Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Problem: Pop-up @ Startup & When Refreshing Desktop (from Media.top-banners.com)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Wecklt

Wecklt

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 16 September 2006 - 11:15 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:08:56 PM, on 9/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\userinit.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\iohqhfiA.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\COMonAmp\COMonAmp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\windows\start.html
R3 - URLSearchHook: (no name) - _{F7E5AF62-1BA5-4475-F1AC-661332AF31E3} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Metacrawler - {AACBDEE8-0813-4308-8121-94CB60848B2C} - C:\Program Files\MetacrawlerToolbar\insptbar.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [iohqhfiA] C:\WINDOWS\iohqhfiA.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [COM'on Winamp] "C:\Program Files\COMonAmp\COMonAmp.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Metacrawler Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\MetacrawlerToolbar\contextsearch.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00001000-0709-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int22.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158464188671
O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/...lineInstall.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:08 PM

Posted 18 September 2006 - 05:11 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

There really is no way to secure your computer without first patching and updating Windows to close numerous security holes in your current system. Please visit Windows Update and install Service Pack 1.

http://windowsupdate.microsoft.com/

Once you have done that, please post a fresh hijackthis log back here as a reply in this thread and we'll get started fixing your problems.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Wecklt

Wecklt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 September 2006 - 08:47 PM

Thank you for the quick reply.

SP1 installed, here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 6:45:27 PM, on 9/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\COMonAmp\COMonAmp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\windows\start.html
R3 - URLSearchHook: (no name) - _{F7E5AF62-1BA5-4475-F1AC-661332AF31E3} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
O3 - Toolbar: Metacrawler - {AACBDEE8-0813-4308-8121-94CB60848B2C} - C:\Program Files\MetacrawlerToolbar\insptbar.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] "C:\Program Files\IncrediMail\bin\IncMail.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [COM'on Winamp] "C:\Program Files\COMonAmp\COMonAmp.exe"
O8 - Extra context menu item: Metacrawler Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\MetacrawlerToolbar\contextsearch.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158464188671
O16 - DPF: {65E8E2DC-186A-4AAC-9E56-FDC683055A9E} (CNetOnlineInstall Control) - http://www.download.com/html/dl/bug211623/...lineInstall.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:08 PM

Posted 18 September 2006 - 08:53 PM

Please download and install AVG antivirus. Follow the prompts to download and install all updates and then run a complete scan.


===========


Open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
===========


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Wecklt

Wecklt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 September 2006 - 11:07 PM

Hi again. I am not registered in spy sweeper but it found the following:
180search assistant/zango
deskwizz
visfx

I,va manually deleted the two reachable files, but for the two entrys in the registry, i don't know how to do it.

And here is the log:
8:46 PM: Traces Found: 4
8:46 PM: Full Sweep has completed. Elapsed time 00:19:17
8:46 PM: File Sweep Complete, Elapsed Time: 00:13:33
8:42 PM: Warning: Failed to access drive D:
8:40 PM: C:\System Volume Information\_restore{a458c113-2e26-4954-92c6-1ac0b475cb2d}\RP1\A0000129.exe (ID = 99)
8:40 PM: Found Adware: visfx
8:40 PM: C:\Program Files\Internet Explorer\hozyxewi.html (ID = 310472)
8:40 PM: Found Adware: deskwizz
8:32 PM: Starting File Sweep
8:32 PM: Warning: Failed to access drive A:
8:32 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:32 PM: Starting Cookie Sweep
8:32 PM: Registry Sweep Complete, Elapsed Time:00:01:32
8:32 PM: HKLM\software\classes\imside1egate.application.1\ (ID = 711277)
8:32 PM: HKCR\imside1egate.application.1\ (ID = 710985)
8:32 PM: Found Adware: 180search assistant/zango
8:31 PM: Starting Registry Sweep
8:31 PM: Memory Sweep Complete, Elapsed Time: 00:04:01
8:27 PM: Starting Memory Sweep
8:27 PM: Sweep initiated using definitions version 734
8:27 PM: Spy Sweeper 5.0.7.1608 started
8:27 PM: | Start of Session, Monday, September 18, 2006



For combofix:

Rodger-Dee - 06-09-18 20:54:25.87 Service Pack 1
ComboFix 06.09.14 - Running from: C:\Download

