1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Mysvcc help needed

Discussion in 'Malware and Virus Removal Archive' started by Bajo, 2006/12/20.

Thread Status:
Not open for further replies.
  1. 2006/12/20
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    Hi!
    For some time I'm getting a pop up window form outpost firewall where mysvcc is reaquesting an inbound or outbound connection, the courious thing is that it's here again after a fresh install of windows.
    Also something is constantly bring up my internet connection at the end of the stratup at the very end and I simply can't find the reason for it.

    So here's the HJT log ( note I previously removed mysvcc and did a new scan)
    Logfile of HijackThis v1.99.1
    Scan saved at 2:10:19, on 21.12.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Eset\nod32krn.exe
    D:\NORTON~1\NORTON~1\NPROTECT.EXE
    D:\Outpost Firewall\outpost.exe
    C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    D:\Eset\nod32kui.exe
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
    D:\Acronis\TrueImageMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Motherboard Monitor 5\MBM5.EXE
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    D:\ATI Tray Tools\atitray.exe
    D:\Mozilla\Mozilla.exe
    D:\Logitech\SetPoint\KEM.exe
    D:\Logitech\SetPoint\KHALMNPR.EXE
    C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\Thunderbird\thunderbird.exe
    C:\WINDOWS\Explorer.EXE
    D:\hijackthis\HijackThis.exe

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe "
    O4 - HKLM\..\Run: [nod32kui] "D:\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [Outpost Firewall] D:\Outpost Firewall\outpost.exe /waitservice
    O4 - HKLM\..\Run: [OutpostFeedBack] D:\Outpost Firewall\feedback.exe /dump:eek:s_startup
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe "
    O4 - HKLM\..\Run: [SmartGuardian] D:\Smart Guardian\ITESmart.exe
    O4 - HKLM\..\Run: [TrueImageMonitor.exe] D:\Acronis\TrueImageMonitor.exe
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe "
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [MBM 5] "D:\Motherboard Monitor 5\MBM5.EXE "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [AtiTrayTools] "D:\ATI Tray Tools\atitray.exe "
    O4 - HKCU\..\Run: [Mozilla Quick Launch] "D:\Mozilla\Mozilla.exe" -turbo
    O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\KEM.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - D:\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81CB2835-A8F8-40E7-B681-1F272B1AC64D}: NameServer = 213.191.128.8 213.191.128.9
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Eset\nod32krn.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - D:\Outpost Firewall\outpost.exe
    O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: Speed Disk service - Symantec Corporation - D:\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    Unfortunatley the combofix is too large to post ( over 30000 charaters)

    here's teh link to my silent runners log http://www.sendspace.com/file/tw4ch0
     
    Last edited: 2006/12/20
    Bajo,
    #1
  2. 2006/12/20
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Hello and welcome to WindowsBBS Forums.
    I'm not sure why you're surprised you got infected, yes it may well be a fresh install, but you have not updated anything yet, past XP SP 1. I'd guess and say there are about 30-40 critical updates for you to DL. These updates are the most critical thing you can do to protect your machine.

    Not sure I understand fully what you're saying, is something wanting to connect, aside from the mysvcc? And this would be when you start up windows, something wants to connect to the Net?
    So you fixed whatever was showing in your HJT log file and deleted the relating files?


    Well nothing else is showing in either HJT or Silent Runners logs.

    Post the ComboFix log, even if it takes a few posts, that tool displays a lot more files than other tools don't always see.
     
    TeMerc,
    #2


  3. to hide this advert.

  4. 2006/12/21
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    something is starting my dial up connection.

    I checked teh box in HJT, but did not manualy delete any files.

    combofix part 1.
    Isus - 06-12-21 9:40:29,81 Service Pack 1
    ComboFix 06.11.27 - Running from: "D:\Downloads\Utility "

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-21 to 2006-12-21 ))))))))))))))))))))))))))))))))))


