Technology Forum

Tech Ace · #1 06-07-2008, 04:43 PM

Everytime windows starts I get an error saying bbcgkums.dll is missing, but I searched for that on Google and it didn't find anything about it. I keep getting buffer overrun error and explorer has to restart, and I get random poopups all the time. I had vundo but I think I got rid of it now. I'm using McAfee total protection, AdAware and spybot S&D but everything just keeps coming back. Something is stopping me turning windows updates on too, and Google search isn't working properly. I followed the 5 steps and here are the logs: ;************************************************* ************************************************** ************************************************** ****************************** ANALYSIS: 2008-06-07 16:47:44 PROTECTIONS: 1 MALWARE: 21 SUSPECTS: 3 ;************************************************* ************************************************** ************************************************** ****************************** PROTECTIONS Description Version Active Updated ;================================================= ================================================== ================================================== ============================== McAfee VirusScan Yes Yes ;================================================= ================================================== ================================================== ============================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;================================================= ================================================== ================================================== ============================== 00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@trafficmp[2].txt 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.atdmt.com/] 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.tribalfusion.com/] 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[2].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@mediaplex[1].txt 00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@linksynergy[2].txt 00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@anm.co[1].txt 00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@clickbank[1].txt 00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@xiti[1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[ad.yieldmanager.com/] 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[ad.yieldmanager.com/] 00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@serving-sys[2].txt 00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@bs.serving-sys[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@adtech[1].txt 00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.adtech.de/] 00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@media.adrevolver[3].txt 00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@statse.webtrendslive[2].txt 00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@overture[1].txt 00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@questionmarket[2].txt 00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@zedo[1].txt 00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@adrevolver[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Cookies\dave@adultfriendfinder[1].txt 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.adultfriendfinder.com/] 00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\g17awzku.default\coo kies.txt[.adultfriendfinder.com/] 03042157 Spyware/Virtumonde spyware No 1 Yes No C:\WINDOWS\system32\uwmteooa.dll ;================================================= ================================================== ================================================== ============================== SUSPECTS Sent Location < ;================================================= ================================================== ================================================== ============================== No C:\WINDOWS\SYSTEM32\QPNRLBLA.DLL < No C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\COKAIJBG\default_nt[1].htm No C:\Documents and Settings\Dave\Local Settings\Temporary Internet Files\Content.IE5\COKAIJBG\menu_bg[1].png ;================================================= ================================================== ================================================== ============================== VULNERABILITIES Id Severity Description < ;================================================= ================================================== ================================================== ============================== ;================================================= ================================================== ================================================== ============================== Deckard's System Scanner v20071014.68 Run by Dave on 2008-06-07 17:23:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 21: 2008-06-07 16:23:08 UTC - RP21 - Deckard's System Scanner Restore Point 20: 2008-06-07 08:03:45 UTC - RP20 - Removed Prevx 2.0 Agent 19: 2008-06-07 07:53:57 UTC - RP19 - Installed Prevx 2.0 Agent 18: 2008-06-06 12:56:15 UTC - RP18 - System Checkpoint 17: 2008-06-05 08:58:30 UTC - RP17 - Configured NtlxPlayer -- First Restore Point -- 1: 2008-06-05 06:19:56 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Dave.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:25:05, on 07/06/2008 Platform: windows xp SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\LClock\LClock.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Styler\Styler.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Dave\Desktop\progs\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Dave.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {152723CE-5431-4D14-8BDC-A48466BBDA6C} - (no file) O2 - BHO: (no name) - {2D182C37-A8C8-4488-BA45-F009D3AB5EE6} - (no file) O2 - BHO: (no name) - {343E356E-E529-4C30-87B9-C037DF0C82E3} - C:\WINDOWS\system32\tuvUKAsR.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {727F7DFD-3E76-4A4D-A3FA-3DA255337EAC} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {93B92E4A-0DC6-49A8-8E06-E13D5570FD22} - (no file) O2 - BHO: (no name) - {BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257} - C:\WINDOWS\system32\khfGxXrO.dll O2 - BHO: (no name) - {EAA158F9-918D-4396-AA32-7B9DC3A6765A} - C:\WINDOWS\system32\yayAQhEX.dll (file missing) O2 - BHO: (no name) - {ECD8916E-6760-47CB-BEF4-28C9A2CF8D4E} - C:\WINDOWS\system32\hgGXPfef.dll (file missing) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [18622588] rundll32.exe "C:\WINDOWS\system32\bbcgkums.dll",b O4 - HKLM\..\Run: [BM1b511614] Rundll32.exe "C:\WINDOWS\system32\qpnrlbla.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Styler.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab O20 - Winlogon Notify: khfGxXrO - C:\WINDOWS\SYSTEM32\khfGxXrO.dll O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe -- End of file - 7729 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R2 TVersityMediaServer - "c:\program files\tversity\media server\mediaserver.exe" -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Multimedia Controller Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_67000070&REV_D1\4&35F AE160&0&00F0 Manufacturer: Name: Multimedia Controller PNP Device ID: PCI\VEN_1131&DEV_7133&SUBSYS_67000070&REV_D1\4&35F AE160&0&00F0 Service: Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: PCI Simple Communications Controller Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&35F AE160&0&08F0 Manufacturer: Name: PCI Simple Communications Controller PNP Device ID: PCI\VEN_14F1&DEV_2F40&SUBSYS_200014F1&REV_00\4&35F AE160&0&08F0 Service: -- Scheduled Tasks ------------------------------------------------------------- 2008-06-04 23:20:25 338 --a------ C:\WINDOWS\Tasks\McDefragTask.job 2008-06-04 23:20:24 330 --a------ C:\WINDOWS\Tasks\McQcTask.job -- Files created between 2008-05-07 and 2008-06-07 ----------------------------- 2008-06-07 17:24:09 0 d-------- C:\Program Files\Trend Micro 2008-06-07 16:40:30 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-06-07 16:40:25 0 d-------- C:\Program Files\SpywareBlaster 2008-06-07 16:01:51 108544 --a------ C:\WINDOWS\system32\qktgmgec.dll 2008-06-07 16:01:50 92160 --a------ C:\WINDOWS\system32\kycuhupu.dll 2008-06-07 15:56:50 101376 --a------ C:\WINDOWS\system32\cnrvjrnt.dll 2008-06-07 11:45:21 0 d-------- C:\Program Files\Panda Security 2008-06-07 06:56:27 0 dr-h----- C:\Documents and Settings\Dave\Recent 2008-06-06 13:15:10 134656 --a------ C:\WINDOWS\system32\uuvrnasa.dll 2008-06-06 13:12:11 117248 --a------ C:\WINDOWS\system32\esutrgri.dll 2008-06-06 13:10:09 125440 --a------ C:\WINDOWS\system32\qpnrlbla.dll 2008-06-06 13:09:10 507171 --ahs---- C:\WINDOWS\system32\RsAKUvut.ini2 2008-06-06 13:09:07 372736 --a------ C:\WINDOWS\system32\tuvUKAsR.dll 2008-06-06 13:02:19 0 d-------- C:\Program Files\AC3Filter 