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\system32\PPATCH~1
C:\QooBox\Purity\WINDOWS\system32\PPATCH~1\d?xplore.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-18 to 2006-09-18 ))))))))))))))))))))))))))))))))))


2006-09-16 22:07 9,216 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-16 22:07 86,016 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-09-16 22:07 77,824 --a------ C:\WINDOWS\system32\wmpstub.exe
2006-09-16 22:07 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-09-16 22:07 56,832 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-09-16 22:07 446,464 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2006-09-16 22:07 38,912 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-09-16 22:07 316,416 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-09-16 22:07 311,327 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2006-09-16 22:07 296,448 --a------ C:\WINDOWS\system32\wmstream.dll
2006-09-16 22:07 294,912 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-09-16 22:07 264,704 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-09-16 22:07 247,808 --a------ C:\WINDOWS\system32\wow32.dll
2006-09-16 22:07 23,552 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-09-16 22:07 172,664 --a------ C:\WINDOWS\system32\xenroll.dll
2006-09-16 22:07 17,408 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-09-16 22:07 13,312 --a------ C:\WINDOWS\system32\wship6.dll
2006-09-16 22:07 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-09-16 22:07 110,592 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-09-16 22:07 1,998,848 --a------ C:\WINDOWS\system32\wmploc.dll
2006-09-16 22:07 1,404,928 --a------ C:\WINDOWS\system32\wmpui.dll
2006-09-16 22:07 1,220,608 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-09-16 22:06 88,064 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-16 22:06 86,528 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-09-16 22:06 81,920 --a------ C:\WINDOWS\system32\trkwks.dll
2006-09-16 22:06 71,168 --a------ C:\WINDOWS\system32\telnet.exe
2006-09-16 22:06 71,168 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-16 22:06 674,816 --a------ C:\WINDOWS\system32\sxs.dll
2006-09-16 22:06 638,976 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-09-16 22:06 61,952 --a------ C:\WINDOWS\system32\webclnt.dll
2006-09-16 22:06 61,952 --a------ C:\WINDOWS\system32\sti.dll
2006-09-16 22:06 60,416 --a------ C:\WINDOWS\system32\wextract.exe
2006-09-16 22:06 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-09-16 22:06 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2006-09-16 22:06 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-09-16 22:06 48,128 --a------ C:\WINDOWS\system32\winsta.dll
2006-09-16 22:06 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-09-16 22:06 47,616 --a------ C:\WINDOWS\system32\utilman.exe
2006-09-16 22:06 442,398 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-09-16 22:06 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-09-16 22:06 40,960 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-16 22:06 384,000 --a------ C:\WINDOWS\system32\themeui.dll
2006-09-16 22:06 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-09-16 22:06 32,256 --a------ C:\WINDOWS\system32\umandlg.dll
2006-09-16 22:06 316,416 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-09-16 22:06 274,432 --a------ C:\WINDOWS\system32\wmasf.dll
2006-09-16 22:06 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-09-16 22:06 258,048 --a------ C:\WINDOWS\system32\webcheck.dll
2006-09-16 22:06 253,952 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-09-16 22:06 253,952 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-09-16 22:06 251,904 --a------ C:\WINDOWS\system32\strmdll.dll
2006-09-16 22:06 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-09-16 22:06 231,424 --a------ C:\WINDOWS\system32\upnpui.dll
2006-09-16 22:06 22,016 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-09-16 22:06 203,264 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-09-16 22:06 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-16 22:06 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-09-16 22:06 184,320 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-09-16 22:06 171,520 --a------ C:\WINDOWS\system32\winmm.dll
2006-09-16 22:06 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-09-16 22:06 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-09-16 22:06 165,376 --a------ C:\WINDOWS\system32\w32time.dll
2006-09-16 22:06 165,376 --a------ C:\WINDOWS\system32\tapi32.dll
2006-09-16 22:06 164,864 --a------ C:\WINDOWS\system32\upnphost.dll
2006-09-16 22:06 16,384 --a------ C:\WINDOWS\system32\watchdog.sys
2006-09-16 22:06 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-09-16 22:06 130,560 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-09-16 22:06 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-09-16 22:06 128,512 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-09-16 22:06 124,928 --a------ C:\WINDOWS\system32\webvw.dll
