows.
Double-click Combofix.exe & follow the prompts
You will temporarily lose desktop while scan is running. Once scan is done desktop will return to normal.
When finished, it will produce a logfile located at C:\ComboFix.txt.
Post the contents of that log in your next reply with a new hijackthis log.
Note:
Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 11-21-2007 3:42 (GMT +1) | | | Right now I get a page not found error when I click the combofix link. Will try again later. Thank you! | | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 11-21-2007 7:39 (GMT +1) | | 
Still getting that darn error when using the combofix link... | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14307
| Posted 11-21-2007 7:46 (GMT +1) | | | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 11-21-2007 10:49 (GMT +1) | | Ok, got combofix installed now. Here are the combofix log and the new hijack this log. Thank you!!
Combfix:
ComboFix 07-11-19.3 - KG 2007-11-19 16:40:51.4 - NTFSx86
Running from: C:\Documents and Settings\KG\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\KG\Desktop\Live Safety Center.lnk
C:\Documents and Settings\KG\Desktop\Online Security Guide.lnk
C:\Documents and Settings\KG\Favorites\Online Security Guide.lnk
C:\Documents and Settings\KG\My Documents\RACLE~1
C:\Documents and Settings\KG\My Documents\RACLE~1\?racle\
C:\WINDOWS\cookies.ini
C:\WINDOWS\SYSTEM32\hhhkj.ini
C:\WINDOWS\SYSTEM32\hhhkj.ini2
C:\WINDOWS\system32\jkhhh.dll
C:\WINDOWS\SYSTEM32\klnmp.ini2
C:\WINDOWS\system32\rphgdijr.dllbox
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.
2007-11-19 19:05 690,276 --ahs---- C:\WINDOWS\SYSTEM32\ugqpcmwt.ini
2007-11-18 20:50 15,104 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2007-11-18 18:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-18 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-18 14:54 79,424 --a------ C:\WINDOWS\SYSTEM32\xameynpv.dll
2007-11-16 21:37 71,232 --a------ C:\WINDOWS\SYSTEM32\uxslonkl.exe
2007-11-16 21:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-11-16 13:11 84,544 --a------ C:\WINDOWS\SYSTEM32\whkhsqiy.dll
2007-11-16 01:39 71,232 --a------ C:\WINDOWS\SYSTEM32\sandlaxs.exe
2007-11-06 21:01 <DIR> d-------- C:\Documents and Settings\KG\Application Data\Sony Corporation
2007-11-06 20:58 299,923 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys
2007-11-06 20:58 102,220 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys
2007-11-06 20:58 53,248 --a------ C:\WINDOWS\SYSTEM32\SONYHCY.DLL
2007-11-06 20:58 38,739 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcc.sys
2007-11-06 20:58 6,097 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcb.sys
2007-11-06 20:58 3,654 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Sonyhcp.dll
2007-11-06 20:57 2,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-11-06 20:57 2,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-11-06 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
2007-10-19 19:56 200,704 --a------ C:\WINDOWS\SYSTEM32\ssldivx.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 00:05 83,008 ----a-w C:\WINDOWS\SYSTEM32\ctwkejid.dll
2007-11-20 00:02 71,232 ----a-w C:\WINDOWS\SYSTEM32\abcgtjou.exe
2007-11-17 02:46 84,544 ----a-w C:\WINDOWS\SYSTEM32\objaihcc.dll
2007-11-16 18:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-11 04:07 --------- d-----w C:\Program Files\DivX
2007-11-07 01:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-07 01:54 --------- d-----w C:\Program Files\Sony
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-21 08:05 --------- d-----w C:\Program Files\Java
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-10-14 21:35 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-14 21:34 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 21:33 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-14 21:33 --------- d-----w C:\Program Files\Ahead
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cb6cbfc-2c09-4900-85e5-51baa16182c1}]
2007-11-16 13:11 84544 --a------ C:\WINDOWS\system32\whkhsqiy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
C:\WINDOWS\system32\ljjhijh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 14:34]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 19:35]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-10-22 21:59]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"nwiz"="nwiz.exe" [2005-11-11 13:47 C:\WINDOWS\SYSTEM32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-27 21:31]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"GhostSurfDelSatellite"="C:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"a8932382"="C:\WINDOWS\system32\ytfgqcpc.dll" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 15:00:00]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 15:00:00]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\ljjhijh.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhijh]
ljjhijh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rphgdijr]
rphgdijr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anonymizer]
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 21:12 221184 --a------ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 15:00 28739 --a------ C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 21:15 290816 --------- C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
R3 US122;US122 Driver;C:\WINDOWS\system32\Drivers\US122.sys
R3 Us122WdmService;US122 Wdm Audio;C:\WINDOWS\system32\Drivers\US122Wdm.sys
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 US122DL;US122 Firmware Downloader;C:\WINDOWS\system32\Drivers\US122DL.sys
.