    2006-12-20 20:41 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2006-12-20 20:41 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2006-12-20 20:41 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2006-12-20 20:40 <DIR> d-------- C:\Program Files\Symantec
    2006-12-20 20:40 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
    2006-12-20 20:40 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Symantec
    2006-12-20 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
    2006-12-20 14:02 <DIR> d-------- C:\Program Files\Java
    2006-12-20 13:58 <DIR> d-------- C:\Program Files\Common Files\xing shared
    2006-12-20 13:58 <DIR> d-------- C:\Program Files\Common Files\Real
    2006-12-20 13:57 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Real
    2006-12-20 13:49 <DIR> d-------- C:\Program Files\Common Files\Java
    2006-12-20 13:48 <DIR> d-------- C:\WINDOWS\system32\appmgmt
    2006-12-20 03:10 43,602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
    2006-12-17 17:57 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Adobe
    2006-12-17 15:12 99,024 --a------ C:\WINDOWS\MozillaUninstall.exe
    2006-12-16 16:28 <DIR> d---s---- C:\Documents and Settings\Isus\UserData
    2006-12-16 02:12 21,760 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-12-16 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2006-12-15 23:19 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
    2006-12-15 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    2006-12-15 23:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-15 22:59 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Lavasoft
    2006-12-15 22:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Acronis
    2006-12-15 22:05 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\OpenOffice.org2
    2006-12-15 20:26 <DIR> d-------- C:\Program Files\OpenOffice.org 2.0
    2006-12-15 20:21 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Sun
    2006-12-15 20:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2006-12-15 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-12-15 20:17 <DIR> d-------- C:\Program Files\Adobe
    2006-12-15 19:55 <DIR> d-------- C:\WINDOWS\pss
    2006-12-15 19:52 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2006-12-15 19:51 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2006-12-15 19:51 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Logitech
    2006-12-15 19:45 61,440 --a------ C:\WINDOWS\system32\dcccp106.dll
    2006-12-15 19:45 45,056 --a------ C:\WINDOWS\system32\vcccp106.dll
    2006-12-15 19:45 36,864 --a------ C:\WINDOWS\CleanDev.exe
    2006-12-15 19:45 227,200 --a------ C:\WINDOWS\system32\drivers\cccp106.sys
    2006-12-15 19:45 192,512 --a------ C:\WINDOWS\select2.exe
    2006-12-15 19:45 <DIR> d-------- C:\WINDOWS\Options
    2006-12-15 19:45 <DIR> d-------- C:\Program Files\directx
    2006-12-15 19:45 <DIR> d-------- C:\Program Files\Aashima
    2006-12-15 19:39 98,304 --a------ C:\WINDOWS\system32\wmpshell.dll
    2006-12-15 19:39 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
    2006-12-15 19:39 7,680 --a------ C:\WINDOWS\system32\asferror.dll
    2006-12-15 19:39 225,280 --a------ C:\WINDOWS\system32\wmpdxm.dll
    2006-12-15 19:39 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
    2006-12-15 19:39 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
    2006-12-15 19:39 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
    2006-12-15 19:39 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
    2006-12-15 19:39 167,936 --a------ C:\WINDOWS\system32\wmerror.dll
    2006-12-15 19:39 106,496 --a------ C:\WINDOWS\system32\wmpasf.dll
    2006-12-15 19:38 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
    2006-12-15 19:38 22,016 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
    2006-12-15 19:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2006-12-15 19:33 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE
    2006-12-15 19:30 86,016 --a------ C:\WINDOWS\system32\CNMCP61.exe
    2006-12-15 19:30 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
    2006-12-15 19:30 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
    2006-12-15 19:30 <DIR> d--h----- C:\BJPrinter
    2006-12-15 19:29 <DIR> d-------- C:\WINDOWS\StartHtmico
    2006-12-15 19:29 <DIR> d-------- C:\WINDOWS\IP3000
    2006-12-15 19:29 <DIR> d-------- C:\Program Files\Canon
    2006-12-15 19:22 96,320 --a------ C:\WINDOWS\system32\drivers\snapman.sys
    2006-12-15 19:22 30,688 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
    2006-12-15 19:22 249,152 --a------ C:\WINDOWS\system32\drivers\timntr.sys
    2006-12-15 19:22 <DIR> d-------- C:\Program Files\Common Files\Acronis
    2006-12-15 19:15 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2006-12-15 19:15 3,680 -ra------ C:\WINDOWS\system32\drivers\ITEIO.SYS
    2006-12-15 19:15 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
    2006-12-15 19:15 <DIR> d-------- C:\Documents and Settings\Isus\WINDOWS
    2006-12-15 19:08 3,480 --a------ C:\WINDOWS\system32\mbmiodrvr.sys
    2006-12-15 18:57 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\teamspeak2
    2006-12-15 18:55 <DIR> d-------- C:\Program Files\Skype
    2006-12-15 18:55 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Skype
    2006-12-15 18:54 <DIR> d-------- C:\WINDOWS\aod
    2006-12-15 18:54 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\ICQ
    2006-12-15 18:53 <DIR> d--hs---- C:\RECYCLER
    2006-12-15 18:40 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Macromedia
    2006-12-15 18:12 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Thunderbird
    2006-12-15 18:12 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Talkback
    2006-12-15 18:06 <DIR> d-------- C:\Program Files\Common Files\mozilla.org
    2006-12-15 18:06 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Mozilla
    2006-12-15 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
    2006-12-15 15:45 98,304 --a------ C:\WINDOWS\system32\qttask.exe
    2006-12-15 15:44 77,824 --a------ C:\WINDOWS\system32\mplaw7.dll
    2006-12-15 15:44 77,824 --a------ C:\WINDOWS\system32\mplaa6.dll
    2006-12-15 15:44 65,536 --a------ C:\WINDOWS\system32\mplapx.dll
    2006-12-15 15:44 65,536 --a------ C:\WINDOWS\system32\mplam6.dll
    2006-12-15 15:44 19,968 --a------ C:\WINDOWS\system32\cpuinf32.dll
    2006-12-15 15:44 1,650,688 --a------ C:\WINDOWS\system32\mplva6.dll
    2006-12-15 15:44 1,581,056 --a------ C:\WINDOWS\system32\mplvw7.dll
    2006-12-15 15:44 1,552,384 --a------ C:\WINDOWS\system32\mplvm6.dll
    2006-12-15 15:44 1,122,304 --a------ C:\WINDOWS\system32\mplvpx.dll
    2006-12-15 15:44 <DIR> d-------- C:\WINDOWS\system32\QuickTime
    2006-12-15 15:37 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2006-12-15 15:37 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
    2006-12-15 15:36 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2006-12-15 15:36 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2006-12-15 15:36 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2006-12-15 15:36 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2006-12-15 15:36 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2006-12-15 15:36 106,496 --------- C:\WINDOWS\system32\TwnLib20.dll
    2006-12-15 15:36 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2006-12-15 15:36 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2006-12-15 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2006-12-15 15:31 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Roxio
    2006-12-15 15:28 24,576 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
    2006-12-15 15:28 <DIR> d-------- C:\Program Files\Sonic
    2006-12-15 15:28 <DIR> d-------- C:\Program Files\Roxio
    2006-12-15 15:28 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
    2006-12-15 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
    2006-12-15 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
    2006-12-15 15:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Roxio
    2006-12-15 15:26 <DIR> d-------- C:\Program Files\Common Files\Roxio Shared
    2006-12-15 15:09 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
    2006-12-15 11:02 56,576 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-12-15 11:02 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-12-15 11:02 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2006-12-15 11:01 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2006-12-15 11:01 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2006-12-15 11:01 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2006-12-15 11:01 71,168 --a------ C:\WINDOWS\system32\storprop.dll
    2006-12-15 11:01 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
    2006-12-15 11:01 68,928 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
    2006-12-15 11:01 67,072 --a------ C:\WINDOWS\system32\usbui.dll
    2006-12-15 11:01 66,048 --a------ C:\WINDOWS\NOTEPAD.EXE
    2006-12-15 11:01 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-12-15 11:01 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2006-12-15 11:01 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2006-12-15 11:01 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2006-12-15 11:01 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2006-12-15 11:01 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-12-15 11:01 135,552 --a------ C:\WINDOWS\system32\drivers\usbport.sys
