 Trojan Hors Backdoor.generic6.wih, AVG finds it straight, sitting on c:\, but comes straight back |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 May 23 2007, 11:02 AM
Post
#1
|
|
|
New Member  Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295  |
cp1334.nls cp1041.nls cp1467.nls was running most your suggestions, but always comes back all several minutes, 15 to 30, zonealarm gets several alerts and I am offline and have to restart, then I can go online again. here my log: Logfile of HijackThis v1.99.1 Scan saved at 6:47:24 PM, on 5/23/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe this board was once able to help me in such a professional way I trust you again. Thank you! Sabine |
 |
 
|
|
May 24 2007, 03:18 AM
Post
#2
|
|
 Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download LSP-Fix Disconnect from the Internet and close all Internet Explorer Windows. Run the program and check the "I know what I'm doing" box. Place all listings of rxfbirh.dll into the remove section by highlighting it and clicking on the button that points to the right. When all instances of this dll are in the remove section press the Finish button. Reboot your computer, then scan again with HijackThis and post back a new log. Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation.   |
|
|
|
|
May 24 2007, 04:44 AM
Post
#3
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(rookie147 @ May 24 2007, 09:18 AM)  Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today. Download LSP-Fix Disconnect from the Internet and close all Internet Explorer Windows. Run the program and check the "I know what I'm doing" box. Place all listings of rxfbirh.dll into the remove section by highlighting it and clicking on the button that points to the right. When all instances of this dll are in the remove section press the Finish button. Reboot your computer, then scan again with HijackThis and post back a new log. Thanks, Charles still have C:\cp1041.nls sitting changing its name. can I find internet exporer to download, I think I have it mixed english and greek... might help as well Logfile of HijackThis v1.99.1 Scan saved at 12:35:49 PM, on 5/24/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Security\SSI\SYSENF~1.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Security\SSI\SYSENF~1.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\cp1041.nls is still sitting there, changing its name. also on this place I have "csb.log" and "RHDSetup.log". maybe they are bad as well? Also I can add that AVG finds the file straight, puts in in the vault, it is gone for some moments from C:\ but just only for some moment, a minute or so. maybe that is a hint. sabine This post has been edited by SabineDiakopi: May 24 2007, 05:58 AM |
|
|
|
|
May 24 2007, 11:58 AM
Post
#4
|
|
|
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Hello Sabine,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. You can download Internet Explorer from here, it's the latest version which is much more secure than it was before. Please download AVG Anti-Spyware to your Desktop. Start the set-up program by double clicking the installer. Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked. Click the Update tab then select Start update; a progress bar will show the updates being installed. Now press the Scanner icon, and click the Settings tab. Click Recommended actions, then set it to Quarantine. Close the program now, we will scan with it later on. Download KillBox from the following link : http://www.bleepingcomputer.com/files/killbox.php Unzip the folder to your desktop. Start Killbox.exe Select the "Delete on Reboot" option. Click on the "All Files" button (!important!),which will then flash green. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C: c:\windows\system32\rxfbirh.dll Open 'file' in the killbox menu on top and choose Paste from clipboard You must use the file menu--pasting by right-clicking the mouse will only enter one file. Then press the button that looks like a red circle with a white X in it. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes". Click OK at any Pending File Rename Operations prompts, let me know if there appear. If you don't get that message, reboot manually. Your computer should reboot now. Please reboot your computer into Safe Mode. This is done by pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Let's clean out your temporary internet files: Close all open windows before we start. Go to Start | Control Panel | Internet Options | General. Click the Delete Cookies button. Next to it, click the Delete Files button. When prompted, place a check in: 'Delete all offline content', click OK If you have Firefox installed, we need to clean out these temporary files as well: Go to Tools | Options. Click Privacy. Press the Clear button located to the right of each option (History, Cookies, Cache). Click OK to finish, before closing it. Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. Now we'll clean other temporary files and your Recycle Bin: Go to Start | Run | type: cleanmgr | OK. Let it scan your system for files to remove. Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked. Press OK to remove them. Launch AVG Anti-Spyware by double clicking the icon on your Desktop. Press the Scanner icon. Then click on the Complete System Scan button. If any infections are found, you will be asked for an action; select Apply all actions. Now press the Reports icon at the top. Choose Save report as and save the text file to your Desktop. Please post this log in your next reply. Run LSPFix again, using my last set of instructions if necessary. Make sure you do this in Safe Mode so you are not connected to the internet. Boot back into Normal Mode. Scan again with HijackThis and post back the log, along with the AVG Antispyware report. FInally, I'd like some more information about cp1041.nls "changing its name" ... Thanks, Charles -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
May 25 2007, 01:50 AM
Post
#5
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(rookie147 @ May 24 2007, 05:58 PM) Hello Sabine, Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. You can download Internet Explorer from here, it's the latest version which is much more secure than it was before. Please download AVG Anti-Spyware to your Desktop. Start the set-up program by double clicking the installer. Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked. Click the Update tab then select Start update; a progress bar will show the updates being installed. Now press the Scanner icon, and click the Settings tab. Click Recommended actions, then set it to Quarantine. Close the program now, we will scan with it later on. Download KillBox from the following link : http://www.bleepingcomputer.com/files/killbox.php Unzip the folder to your desktop. Start Killbox.exe Select the "Delete on Reboot" option. Click on the "All Files" button (!important!),which will then flash green. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C: c:\windows\system32\rxfbirh.dll Open 'file' in the killbox menu on top and choose Paste from clipboard You must use the file menu--pasting by right-clicking the mouse will only enter one file. Then press the button that looks like a red circle with a white X in it. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes". Click OK at any Pending File Rename Operations prompts, let me know if there appear. If you don't get that message, reboot manually. Your computer should reboot now. Please reboot your computer into Safe Mode. This is done by pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Let's clean out your temporary internet files: Close all open windows before we start. Go to Start | Control Panel | Internet Options | General. Click the Delete Cookies button. Next to it, click the Delete Files button. When prompted, place a check in: 'Delete all offline content', click OK If you have Firefox installed, we need to clean out these temporary files as well: Go to Tools | Options. Click Privacy. Press the Clear button located to the right of each option (History, Cookies, Cache). Click OK to finish, before closing it. Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. Now we'll clean other temporary files and your Recycle Bin: Go to Start | Run | type: cleanmgr | OK. Let it scan your system for files to remove. Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked. Press OK to remove them. Launch AVG Anti-Spyware by double clicking the icon on your Desktop. Press the Scanner icon. Then click on the Complete System Scan button. If any infections are found, you will be asked for an action; select Apply all actions. Now press the Reports icon at the top. Choose Save report as and save the text file to your Desktop. Please post this log in your next reply. Run LSPFix again, using my last set of instructions if necessary. Make sure you do this in Safe Mode so you are not connected to the internet. Boot back into Normal Mode. Scan again with HijackThis and post back the log, along with the AVG Antispyware report. FInally, I'd like some more information about cp1041.nls "changing its name" ... Thanks, Charles Hi Charles, I will do that all again now, about the changing name: a weird file sits directly n C:\, the name changes between cp1041.nls, cp1334.nls, cp1467.nls and other, think it was cp1500.nls. AVG always finds it, puts it in the vault, it comes back straight again after 1 minute or so. even after deleting in safe mode. I try all you said now, and will send the outcome. thank you for your interest! sabine |
|
|
|
|
May 25 2007, 01:59 AM
Post
#6