2008-06-06 12:58:21 0 d-------- C:\Program Files\Haali 2008-06-06 12:58:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2008-06-06 12:56:19 0 d-------- C:\Program Files\TVersity 2008-06-06 11:47:33 0 d-------- C:\VundoFix Backups 2008-06-06 08:16:07 133120 --a------ C:\WINDOWS\system32\pfxbbhiu.dll 2008-06-06 08:07:56 126976 --a------ C:\WINDOWS\system32\jnnvlmap.dll 2008-06-06 08:07:07 508405 --ahs---- C:\WINDOWS\system32\fefPXGgh.ini2 2008-06-05 21:30:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-06-05 21:26:20 0 d-------- C:\Documents and Settings\Dave\Application Data\Lavasoft 2008-06-05 21:25:55 0 d-------- C:\Program Files\Lavasoft 2008-06-05 21:10:53 133120 --a------ C:\WINDOWS\system32\rsnaifro.dll 2008-06-05 21:06:52 126976 --a------ C:\WINDOWS\system32\vpgsnrif.dll 2008-06-05 12:31:33 0 d-------- C:\WINDOWS\Sun 2008-06-05 12:24:42 1160 --a------ C:\WINDOWS\mozver.dat 2008-06-05 12:23:34 0 d-------- C:\Documents and Settings\Dave\Application Data\Talkback 2008-06-05 12:23:24 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-05 12:23:15 0 d-------- C:\Documents and Settings\Dave\Application Data\Mozilla 2008-06-05 09:38:53 1097728 --a------ C:\WINDOWS\system32\stlang.dll 2008-06-05 09:38:45 0 d-------- C:\Program Files\SigmaTel 2008-06-05 09:30:05 53248 --a------ C:\WINDOWS\system32\CSVer.dll 2008-06-05 09:30:05 0 d-------- C:\Program Files\Intel 2008-06-05 09:28:46 0 d-------- C:\Intel 2008-06-05 08:39:51 164352 --a------ C:\WINDOWS\system32\unrar.dll 2008-06-05 08:39:49 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2008-06-05 08:39:47 0 d-------- C:\Program Files\K-Lite Codec Pack 2008-06-05 08:27:41 0 d-------- C:\Program Files\Microsoft Works 2008-06-05 08:26:57 0 d-------- C:\Program Files\Microsoft.NET 2008-06-05 08:25:23 0 d-------- C:\WINDOWS\SHELLNEW 2008-06-05 08:24:24 0 dr-h----- C:\MSOCache 2008-06-05 07:55:55 0 d-------- C:\CONFIG 2008-06-05 07:20:32 116736 --a------ C:\WINDOWS\system32\uwmteooa.dll 2008-06-05 07:19:46 507267 --ahs---- C:\WINDOWS\system32\XEhQAyay.ini2 2008-06-05 07:18:00 59392 --a------ C:\WINDOWS\system32\awtuvVOF.dll 2008-06-05 07:14:58 59392 --a------ C:\WINDOWS\system32\yayaWMeB.dll 2008-06-05 07:14:39 59392 --a------ C:\WINDOWS\system32\khfGxXrO.dll 2008-06-05 07:09:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2008-06-05 07:09:09 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-05 06:51:42 905290 -ra------ C:\WINDOWS\system32\libmmd.dll 2008-06-05 06:51:42 0 d-------- C:\Program Files\Sensormatic 2008-06-05 06:51:41 294912 --a------ C:\WINDOWS\system32\Util.dll 2008-06-05 06:51:41 49664 --a------ C:\WINDOWS\system32\ToolUtil.dll 2008-06-05 06:51:41 21504 --a------ C:\WINDOWS\system32\ResUtilityPOR.DLL 2008-06-05 06:51:41 22016 --a------ C:\WINDOWS\system32\ResUtilityHUN.DLL 2008-06-05 06:51:41 22016 --a------ C:\WINDOWS\system32\ResUtilityFRA.DLL 2008-06-05 06:51:41 21504 --a------ C:\WINDOWS\system32\ResUtilityESP.DLL 2008-06-05 06:51:41 22016 --a------ C:\WINDOWS\system32\ResUtilityDEU.DLL 2008-06-05 06:51:41 21504 --a------ C:\WINDOWS\system32\ResUtilityCHI.DLL 2008-06-05 06:51:41 139264 --a------ C:\WINDOWS\system32\NtlxLogger.dll 2008-06-05 06:51:41 11264 --a------ C:\WINDOWS\system32\AudioLib.dll 2008-06-05 06:51:40 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-06-05 00:12:39 0 d-------- C:\Documents and Settings\Dave\Application Data\Nero 2008-06-05 00:10:59 0 d-------- C:\Program Files\Nero 2008-06-05 00:10:59 0 d-------- C:\Program Files\Common Files\Nero 2008-06-05 00:10:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-06-04 23:49:39 0 d-------- C:\WINDOWS\system32\PreInstall 2008-06-04 23:49:37 0 d--h----- C:\WINDOWS\$hf_mig$ 2008-06-04 23:44:57 0 d-------- C:\Documents and Settings\Dave\Application Data\vlc 2008-06-04 23:40:02 0 d-------- C:\WINDOWS\system32\SoftwareDistribution 2008-06-04 23:21:21 143360 --a------ C:\WINDOWS\system32\dunzip32.dll 2008-06-04 23:20:19 0 d-------- C:\Program Files\McAfee.com 2008-06-04 23:20:17 0 d-------- C:\Program Files\Common Files\McAfee 2008-06-04 23:20:16 0 d-------- C:\Program Files\McAfee 2008-06-04 23:14:43 0 d-------- C:\Program Files\VideoLAN 2008-06-04 23:13:49 0 d-------- C:\Documents and Settings\Dave\Application Data\Macromedia 2008-06-04 23:13:49 0 d-------- C:\Documents and Settings\Dave\Application Data\Adobe 2008-06-04 23:10:40 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-04 22:51:59 0 d--hs---- C:\WINDOWS\Installer 