Contents of the 'Scheduled Tasks' folder
"2005-01-05 03:58:54 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2007-11-17 01:05:31 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - KG.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/task:
"2007-11-19 21:41:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-19 16:43:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-19 16:43:58
.
--- E O F ---
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:10 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\LckFldService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\KG\Desktop\HiJackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.32.59.211:80->UnitedStates(TX,SanAntonio) <supports POST>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\GhostSurf 2006 Platinum\SCActiveBlock.dll (file missing)
O2 - BHO: {1c28161a-ab15-5e58-0094-90c2cfbc6bc0} - {0cb6cbfc-2c09-4900-85e5-51baa16182c1} - C:\WINDOWS\system32\whkhsqiy.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\ljjhijh.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] "C:\Program Files\Norton Internet Security\UrlLstCk.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] "C:\PROGRA~1\SYMNET~1\SNDMon.exe" /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a8932382] rundll32.exe "C:\WINDOWS\system32\ytfgqcpc.dll",b
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ljjhijh - ljjhijh.dll (file missing)
O20 - Winlogon Notify: rphgdijr - rphgdijr.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 9402 bytes | | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 11-24-2007 9:20 (GMT +1) | | | I think it might all be cleared up. I don't have any of the symptoms anymore. | | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 11-30-2007 1:31 (GMT +1) | | | Hey guys, my Nortan AV just got rid of another virus. I think I still have an infection. How did my logs look? Please advise. Thank you. | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14307
| Posted 11-30-2007 7:37 (GMT +1) | | |
Ok. Please post new combofix log
Do NOT post your problem in someone elses thread.
Post Edited (Touch) : 30-11-2007 07:03:13 GMT | | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 12-3-2007 2:54 (GMT +1) | | ComboFix 07-11-19.3 - KG 2007-11-30 20:46:52.6 - NTFSx86
Running from: C:\Documents and Settings\KG\Desktop\VIRUS\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.
2007-11-22 16:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-22 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-19 19:02 71,232 --a------ C:\WINDOWS\SYSTEM32\abcgtjou.exe
2007-11-18 20:50 159,232 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
2007-11-18 20:50 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2007-11-18 20:50 15,104 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2007-11-18 20:50 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2007-11-18 18:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-18 17:32 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-18 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-18 14:57 678,280 --ahs---- C:\WINDOWS\SYSTEM32\bgyvhoma.ini
2007-11-16 21:46 84,544 --a------ C:\WINDOWS\SYSTEM32\objaihcc.dll
2007-11-16 21:43 673,289 --ahs---- C:\WINDOWS\SYSTEM32\anasyqlp.ini
2007-11-16 21:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-11-16 13:08 773,113 --ahs---- C:\WINDOWS\SYSTEM32\cpcqgfty.ini
2007-11-16 01:39 71,232 --a------ C:\WINDOWS\SYSTEM32\sandlaxs.exe
2007-11-06 21:01 <DIR> d-------- C:\Documents and Settings\KG\Application Data\Sony Corporation
2007-11-06 20:58 299,923 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys
2007-11-06 20:58 102,220 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys
2007-11-06 20:58 53,248 --a------ C:\WINDOWS\SYSTEM32\SONYHCY.DLL
2007-11-06 20:58 38,739 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcc.sys
2007-11-06 20:58 6,097 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcb.sys
2007-11-06 20:58 3,654 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Sonyhcp.dll
2007-11-06 20:57 2,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-11-06 20:57 2,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-11-06 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 01:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-20 05:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 05:08 --------- d-----w C:\Program Files\Atari
2007-11-20 05:05 --------- d-----w C:\Program Files\Java
2007-11-20 05:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 02:43 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-20 02:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-20 02:41 --------- d-----w C:\Program Files\Symantec
2007-11-17 02:37 71,232 ----a-w C:\WINDOWS\SYSTEM32\uxslonkl.exe
2007-11-16 18:11 84,544 ----a-w C:\WINDOWS\SYSTEM32\whkhsqiy.dll
2007-11-11 04:07 --------- d-----w C:\Program Files\DivX
2007-11-07 01:54 --------- d-----w C:\Program Files\Sony
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-10-14 21:35 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-14 21:34 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 21:33 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-14 21:33 --------- d-----w C:\Program Files\Ahead
.