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(SabineDiakopi @ May 25 2007, 07:50 AM) QUOTE(rookie147 @ May 24 2007, 05:58 PM) Hello Sabine, Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible. We are going to boot into Safe Mode later in the fix, and there is no internet access. You can download Internet Explorer from here, it's the latest version which is much more secure than it was before. Please download AVG Anti-Spyware to your Desktop. Start the set-up program by double clicking the installer. Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked. Click the Update tab then select Start update; a progress bar will show the updates being installed. Now press the Scanner icon, and click the Settings tab. Click Recommended actions, then set it to Quarantine. Close the program now, we will scan with it later on. Download KillBox from the following link : http://www.bleepingcomputer.com/files/killbox.php Unzip the folder to your desktop. Start Killbox.exe Select the "Delete on Reboot" option. Click on the "All Files" button (!important!),which will then flash green. Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C: c:\windows\system32\rxfbirh.dll Open 'file' in the killbox menu on top and choose Paste from clipboard You must use the file menu--pasting by right-clicking the mouse will only enter one file. Then press the button that looks like a red circle with a white X in it. Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes". Click OK at any Pending File Rename Operations prompts, let me know if there appear. If you don't get that message, reboot manually. Your computer should reboot now. Please reboot your computer into Safe Mode. This is done by pressing F8 at boot/Windows startup, usually right after the beep. Then select Safe Mode from the list. Make sure you choose the option without Networking Support. Let's clean out your temporary internet files: Close all open windows before we start. Go to Start | Control Panel | Internet Options | General. Click the Delete Cookies button. Next to it, click the Delete Files button. When prompted, place a check in: 'Delete all offline content', click OK If you have Firefox installed, we need to clean out these temporary files as well: Go to Tools | Options. Click Privacy. Press the Clear button located to the right of each option (History, Cookies, Cache). Click OK to finish, before closing it. Alternatively, you can clear all information stored while browsing by clicking Clear All. A confirmation dialog box will be shown before clearing the information. Now we'll clean other temporary files and your Recycle Bin: Go to Start | Run | type: cleanmgr | OK. Let it scan your system for files to remove. Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked. Press OK to remove them. Launch AVG Anti-Spyware by double clicking the icon on your Desktop. Press the Scanner icon. Then click on the Complete System Scan button. If any infections are found, you will be asked for an action; select Apply all actions. Now press the Reports icon at the top. Choose Save report as and save the text file to your Desktop. Please post this log in your next reply. Run LSPFix again, using my last set of instructions if necessary. Make sure you do this in Safe Mode so you are not connected to the internet. Boot back into Normal Mode. Scan again with HijackThis and post back the log, along with the AVG Antispyware report. FInally, I'd like some more information about cp1041.nls "changing its name" ... Thanks, Charles Hi Charles, I will do that all again now, about the changing name: a weird file sits directly n C:\, the name changes between cp1041.nls, cp1334.nls, cp1467.nls and other, think it was cp1500.nls. AVG always finds it, puts it in the vault, it comes back straight again after 1 minute or so. even after deleting in safe mode. I try all you said now, and will send the outcome. thank you for your interest! sabine (starting with explorer download, bad luck, cant validate originality of my system. that should be the smaller problem though, maybe I can deal with this later after the trojan.) |
|
|
|
|
May 25 2007, 03:52 AM
Post
#7
|
|
|
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP?
In the meantime can you continue with the rest of my steps. -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
May 25 2007, 04:53 AM
Post
#8
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(rookie147 @ May 25 2007, 09:52 AM) We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP? In the meantime can you continue with the rest of my steps. oh god! I made it all again exactly as written. I had to deal with another trojan once before and it was quite easy to come to an end. now I have a new pc, but someone used it once for his "nice" sites and straight came up with the trojan. MY NETWORK is gone now, I cannot connect to the internet. the hole connection is gone! I have not set it up by myself and I did not get any windows CD. we are in greece here and we dont easily get english windows cds. now what do I do? the cp1041.nls sits on C:\ still. I cant even save my data, couldnt find a cd-burner program yet, and cant open cd-drive anymore... |
|
|
|
|
May 25 2007, 04:58 AM
Post
#9
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(SabineDiakopi @ May 25 2007, 10:53 AM) QUOTE(rookie147 @ May 25 2007, 09:52 AM) We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP? In the meantime can you continue with the rest of my steps. oh god! I made it all again exactly as written. I had to deal with another trojan once before and it was quite easy to come to an end. now I have a new pc, but someone used it once for his "nice" sites and straight came up with the trojan. MY NETWORK is gone now, I cannot connect to the internet. the hole connection is gone! I have not set it up by myself and I did not get any windows CD. we are in greece here and we dont easily get english windows cds. now what do I do? the cp1041.nls sits on C:\ still. I cant even save my data, couldnt find a cd-burner program yet, and cant open cd-drive anymore... and I cant send any log because I cant see my connections and I just found out that my other pc doesnt take the floppy in... seems all unsolvable. think I will ask the internet cafe guy to do a format c and set up the connections again. data loss though. any other ideas? |
|
|
|
|
May 25 2007, 05:29 AM
Post
#10
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(SabineDiakopi @ May 25 2007, 10:58 AM) QUOTE(SabineDiakopi @ May 25 2007, 10:53 AM) QUOTE(rookie147 @ May 25 2007, 09:52 AM) We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP? In the meantime can you continue with the rest of my steps. oh god! I made it all again exactly as written. I had to deal with another trojan once before and it was quite easy to come to an end. now I have a new pc, but someone used it once for his "nice" sites and straight came up with the trojan. MY NETWORK is gone now, I cannot connect to the internet. the hole connection is gone! I have not set it up by myself and I did not get any windows CD. we are in greece here and we dont easily get english windows cds. now what do I do? the cp1041.nls sits on C:\ still. I cant even save my data, couldnt find a cd-burner program yet, and cant open cd-drive anymore... and I cant send any log because I cant see my connections and I just found out that my other pc doesnt take the floppy in... seems all unsolvable. think I will ask the internet cafe guy to do a format c and set up the connections again. data loss though. any other ideas? ok. CD-drive opens again. but no burner program. would you know a safe download? I am just too afraid now to get problems with my second pc. |
|
|
|
|
May 25 2007, 05:34 AM
Post
#11
|
|
|
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
Double-click the Network Connections icon Right-click the Local Area Connection icon and select Properties. Highlight Internet Protocol (TCP/IP) and click the Properties button. Be sure Obtain DNS server address automatically is selected. OK your way out. Go to Start > Run and type in cmd Click OK. This will open a command prompt. Type or copy and paste the following line in the command window: ipconfig /flushdns Hit Enter Exit the command window Does this sort out your internet? I think we can sort this problem out eventually, if you want to try? This post has been edited by rookie147: May 25 2007, 05:35 AM -------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
May 25 2007, 05:45 AM
Post
#12
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(rookie147 @ May 25 2007, 11:34 AM) Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step . Double-click the Network Connections icon Right-click the Local Area Connection icon and select Properties. Highlight Internet Protocol (TCP/IP) and click the Properties button. Be sure Obtain DNS server address automatically is selected. OK your way out. Go to Start > Run and type in cmd Click OK. This will open a command prompt. Type or copy and paste the following line in the command window: ipconfig /flushdns Hit Enter Exit the command window Does this sort out your internet? I think we can sort this problem out eventually, if you want to try? I would love to try, but you say: *Right-click the Local Area Connection icon and select Properties.* there is no connection anymore. so I shall make a new one? |
|
|
|
|
May 25 2007, 05:46 AM
Post
#13
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
QUOTE(SabineDiakopi @ May 25 2007, 11:45 AM) QUOTE(rookie147 @ May 25 2007, 11:34 AM) Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step . Double-click the Network Connections icon Right-click the Local Area Connection icon and select Properties. Highlight Internet Protocol (TCP/IP) and click the Properties button. Be sure Obtain DNS server address automatically is selected. OK your way out. Go to Start > Run and type in cmd Click OK. This will open a command prompt. Type or copy and paste the following line in the command window: ipconfig /flushdns Hit Enter Exit the command window Does this sort out your internet? I think we can sort this problem out eventually, if you want to try? I would love to try, but you say: *Right-click the Local Area Connection icon and select Properties.* there is no connection anymore. so I shall make a new one? it is a wireless ADSL router |
|
|
|
|
May 25 2007, 07:31 AM
Post
#14
|
|
|
Forum Addict Group: HJT Team Posts: 5,321 Joined: 1-April 06 Member No.: 62,052 |
Yes, please try doing that.