2008-06-04 22:51:58 0 d-------- C:\Program Files\Common Files\ODBC 2008-06-04 22:51:56 0 dr------- C:\Program Files 2008-06-04 22:51:56 0 d-------- C:\Program Files\Common Files 2008-06-04 22:51:56 0 d-------- C:\Program Files\Common Files\SpeechEngines 2008-06-04 22:51:32 0 d--h----- C:\Documents and Settings\Default User\Templates 2008-06-04 22:51:32 0 dr------- C:\Documents and Settings\Default User\Start Menu 2008-06-04 22:51:32 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2008-06-04 22:51:32 0 d--h----- C:\Documents and Settings\Default User\Recent 2008-06-04 22:51:32 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2008-06-04 22:51:32 0 d--h----- C:\Documents and Settings\Default User\NetHood 2008-06-04 22:51:32 0 d-------- C:\Documents and Settings\Default User\My Documents 2008-06-04 22:51:32 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2008-06-04 22:51:32 0 d-------- C:\Documents and Settings\Default User\Favorites 2008-06-04 22:51:32 0 d-------- C:\Documents and Settings\Default User\Desktop 2008-06-04 22:51:32 0 d--hs---- C:\Documents and Settings\Default User\Cookies 2008-06-04 22:51:32 0 d--h----- C:\Documents and Settings\All Users\Templates 2008-06-04 22:51:32 0 dr------- C:\Documents and Settings\All Users\Start Menu 2008-06-04 22:51:32 0 d-------- C:\Documents and Settings\All Users\Favorites 2008-06-04 22:51:32 0 dr------- C:\Documents and Settings\All Users\Documents 2008-06-04 22:51:32 0 d-------- C:\Documents and Settings\All Users\Desktop 2008-06-04 22:51:22 0 d-------- C:\WINDOWS\system32\CatRoot2 2008-06-04 22:51:22 0 d-------- C:\WINDOWS\system32\CatRoot 2008-06-04 22:51:17 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2008-06-04 22:51:17 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2008-06-04 22:51:17 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2008-06-04 22:51:17 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-06-04 22:49:31 0 d--hs---- C:\System Volume Information 2008-06-04 22:49:31 0 d-------- C:\Documents and Settings 2008-06-04 22:48:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-06-04 22:46:07 0 d-------- C:\WINDOWS 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\WinSxS 2008-06-04 22:46:07 0 dr------- C:\WINDOWS\Web 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\twain_32 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\wins 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\wbem 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\usmt 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\spool 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\ShellExt 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\Setup 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\scripting 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\ras 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\oobe 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\npp 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\mui 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\inetsrv 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\IME 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\icsxml 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\ias 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\export 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\en 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\drivers 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\drivers\etc 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\drivers\disdn 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\dhcp 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\config 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\3com_dmi 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\3076 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\2052 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1054 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1042 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1041 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1037 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1033 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1031 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1028 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system32\1025 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\system 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\security 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Resources 