2006-09-16 22:06 120,320 --a------ C:\WINDOWS\system32\upnp.dll
2006-09-16 22:06 119,808 --a------ C:\WINDOWS\system32\wiadss.dll
2006-09-16 22:06 117,760 --a------ C:\WINDOWS\system32\stobject.dll
2006-09-16 22:06 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-09-16 22:06 106,496 --a------ C:\WINDOWS\system32\url.dll
2006-09-16 22:06 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-09-16 22:06 1,298,432 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-09-16 22:05 82,944 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-09-16 22:05 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-09-16 22:05 74,240 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-09-16 22:05 71,168 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-09-16 22:05 667,648 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-09-16 22:05 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-09-16 22:05 66,048 --a------ C:\WINDOWS\system32\sigverif.exe
2006-09-16 22:05 63,488 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-16 22:05 62,976 --a------ C:\WINDOWS\system32\shgina.dll
2006-09-16 22:05 60,416 --a------ C:\WINDOWS\system32\shimeng.dll
2006-09-16 22:05 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-09-16 22:05 56,320 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-16 22:05 548,864 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-09-16 22:05 534,016 --a------ C:\WINDOWS\system32\spider.exe
2006-09-16 22:05 530,432 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-09-16 22:05 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-09-16 22:05 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-09-16 22:05 43,008 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-09-16 22:05 423,424 --a------ C:\WINDOWS\system32\riched20.dll
2006-09-16 22:05 420,864 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-09-16 22:05 385,024 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-09-16 22:05 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-09-16 22:05 36,352 --a------ C:\WINDOWS\system32\sens.dll
2006-09-16 22:05 334,848 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-09-16 22:05 33,280 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-09-16 22:05 297,984 --a------ C:\WINDOWS\system32\scesrv.dll
2006-09-16 22:05 27,136 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-09-16 22:05 260,608 --a------ C:\WINDOWS\system32\rpcss.dll
2006-09-16 22:05 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-09-16 22:05 226,304 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-16 22:05 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-09-16 22:05 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-09-16 22:05 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-09-16 22:05 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-09-16 22:05 174,592 --a------ C:\WINDOWS\system32\scecli.dll
2006-09-16 22:05 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-09-16 22:05 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-09-16 22:05 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-09-16 22:05 159,232 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-16 22:05 158,720 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-16 22:05 134,144 --a------ C:\WINDOWS\regedit.exe
2006-09-16 22:05 133,632 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-09-16 22:05 133,120 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-09-16 22:05 12,800 --a------ C:\WINDOWS\system32\runonce.exe
2006-09-16 22:05 116,224 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-09-16 22:05 11,776 --a------ C:\WINDOWS\system32\sigtab.dll
2006-09-16 22:05 1,157,632 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-09-16 22:04 98,304 --a------ C:\WINDOWS\system32\oleprn.dll
2006-09-16 22:04 95,744 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-09-16 22:04 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-09-16 22:04 91,136 --a------ C:\WINDOWS\system32\rastls.dll
2006-09-16 22:04 87,304 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-09-16 22:04 82,944 --a------ C:\WINDOWS\system32\psbase.dll
2006-09-16 22:04 75,912 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-16 22:04 686,080 --a------ C:\WINDOWS\system32\opengl32.dll
2006-09-16 22:04 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-09-16 22:04 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-09-16 22:04 58,880 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-09-16 22:04 57,856 --a------ C:\WINDOWS\system32\raschap.dll
2006-09-16 22:04 53,248 --a------ C:\WINDOWS\system32\packager.exe
2006-09-16 22:04 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-09-16 22:04 504,832 --------- C:\WINDOWS\system32\msftedit.dll
2006-09-16 22:04 49,152 --a------ C:\WINDOWS\system32\npptools.dll
2006-09-16 22:04 48,128 --a------ C:\WINDOWS\system32\reg.exe
2006-09-16 22:04 44,032 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-16 22:04 403,456 --------- C:\WINDOWS\system32\winbrand.dll