    2006-12-15 11:01 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-12-15 11:01 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2006-12-15 11:01 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2006-12-15 11:01 10,496 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-12-15 11:01 <DIR> dr------- C:\Program Files\Common Files\..
    2006-12-15 11:01 <DIR> dr------- C:\Program Files\.
    2006-12-15 11:01 <DIR> dr------- C:\Program Files
    2006-12-15 11:01 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
    2006-12-15 11:01 <DIR> dr------- C:\Documents and Settings\All Users\Documents
    2006-12-15 11:01 <DIR> d-ahs---- C:\Program Files\..
    2006-12-15 11:01 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
    2006-12-15 11:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2006-12-15 11:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot
    2006-12-15 11:01 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
    2006-12-15 11:01 <DIR> d-------- C:\Program Files\Common Files\ODBC
    2006-12-15 11:01 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-12-15 11:01 <DIR> d-------- C:\Program Files\Common Files\.
    2006-12-15 11:01 <DIR> d-------- C:\Program Files\Common Files
    2006-12-15 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
    2006-12-15 11:01 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
    2006-12-15 11:00 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
    2006-12-15 11:00 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
    2006-12-15 11:00 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2006-12-15 11:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
    2006-12-15 11:00 <DIR> d-------- C:\Documents and Settings\All Users\..
    2006-12-15 11:00 <DIR> d-------- C:\Documents and Settings\All Users\.
    2006-12-15 10:57 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2006-12-15 10:57 <DIR> dr--s---- C:\WINDOWS\Fonts
    2006-12-15 10:57 <DIR> dr------- C:\WINDOWS\Web
    2006-12-15 10:57 <DIR> d-ahs---- C:\WINDOWS\system32\drivers\..
    2006-12-15 10:57 <DIR> d-ahs---- C:\WINDOWS\system32\.
    2006-12-15 10:57 <DIR> d-ahs---- C:\WINDOWS\system32
    2006-12-15 10:57 <DIR> d-ahs---- C:\WINDOWS\..
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\WinSxS
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\twain_32
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Temp
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\wins
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\wbem
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\usmt
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\spool
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\ShellExt
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\Setup
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\ras
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\oobe
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\npp
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\mui
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\inetsrv
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\IME
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\icsxml
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\ias
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\export
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers\.
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\drivers
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\dhcp
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\config
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\3076
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\2052
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1054
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1042
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1041
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1037
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1033
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1031
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1028
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\1025
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system32\..
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system\..
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system\.
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\system
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\security
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Resources
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\repair
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\NLDRV
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\mui
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\msapps
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\msagent
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Media
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\java
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\inf
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\ime
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Help
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Driver Cache
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Debug
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Cursors
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Connection Wizard
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\Config
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\AppPatch
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\addins
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS\.
    2006-12-15 10:57 <DIR> d-------- C:\WINDOWS
    2006-12-15 10:36 <DIR> d-------- C:\Program Files\Common Files\Agnitum Shared
    2006-12-15 10:35 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\atitray
    2006-12-15 10:34 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
    2006-12-15 10:34 270,336 --a------ C:\WINDOWS\system32\imon.dll
    2006-12-15 10:31 <DIR> d-------- C:\Program Files\Marvell
    2006-12-15 10:24 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2006-12-15 10:23 <DIR> d-------- C:\ATI
    2006-12-15 10:22 77,440 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-12-15 10:22 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-12-15 10:22 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-12-15 10:22 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-12-15 10:22 5,888 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-12-15 10:22 466,944 --a------ C:\WINDOWS\system32\CapabilityTable.exe
    2006-12-15 10:22 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-12-15 10:22 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-12-15 10:22 142,208 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-12-15 10:22 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2006-12-15 10:22 <DIR> d-------- C:\Program Files\NVIDIA Corporation
    2006-12-15 10:22 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
    2006-12-15 10:21 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-12-15 10:21 176,128 --a------ C:\WINDOWS\system32\nvusmb.exe
    2006-12-15 10:21 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
    2006-12-15 10:21 176,128 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-12-15 10:21 176,128 --a------ C:\WINDOWS\system32\nvuaudio.exe
    2006-12-15 10:21 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-12-15 10:21 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2006-12-15 10:17 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
    2006-12-15 10:17 <DIR> d-------- C:\WINDOWS\RegisteredPackages
    2006-12-15 10:16 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
    2006-12-15 10:16 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
    2006-12-15 10:16 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
    2006-12-15 10:16 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
    2006-12-15 10:16 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
    2006-12-15 10:16 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
    2006-12-15 10:16 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
    2006-12-15 10:16 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
    2006-12-15 10:16 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
    2006-12-15 10:16 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
    2006-12-15 10:16 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
    2006-12-15 10:16 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
    2006-12-15 10:16 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
    2006-12-15 10:16 64,512 --a------ C:\WINDOWS\system32\amstream.dll
    2006-12-15 10:16 62,672 --a------ C:\WINDOWS\system32\dxdllreg.exe
    2006-12-15 10:16 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
    2006-12-15 10:16 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
    2006-12-15 10:16 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
    2006-12-15 10:16 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
    2006-12-15 10:16 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
    2006-12-15 10:16 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
    2006-12-15 10:16 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
    2006-12-15 10:16 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
    2006-12-15 10:16 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
    2006-12-15 10:16 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
    2006-12-15 10:16 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-12-15 10:16 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
    2006-12-15 10:16 381,952 --a------ C:\WINDOWS\system32\dsound.dll
    2006-12-15 10:16 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
    2006-12-15 10:16 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
    2006-12-15 10:16 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