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\repair 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Provisioning 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\PeerNet 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\pchealth 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Network Diagnostic 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\mui 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\msapps 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\msagent 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Media 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\L2Schemas 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\java 2008-06-04 22:46:07 0 d--h----- C:\WINDOWS\inf 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\ime 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Help 2008-06-04 22:46:07 0 dr--s---- C:\WINDOWS\Fonts 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\ehome 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Driver Cache 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Debug 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Cursors 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Connection Wizard 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\Config 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\AppPatch 2008-06-04 22:46:07 0 d-------- C:\WINDOWS\addins 2008-06-04 22:45:50 0 d-------- C:\Program Files\DAEMON Tools Lite 2008-06-04 22:42:23 0 d-------- C:\Program Files\uTorrent 2008-06-04 22:42:18 0 d-------- C:\Documents and Settings\Dave\Application Data\uTorrent 2008-06-04 22:41:51 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-06-04 22:41:50 0 d-------- C:\Documents and Settings\Dave\Application Data\DAEMON Tools 2008-06-04 22:36:05 0 d-------- C:\WINDOWS\system32\appmgmt 2008-06-04 22:35:15 0 d-------- C:\cabs 2008-06-04 22:35:09 0 d-------- C:\WINDOWS\nvidia icons 2008-06-04 22:35:02 0 d-------- C:\WINDOWS\nview 2008-06-04 22:34:47 0 d-------- C:\Program Files\Common Files\InstallShield 2008-06-04 22:34:41 0 d-------- C:\NVIDIA 2008-06-04 22:31:24 0 d-------- C:\Documents and Settings\Dave\Application Data\Styler 2008-06-04 22:31:13 0 d-------- C:\Documents and Settings\Dave\Application Data\Identities 2008-06-04 22:30:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2008-06-04 22:30:41 0 d--h----- C:\Documents and Settings\Dave\Templates 2008-06-04 22:30:41 0 dr------- C:\Documents and Settings\Dave\Start Menu 2008-06-04 22:30:41 0 dr-h----- C:\Documents and Settings\Dave\SendTo 2008-06-04 22:30:41 0 d--h----- C:\Documents and Settings\Dave\PrintHood 2008-06-04 22:30:41 8126464 --ah----- C:\Documents and Settings\Dave\NTUSER.DAT 2008-06-04 22:30:41 0 d--h----- C:\Documents and Settings\Dave\NetHood 2008-06-04 22:30:41 0 dr------- C:\Documents and Settings\Dave\My Documents 2008-06-04 22:30:41 0 d--h----- C:\Documents and Settings\Dave\Local Settings 2008-06-04 22:30:41 0 dr------- C:\Documents and Settings\Dave\Favorites 2008-06-04 22:30:41 0 d-------- C:\Documents and Settings\Dave\Desktop 2008-06-04 22:30:41 0 d--hs---- C:\Documents and Settings\Dave\Cookies 2008-06-04 22:30:41 0 dr-h----- C:\Documents and Settings\Dave\Application Data 2008-06-04 22:30:41 0 d-------- C:\Documents and Settings\Dave\Application Data\WinRAR 2008-06-04 22:30:41 0 d-------- C:\Documents and Settings\Dave\Application Data\Sun 2008-06-04 22:30:41 0 d-------- C:\Documents and Settings\Dave\7zS2060.tmp 2008-06-04 22:30:41 0 d-------- C:\Documents and Settings\Dave\_ir_sf7_temp_0 2008-06-04 22:29:12 0 d-------- C:\WINDOWS\SoftwareDistribution 2008-06-04 22:29:00 0 d---s---- C:\WINDOWS\system32\Microsoft 2008-06-04 22:29:00 0 d-------- C:\WINDOWS\Prefetch 2008-06-04 22:16:26 786432 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT 2008-06-04 22:16:26 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2008-06-04 22:16:26 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies 2008-06-04 22:16:26 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2008-06-04 22:16:26 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2008-06-04 22:14:30 520192 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT 2008-06-04 22:14:12 0 d-------- C:\Program Files\Windows Media Connect 2 2008-06-04 22:13:29 0 d-------- C:\WINDOWS\system32\LogFiles 2008-06-04 22:13:29 0 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-06-04 22:13:01 0 d-------- C:\Program