2006-09-16 22:04 392,704 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-09-16 22:04 38,400 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-09-16 22:04 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-09-16 22:04 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-09-16 22:04 33,808 --a------ C:\WINDOWS\system32\ntio.sys
2006-09-16 22:04 328,704 --a------ C:\WINDOWS\system32\oakley.dll
2006-09-16 22:04 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-09-16 22:04 3,494,303 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-09-16 22:04 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-09-16 22:04 254,976 --a------ C:\WINDOWS\system32\pdh.dll
2006-09-16 22:04 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-09-16 22:04 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-16 22:04 238,080 --a------ C:\WINDOWS\system32\newdev.dll
2006-09-16 22:04 221,696 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-16 22:04 218,112 --------- C:\WINDOWS\system32\sbe.dll
2006-09-16 22:04 212,480 --a------ C:\WINDOWS\system32\osk.exe
2006-09-16 22:04 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-09-16 22:04 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-09-16 22:04 187,904 --------- C:\WINDOWS\system32\xpsp1res.dll
2006-09-16 22:04 172,032 --------- C:\WINDOWS\system32\mssap.dll
2006-09-16 22:04 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-16 22:04 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-09-16 22:04 165,888 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-09-16 22:04 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-09-16 22:04 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-09-16 22:04 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-09-16 22:04 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-16 22:04 137,216 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-09-16 22:04 135,680 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-16 22:04 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-09-16 22:04 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-09-16 22:04 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-16 22:04 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-09-16 22:04 112,128 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-09-16 22:04 110,080 --------- C:\WINDOWS\system32\sbeio.dll
2006-09-16 22:04 109,568 --a------ C:\WINDOWS\system32\offfilt.dll
2006-09-16 22:04 1,677,312 --------- C:\WINDOWS\system32\wmvcore2.dll
2006-09-16 22:04 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2006-09-16 22:04 1,169,920 --a------ C:\WINDOWS\system32\ole32.dll
2006-09-16 22:03 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2006-09-16 22:03 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-16 22:03 857,600 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-09-16 22:03 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2006-09-16 22:03 81,408 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-16 22:03 699,392 --a------ C:\WINDOWS\system32\msxml2.dll
2006-09-16 22:03 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-09-16 22:03 67,584 --a------ C:\WINDOWS\system32\msctfp.dll
2006-09-16 22:03 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-16 22:03 64,512 --a------ C:\WINDOWS\system32\msiexec.exe
2006-09-16 22:03 598,016 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-16 22:03 584,192 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-09-16 22:03 56,320 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-09-16 22:03 552,991 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-09-16 22:03 512,031 --a------ C:\WINDOWS\system32\msexch40.dll
2006-09-16 22:03 5,120 --a------ C:\WINDOWS\system32\hccoin.dll
2006-09-16 22:03 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-09-16 22:03 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-09-16 22:03 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-09-16 22:03 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-09-16 22:03 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-09-16 22:03 399,360 --a------ C:\WINDOWS\system32\netlogon.dll
2006-09-16 22:03 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-09-16 22:03 388,608 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-16 22:03 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-09-16 22:03 368,710 --a------ C:\WINDOWS\system32\msisam11.dll
2006-09-16 22:03 359,936 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-16 22:03 348,195 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-09-16 22:03 348,191 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-09-16 22:03 344,095 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-09-16 22:03 339,968 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-16 22:03 326,656 --a------ C:\WINDOWS\system32\netsetup.exe
2006-09-16 22:03 323,072 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-09-16 22:03 319,760 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-09-16 22:03 319,519 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-09-16 22:03 305,664 --a------ C:\WINDOWS\system32\msihnd.dll
2006-09-16 22:03 3,584 --------- C:\WINDOWS\system32\dsprpres.dll