    2006-12-15 10:16 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
    2006-12-15 10:16 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
    2006-12-15 10:16 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
    2006-12-15 10:16 316,928 --a------ C:\WINDOWS\system32\qdv.dll
    2006-12-15 10:16 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
    2006-12-15 10:16 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
    2006-12-15 10:16 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
    2006-12-15 10:16 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
    2006-12-15 10:16 27,136 --a------ C:\WINDOWS\system32\dmband.dll
    2006-12-15 10:16 257,024 --a------ C:\WINDOWS\system32\qcap.dll
    2006-12-15 10:16 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
    2006-12-15 10:16 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
    2006-12-15 10:16 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
    2006-12-15 10:16 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
    2006-12-15 10:16 181,248 --a------ C:\WINDOWS\system32\dmime.dll
    2006-12-15 10:16 18,944 --a------ C:\WINDOWS\system32\encapi.dll
    2006-12-15 10:16 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
    2006-12-15 10:16 18,432 --a------ C:\WINDOWS\system32\dswave.dll
    2006-12-15 10:16 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
    2006-12-15 10:16 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
    2006-12-15 10:16 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
    2006-12-15 10:16 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
    2006-12-15 10:16 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
    2006-12-15 10:16 132,608 --a------ C:\WINDOWS\system32\devenum.dll
    2006-12-15 10:16 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
    2006-12-15 10:16 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
    2006-12-15 10:16 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
    2006-12-15 10:16 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
    2006-12-15 10:16 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
    2006-12-15 10:16 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
    2006-12-15 10:16 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
    2006-12-15 10:16 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
    2006-12-15 10:16 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
    2006-12-15 10:16 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
    2006-12-15 10:16 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
    2006-12-15 10:16 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
    2006-12-15 10:16 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
    2006-12-15 10:16 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
    2006-12-15 10:16 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
    2006-12-15 10:16 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
    2006-12-15 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Martau
    2006-12-15 10:08 <DIR> dr-h----- C:\Documents and Settings\Isus\SendTo
    2006-12-15 10:08 <DIR> dr-h----- C:\Documents and Settings\Isus\Recent
    2006-12-15 10:08 <DIR> dr-h----- C:\Documents and Settings\Isus\Application Data\.
    2006-12-15 10:08 <DIR> dr-h----- C:\Documents and Settings\Isus\Application Data
    2006-12-15 10:08 <DIR> dr------- C:\Documents and Settings\Isus\Start Menu
    2006-12-15 10:08 <DIR> dr------- C:\Documents and Settings\Isus\Favorites
    2006-12-15 10:08 <DIR> d--hs---- C:\WINDOWS\Installer
    2006-12-15 10:08 <DIR> d--h----- C:\Program Files\Uninstall Information
    2006-12-15 10:08 <DIR> d--h----- C:\Documents and Settings\Isus\Templates
    2006-12-15 10:08 <DIR> d--h----- C:\Documents and Settings\Isus\PrintHood
    2006-12-15 10:08 <DIR> d--h----- C:\Documents and Settings\Isus\NetHood
    2006-12-15 10:08 <DIR> d--h----- C:\Documents and Settings\Isus\Local Settings
    2006-12-15 10:08 <DIR> d---s---- C:\Documents and Settings\Isus\Cookies
    2006-12-15 10:08 <DIR> d---s---- C:\Documents and Settings\Isus\Application Data\Microsoft
    2006-12-15 10:08 <DIR> d-------- C:\Documents and Settings\Isus\My Documents
    2006-12-15 10:08 <DIR> d-------- C:\Documents and Settings\Isus\Desktop
    2006-12-15 10:08 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\Identities
    2006-12-15 10:08 <DIR> d-------- C:\Documents and Settings\Isus\Application Data\..
    2006-12-15 10:08 <DIR> d-------- C:\Documents and Settings\Isus\..
    2006-12-15 10:08 <DIR> d-------- C:\Documents and Settings\Isus\.
    2006-12-15 10:07 <DIR> d--hs---- C:\System Volume Information
    2006-12-15 10:07 <DIR> d-------- C:\WINDOWS\Prefetch
    2006-12-15 10:05 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-12-15 10:05 0 -rahs---- C:\MSDOS.SYS
    2006-12-15 10:05 0 -rahs---- C:\IO.SYS
    2006-12-15 10:05 0 --a------ C:\CONFIG.SYS
    2006-12-15 10:05 0 --a------ C:\AUTOEXEC.BAT
    2006-12-15 10:05 <DIR> d-------- C:\WINDOWS\system32\xircom
    2006-12-15 10:05 <DIR> d-------- C:\Program Files\xerox
    2006-12-15 10:05 <DIR> d-------- C:\Program Files\microsoft frontpage
    2006-12-15 10:04 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-12-15 10:04 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-12-15 10:04 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-12-15 10:04 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-12-15 10:04 11,264 --a------ C:\WINDOWS\system32\atrace.dll
    2006-12-15 10:04 <DIR> dr------- C:\WINDOWS\Offline Web Pages
    2006-12-15 10:04 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
    2006-12-15 10:04 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
    2006-12-15 10:04 <DIR> d-------- C:\WINDOWS\system32\DirectX
    2006-12-15 10:04 <DIR> d-------- C:\Program Files\Online Services
    2006-12-15 10:03 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-12-15 10:03 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-12-15 10:03 77,824 --a------ C:\WINDOWS\system32\isign32.dll
    2006-12-15 10:03 73,728 --a------ C:\WINDOWS\system32\ils.dll
    2006-12-15 10:03 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-12-15 10:03 69,248 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-12-15 10:03 65,536 --a------ C:\WINDOWS\system32\msconf.dll
    2006-12-15 10:03 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-12-15 10:03 63,488 --a------ C:\WINDOWS\system32\srclient.dll
    2006-12-15 10:03 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-12-15 10:03 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-12-15 10:03 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-12-15 10:03 47,616 --a------ C:\WINDOWS\system32\inetres.dll
    2006-12-15 10:03 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-12-15 10:03 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-12-15 10:03 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-12-15 10:03 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-12-15 10:03 250,368 --a------ C:\WINDOWS\system32\mstask.dll
    2006-12-15 10:03 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-12-15 10:03 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-12-15 10:03 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-12-15 10:03 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-12-15 10:03 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-12-15 10:03 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-12-15 10:03 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-12-15 10:03 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-12-15 10:03 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-12-15 10:03 <DIR> d--h----- C:\Program Files\WindowsUpdate
    2006-12-15 10:03 <DIR> d---s---- C:\WINDOWS\Tasks
    2006-12-15 10:03 <DIR> d-------- C:\WINDOWS\system32\Restore
    2006-12-15 10:03 <DIR> d-------- C:\WINDOWS\system32\Macromed
    2006-12-15 10:03 <DIR> d-------- C:\WINDOWS\srchasst
    2006-12-15 10:03 <DIR> d-------- C:\WINDOWS\Registration
    2006-12-15 10:03 <DIR> d-------- C:\WINDOWS\PCHealth
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Windows Media Player
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Outlook Express
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\NetMeeting
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\MSN Gaming Zone
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Movie Maker
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Internet Explorer
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\ComPlus Applications
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Common Files\System
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Common Files\Services
    2006-12-15 10:03 <DIR> d-------- C:\Program Files\Common Files\MSSoap
    2006-12-15 10:02 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-12-15 10:02 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-12-15 10:02 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-12-15 10:02 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-12-15 10:02 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-12-15 10:02 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-12-15 10:02 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-12-15 10:02 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-12-15 10:02 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-12-15 10:02 80,384 --a------ C:\WINDOWS\system32\charmap.exe
    2006-12-15 10:02 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-12-15 10:02 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-12-15 10:02 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
     