Files\Alky for Applications 2008-06-04 22:12:56 18590 --a------ C:\WINDOWS\sKzVistaUltimateSound(Loud).reg 2008-06-04 22:12:54 0 d-------- C:\WINDOWS\Resource Hacker 3.4.0 2008-06-04 22:12:54 0 d-------- C:\Program Files\Resource Hacker 3.4.0 2008-06-04 22:12:54 0 d-------- C:\Program Files\Kristanix 2008-06-04 22:12:54 0 d-------- C:\Documents and Settings\Default User\7zS2060.tmp 2008-06-04 22:12:54 0 d-------- C:\Documents and Settings\Default User\_ir_sf7_temp_0 2008-06-04 22:12:48 0 d-------- C:\Program Files\Stardock 2008-06-04 22:12:48 0 d-------- C:\Program Files\Common Files\Stardock 2008-06-04 22:12:24 0 d-------- C:\Program Files\Java 2008-06-04 22:12:23 0 d-------- C:\Program Files\Common Files\Java 2008-06-04 22:12:15 0 d-------- C:\Documents and Settings\Default User\Application Data\Sun 2008-06-04 22:12:09 0 d-------- C:\Program Files\CCleaner 2008-06-04 22:10:11 0 d-------- C:\Documents and Settings\LocalService\Start Menu 2008-06-04 22:10:11 262144 --a------ C:\Documents and Settings\LocalService\ntuser.dat 2008-06-04 22:10:11 0 d-------- C:\Documents and Settings\LocalService\Local Settings 2008-06-04 22:10:11 0 d--hs---- C:\Documents and Settings\LocalService\Cookies 2008-06-04 22:10:11 0 d-------- C:\Documents and Settings\LocalService\Application Data 2008-06-04 22:10:11 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2008-06-04 22:10:03 0 d-------- C:\WINDOWS\system32\XPSViewer 2008-06-04 22:10:03 0 d-------- C:\Program Files\MSBuild 2008-06-04 22:10:01 0 d-------- C:\Program Files\Reference Assemblies 2008-06-04 22:08:37 0 d-------- C:\WINDOWS\system32\URTTemp 2008-06-04 22:08:28 124928 --a------ C:\WINDOWS\system32\prntvpt.dll 2008-06-04 22:07:57 0 -rahs---- C:\MSDOS.SYS 2008-06-04 22:07:57 0 -rahs---- C:\IO.SYS 2008-06-04 22:07:57 0 --a------ C:\CONFIG.SYS 2008-06-04 22:07:57 0 --a------ C:\AUTOEXEC.BAT 2008-06-04 22:07:49 0 d-------- C:\WINDOWS\system32\dllcache 2008-06-04 22:07:14 0 d--hs---- C:\Documents and Settings\All Users\DRM 2008-06-04 22:07:01 0 d--h----- C:\Program Files\WindowsUpdate 2008-06-04 22:06:59 0 d-------- C:\Program Files\Online Services 2008-06-04 22:06:38 0 d---s---- C:\WINDOWS\Tasks 2008-06-04 22:06:37 0 d-------- C:\Program Files\Common Files\MSSoap 2008-06-04 22:06:34 0 d-------- C:\WINDOWS\system32\Macromed 2008-06-04 22:06:34 0 d-------- C:\WINDOWS\srchasst 2008-06-04 22:06:09 0 d-------- C:\WINDOWS\system32\Restore 2008-06-04 22:05:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2008-06-04 22:05:40 0 d-------- C:\WINDOWS\Registration 2008-06-04 22:05:34 0 dr------- C:\WINDOWS\Offline Web Pages 2008-06-04 22:05:34 0 d---s---- C:\WINDOWS\Downloaded Program Files 2008-06-04 22:04:35 498176 --a------ C:\WINDOWS\system32\vLogon.scr 2008-06-04 22:04:35 382976 --a------ C:\WINDOWS\system32\Vista.scr 2008-06-04 22:04:35 117248 --a------ C:\WINDOWS\system32\Ribbons.scr 2008-06-04 22:04:35 117248 --a------ C:\WINDOWS\system32\Mystify.scr 2008-06-04 22:04:34 720412 --a------ C:\WINDOWS\system32\MGB_ScreenSaver.scr 2008-06-04 22:04:34 773120 --a------ C:\WINDOWS\system32\Bubbles.scr 2008-06-04 22:04:34 1263616 --a------ C:\WINDOWS\system32\Aurora.scr 2008-06-04 22:04:33 0 d-------- C:\Program Files\Styler 2008-06-04 22:04:29 7680 --a------ C:\WINDOWS\system32\engine.dll 2008-06-04 22:04:28 8174592 --a------ C:\WINDOWS\system32\Branded.scr 2008-06-04 22:04:27 0 d-------- C:\Program Files\Desktop 2008-06-04 22:04:24 0 d-------- C:\Documents and Settings\Default User\Application Data\WinRAR 2008-06-04 22:04:16 0 d-------- C:\Program Files\LClock 2008-06-04 22:04:15 0 d-------- C:\Program Files\Microsoft PowerToys 2008-06-04 22:04:15 0 d-------- C:\Program Files\HashTab Shell Extension 2008-06-04 22:04:11 946448 --a------ C:\WINDOWS\system32\calc.exe 2008-06-04 22:04:02 0 d-------- C:\Program Files\Windows NT 2008-06-04 22:03:58 0 d-------- C:\WINDOWS\system32\MsDtc 2008-06-04 22:03:56 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2008-06-04 22:51:32 62 --ahs---- C:\Documents and Settings\Dave\Application Data\desktop.ini 2008-05-03 05:46:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe 2008-05-03 05:46:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll 2008-05-03 05:46:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll 2008-05-03 05:46:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll 2008-05-03 05:46:00 1486848 --a------ C:\WINDOWS\system32\nview.dll 2008-05-03 05:46:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe 2008-05-03 05:46:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe 2008-05-03 05:46:00 425984 --a------ C:\WINDOWS\system32\keystone.exe 2008-04-23 15:45:29 28672 --a------ C:\WINDOWS\system32\setupold.exe 2008-04-23 15:45:29 3038 --a------ C:\WINDOWS\system32\presetup.cmd 2008-04-23 15:32:29 140288 --a------ C:\WINDOWS\system32\sfc_os.dll 2008-04-23 15:31:21 16384 --a------ C:\WINDOWS\system32\lcid.exe 2008-04-23 15:31:04 176640 --a------ C:\WINDOWS\system32\taskmgr.exe 2008-04-23 15:29:14 269312 --a------ C:\WINDOWS\upx.exe 2008-04-23 15:29:13 8636 --a------ C:\WINDOWS\modifyPE.exe 2008-04-23 15:29:12 394240 --a------ C:\WINDOWS\system32\HMTCD.dll 2008-04-23 15:29:11 61440 --a------ C:\WINDOWS\system32\CopyToSendTo.dll 2008-04-23 15:29:11 114688 --a------ C:\WINDOWS\system32\cabarc.exe 2008-04-23 15:26:31 200 --a------ C:\WINDOWS\system32\nlite.cmd 2008-04-22 20:03:47 10307584 --a------ C:\WINDOWS\system32\winntbbu.dll 2008-04-19 18:28:42 6147584 --a------ C:\WINDOWS\system32\logonui.exe 2008-03-13 01:54:12 1344512 --a------ C:\WINDOWS\system32\msgina.dll -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{152723CE-5431-4D14-8BDC-A48466BBDA6C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D182C37-A8C8-4488-BA45-F009D3AB5EE6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{343E356E-E529-4C30-87B9-C037DF0C82E3}] 06/06/2008 13:09 372736 --a------ C:\WINDOWS\system32\tuvUKAsR.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{727F7DFD-3E76-4A4D-A3FA-3DA255337EAC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93B92E4A-0DC6-49A8-8E06-E13D5570FD22}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257}] 05/06/2008 07:14 59392 --a------ C:\WINDOWS\system32\khfGxXrO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EAA158F9-918D-4396-AA32-7B9DC3A6765A}] C:\WINDOWS\system32\yayAQhEX.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECD8916E-6760-47CB-BEF4-28C9A2CF8D4E}] C:\WINDOWS\system32\hgGXPfef.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "LClock"="C:\Program Files\LClock\LClock.exe" [19/09/2004 12:27] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [07/09/2006 17:19] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/05/2008 05:46] "nwiz"="nwiz.exe" [03/05/2008 05:46 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray. dll" [03/05/2008 05:46] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [01/11/2007 19:12] "McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [30/11/2007 05:42] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16] "SigmatelSysTrayApp"="sttray.exe" [] "18622588"="C:\WINDOWS\system32\bbcgkums.dll" [] "BM1b511614"="C:\WINDOWS\system32\qpnrlbla.dll " [06/06/2008 13:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 11:42] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/04/2008 10:39] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43] [HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce] "nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N "ShowDeskFix"=regsvr32 /s /n /i:u shell32 C:\Documents and Settings\Dave\Start Menu\Programs\Startup\ Styler.lnk - C:\Documents and Settings\Dave\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [6/4/2008 10:30:54 PM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks] "{BD3C6F7C-6C8D-48F6-AC52-5E4071AEB257}"= C:\WINDOWS\system32\khfGxXrO.dll [05/06/2008 07:14 59392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfGxXrO] khfGxXrO.dll 05/06/2008 07:14 59392 C:\WINDOWS\system32\khfGxXrO.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\tuvUKAsR [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc -- Hosts ----------------------------------------------------------------------- 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 8713 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2008-06-07 17:27:32 ------------ Thanks.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Buffer Overrun detected error!	Tech Ace	Spyware	0	08-12-2008 12:29 PM
BSOD- A driver has overrun a stack-based buffer	Tech Ace	Windows XP	0	07-29-2008 11:48 PM
HijackThis log: Buffer Overrun	Tech Ace	Spyware	0	06-09-2008 12:47 PM
Microsoft visual c++ library buffer overrun	Tech Ace	Spyware	0	05-08-2008 02:39 PM
System32 Buffer overrun and shut down (hijack log included)	Tech Ace	Spyware	0	05-07-2008 10:33 AM

Technology Forum

Random popups, missing DLL and buffer overrun

Random popups, missing DLL and buffer overrun

Similar Threads