((((((((((((((((((((((((((((( snapshot@2007-11-19_14.09.52.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2004-09-15 18:27:54 192,512 ----a-w C:\WINDOWS\INF\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\INF\unregmp2.exe
- 2004-09-15 18:28:06 8,192 ----a-w C:\WINDOWS\SYSTEM32\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\SYSTEM32\asferror.dll
- 2004-09-15 18:28:06 480,768 ----a-w C:\WINDOWS\SYSTEM32\Audiodev.dll
+ 2006-10-19 02:47:08 276,992 ----a-w C:\WINDOWS\SYSTEM32\audiodev.dll
- 2004-09-15 18:28:06 233,472 ----a-w C:\WINDOWS\SYSTEM32\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\SYSTEM32\blackbox.dll
- 2004-09-15 18:28:06 161,792 ----a-w C:\WINDOWS\SYSTEM32\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\SYSTEM32\cewmdm.dll
- 2004-09-15 18:28:06 8,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\asferror.dll
+ 2006-10-19 02:47:08 7,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\asferror.dll
- 2004-09-15 18:28:06 233,472 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\blackbox.dll
+ 2006-10-19 02:47:10 542,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\blackbox.dll
- 2004-09-15 18:28:06 161,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cewmdm.dll
+ 2006-10-19 02:47:10 229,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cewmdm.dll
- 2004-09-15 18:28:08 527,360 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\drmv2clt.dll
- 2004-09-15 18:27:52 6,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\LAPRXY.dll
- 2004-09-15 18:27:52 96,768 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\logagent.exe
- 2004-09-15 18:27:52 141,312 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msnetobj.dll
- 2004-09-15 18:27:52 25,088 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspmsnsv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspmsnsv.dll
- 2004-09-15 18:27:52 169,472 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspmsp.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mspmsp.dll
- 2004-09-15 18:27:52 360,176 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
- 2004-09-15 18:27:52 311,296 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswmdm.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswmdm.dll
- 2004-09-15 18:27:54 221,184 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\qasf.dll
- 2004-09-15 18:27:54 819,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\setup_wm.exe
+ 2006-11-01 23:31:38 1,669,120 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\setup_wm.exe
- 2004-09-15 18:27:54 192,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
+ 2007-06-27 03:10:26 317,440 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
- 2004-09-15 18:27:54 380,144 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\WMADMOD.dll
- 2004-09-15 18:27:54 712,704 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\WMADMOE.dll
- 2004-09-15 18:27:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmasf.dll
+ 2006-10-19 02:47:18 222,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\WMASF.dll
- 2004-09-15 18:27:54 30,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmdmlog.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmdmlog.dll
- 2004-09-15 18:27:54 34,304 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmdmps.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmdmps.dll
- 2004-09-15 18:27:54 189,440 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmerror.dll
- 2004-09-15 18:27:54 150,016 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmidx.dll
- 2004-09-15 18:27:54 1,027,072 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\WMNetMgr.dll
- 2004-09-15 18:28:00 135,168 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpasf.dll
- 2004-09-15 18:28:00 77,824 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpband.dll