    Bajo,
    #3
  5. 2006/12/21
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    Part 2.

    2006-12-15 10:02 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-12-15 10:02 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-12-15 10:02 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-12-15 10:02 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-12-15 10:02 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-12-15 10:02 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-12-15 10:02 56,832 --a------ C:\WINDOWS\system32\colbact.dll
    2006-12-15 10:02 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-12-15 10:02 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-12-15 10:02 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-12-15 10:02 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-12-15 10:02 534,016 --a------ C:\WINDOWS\system32\spider.exe
    2006-12-15 10:02 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-12-15 10:02 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-12-15 10:02 495,616 --a------ C:\WINDOWS\system32\comuid.dll
    2006-12-15 10:02 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-12-15 10:02 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
    2006-12-15 10:02 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-12-15 10:02 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-12-15 10:02 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-12-15 10:02 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-12-15 10:02 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-12-15 10:02 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-12-15 10:02 38,024 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-12-15 10:02 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-12-15 10:02 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-12-15 10:02 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-12-15 10:02 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-12-15 10:02 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-12-15 10:02 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-12-15 10:02 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-12-15 10:02 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-12-15 10:02 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-12-15 10:02 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-12-15 10:02 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-12-15 10:02 20,992 --a------ C:\WINDOWS\system32\msg.exe
    2006-12-15 10:02 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-12-15 10:02 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-12-15 10:02 189,440 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-12-15 10:02 182,400 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
     