2006-09-16 22:03 266,752 --a------ C:\WINDOWS\system32\msctf.dll
2006-09-16 22:03 253,983 --a------ C:\WINDOWS\system32\mstext40.dll
2006-09-16 22:03 250,368 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-16 22:03 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2006-09-16 22:03 241,725 --a------ C:\WINDOWS\system32\msuni11.dll
2006-09-16 22:03 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-09-16 22:03 229,888 --a------ C:\WINDOWS\system32\msieftp.dll
2006-09-16 22:03 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-16 22:03 22,528 --a------ C:\WINDOWS\system32\mslbui.dll
2006-09-16 22:03 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-09-16 22:03 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2006-09-16 22:03 2,086,400 --a------ C:\WINDOWS\system32\msi.dll
2006-09-16 22:03 182,784 --a------ C:\WINDOWS\system32\msutb.dll
2006-09-16 22:03 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2006-09-16 22:03 175,104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-09-16 22:03 174,592 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-09-16 22:03 16,384 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-09-16 22:03 155,648 --------- C:\WINDOWS\system32\encdec.dll
2006-09-16 22:03 154,112 --a------ C:\WINDOWS\system32\netman.dll
2006-09-16 22:03 143,872 --a------ C:\WINDOWS\system32\msimtf.dll
2006-09-16 22:03 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-09-16 22:03 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-09-16 22:03 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-09-16 22:03 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-09-16 22:03 113,664 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-09-16 22:03 105,984 --a------ C:\WINDOWS\system32\netdde.exe
2006-09-16 22:03 10,240 --a------ C:\WINDOWS\system32\msrle32.dll
2006-09-16 22:03 1,622,528 --a------ C:\WINDOWS\system32\netshell.dll
2006-09-16 22:03 1,503,262 --a------ C:\WINDOWS\system32\msjet40.dll
2006-09-16 22:03 1,122,304 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-16 22:02 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-09-16 22:02 57,856 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-16 22:02 504,320 --a------ C:\WINDOWS\system32\logonui.exe
2006-09-16 22:02 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-09-16 22:02 32,256 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-16 22:02 24,576 --a------ C:\WINDOWS\system32\logagent.exe
2006-09-16 22:02 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-09-16 22:02 219,648 --a------ C:\WINDOWS\system32\logon.scr
2006-09-16 22:02 210,944 --a------ C:\WINDOWS\system32\moricons.dll
2006-09-16 22:02 196,096 --a------ C:\WINDOWS\system32\mobsync.dll
2006-09-16 22:02 19,456 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-09-16 22:02 163,840 --a------ C:\WINDOWS\system32\mindex.dll
2006-09-16 22:02 116,736 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-16 22:02 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-09-16 22:02 1,128,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-09-16 22:01 91,648 --a------ C:\WINDOWS\system32\iuctl.dll
2006-09-16 22:01 73,728 --a------ C:\WINDOWS\system32\tlntsess.exe
2006-09-16 22:01 7,168 --a------ C:\WINDOWS\system32\tlntsvrp.dll
2006-09-16 22:01 7,040 --a------ C:\WINDOWS\system32\kd1394.dll
2006-09-16 22:01 67,584 --a------ C:\WINDOWS\system32\tlntsvr.exe
2006-09-16 22:01 60,928 --a------ C:\WINDOWS\system32\ipv6.exe
2006-09-16 22:01 57,856 --a------ C:\WINDOWS\system32\tlntadmn.exe
2006-09-16 22:01 545,792 --a------ C:\WINDOWS\system32\wsecedit.dll
2006-09-16 22:01 51,712 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-09-16 22:01 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-09-16 22:01 435,200 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-09-16 22:01 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-09-16 22:01 318,464 --a------ C:\WINDOWS\system32\ippromon.dll
2006-09-16 22:01 272,896 --a------ C:\WINDOWS\system32\kerberos.dll
2006-09-16 22:01 27,648 --a------ C:\WINDOWS\system32\pidgen.dll
2006-09-16 22:01 231,936 --a------ C:\WINDOWS\system32\tracerpt.exe
2006-09-16 22:01 155,648 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-09-16 22:01 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-09-16 22:01 134,144 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-09-16 22:01 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-09-16 22:01 115,200 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-09-16 22:01 113,664 --a------ C:\WINDOWS\system32\schtasks.exe
2006-09-16 22:01 10,752 --------- C:\WINDOWS\system32\spiisupd.exe
2006-09-16 22:00 9,216 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-16 22:00 89,088 --a------ C:\WINDOWS\system32\mqsec.dll
2006-09-16 22:00 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-09-16 22:00 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-09-16 22:00 67,584 --a------ C:\WINDOWS\system32\fdeploy.dll
2006-09-16 22:00 613,888 --a------ C:\WINDOWS\system32\mqqm.dll