+ 2006-10-19 02:47:20 96,256 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpband.dll
- 2004-09-15 18:28:00 282,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpdxm.dll
- 2004-09-15 18:28:00 73,728 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmplayer.exe
+ 2006-10-19 02:46:20 64,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmplayer.exe
- 2004-09-15 18:28:00 86,016 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmpshell.dll
- 2004-09-15 18:28:00 773,368 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmsdmod.dll
- 2004-09-15 18:28:02 1,116,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmsdmoe2.dll
- 2004-09-15 18:28:02 531,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\WMSPDMOD.dll
- 2004-09-15 18:28:02 936,960 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvcore.dll
- 2004-09-15 18:28:06 871,160 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvdmod.dll
- 2004-09-15 18:28:06 999,424 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wmvdmoe2.dll
- 2005-04-05 15:16:52 11,512 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys
+ 2007-03-28 23:41:12 11,480 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys
- 2005-07-28 18:52:18 123,712 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
+ 2006-09-16 03:52:12 124,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
- 2005-04-05 15:16:54 173,208 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
+ 2007-03-28 23:41:14 171,928 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys
- 2005-04-05 15:16:58 36,984 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
+ 2007-03-28 23:41:20 37,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys
- 2005-04-05 15:16:56 47,192 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
+ 2007-03-28 23:41:18 47,192 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys
- 2005-04-05 15:17:00 17,976 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
+ 2007-03-28 23:41:24 18,904 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys
- 2005-04-05 15:17:02 267,192 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
+ 2007-03-28 23:41:26 266,552 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys
+ 2006-10-19 02:47:22 671,232 ------w C:\WINDOWS\SYSTEM32\DRIVERS\UMDF\wpdmtpdr.dll
- 2004-09-15 18:28:06 18,944 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
+ 2006-10-19 01:00:00 38,528 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\wpdusb.sys
+ 2006-09-28 23:55:50 77,568 ------w C:\WINDOWS\SYSTEM32\DRIVERS\WudfPf.sys
+ 2006-09-29 00:00:34 82,944 ------w C:\WINDOWS\SYSTEM32\DRIVERS\WudfRd.sys
+ 2006-10-19 01:00:46 249,856 ------w C:\WINDOWS\SYSTEM32\drmupgds.exe
- 2004-09-15 18:28:08 527,360 ----a-w C:\WINDOWS\SYSTEM32\drmv2clt.dll
+ 2006-10-19 02:47:10 991,744 ----a-w C:\WINDOWS\SYSTEM32\drmv2clt.dll
- 2004-09-15 18:27:52 6,656 ----a-w C:\WINDOWS\SYSTEM32\laprxy.dll
+ 2006-10-19 02:47:14 11,264 ----a-w C:\WINDOWS\SYSTEM32\LAPRXY.dll
- 2004-09-15 18:27:52 96,768 ----a-w C:\WINDOWS\SYSTEM32\logagent.exe
+ 2006-10-19 01:03:58 100,864 ----a-w C:\WINDOWS\SYSTEM32\logagent.exe
+ 2006-10-19 02:47:14 212,992 ------w C:\WINDOWS\SYSTEM32\MFPLAT.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\SYSTEM32\MP43DECD.dll
- 2004-08-04 11:00:00 310,272 ----a-w C:\WINDOWS\SYSTEM32\MP43DMOD.DLL
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\SYSTEM32\MP43DMOD.dll
+ 2006-10-19 02:47:14 317,440 ------w C:\WINDOWS\SYSTEM32\MP4SDECD.dll
- 2004-08-04 11:00:00 384,512 ----a-w C:\WINDOWS\SYSTEM32\MP4SDMOD.DLL
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\SYSTEM32\MP4SDMOD.dll
+ 2006-10-19 02:47:14 259,072 ------w C:\WINDOWS\SYSTEM32\MPG4DECD.dll
- 2004-08-04 11:00:00 240,640 ----a-w C:\WINDOWS\SYSTEM32\MPG4DMOD.DLL
+ 2006-10-19 02:47:14 4,096 ----a-w C:\WINDOWS\SYSTEM32\MPG4DMOD.dll
+ 2006-10-02 20:28:42 312,128 ------w C:\WINDOWS\SYSTEM32\msdelta.dll