-------------------- If you are pleased with the service I have offered, you may like to consider making a donation. |
|
|
|
|
May 25 2007, 01:32 PM
Post
#15
|
|
|
New Member Group: Members Posts: 13 Joined: 22-May 07 From: Greece Member No.: 132,295 |
what happened after:
lets leave the internet connection out, as I dont know about the network I will leave that point to the specialist who made it to establish it again. back to our trojan - I found some other programs today and send the reports SDFix: Version 1.85 Run by sd - Fri 05/25/2007 - 19:30:05.45 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: kprof ntldr.sys poof ImagePath: \??\C:\WINDOWS\system32\kprof \??\C:\ntldr.sys \??\C:\WINDOWS\system32\poof kprof - Deleted ntldr.sys - Deleted poof - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\SYSTEM32\AA63.T - Deleted C:\WINDOWS\SYSTEM32\AB63.T - Deleted C:\CP1041.NLS - Deleted Removing Temp Files... ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe" "C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\Documents and Settings\sd\My Documents\My Docs\~WRL0003.tmp C:\Documents and Settings\sd\My Documents\My Docs\~WRL3212.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\~WRL2153.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0001.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0002.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0003.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0004.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0228.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0504.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0585.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0588.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0610.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0773.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0778.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0968.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1108.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1114.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1154.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1160.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1195.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1276.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1555.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1570.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1599.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1638.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1645.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2282.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2380.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2655.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2808.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2860.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2997.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3023.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3132.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3379.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3539.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3760.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3975.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-T\~WRL3677.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0001.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0002.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0004.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0937.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\1_Properties\Skopelos\SKO-C\~WRL0004.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL0004.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL1423.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL3525.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL4094.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0003.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0268.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0475.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0993.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL1514.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0094.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0463.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0581.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0792.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0894.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL1047.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL1312.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL1702.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL2032.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL2781.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3325.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3338.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3347.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3495.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3795.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3811.tmp C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL4023.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0003.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0280.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0367.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0390.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0562.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0570.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0740.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0971.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0972.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1040.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1064.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1225.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1298.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1323.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1428.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1485.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1523.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1594.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2119.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2218.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2318.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2635.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2776.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2864.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2875.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3390.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3456.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3512.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3661.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3690.tmp C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3983.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0001.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0295.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0933.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0988.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL1194.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL2575.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL2972.tmp C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL3991.tmp C:\Documents and Settings\sd\My Documents\My Pictures\Pix_Web\SKO-COM-002\~WRL0001.tmp Finished "sd" - 2007-05-25 19:37:09 Service Pack 2 ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\sd\Desktop\" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) "C:\DOCUME~1\sd\Desktop.\internet explorer.lnk" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 )))))))))))))))))))))))))))))))))) 2007-05-25 18:13 <DIR> d-------- C:\Program Files\Ahead 2007-05-25 13:06 191 --a------ C:\Program Files\Settings.dat 2007-05-25 11:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-05-24 19:29 <DIR> d-------- C:\Program Files\Trend Micro 2007-05-24 10:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-05-24 10:25 159,744 --a------ C:\WINDOWS\system32\hasher.dll 2007-05-23 20:42 94,208 --a------ C:\WINDOWS\system32\P2bdao.dll 2007-05-23 20:42 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll 2007-05-23 20:42 77,824 --a------ C:\WINDOWS\system32\msbind.dll 2007-05-23 20:42 65,536 --a------ C:\WINDOWS\system32\ssfm1032.dll 2007-05-23 20:42 65,536 --a------ C:\WINDOWS\system32\P2irdao.dll 2007-05-23 20:42 61,440 --a------ C:\WINDOWS\system32\SSPNG2.DLL 2007-05-23 20:42 539,824 --a------ C:\WINDOWS\system32\TIBase6.DLL 2007-05-23 20:42 53,248 --a------ C:\WINDOWS\system32\P2ctdao.dll 2007-05-23 20:42 510,976 --a------ C:\WINDOWS\system32\msde.dll 2007-05-23 20:42 4,587,577 --a------ C:\WINDOWS\system32\Crpe32.dll 2007-05-23 20:42 368,912 --a------ C:\WINDOWS\system32\vbar332.dll 2007-05-23 20:42 316,344 --a------ C:\WINDOWS\system32\Tdbgpp.DLL 2007-05-23 20:42 286,720 --a------ C:\WINDOWS\system32\P2sodbc.dll 2007-05-23 20:42 242,640 --a------ C:\WINDOWS\system32\Todgub6.DLL 2007-05-23 20:42 180,888 --a------ C:\WINDOWS\system32\TIHolyX6.DLL 2007-05-23 20:42 17,920 --a------ C:\WINDOWS\system32\Implode.dll 2007-05-23 20:42 163,840 --a------ C:\WINDOWS\system32\P2SMON.dll 2007-05-23 20:42 136,704 --a------ C:\WINDOWS\system32\msderun.dll 2007-05-23 20:42 133,296 --a------ C:\WINDOWS\system32\TIShare6.DLL 2007-05-23 20:42 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL 2007-05-23 20:42 1,249,334 --a------ C:\WINDOWS\system32\cxlibw-1-6.dll 2007-05-23 20:42 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll 2007-05-23 20:42 <DIR> d-------- C:\WINDOWS\CRYSTAL 2007-05-23 20:42 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions 2007-05-23 20:41 98,356 --a------ C:\WINDOWS\system32\msjter32.dll 2007-05-23 20:41 965,904 --a------ C:\WINDOWS\system32\msjt3032.dll 2007-05-23 20:41 33,552 --a------ C:\WINDOWS\system32\msjint32.dll 2007-05-23 20:41 262,144 --a------ C:\WINDOWS\uninst.exe 2007-05-23 20:41 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.dll 2007-05-23 20:41 244,496 --a------ C:\WINDOWS\system32\vbar2232.dll 2007-05-23 12:22 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2007-05-23 10:29 <DIR> d-------- C:\DOCUME~1\sd\.housecall6.6 2007-05-23 09:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-05-23 09:48 <DIR> d-------- C:\!KillBox 2007-05-22 20:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-22 10:24 <DIR> d-------- C:\Program Files\Footsteps 2007-05-21 10:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-05-18 11:05 <DIR> d-------- C:\Program Files\Cobian Backup 8 2007-05-17 19:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy 2007-05-15 12:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-05-03 20:19 <DIR> d-------- C:\Program Files\BackUp 2007-04-30 18:33 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-04-30 18:31 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\Google 2007-04-30 18:26 <DIR> d-------- C:\Program Files\Google 2007-04-30 18:25 14,993,976 --a------ C:\Program Files\Google_Earth_AZXV.exe 2007-04-27 18:09 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\Lavasoft 2007-04-27 13:15 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-04-27 13:15 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-27 13:15 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-04-27 13:15 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-04-27 13:15 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-04-27 13:14 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-04-27 13:09 1,156 --a------ C:\WINDOWS\mozver.dat 2007-04-27 13:08 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-27 13:07 6,006,832 --a------ C:\Program Files\Firefox Setup 2.0.0.3.exe 2007-04-27 13:00 953,008 --a------ C:\Program Files\install_flash_player.exe 2007-04-27 12:59 1,126,405 --a------ C:\Program Files\microburner.exe 2007-04-27 12:56 <DIR> d-------- C:\Program Files\WS_FTP 2007-04-27 12:55 1,085,965 --a------ C:\Program Files\ws_ftple.exe 2007-04-27 12:53 523,976 --a------ C:\Program Files\PopUpStopperFree.exe 2007-04-27 12:46 21,822,168 --a------ C:\Program Files\AdbeRdr80_en_US.exe 2007-04-27 12:37 <DIR> d-------- C:\Program Files\No23 Recorder 2007-04-26 20:52 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\Skype 2007-04-26 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype 2007-04-26 20:51 <DIR> d-------- C:\Program Files\Skype 2007-04-26 18:18 <DIR> d-------- C:\Program Files\Security 2007-04-26 18:15 <DIR> d---s---- C:\DOCUME~1\sd\UserData 2007-04-26 14:00 <DIR> d--hs---- C:\RECYCLER 2007-04-26 12:28 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\HP 2007-04-26 12:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP 2007-04-26 12:26 <DIR> d-------- C:\Program Files\Common Files\HP 2007-04-26 12:25 <DIR> d-------- C:\Program Files\Hewlett-Packard 2007-04-26 12:24 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys 2007-04-26 12:24 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys 2007-04-26 12:24 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-04-26 12:23 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll 2007-04-26 12:23 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll 2007-04-26 12:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-04-26 12:21 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-04-26 12:21 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-04-26 12:21 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-04-26 12:21 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-04-26 12:21 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-04-26 12:21 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-04-26 12:21 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-04-26 12:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-04-26 12:19 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-04-26 12:19 <DIR> d-------- C:\Program Files\HP 2007-04-26 12:18 117,128 --a------ C:\WINDOWS\hpoins11.dat 2007-04-26 10:48 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-04-26 10:47 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-04-26 10:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-04-26 10:46 <DIR> d-------- C:\WINDOWS\SHELLNEW 2007-04-26 10:45 <DIR> dr-h----- C:\MSOCache 2007-04-26 01:07 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-04-26 01:06 74,240 --a------ C:\WINDOWS\system32\usbui.dll 2007-04-26 01:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-04-26 01:05 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll 2007-04-26 01:05 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll 2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll 2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll 2007-04-26 01:05 <DIR> dr------- C:\Program Files 2007-04-26 01:05 <DIR> d--hs---- C:\WINDOWS\Installer 2007-04-26 01:05 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines 2007-04-26 01:05 <DIR> d-------- C:\Program Files\Common Files\ODBC 2007-04-26 01:04 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-04-26 01:04 9,008 --a------ C:\WINDOWS\system\VER.DLL 2007-04-26 01:04 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-04-26 01:04 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-04-26 01:04 8,704 --a------ C:\WINDOWS\system32\batt.dll 2007-04-26 01:04 74,752 --a------ C:\WINDOWS\system32\storprop.dll 2007-04-26 01:04 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll 2007-04-26 01:04 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL 2007-04-26 01:04 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE 2007-04-26 01:04 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll 2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL 2007-04-26 01:04 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll 2007-04-26 01:04 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll 2007-04-26 01:04 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll 2007-04-26 01:04 5,120 --a------ C:\WINDOWS\system\SHELL.DLL 2007-04-26 01:04 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL 2007-04-26 01:04 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-04-26 01:04 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL 2007-04-26 01:04 19,200 --a------ C:\WINDOWS\system\TAPI.DLL 2007-04-26 01:04 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll 2007-04-26 01:04 15,360 --a------ C:\WINDOWS\TASKMAN.EXE 2007-04-26 01:04 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-04-26 01:04 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL 2007-04-26 01:04 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys 2007-04-26 01:04 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL 2007-04-26 01:04 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll 2007-04-26 01:04 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents 2007-04-26 01:04 <DIR> d--hs---- C:\System Volume Information 2007-04-26 01:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2 2007-04-26 01:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot 2007-04-26 01:04 <DIR> d-------- C:\Documents and Settings 2007-04-26 00:57 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache 2007-04-26 00:57 <DIR> dr--s---- C:\WINDOWS\Fonts 2007-04-26 00:57 <DIR> dr------- C:\WINDOWS\Web 2007-04-26 00:57 <DIR> d--h----- C:\WINDOWS\inf 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\WinSxS 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\twain_32 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\wins 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\wbem 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\usmt 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\spool 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\ShellExt 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\Setup 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\ras 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\oobe 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\npp 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\mui 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\inetsrv 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\IME 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\icsxml 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\ias 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\export 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\drivers\etc 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\drivers 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\dhcp 