2006-09-16 22:00 59,392 --a------ C:\WINDOWS\system32\iesetup.dll
2006-09-16 22:00 587,776 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-16 22:00 57,344 --a------ C:\WINDOWS\system32\nwwks.dll
2006-09-16 22:00 478,720 --a------ C:\WINDOWS\system32\mqsnap.dll
2006-09-16 22:00 469,504 --a------ C:\WINDOWS\system32\mqutil.dll
2006-09-16 22:00 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-09-16 22:00 36,922 --a------ C:\WINDOWS\system32\imeshare.dll
2006-09-16 22:00 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-09-16 22:00 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-09-16 22:00 29,696 --------- C:\WINDOWS\system32\asr_pfu.exe
2006-09-16 22:00 28,672 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-09-16 22:00 277,504 --a------ C:\WINDOWS\system32\appmgr.dll
2006-09-16 22:00 240,640 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-09-16 22:00 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-09-16 22:00 204,288 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-09-16 22:00 183,296 --a------ C:\WINDOWS\system32\gptext.dll
2006-09-16 22:00 164,864 --a------ C:\WINDOWS\system32\mqrt.dll
2006-09-16 22:00 164,352 --a------ C:\WINDOWS\system32\mqtrig.dll
2006-09-16 22:00 156,672 --a------ C:\WINDOWS\system32\appmgmts.dll
2006-09-16 22:00 14,848 --a------ C:\WINDOWS\system32\mqise.dll
2006-09-16 22:00 130,048 --a------ C:\WINDOWS\system32\mqad.dll
2006-09-16 22:00 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-09-16 22:00 123,904 --a------ C:\WINDOWS\system32\imapi.exe
2006-09-16 22:00 114,176 --a------ C:\WINDOWS\system32\input.dll
2006-09-16 22:00 113,152 --a------ C:\WINDOWS\system32\idq.dll
2006-09-16 22:00 113,152 --a------ C:\WINDOWS\system32\gpresult.exe
2006-09-16 22:00 103,936 --a------ C:\WINDOWS\system32\rsnotify.exe
2006-09-16 22:00 103,936 --a------ C:\WINDOWS\system32\imm32.dll
2006-09-16 22:00 10,752 --a------ C:\WINDOWS\hh.exe
2006-09-16 21:59 98,816 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-16 21:59 9,216 --a------ C:\WINDOWS\system32\dumprep.exe
2006-09-16 21:59 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-09-16 21:59 802,304 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-09-16 21:59 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-09-16 21:59 76,830 --a------ C:\WINDOWS\system32\drmstor.dll
2006-09-16 21:59 76,288 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-09-16 21:59 76,288 --a------ C:\WINDOWS\system32\avifil32.dll
2006-09-16 21:59 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-09-16 21:59 70,656 --a------ C:\WINDOWS\system32\defrag.exe
2006-09-16 21:59 70,144 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-09-16 21:59 66,560 --a------ C:\WINDOWS\system32\faultrep.dll
2006-09-16 21:59 64,512 --a------ C:\WINDOWS\system32\ciodm.dll
2006-09-16 21:59 62,976 --a------ C:\WINDOWS\system32\browselc.dll
2006-09-16 21:59 61,440 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-09-16 21:59 602,112 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-09-16 21:59 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-09-16 21:59 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-09-16 21:59 582,656 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-16 21:59 557,568 --a------ C:\WINDOWS\system32\crypt32.dll
2006-09-16 21:59 55,296 --a------ C:\WINDOWS\system32\digest.dll
2006-09-16 21:59 54,272 --a------ C:\WINDOWS\system32\clusapi.dll
2006-09-16 21:59 53,248 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-09-16 21:59 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-09-16 21:59 49,152 --a------ C:\WINDOWS\system32\eventlog.dll
2006-09-16 21:59 49,152 --a------ C:\WINDOWS\system32\browser.dll
2006-09-16 21:59 489,984 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-09-16 21:59 471,040 --a------ C:\WINDOWS\system32\cryptui.dll
2006-09-16 21:59 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-09-16 21:59 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-09-16 21:59 380,445 --a------ C:\WINDOWS\system32\expsrv.dll
2006-09-16 21:59 35,328 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-09-16 21:59 324,608 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-09-16 21:59 32,768 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-16 21:59 307,712 --a------ C:\WINDOWS\system32\cscui.dll
2006-09-16 21:59 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-09-16 21:59 266,240 --a------ C:\WINDOWS\system32\drmclien.dll
2006-09-16 21:59 263,680 --a------ C:\WINDOWS\system32\duser.dll
2006-09-16 21:59 263,168 --a------ C:\WINDOWS\system32\devmgr.dll
2006-09-16 21:59 25,600 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-09-16 21:59 24,576 --a------ C:\WINDOWS\system32\dbmsvinn.dll
2006-09-16 21:59 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-09-16 21:59 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-09-16 21:59 238,592 --a------ C:\WINDOWS\system32\compatui.dll
2006-09-16 21:59 227,840 --a------ C:\WINDOWS\system32\dsquery.dll
2006-09-16 21:59 225,280 --a------ C:\WINDOWS\system32\es.dll
2006-09-16 21:59 20,480 --a------ C:\WINDOWS\system32\dbmsadsn.dll