- 2004-09-15 18:27:52 141,312 ----a-w C:\WINDOWS\SYSTEM32\msnetobj.dll
+ 2006-10-19 02:47:16 179,712 ----a-w C:\WINDOWS\SYSTEM32\msnetobj.dll
- 2004-09-15 18:27:52 25,088 ----a-w C:\WINDOWS\SYSTEM32\MsPMSNSv.dll
+ 2006-10-19 02:47:16 27,136 ----a-w C:\WINDOWS\SYSTEM32\mspmsnsv.dll
- 2004-09-15 18:27:52 169,472 ----a-w C:\WINDOWS\SYSTEM32\MsPMSP.dll
+ 2006-10-19 02:47:16 175,616 ----a-w C:\WINDOWS\SYSTEM32\mspmsp.dll
- 2004-09-15 18:27:52 360,176 ----a-w C:\WINDOWS\SYSTEM32\MSSCP.dll
+ 2006-12-04 21:21:50 414,720 ----a-w C:\WINDOWS\SYSTEM32\msscp.dll
- 2004-09-15 18:27:52 311,296 ----a-w C:\WINDOWS\SYSTEM32\MSWMDM.dll
+ 2006-10-19 02:47:16 321,536 ----a-w C:\WINDOWS\SYSTEM32\mswmdm.dll
+ 2006-10-19 02:47:18 284,160 ------w C:\WINDOWS\SYSTEM32\PortableDeviceApi.dll
+ 2006-10-19 02:47:18 101,888 ------w C:\WINDOWS\SYSTEM32\PortableDeviceClassExtension.dll
+ 2006-10-19 02:47:18 166,912 ------w C:\WINDOWS\SYSTEM32\PortableDeviceTypes.dll
+ 2006-10-19 02:47:18 132,096 ------w C:\WINDOWS\SYSTEM32\PortableDeviceWiaCompat.dll
+ 2006-10-19 02:47:18 199,168 ------w C:\WINDOWS\SYSTEM32\PortableDeviceWMDRM.dll
- 2004-09-15 18:27:54 221,184 ----a-w C:\WINDOWS\SYSTEM32\qasf.dll
+ 2006-10-19 02:47:18 211,456 ----a-w C:\WINDOWS\SYSTEM32\qasf.dll
- 2005-07-28 18:52:18 91,856 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
+ 2006-09-16 03:52:12 91,904 ----a-w C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
- 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\SYSTEM32\spmsg.dll
+ 2006-09-25 22:58:48 14,640 ------w C:\WINDOWS\SYSTEM32\spmsg.dll
- 2006-09-06 22:43:16 22,752 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
+ 2006-09-25 22:58:48 23,856 ----a-w C:\WINDOWS\SYSTEM32\spupdsvc.exe
- 2005-04-05 15:17:04 517,848 ----a-w C:\WINDOWS\SYSTEM32\SymNeti.dll
+ 2007-03-28 23:41:32 517,848 ----a-w C:\WINDOWS\SYSTEM32\SymNeti.dll
- 2005-04-05 15:17:04 132,824 ----a-w C:\WINDOWS\SYSTEM32\SymRedir.dll
+ 2007-03-28 23:41:28 132,824 ----a-w C:\WINDOWS\SYSTEM32\SymRedir.dll
- 2004-09-15 18:27:54 47,104 ----a-w C:\WINDOWS\SYSTEM32\uwdf.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\SYSTEM32\uwdf.exe
- 2004-09-15 18:27:54 15,872 ----a-w C:\WINDOWS\SYSTEM32\wdfapi.dll
+ 2006-10-19 02:47:18 4,096 ----a-w C:\WINDOWS\SYSTEM32\wdfapi.dll
- 2004-09-15 18:27:54 38,912 ----a-w C:\WINDOWS\SYSTEM32\wdfmgr.exe
+ 2006-10-19 02:58:00 8,704 ----a-w C:\WINDOWS\SYSTEM32\wdfmgr.exe
- 2004-09-15 18:27:54 380,144 ----a-w C:\WINDOWS\SYSTEM32\wmadmod.dll
+ 2006-10-19 02:47:18 757,248 ----a-w C:\WINDOWS\SYSTEM32\WMADMOD.dll
- 2004-09-15 18:27:54 712,704 ----a-w C:\WINDOWS\SYSTEM32\wmadmoe.dll
+ 2006-10-19 02:47:18 1,117,696 ----a-w C:\WINDOWS\SYSTEM32\WMADMOE.dll
- 2004-09-15 18:27:54 229,376 ----a-w C:\WINDOWS\SYSTEM32\wmasf.dll
+ 2006-10-19 02:47:18 222,208 ----a-w C:\WINDOWS\SYSTEM32\WMASF.dll
- 2004-09-15 18:27:54 30,208 ----a-w C:\WINDOWS\SYSTEM32\WMDMLOG.dll
+ 2006-10-19 02:47:18 33,792 ----a-w C:\WINDOWS\SYSTEM32\wmdmlog.dll
- 2004-09-15 18:27:54 34,304 ----a-w C:\WINDOWS\SYSTEM32\WMDMPS.dll
+ 2006-10-19 02:47:18 37,376 ----a-w C:\WINDOWS\SYSTEM32\wmdmps.dll
- 2004-09-15 18:27:54 344,064 ----a-w C:\WINDOWS\SYSTEM32\WMDRMdev.dll
+ 2006-10-19 02:47:18 429,056 ----a-w C:\WINDOWS\SYSTEM32\wmdrmdev.dll
- 2004-09-15 18:27:54 290,816 ----a-w C:\WINDOWS\SYSTEM32\WMDRMNet.dll
+ 2006-10-19 02:47:20 348,672 ----a-w C:\WINDOWS\SYSTEM32\wmdrmnet.dll
+ 2006-10-19 02:47:20 535,040 ------w C:\WINDOWS\SYSTEM32\wmdrmsdk.dll
- 2004-09-15 18:27:54 189,440 ----a-w C:\WINDOWS\SYSTEM32\wmerror.dll
+ 2006-10-19 02:47:20 227,328 ----a-w C:\WINDOWS\SYSTEM32\wmerror.dll
- 2004-09-15 18:27:54 150,016 ----a-w C:\WINDOWS\SYSTEM32\wmidx.dll
+ 2006-10-19 02:47:20 157,184 ----a-w C:\WINDOWS\SYSTEM32\wmidx.dll
- 2004-09-15 18:27:54 1,027,072 ----a-w C:\WINDOWS\SYSTEM32\wmnetmgr.dll
+ 2006-10-19 02:47:20 937,984 ----a-w C:\WINDOWS\SYSTEM32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\SYSTEM32\wmp.dll