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\config 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\3com_dmi 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\3076 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\2052 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1054 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1042 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1041 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1037 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1033 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1031 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1028 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1025 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\security 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Resources 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\repair 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Provisioning 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\PeerNet 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\pchealth 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\mui 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\msapps 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\msagent 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Media 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\ime 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Help 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Driver Cache 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Debug 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Cursors 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Connection Wizard 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Config 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\AppPatch 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\addins 2007-04-26 00:57 <DIR> d-------- C:\WINDOWS 2007-04-26 00:35 135,168 -ra------ C:\WINDOWS\system32\igfxres.dll 2007-04-26 00:35 <DIR> d-------- C:\WINDOWS\system32\Lang 2007-04-26 00:34 85,120 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys 2007-04-26 00:34 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-04-26 00:34 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-04-26 00:34 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-04-26 00:34 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-04-26 00:34 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-04-26 00:34 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-04-26 00:34 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-04-26 00:34 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-04-26 00:34 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-04-26 00:34 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-04-26 00:34 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-04-26 00:34 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-04-26 00:34 <DIR> d-------- C:\WINDOWS\system32\RTCOM 2007-04-26 00:34 <DIR> d-------- C:\WINDOWS\OPTIONS 2007-04-26 00:33 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe 2007-04-26 00:33 86,016 -r------- C:\WINDOWS\SoundMan.exe 2007-04-26 00:33 69,632 -r------- C:\WINDOWS\Alcmtr.exe 2007-04-26 00:33 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-04-26 00:33 499,712 -r------- C:\WINDOWS\RtlExUpd.dll 2007-04-26 00:33 4,225,920 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys 2007-04-26 00:33 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-04-26 00:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2007-04-26 00:33 2,879,488 -r------- C:\WINDOWS\SkyTel.exe 2007-04-26 00:33 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe 2007-04-26 00:33 2,157,568 -r------- C:\WINDOWS\MicCal.exe 2007-04-26 00:33 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe 2007-04-26 00:33 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe 2007-04-26 00:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-04-26 00:33 <DIR> d-------- C:\Program Files\Realtek 2007-04-26 00:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield 2007-04-26 00:33 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\InstallShield 2007-04-26 00:32 98,304 -ra------ C:\WINDOWS\system32\igfxtray.exe 2007-04-26 00:32 94,208 -ra------ C:\WINDOWS\system32\igfxext.exe 2007-04-26 00:32 899,194 -ra------ C:\WINDOWS\system32\ialmdd5.dll 2007-04-26 00:32 86,016 -ra------ C:\WINDOWS\system32\igfxdo.dll 2007-04-26 00:32 77,824 -ra------ C:\WINDOWS\system32\hkcmd.exe 2007-04-26 00:32 73,728 -ra------ C:\WINDOWS\system32\hccutils.dll 2007-04-26 00:32 61,440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4436.dll 2007-04-26 00:32 57,344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll 2007-04-26 00:32 524,288 -ra------ C:\WINDOWS\system32\igldev32.dll 2007-04-26 00:32 49,152 -ra------ C:\WINDOWS\system32\ialmrem.dll 2007-04-26 00:32 450,560 -ra------ C:\WINDOWS\system32\igfxcfg.exe 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\igfxexps.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuITA.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuESP.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuENG.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuELL.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuARB.dll 2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuARA.dll 2007-04-26 00:32 36,990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll 2007-04-26 00:32 214,746 -ra------ C:\WINDOWS\system32\ialmdev5.dll 2007-04-26 00:32 2,310,144 -ra------ C:\WINDOWS\system32\iglicd32.dll 2007-04-26 00:32 159,744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe 2007-04-26 00:32 147,456 -ra------ C:\WINDOWS\system32\igfxpph.dll 2007-04-26 00:32 135,168 -ra------ C:\WINDOWS\system32\igfxdev.dll 2007-04-26 00:32 119,419 -ra------ C:\WINDOWS\system32\ialmdnt5.dll 2007-04-26 00:32 118,784 -ra------ C:\WINDOWS\system32\igfxpers.exe 2007-04-26 00:32 114,688 -ra------ C:\WINDOWS\system32\igfxzoom.exe 2007-04-26 00:32 114,688 -ra------ C:\WINDOWS\system32\ialmudlg.exe 2007-04-26 00:32 1,503,232 -ra------ C:\WINDOWS\system32\igfxress.dll 2007-04-26 00:32 1,353,820 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys 2007-04-26 00:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-04-26 00:30 <DIR> d-------- C:\Program Files\Yahoo! 2007-04-26 00:30 <DIR> d-------- C:\Program Files\Intel 2007-04-26 00:28 4,456,448 --a------ C:\DOCUME~1\sd\NTUSER.DAT 2007-04-26 00:26 761,856 --a------ C:\DOCUME~1\LOCALS~1\NTUSER.DAT 2007-04-26 00:26 <DIR> d-------- C:\WINDOWS\SoftwareDistribution 2007-04-26 00:26 <DIR> d-------- C:\WINDOWS\Prefetch 2007-04-26 00:13 757,760 --a------ C:\DOCUME~1\NETWOR~1\NTUSER.DAT 2007-04-26 00:11 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT 2007-04-26 00:11 0 -rahs---- C:\MSDOS.SYS 2007-04-26 00:11 0 -rahs---- C:\IO.SYS 2007-04-26 00:11 0 --a------ C:\CONFIG.SYS 2007-04-26 00:11 0 --a------ C:\AUTOEXEC.BAT 2007-04-26 00:11 <DIR> d-------- C:\WINDOWS\system32\xircom 2007-04-26 00:11 <DIR> d-------- C:\Program Files\microsoft frontpage 2007-04-26 00:10 112,128 --a------ C:\WINDOWS\system32\mapi32.dll 2007-04-26 00:10 <DIR> dr------- C:\WINDOWS\Offline Web Pages 2007-04-26 00:10 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM 2007-04-26 00:10 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-26 00:09 64,512 --a------ C:\WINDOWS\system32\acctres.dll 2007-04-26 00:09 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll 2007-04-26 00:09 11,264 --a------ C:\WINDOWS\system32\atrace.dll 2007-04-26 00:09 <DIR> d--h----- C:\Program Files\WindowsUpdate 2007-04-26 00:09 <DIR> d-------- C:\WINDOWS\system32\DirectX 2007-04-26 00:08 81,920 --a------ C:\WINDOWS\system32\isign32.dll 2007-04-26 00:08 81,920 --a------ C:\WINDOWS\system32\ils.dll 2007-04-26 00:08 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll 2007-04-26 00:08 73,728 --a------ C:\WINDOWS\system32\icwdial.dll 2007-04-26 00:08 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys 2007-04-26 00:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll 2007-04-26 00:08 69,632 --a------ C:\WINDOWS\system32\msconf.dll 2007-04-26 00:08 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll 2007-04-26 00:08 67,584 --a------ C:\WINDOWS\system32\srclient.dll 2007-04-26 00:08 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll 2007-04-26 00:08 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll 2007-04-26 00:08 48,128 --a------ C:\WINDOWS\system32\inetres.dll 2007-04-26 00:08 45,568 --a------ C:\WINDOWS\system32\safrslv.dll 2007-04-26 00:08 430,592 --a------ C:\WINDOWS\system32\wuapi.dll 2007-04-26 00:08 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll 2007-04-26 00:08 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll 2007-04-26 00:08 382,464 --a------ C:\WINDOWS\system32\qmgr.dll 2007-04-26 00:08 36,864 --a------ C:\WINDOWS\system32\wups.dll 2007-04-26 00:08 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll 2007-04-26 00:08 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe 2007-04-26 00:08 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll 2007-04-26 00:08 29,696 --a------ C:\WINDOWS\system32\safrdm.dll 2007-04-26 00:08 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll 2007-04-26 00:08 274,944 --a------ C:\WINDOWS\system32\mstask.dll 2007-04-26 00:08 