    Bajo,
    #4
  6. 2006/12/21
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    Part 3.

    2006-12-15 10:02 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-12-15 10:02 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-12-15 10:02 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-12-15 10:02 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-12-15 10:02 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-12-15 10:02 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-12-15 10:02 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-12-15 10:02 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-12-15 10:02 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-12-15 10:02 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-12-15 10:02 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-12-15 10:02 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-12-15 10:02 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-12-15 10:02 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-12-15 10:02 14,848 --a------ C:\WINDOWS\system32\tscon.exe
    2006-12-15 10:02 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-12-15 10:02 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-12-15 10:02 139,776 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-12-15 10:02 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-12-15 10:02 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-12-15 10:02 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-12-15 10:02 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-12-15 10:02 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-12-15 10:02 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-12-15 10:02 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-12-15 10:02 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-12-15 10:02 115,976 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-12-15 10:02 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-12-15 10:02 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-12-15 10:02 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-12-15 10:02 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
    2006-12-15 10:02 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-12-15 10:02 <DIR> d-------- C:\WINDOWS\system32\MsDtc
    2006-12-15 10:02 <DIR> d-------- C:\WINDOWS\system32\Com
    2006-12-15 10:02 <DIR> d-------- C:\Program Files\Windows NT
    2006-12-08 13:50 217,088 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2006-12-08 13:47 1,159,168 --a------ C:\WINDOWS\system32\xvidcore.dll
    2006-11-22 04:25 261,120 --a------ C:\WINDOWS\system32\ati2dvag.dll
    2006-11-22 04:25 2,829,824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
    2006-11-22 04:20 118,784 --a------ C:\WINDOWS\system32\atipdlxx.dll
    2006-11-22 04:20 106,496 --a------ C:\WINDOWS\system32\Oemdspif.dll
    2006-11-22 04:19 90,112 --a------ C:\WINDOWS\system32\ati2evxx.dll
    2006-11-22 04:19 42,496 --a------ C:\WINDOWS\system32\ati2edxx.dll
    2006-11-22 04:19 26,112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
    2006-11-22 04:18 430,080 --a------ C:\WINDOWS\system32\ati2evxx.exe
    2006-11-22 04:17 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
    2006-11-22 04:12 2,526,688 --a------ C:\WINDOWS\system32\ati3duag.dll
    2006-11-22 04:11 5,279,744 --a------ C:\WINDOWS\system32\atioglxx.dll
    2006-11-22 04:08 1,090,016 --a------ C:\WINDOWS\system32\ativvaxx.dll
    2006-11-22 03:57 217,088 --a------ C:\WINDOWS\system32\atikvmag.dll
    2006-11-22 03:56 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll
    2006-11-22 03:55 49,152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
    2006-11-22 03:51 294,912 --a------ C:\WINDOWS\system32\ati2cqag.dll
    2006-11-22 03:50 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll
    2006-11-22 03:49 307,200 --a------ C:\WINDOWS\system32\atiiiexx.dll
    2006-11-22 03:21 303,104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
     