+ 2007-06-12 04:51:12 10,834,944 ----a-w C:\WINDOWS\SYSTEM32\wmp.dll
- 2004-09-15 18:28:00 135,168 ----a-w C:\WINDOWS\SYSTEM32\wmpasf.dll
+ 2006-10-19 02:47:20 242,688 ----a-w C:\WINDOWS\SYSTEM32\wmpasf.dll
- 2004-09-15 18:28:00 282,624 ----a-w C:\WINDOWS\SYSTEM32\wmpdxm.dll
+ 2006-10-19 02:47:20 314,880 ----a-w C:\WINDOWS\SYSTEM32\wmpdxm.dll
+ 2006-10-19 02:47:20 295,936 ------w C:\WINDOWS\SYSTEM32\wmpeffects.dll
- 2004-09-15 18:28:00 1,589,760 ----a-w C:\WINDOWS\SYSTEM32\wmpencen.dll
+ 2006-10-19 02:47:20 1,661,440 ----a-w C:\WINDOWS\SYSTEM32\wmpencen.dll
- 2004-09-15 18:28:00 3,371,008 ----a-w C:\WINDOWS\SYSTEM32\wmploc.dll
+ 2006-10-19 02:47:20 8,231,936 ----a-w C:\WINDOWS\SYSTEM32\wmploc.dll
+ 2006-10-19 02:47:20 613,376 ------w C:\WINDOWS\SYSTEM32\wmpmde.dll
+ 2006-10-19 02:47:20 130,048 ------w C:\WINDOWS\SYSTEM32\wmpps.dll
- 2004-09-15 18:28:00 86,016 ----a-w C:\WINDOWS\SYSTEM32\wmpshell.dll
+ 2006-10-19 02:47:20 99,840 ----a-w C:\WINDOWS\SYSTEM32\wmpshell.dll
- 2004-09-15 18:28:00 175,104 ----a-w C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
+ 2006-10-19 02:47:20 204,288 ----a-w C:\WINDOWS\SYSTEM32\wmpsrcwp.dll
- 2004-09-15 18:28:00 773,368 ----a-w C:\WINDOWS\SYSTEM32\wmsdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\wmsdmod.dll
- 2004-09-15 18:28:02 1,116,160 ----a-w C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\wmsdmoe2.dll
- 2004-09-15 18:28:02 531,192 ----a-w C:\WINDOWS\SYSTEM32\wmspdmod.dll
+ 2006-10-19 02:47:22 603,648 ----a-w C:\WINDOWS\SYSTEM32\WMSPDMOD.dll
- 2004-09-15 18:28:02 936,960 ----a-w C:\WINDOWS\SYSTEM32\wmspdmoe.dll
+ 2006-10-19 02:47:22 1,329,152 ----a-w C:\WINDOWS\SYSTEM32\WMSPDMOE.dll
- 2004-09-15 18:28:04 1,181,944 ----a-w C:\WINDOWS\SYSTEM32\wmvadvd.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\WMVADVD.dll
- 2004-09-15 18:28:04 1,509,376 ----a-w C:\WINDOWS\SYSTEM32\WMVADVE.DLL
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\SYSTEM32\wmvcore.dll
+ 2006-10-19 02:47:22 2,450,944 ----a-w C:\WINDOWS\SYSTEM32\wmvcore.dll
+ 2006-10-19 02:47:22 1,543,680 ------w C:\WINDOWS\SYSTEM32\WMVDECOD.dll
- 2004-09-15 18:28:06 871,160 ----a-w C:\WINDOWS\SYSTEM32\wmvdmod.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\wmvdmod.dll
- 2004-09-15 18:28:06 999,424 ----a-w C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 4,096 ----a-w C:\WINDOWS\SYSTEM32\wmvdmoe2.dll
+ 2006-10-19 02:47:22 1,574,912 ------w C:\WINDOWS\SYSTEM32\WMVENCOD.dll
+ 2006-10-19 02:47:22 1,382,912 ------w C:\WINDOWS\SYSTEM32\WMVSDECD.dll
+ 2006-10-19 02:47:22 767,488 ------w C:\WINDOWS\SYSTEM32\WMVSENCD.dll
+ 2006-10-19 02:47:22 656,896 ------w C:\WINDOWS\SYSTEM32\WMVXENCD.dll
- 2004-09-15 18:28:06 38,912 ----a-w C:\WINDOWS\SYSTEM32\wpd_ci.dll
+ 2006-10-19 02:47:22 629,760 ----a-w C:\WINDOWS\SYSTEM32\wpd_ci.dll
- 2004-09-15 18:28:06 61,952 ----a-w C:\WINDOWS\SYSTEM32\wpdconns.dll
+ 2006-10-19 02:47:22 35,840 ----a-w C:\WINDOWS\SYSTEM32\wpdconns.dll
- 2004-09-15 18:28:06 114,176 ----a-w C:\WINDOWS\SYSTEM32\wpdmtp.dll
+ 2006-10-19 02:47:22 154,624 ----a-w C:\WINDOWS\SYSTEM32\wpdmtp.dll
- 2004-09-15 18:28:06 66,560 ----a-w C:\WINDOWS\SYSTEM32\wpdmtpus.dll
+ 2006-10-19 02:47:22 63,488 ----a-w C:\WINDOWS\SYSTEM32\wpdmtpus.dll
+ 2006-10-19 02:47:22 2,603,008 ------w C:\WINDOWS\SYSTEM32\WpdShext.dll
+ 2006-10-19 01:00:14 17,408 ------w C:\WINDOWS\SYSTEM32\wpdshextautoplay.exe
+ 2006-10-19 02:47:22 38,400 ------w C:\WINDOWS\SYSTEM32\wpdshextres.dll
+ 2006-10-19 02:47:22 133,632 ------w C:\WINDOWS\SYSTEM32\WPDShServiceObj.dll
- 2004-09-15 18:28:06 327,680 ----a-w C:\WINDOWS\SYSTEM32\wpdsp.dll
+ 2006-10-19 02:47:22 356,352 ----a-w C:\WINDOWS\SYSTEM32\wpdsp.dll
+ 2006-09-29 01:13:26 95,344 ------w C:\WINDOWS\SYSTEM32\WUDFCoinstaller.dll
+ 2006-09-28 23:56:38 146,432 ------w C:\WINDOWS\SYSTEM32\WudfHost.exe