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll 2007-04-26 00:08 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll 2007-04-26 00:08 239,104 --a------ C:\WINDOWS\system32\srrstr.dll 2007-04-26 00:08 22,528 --a------ C:\WINDOWS\system32\fltMc.exe 2007-04-26 00:08 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-26 00:08 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll 2007-04-26 00:08 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll 2007-04-26 00:08 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll 2007-04-26 00:08 170,496 --a------ C:\WINDOWS\system32\srsvc.dll 2007-04-26 00:08 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe 2007-04-26 00:08 16,896 --a------ C:\WINDOWS\system32\fltlib.dll 2007-04-26 00:08 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll 2007-04-26 00:08 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys 2007-04-26 00:08 120,320 --a------ C:\WINDOWS\system32\wuweb.dll 2007-04-26 00:08 12,288 --a------ C:\WINDOWS\system32\mstinit.exe 2007-04-26 00:08 112,640 --a------ C:\WINDOWS\system32\wucltui.dll 2007-04-26 00:08 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-04-26 00:08 105,984 --a------ C:\WINDOWS\system32\msoert2.dll 2007-04-26 00:08 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-04-26 00:08 <DIR> d---s---- C:\WINDOWS\Tasks 2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\system32\Restore 2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\system32\Macromed 2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\srchasst 2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\Registration 2007-04-26 00:08 <DIR> d-------- C:\Program Files\Movie Maker 2007-04-26 00:08 <DIR> d-------- C:\Program Files\Common Files\MSSoap 2007-04-26 00:07 9,728 --a------ C:\WINDOWS\system32\reset.exe 2007-04-26 00:07 82,432 --a------ C:\WINDOWS\system32\comrepl.dll 2007-04-26 00:07 80,384 --a------ C:\WINDOWS\system32\charmap.exe 2007-04-26 00:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll 2007-04-26 00:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll 2007-04-26 00:07 56,832 --a------ C:\WINDOWS\system32\sol.exe 2007-04-26 00:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe 2007-04-26 00:07 54,272 --a------ C:\WINDOWS\system32\stclient.dll 2007-04-26 00:07 5,632 --a------ C:\WINDOWS\system32\write.exe 2007-04-26 00:07 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe 2007-04-26 00:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll 2007-04-26 00:07 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll 2007-04-26 00:07 4,096 --a------ C:\WINDOWS\system32\mtxex.dll 2007-04-26 00:07 35,328 --a------ C:\WINDOWS\system32\winchat.exe 2007-04-26 00:07 33,792 --a------ C:\WINDOWS\system32\regini.exe 2007-04-26 00:07 25,600 --a------ C:\WINDOWS\system32\comaddin.dll 2007-04-26 00:07 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll 2007-04-26 00:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll 2007-04-26 00:07 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe 2007-04-26 00:07 20,992 --a------ C:\WINDOWS\system32\msg.exe 2007-04-26 00:07 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll 2007-04-26 00:07 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe 2007-04-26 00:07 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe 2007-04-26 00:07 16,384 --a------ C:\WINDOWS\system32\tskill.exe 2007-04-26 00:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll 2007-04-26 00:07 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe 2007-04-26 00:07 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll 2007-04-26 00:07 15,360 --a------ C:\WINDOWS\system32\logoff.exe 2007-04-26 00:07 147,456 --a------ C:\WINDOWS\system32\comsnap.dll 2007-04-26 00:07 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe 2007-04-26 00:07 14,848 --a------ C:\WINDOWS\system32\tscon.exe 2007-04-26 00:07 14,848 --a------ C:\WINDOWS\system32\shadow.exe 2007-04-26 00:07 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe 2007-04-26 00:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe 2007-04-26 00:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe 2007-04-26 00:07 114,688 --a------ C:\WINDOWS\system32\calc.exe 2007-04-26 00:07 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd 2007-04-26 00:07 <DIR> d-------- C:\Program Files\Online Services 2007-04-26 00:07 <DIR> d-------- C:\Program Files\MSN Gaming Zone 2007-04-26 00:07 <DIR> d-------- C:\Program Files\Messenger 2007-04-26 00:06 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll 2007-04-26 00:06 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll 2007-04-26 00:06 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll 2007-04-26 00:06 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll 2007-04-26 00:06 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll 2007-04-26 00:06 67,072 --a------ C:\WINDOWS\system32\rdshost.exe 2007-04-26 00:06 655,360 --a------ C:\WINDOWS\system32\mstscax.dll 2007-04-26 00:06 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll 2007-04-26 00:06 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe 2007-04-26 00:06 62,464 --a------ C:\WINDOWS\system32\colbact.dll 2007-04-26 00:06 60,416 --a------ C:\WINDOWS\system32\remotepg.dll 2007-04-26 00:06 6,144 --a------ C:\WINDOWS\system32\msdtc.exe 2007-04-26 00:06 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll 2007-04-26 00:06 58,880 --a------ C:\WINDOWS\system32\licwmi.dll 2007-04-26 00:06 56,320 --a------ C:\WINDOWS\system32\servdeps.dll 2007-04-26 00:06 540,160 --a------ C:\WINDOWS\system32\comuid.dll 2007-04-26 00:06 538,624 --a------ C:\WINDOWS\system32\spider.exe 2007-04-26 00:06 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll 2007-04-26 00:06 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe 2007-04-26 00:06 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll 2007-04-26 00:06 407,552 --a------ C:\WINDOWS\system32\mstsc.exe 2007-04-26 00:06 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys 2007-04-26 00:06 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll 2007-04-26 00:06 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll 2007-04-26 00:06 343,040 --a------ C:\WINDOWS\system32\mspaint.exe 2007-04-26 00:06 295,424 --a------ C:\WINDOWS\system32\termsrv.dll 2007-04-26 00:06 229,888 --a------ C:\WINDOWS\system32\catsrv.dll 2007-04-26 00:06 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys 2007-04-26 00:06 20,480 --a------ C:\WINDOWS\system32\qprocess.exe 2007-04-26 00:06 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys 2007-04-26 00:06 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll 2007-04-26 00:06 185,344 --a------ C:\WINDOWS\system32\cmprops.dll 2007-04-26 00:06 183,808 --a------ C:\WINDOWS\system32\accwiz.exe 2007-04-26 00:06 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll 2007-04-26 00:06 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll 2007-04-26 00:06 147,968 --a------ C:\WINDOWS\system32\rdchost.dll 2007-04-26 00:06 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe 2007-04-26 00:06 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys 2007-04-26 00:06 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe 2007-04-26 00:06 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe 2007-04-26 00:06 123,392 --a------ C:\WINDOWS\system32\mplay32.exe 2007-04-26 00:06 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys 2007-04-26 00:06 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll 2007-04-26 00:06 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll 2007-04-26 00:06 11,264 --a------ C:\WINDOWS\system32\icaapi.dll 2007-04-26 00:06 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe 2007-04-26 00:06 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll 2007-04-26 00:06 <DIR> d-------- C:\WINDOWS\system32\MsDtc 2007-04-26 00:06 <DIR> d-------- C:\WINDOWS\system32\Com 2007-04-26 00:06 <DIR> d-------- C:\Program Files\Windows NT (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 08:55] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 08:52] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 08:55] "RTHDCPL"="RTHDCPL.EXE" [] "SkyTel"="SkyTel.EXE" [] "Alcmtr"="ALCMTR.EXE" [] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-30 09:10] "ZoneAlarm Client"="C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" [2007-01-08 14:29] "NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 13:50] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06] *Newly Created Service* -PROCEXP90 ******************************************************************** catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-25 19:40:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ******************************************************************** Completion time: 2007-05-25 19:40:53 C:\ComboFix-quarantined-files.txt ... 2007-05-25 19:40 --- E O F --- CODE 2007-04-30 19:52 767 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\sd\Desktop\Internet Explorer.lnk.vir Folder PATH listing Volume serial number is 38B5-1842 C:\QOOBOX \---Quarantine +---C | \---DOCUME~1 | \---sd | \---Desktop | Internet Explorer.lnk.vir | \---Registry_backups Deckard's System Scanner v20070426.43 Run by sd on 2007-05-25 at 19:56:10 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 3 Restore Point(s) -- 3: 2007-05-25 16:56:14 UTC - RP3 - Deckard's System Scanner Restore Point 2: 2007-05-25 15:13:37 UTC - RP2 - ÅãêáôÜóôáóç Nero - Burning Rom 1: 2007-05-25 09:59:06 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as sd.exe) -------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 7:56:57 PM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Security\SSI\SYSENF~1.