    Bajo,
    #5
  7. 2006/12/21
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    Part 4.

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE "= "C:\\WINDOWS\\System32\\ctfmon.exe "
    "AtiTrayTools "= "\ "D:\\ATI Tray Tools\\atitray.exe\" "
    "Mozilla Quick Launch "= "\ "D:\\Mozilla\\Mozilla.exe\" -turbo "
    "Norton SystemWorks "= "\ "D:\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NVMixerTray "= "\ "C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\" "
    "nod32kui "= "\ "D:\\Eset\\nod32kui.exe\" /WAITSERVICE "
    "Outpost Firewall "= "D:\\Outpost Firewall\\outpost.exe /waitservice "
    "OutpostFeedBack "= "D:\\Outpost Firewall\\feedback.exe /dump:eek:s_startup "
    @=" "
    "RoxWatchTray "= "\ "C:\\Program Files\\Common Files\\Roxio Shared\\SharedCOM8\\RoxWatchTray.exe\" "
    "SmartGuardian "= "D:\\Smart Guardian\\ITESmart.exe "
    "TrueImageMonitor.exe "= "D:\\Acronis\\TrueImageMonitor.exe "
    "Acronis Scheduler2 Service "= "\ "C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\" "
    "Easy-PrintToolBox "= "C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon "
    "MBM 5 "= "\ "D:\\Motherboard Monitor 5\\MBM5.EXE\" "
    "SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
    "TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
    "ccApp "= "\ "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\" "
    "QuickTime Task "= "\ "C:\\WINDOWS\\system32\\qttask.exe\" -atboottime "

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "
    "Flags "=dword:00000002
    "Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState "=hex:04,00,00,40
    "OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo "=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "nlsf "=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
    53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
    65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
    79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
    "tscuninstall "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE "= "C:\\WINDOWS\\System32\\CTFMON.EXE "

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
    "nlsf "=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
    53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
    65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
    79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
    "tscuninstall "=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "NoInternetIcon "=dword:00000001
     
    Bajo,
    #6
  8. 2006/12/21
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    Part 5.