+ 2006-09-28 23:56:16 165,376 ------w C:\WINDOWS\SYSTEM32\WudfPlatform.dll
+ 2006-09-28 23:56:14 55,808 ------w C:\WINDOWS\SYSTEM32\WudfSvc.dll
+ 2006-09-28 23:56:38 316,416 ------w C:\WINDOWS\SYSTEM32\WUDFx.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cb6cbfc-2c09-4900-85e5-51baa16182c1}]
2007-11-16 13:11 84544 --a------ C:\WINDOWS\system32\whkhsqiy.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
C:\WINDOWS\system32\ljjhijh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 19:35]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-19 21:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"nwiz"="nwiz.exe" [2005-11-11 13:47 C:\WINDOWS\SYSTEM32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-27 21:31]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"GhostSurfDelSatellite"="C:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"a8932382"="C:\WINDOWS\system32\ytfgqcpc.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 15:00:00]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-08-08 15:00:00]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\ljjhijh.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhijh]
ljjhijh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rphgdijr]
rphgdijr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anonymizer]
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe /startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-03 21:12 221184 --a------ C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-08-08 15:00 28739 --a------ C:\Program Files\Microsoft Works\WkDetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-11 21:15 290816 --------- C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
R3 US122;US122 Driver;C:\WINDOWS\system32\Drivers\US122.sys
R3 Us122WdmService;US122 Wdm Audio;C:\WINDOWS\system32\Drivers\US122Wdm.sys
S3 bkn50USB;Belkin 54Mbps Wireless USB Network Adapter;C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
S3 US122DL;US122 Firmware Downloader;C:\WINDOWS\system32\Drivers\US122DL.sys
.
Contents of the 'Scheduled Tasks' folder
"2005-01-05 03:58:54 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2007-12-01 01:44:54 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - KG.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/task:
"2007-12-01 01:46:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-30 20:48:56
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-30 20:49:56
C:\ComboFix2.txt ... 2007-11-19 16:44
.
--- E O F --- | | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 12-3-2007 2:56 (GMT +1) | | | I know I still have spyware. My Norton AV tells me but it doesn't seem to delete it. Thanks for the help!!! | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 14307
| Posted 12-3-2007 8:49 (GMT +1) | | |
Open notepad and copy/paste the text in the quote box below into it:
Quote:
-----------------------------------------------------
KILLALL::
File::
C:\WINDOWS\SYSTEM32\abcgtjou.exe
C:\WINDOWS\SYSTEM32\bgyvhoma.ini
C:\WINDOWS\SYSTEM32\objaihcc.dll
C:\WINDOWS\SYSTEM32\anasyqlp.ini
C:\WINDOWS\SYSTEM32\cpcqgfty.ini
C:\WINDOWS\SYSTEM32\sandlaxs.exe
C:\WINDOWS\system32\whkhsqiy.dll
C:\WINDOWS\system32\ljjhijh.dll
C:\WINDOWS\system32\ytfgqcpc.dll
Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cb6cbfc-2c09-4900-85e5-51baa16182c1}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]
[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\ljjhijh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhijh]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rphgdijr]
----------------------------------------------
Save this as CFScript.txt
Referring to the picture above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system.
It may reboot your system when it finishes. This is normal.
Post new hijackthis log along with fresh combofix log and tell how things are running now ?