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Trend Micro\Tmasy\Tmasy.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\sd\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\sd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Security\SSI\SYSENF~1.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- All drivers whitelisted. -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 SysEnforce - c:\progra~1\security\ssi\sysenf~1.exe -- Files created between 2007-04-25 and 2007-05-25 ----------------------------- 2007-05-25 18:13:50 0 d-------- C:\Program Files\Ahead 2007-05-25 13:06:59 191 --a------ C:\Program Files\Settings.dat 2007-05-25 11:38:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2007-05-25 11:30:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-05-24 19:29:48 0 d-------- C:\Program Files\Trend Micro 2007-05-24 10:44:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-05-24 10:25:12 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library> 2007-05-23 20:42:27 61440 --a------ C:\WINDOWS\system32\SSPNG2.DLL <Not Verified; Infragistics, Inc.; Infragistics SSPng> 2007-05-23 20:42:25 65536 --a------ C:\WINDOWS\system32\ssfm1032.dll <Not Verified; Sheridan Software Systems, Inc; Sheridan Software Systems, Inc> 2007-05-23 20:42:24 1249334 --a------ C:\WINDOWS\system32\cxlibw-1-6.dll <Not Verified; Crystal Decisions; Crystal Enterprise> 2007-05-23 20:42:18 0 d-------- C:\Program Files\Common Files\Crystal Decisions 2007-05-23 20:42:14 286720 --a------ C:\WINDOWS\system32\P2sodbc.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports> 2007-05-23 20:42:14 163840 --a------ C:\WINDOWS\system32\P2SMON.dll <Not Verified; Seagate Software, Inc; Crystal Reports> 2007-05-23 20:42:14 65536 --a------ C:\WINDOWS\system32\P2irdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports> 2007-05-23 20:42:14 53248 --a------ C:\WINDOWS\system32\P2ctdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports> 2007-05-23 20:42:14 94208 --a------ C:\WINDOWS\system32\P2bdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports> 2007-05-23 20:42:14 17920 --a------ C:\WINDOWS\system32\Implode.dll 2007-05-23 20:42:14 0 d-------- C:\WINDOWS\CRYSTAL 2007-05-23 20:42:13 136704 --a------ C:\WINDOWS\system32\msderun.dll <Not Verified; Microsoft Corporation; Microsoft Data Environment Runtime 1.0> 2007-05-23 20:42:13 510976 --a------ C:\WINDOWS\system32\msde.dll <Not Verified; Microsoft Corporation; Microsoft Data Environment 1.0> 2007-05-23 20:42:13 77824 --a------ C:\WINDOWS\system32\msbind.dll <Not Verified; Microsoft Corporation; MSBind Object Library> 2007-05-23 20:42:13 4587577 --a------ C:\WINDOWS\system32\Crpe32.dll <Not Verified; Seagate Software, Inc.; Crystal Reports> 2007-05-23 20:42:12 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications> 2007-05-23 20:42:12 1046288 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet> 2007-05-23 20:42:11 123664 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet> 2007-05-23 20:41:59 244496 --a------ C:\WINDOWS\system32\vbar2232.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications> 2007-05-23 20:41:59 245520 --a------ C:\WINDOWS\system32\MSRD2X32.dll <Not Verified; Microsoft Corporation; Microsoft® Jet> 2007-05-23 20:41:59 98356 --a------ C:\WINDOWS\system32\msjter32.dll <Not Verified; Microsoft Corporation; Microsoft® Jet> 2007-05-23 20:41:59 965904 --a------ C:\WINDOWS\system32\msjt3032.dll <Not Verified; Microsoft Corporation; Microsoft® Jet> 2007-05-23 20:41:59 33552 --a------ C:\WINDOWS\system32\msjint32.dll <Not Verified; Microsoft Corporation; Microsoft® Jet Database Engine> 2007-05-23 20:41:56 262144 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallSHIELD Deinstaller> 2007-05-23 10:29:28 0 d-------- C:\Documents and Settings\sd\.housecall6.6 2007-05-23 09:48:50 0 d-------- C:\!KillBox 2007-05-22 20:43:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-05-22 10:24:55 0 d-------- C:\Program Files\Footsteps 2007-05-18 11:05:23 0 d-------- C:\Program Files\Cobian Backup 8 2007-05-17 19:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-05-17 19:36:43 0 dr-h----- C:\Documents and Settings\sd\Recent 2007-05-17 16:37:37 10 --a------ C:\WINDOWS\393799389 2007-05-17 16:37:33 0 dr-h----- C:\$VAULT$.AVG 2007-05-15 12:53:35 0 d-------- C:\WINDOWS\system32\LogFiles 2007-05-08 12:34:19 0 d-------- C:\Program Files\Common Files\Macromedia 2007-05-08 12:34:13 0 d-------- C:\Program Files\Macromedia 2007-05-03 20:19:33 0 d-------- C:\Program Files\BackUp 2007-04-30 18:33:22 0 d-------- C:\Program Files\Common Files\Skype 2007-04-30 18:31:16 0 d-------- C:\Documents and Settings\sd\Application Data\Google 2007-04-30 18:26:46 0 d-------- C:\Program Files\Google 2007-04-27 18:09:33 0 d-------- C:\Documents and Settings\sd\Application Data\Lavasoft 2007-04-27 13:19:46 0 d-------- C:\Documents and Settings\sd\Application Data\Adobe 2007-04-27 13:15:42 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-04-27 13:15:30 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System> 2007-04-27 13:15:13 0 d-------- C:\WINDOWS\system32\ZoneLabs 2007-04-27 13:14:24 0 d-------- C:\WINDOWS\Internet Logs 2007-04-27 13:09:45 0 d-------- C:\Documents and Settings\sd\Application Data\Macromedia 2007-04-27 13:09:37 1156 --a------ C:\WINDOWS\mozver.dat 2007-04-27 13:08:27 0 --a------ C:\WINDOWS\nsreg.dat 2007-04-27 13:08:23 0 d-------- C:\Documents and Settings\sd\Application Data\Mozilla 2007-04-27 12:59:00 1126405 --a------ C:\Program Files\microburner.exe <Not Verified; SilentNight Network and Security Tool; SilentNight Micro Burner> 2007-04-27 12:56:11 0 d-------- C:\Program Files\WS_FTP 2007-04-27 12:55:31 1085965 --a------ C:\Program Files\ws_ftple.exe <Not Verified; InstallShield Software Corporation; PackageForTheWeb Stub> 2007-04-27 12:53:27 523976 --a------ C:\Program Files\PopUpStopperFree.exe 2007-04-27 12:52:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe 2007-04-27 12:52:41 0 d-------- C:\Program Files\Common Files\Adobe 2007-04-27 12:37:31 0 d-------- C:\Program Files\No23 Recorder 2007-04-26 20:52:23 0 d-------- C:\Documents and Settings\sd\Application Data\Skype 2007-04-26 20:52:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype 2007-04-26 20:51:15 0 d-------- C:\Program Files\Skype 2007-04-26 18:32:18 0 d-------- C:\Documents and Settings\sd\Application Data\AVG7 2007-04-26 18:32:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2007-04-26 18:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-04-26 18:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7 2007-04-26 18:18:47 0 d-------- C:\Program Files\Security 2007-04-26 18:15:28 0 d---s---- C:\Documents and Settings\sd\UserData 2007-04-26 12:28:32 0 d-------- C:\Documents and Settings\sd\Application Data\HP 2007-04-26 12:28:21 0 d-------- C:\Documents and Settings\All Users\Application Data\HP 2007-04-26 12:26:44 0 d-------- C:\Program Files\Common Files\HP 2007-04-26 12:25:04 0 d-------- C:\Program Files\Hewlett-Packard 2007-04-26 12:24:42 0 d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-04-26 12:21:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller> 2007-04-26 12:19:42 0 d-------- C:\Program Files\HP 2007-04-26 12:18:33 117128 --a------ C:\WINDOWS\hpoins11.dat 2007-04-26 10:47:26 0 d-------- C:\Program Files\Microsoft.NET 2007-04-26 10:47:23 0 d-------- C:\Program Files\Microsoft ActiveSync 2007-04-26 10:46:54 0 d-------- C:\WINDOWS\SHELLNEW 2007-04-26 10:45:11 0 dr-h----- C:\MSOCache 2007-04-26 01:05:15 0 d--hs---- C:\WINDOWS\Installer 2007-04-26 01:05:14 0 d-------- C:\Program Files\Common Files\ODBC 2007-04-26 01:05:11 0 d-------- C:\Program Files\Common Files\SpeechEngines 2007-04-26 01:05:10 0 dr------- C:\Program Files 2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\Templates 2007-04-26 01:04:45 0 dr------- C:\Documents and Settings\Default User\Start Menu 2007-04-26 01:04:45 0 dr-h----- C:\Documents and Settings\Default User\SendTo 2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\Recent 2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\PrintHood 2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\NetHood 2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\Default User\My Documents 2007-04-26 01:04:45 0 dr-h----- C:\Documents and Settings\Default User\Local Settings 2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\Default User\Favorites 2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\Default User\Desktop 2007-04-26 01:04:45 0 d---s---- C:\Documents and Settings\Default User\Cookies 2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\All Users\Templates 2007-04-26 01:04:45 0 dr------- C:\Documents and Settings\All Users\Start Menu 2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\All Users\Favorites 2007-04-26 01:04:45 0 dr------- C:\Documents and Settings\All Users\Documents 2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\All Users\Desktop 2007-04-26 01:04:31 0 