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=hex:b5,00,00,00
    "ForceClassicControlPanel "=dword:00000001
    "NoCDBurning "=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "NoInternetIcon "=dword:00000001

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091
    "NoInternetIcon "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
    "CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
    "WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
    "SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "D:\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item "= "Adobe Reader Speed Launch "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    "path "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk "
    "backup "= "C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup "
    "location "= "Common Startup "
    "command "= "D:\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start "
    "item "= "Logitech Desktop Messenger "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Isus^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
    "path "= "C:\\Documents and Settings\\Isus\\Start Menu\\Programs\\Startup\\OpenOffice.org 2.0.lnk "
    "backup "= "C:\\WINDOWS\\pss\\OpenOffice.org 2.0.lnkStartup "
    "location "= "Startup "
    "command "= "C:\\PROGRA~1\\OPENOF~1.0\\program\\QUICKS~1.EXE "
    "item "= "OpenOffice.org 2.0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "BackWeb-8876480 "
    "hkey "= "HKCU "
    "command "= "D:\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "ICQNet "
    "hkey "= "HKLM "
    "command "= "D:\\ICQ\\ICQNet.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "PDVDServ "
    "hkey "= "HKLM "
    "command "= "D:\\PowerDVD\\PDVDServ.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "DrgToDsc "
    "hkey "= "HKLM "
    "command "= "\ "D:\\Easy Media Creator 8\\Drag to Disc\\DrgToDsc.exe\" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "winampa "
    "hkey "= "HKLM "
    "command "= "D:\\Winamp\\winampa.exe "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
    C:\WINDOWS\tasks\Symantec Drmc.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 06-12-21 9:40:48.46
    C:\ComboFix.txt ... 06-12-21 09:40
    C:\ComboFix2.txt ... 06-12-21 02:05


    just in case I left something out here's the link to the logfile-->http://www.sendspace.com/file/3h85q5
     
    Bajo,
    #7
  9. 2006/12/21
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, after many Google searches, I have not found anything of a suspicious nature on your machine.


    Have you done a search for that file since you fixed it with HJT? If not please so and then delete it.

    Does Agnitum tell you what is trying to access the Net? Usually you get alerts that an unknown, or previously unknown file is requesting access.


    Let me know.
     
    TeMerc,
    #8
  10. 2006/12/21
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    I'm doing a search right now. To your question, no agnitum doesn't tell me what is starting the dial up connection, that's the whole problem 'cause I can't pinpoint which application is responsible for that, I noticed that the dial up connection gets started after agnitum loads, which is at the very end of the stratup procedure.

    edit: done a serach and there is no trace of any mysvcc. As far I remeber it was in the system32 folder of windows.
     
    Last edited: 2006/12/21
    Bajo,
    #9
  11. 2006/12/21
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    OK,lets try this.

    Download and install Port Explorer from here.

    When the system starts up, it will log each and every single outbound application and tell you what file it is, and where it is trying to get to, IP wise.

    See if that gives you an idea of what it is. If you're unsure of a process, just Google it to see if it is legit.

    Let me know the process and IP info too. This could give us a good indication if the attempt to connect is malicious or not.
     
    TeMerc,
    #10
  12. 2006/12/23
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    it seems that it's agnitum's feedback. I killed it now as a startup process. We'll see if that was the problem, if not, well, than it's back to the drawing board.
     
    Bajo,
    #11
  13. 2006/12/23
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, we'll keep the thread open for ya just in case.
     
    TeMerc,
    #12
  14. 2006/12/24
    Bajo

    Bajo Inactive Thread Starter

    Joined:
    2006/12/20
    Messages:
    9
    Likes Received:
    0
    Solved! it was agnitum's feedback service. THNX for the help. If i'm concerned you may lock the thread.
    If I get any new problem that I can't solve I'll strat a new one.
     
    Bajo,
    #13
  15. 2006/12/24
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Glad to hear.

    Due to resolution this topic is closed.

    If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.
     
    TeMerc,
    #14
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...