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
jamesjanks
New Member
Date Joined Dec 2006
Total Posts : 21
| Posted 12-5-2007 3:30 (GMT +1) | | Things are running well right now. Here is the new ComboFix log:
ComboFix 07-12-02.7 - KG 2007-12-02 0:47:49.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.288 [GMT -5:00]
Running from: C:\Documents and Settings\KG\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KG\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\SYSTEM32\abcgtjou.exe
C:\WINDOWS\SYSTEM32\anasyqlp.ini
C:\WINDOWS\SYSTEM32\bgyvhoma.ini
C:\WINDOWS\SYSTEM32\cpcqgfty.ini
C:\WINDOWS\system32\ljjhijh.dll
C:\WINDOWS\SYSTEM32\objaihcc.dll
C:\WINDOWS\SYSTEM32\sandlaxs.exe
C:\WINDOWS\system32\whkhsqiy.dll
C:\WINDOWS\system32\ytfgqcpc.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\abcgtjou.exe
C:\WINDOWS\SYSTEM32\anasyqlp.ini
C:\WINDOWS\SYSTEM32\bgyvhoma.ini
C:\WINDOWS\SYSTEM32\cpcqgfty.ini
C:\WINDOWS\SYSTEM32\objaihcc.dll
C:\WINDOWS\system32\sandlaxs.exe
C:\WINDOWS\system32\uxslonkl.exe
C:\WINDOWS\system32\whkhsqiy.dll
.
((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.
2007-11-22 16:16 . 2006-10-04 09:06 1,197,294 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\sysmain.sdb
2007-11-22 16:16 . 2006-10-04 09:06 764,868 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apph_sp.sdb
2007-11-22 16:16 . 2006-10-04 09:06 217,118 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\apphelp.sdb
2007-11-22 16:15 . 2007-11-22 16:15 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-11-22 16:14 . 2007-11-22 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2007-11-22 16:14 . 2007-11-22 16:14 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-11-22 16:14 . 2007-11-23 23:14 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-11-19 19:05 . 2007-11-16 21:36 690,276 --ahs---- C:\WINDOWS\SYSTEM32\ugqpcmwt.ini
2007-11-18 20:50 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
2007-11-18 20:50 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbscan.sys
2007-11-18 20:50 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbscan.sys
2007-11-18 20:50 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2007-11-18 18:14 . 2007-11-18 18:14 <DIR> d-------- C:\Program Files\CCleaner
2007-11-18 17:32 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-11-18 15:57 . 2007-11-18 15:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 21:36 . 2007-11-16 21:36 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Symantec
2007-11-06 21:01 . 2007-11-06 21:01 <DIR> d-------- C:\Documents and Settings\KG\Application Data\Sony Corporation
2007-11-06 20:58 . 2006-10-30 13:46 299,923 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcs.sys
2007-11-06 20:58 . 2006-10-30 13:46 102,220 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys
2007-11-06 20:58 . 2006-10-30 13:46 53,248 --a------ C:\WINDOWS\SYSTEM32\SONYHCY.DLL
2007-11-06 20:58 . 2006-10-30 13:46 38,739 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcc.sys
2007-11-06 20:58 . 2006-10-30 13:46 6,097 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sonyhcb.sys
2007-11-06 20:58 . 2006-10-30 13:46 3,654 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Sonyhcp.dll
2007-11-06 20:57 . 2006-08-28 21:48 2,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys
2007-11-06 20:57 . 2006-08-28 21:48 2,432 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys
2007-11-06 20:53 . 2007-11-06 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Corporation
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-27 01:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-20 05:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 05:08 --------- d-----w C:\Program Files\Atari
2007-11-20 05:05 --------- d-----w C:\Program Files\Java
2007-11-20 05:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 02:43 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-20 02:43 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-20 02:41 --------- d-----w C:\Program Files\Symantec
2007-11-11 04:07 --------- d-----w C:\Program Files\DivX
2007-11-07 01:54 --------- d-----w C:\Program Files\Sony
2007-10-14 21:35 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-14 21:34 --------- d-----w C:\Program Files\Common Files\LightScribe
2007-10-14 21:33 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-14 21:33 --------- d-----w C:\Program Files\Ahead
.
((((((((((((((((((((((((((((( snapshot_2007-11-30_20.48.59.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 21:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 08:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:32]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2003-12-11 19:35]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-11-19 21:40]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"nwiz"="nwiz.exe" [2005-11-11 13:47 C:\WINDOWS\SYSTEM32\nwiz.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-10-18 11:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-27 21:31]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"GhostSurfDelSatellite"="C:\Program Files\GhostSurf 2006 Platinum\DeleteSatellite.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"a8932382"="C:\WINDOWS\system32\ytfgqcpc.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 15:00:00]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Sh | |
| |