d-------- C:\WINDOWS\system32\CatRoot2 2007-04-26 01:04:31 0 d-------- C:\WINDOWS\system32\CatRoot 2007-04-26 01:04:26 0 dr-h----- C:\Documents and Settings\Default User\Application Data 2007-04-26 01:04:26 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft 2007-04-26 01:04:26 0 dr-h----- C:\Documents and Settings\All Users\Application Data 2007-04-26 01:04:26 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft 2007-04-26 01:04:04 0 d--hs---- C:\System Volume Information 2007-04-26 01:04:04 0 d-------- C:\Documents and Settings 2007-04-26 00:57:30 0 d-------- C:\WINDOWS 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\WinSxS 2007-04-26 00:57:30 0 dr------- C:\WINDOWS\Web 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\twain_32 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\wins 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\wbem 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\usmt 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\spool 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\ShellExt 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\Setup 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\ras 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\oobe 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\npp 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\mui 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\inetsrv 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\IME 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\icsxml 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\ias 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\export 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\drivers 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\drivers\etc 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\drivers\disdn 2007-04-26 00:57:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\dhcp 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\config 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\3com_dmi 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\3076 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\2052 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1054 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1042 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1041 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1037 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1033 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1031 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1028 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1025 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\security 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Resources 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\repair 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Provisioning 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\PeerNet 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\pchealth 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\mui 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\msapps 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\msagent 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Media 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\java 2007-04-26 00:57:30 0 d--h----- C:\WINDOWS\inf 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\ime 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Help 2007-04-26 00:57:30 0 dr--s---- C:\WINDOWS\Fonts 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Driver Cache 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Debug 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Cursors 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Connection Wizard 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Config 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\AppPatch 2007-04-26 00:57:30 0 d-------- C:\WINDOWS\addins 2007-04-26 00:35:21 0 d-------- C:\WINDOWS\system32\Lang 2007-04-26 00:34:25 49152 -r------- C:\WINDOWS\system32\ChCfg.exe 2007-04-26 00:34:01 0 d-------- C:\WINDOWS\system32\RTCOM 2007-04-26 00:34:00 0 d-------- C:\WINDOWS\OPTIONS 2007-04-26 00:33:52 0 d-------- C:\Documents and Settings\sd\Application Data\InstallShield 2007-04-26 00:33:30 0 d-------- C:\Program Files\Realtek 2007-04-26 00:33:29 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-04-26 00:33:27 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library> 2007-04-26 00:33:21 0 d-------- C:\Program Files\Common Files\InstallShield 2007-04-26 00:30:47 0 d-------- C:\WINDOWS\system32\ReinstallBackups 2007-04-26 00:30:45 0 d-------- C:\Program Files\Intel 2007-04-26 00:30:40 0 d-------- C:\Program Files\Yahoo! 2007-04-26 00:28:55 0 d-------- C:\Documents and Settings\sd\Application Data\Identities 2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\Templates 2007-04-26 00:28:48 0 dr------- C:\Documents and Settings\sd\Start Menu 2007-04-26 00:28:48 0 dr-h----- C:\Documents and Settings\sd\SendTo 2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\PrintHood 2007-04-26 00:28:48 4456448 --a------ C:\Documents and Settings\sd\NTUSER.DAT 2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\NetHood 2007-04-26 00:28:48 0 dr------- C:\Documents and Settings\sd\My Documents 2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\Local Settings 2007-04-26 00:28:48 0 dr------- C:\Documents and Settings\sd\Favorites 2007-04-26 00:28:48 0 d-------- C:\Documents and Settings\sd\Desktop 2007-04-26 00:28:48 0 d---s---- C:\Documents and Settings\sd\Cookies 2007-04-26 00:28:48 0 dr-h----- C:\Documents and Settings\sd\Application Data 2007-04-26 00:26:34 0 d-------- C:\WINDOWS\SoftwareDistribution 2007-04-26 00:26:34 0 d-------- C:\WINDOWS\Prefetch 2007-04-26 00:26:33 0 d---s---- C:\WINDOWS\system32\Microsoft 2007-04-26 00:26:32 761856 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT 2007-04-26 00:26:32 0 d--h----- C:\Documents and Settings\LocalService\Local Settings 2007-04-26 00:26:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies 2007-04-26 00:26:32 0 d-------- C:\Documents and Settings\LocalService\Application Data 2007-04-26 00:26:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft 2007-04-26 00:13:56 757760 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT 2007-04-26 00:13:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings 2007-04-26 00:13:56 0 d---s---- C:\Documents and Settings\NetworkService\Cookies 2007-04-26 00:13:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data 2007-04-26 00:13:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft 2007-04-26 00:11:17 0 d-------- C:\WINDOWS\system32\xircom 2007-04-26 00:11:17 0 d-------- C:\Program Files\microsoft frontpage 2007-04-26 00:11:14 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT 2007-04-26 00:11:07 0 -rahs---- C:\MSDOS.SYS 2007-04-26 00:11:07 0 -rahs---- C:\IO.SYS 2007-04-26 00:11:07 0 --a------ C:\CONFIG.SYS 2007-04-26 00:11:07 0 --a------ C:\AUTOEXEC.BAT 2007-04-26 00:10:12 0 d--hs---- C:\Documents and Settings\All Users\DRM 2007-04-26 00:10:03 0 dr------- C:\WINDOWS\Offline Web Pages 2007-04-26 00:10:03 0 d---s---- C:\WINDOWS\Downloaded Program Files 2007-04-26 00:09:53 0 d--h----- C:\Program Files\WindowsUpdate 2007-04-26 00:09:32 0 d-------- C:\WINDOWS\system32\DirectX 2007-04-26 00:08:57 0 d---s---- C:\WINDOWS\Tasks 2007-04-26 00:08:56 0 d-------- C:\Program Files\Common Files\MSSoap 2007-04-26 00:08:52 0 d-------- C:\WINDOWS\srchasst 2007-04-26 00:08:51 0 d-------- C:\WINDOWS\system32\Macromed 2007-04-26 00:08:43 0 d-------- C:\Program Files\Movie Maker 2007-04-26 00:08:35 0 d-------- C:\WINDOWS\system32\Restore 2007-04-26 00:08:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat 2007-04-26 00:08:01 0 d-------- C:\WINDOWS\Registration 2007-04-26 00:07:35 0 d-------- C:\Program Files\Online Services 2007-04-26 00:07:30 0 d-------- C:\Program Files\Messenger 2007-04-26 00:07:27 0 d-------- C:\Program Files\MSN Gaming Zone 2007-04-26 00:06:46 0 d-------- C:\Program Files\Windows NT 2007-04-26 00:06:43 0 d-------- C:\WINDOWS\system32\MsDtc 2007-04-26 00:06:41 0 d-------- C:\WINDOWS\system32\Com -- Find3M Report --------------------------------------------------------------- 2007-04-26 01:04:45 62 --ahs---- C:\Documents and Settings\sd\Application Data\desktop.ini -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "RTHDCPL"="RTHDCPL.EXE" "SkyTel"="SkyTel.EXE" "Alcmtr"="ALCMTR.EXE" "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "ZoneAlarm Client"="\"C:\\Program Files\\Security\\Zone Labs\\ZoneAlarm\\ZoneAlarm\\zlclient.exe\"" "NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE" "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Logfile of HijackThis v1.99.1 Scan saved at 8:22:11 PM, on 5/25/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Security\SSI\SYSENF~1.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Trend Micro\Tmasy\Tmasy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Security\SSI\SYSENF~1.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe at least in the last half hour or more for the first time the cp1041.nls did not return onto C:\ Sabine
Attached File(s)
|
|
|
|
|
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 11:42 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.