2006-09-16 21:59 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-09-16 21:59 19,456 --a------ C:\WINDOWS\system32\ersvc.dll
2006-09-16 21:59 186,880 --a------ C:\WINDOWS\system32\certcli.dll
2006-09-16 21:59 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-09-16 21:59 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-09-16 21:59 178,688 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-09-16 21:59 168,960 --a------ C:\WINDOWS\system32\dinput8.dll
2006-09-16 21:59 165,376 --a------ C:\WINDOWS\system32\els.dll
2006-09-16 21:59 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-09-16 21:59 158,720 --a------ C:\WINDOWS\system32\credui.dll
2006-09-16 21:59 151,552 --a------ C:\WINDOWS\system32\dinput.dll
2006-09-16 21:59 135,680 --a------ C:\WINDOWS\system32\dsprop.dll
2006-09-16 21:59 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-09-16 21:59 124,928 --a------ C:\WINDOWS\system32\dssenh.dll
2006-09-16 21:59 113,152 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-09-16 21:59 103,424 --a------ C:\WINDOWS\system32\dgnet.dll
2006-09-16 21:59 1,172,992 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-16 21:59 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-09-16 21:58 91,648 --a------ C:\WINDOWS\system32\ahui.exe
2006-09-16 21:58 91,136 --a------ C:\WINDOWS\system32\advpack.dll
2006-09-16 21:58 74,810 --a------ C:\WINDOWS\system32\atl.dll
2006-09-16 21:58 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-09-16 21:58 59,392 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-09-16 21:58 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2006-09-16 21:58 41,984 --a------ C:\WINDOWS\system32\alg.exe
2006-09-16 21:58 38,912 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-09-16 21:58 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-09-16 21:58 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-09-16 21:58 162,816 --a------ C:\WINDOWS\system32\adsldp.dll
2006-09-16 21:58 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-09-16 21:58 139,776 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-09-16 21:58 115,712 --a------ C:\WINDOWS\system32\apphelp.dll
2006-09-16 20:38 41,240 --a------ C:\WINDOWS\system32\wups.dll
2006-09-16 20:38 313,344 --a------ C:\WINDOWS\system32\winhttp.dll
2006-09-16 20:38 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-16 20:38 18,200 --a------ C:\WINDOWS\system32\wups2.dll
2006-09-16 20:38 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-16 20:37 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-16 20:37 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-15 23:49 24,576 --a------ C:\WINDOWS\system32\STKIT432.DLL
2006-09-15 19:15 486,864 -r-hs---- C:\WINDOWS\iohqhfiA.exe
2006-09-05 23:37 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-09-05 23:37 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-09-05 23:37 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-09-05 23:37 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-09-05 23:37 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-09-05 23:37 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-09-05 23:37 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-09-05 23:37 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-09-05 23:37 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-09-05 23:37 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-09-05 23:37 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-09-05 23:37 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-09-05 23:37 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-09-05 23:37 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-09-05 23:37 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-09-05 23:37 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-09-05 23:37 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-09-05 23:37 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2006-09-05 23:37 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-09-05 23:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-05 23:37 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-09-05 23:37 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-09-05 23:37 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-09-05 23:37 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-09-05 23:37 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-09-05 23:37 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-09-05 23:37 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-09-05 23:37 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-09-05 23:37 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-09-05 23:37 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-09-05 23:37 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-09-05 23:37 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-09-05 23:37 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-09-05 23:37 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-09-05 23:37 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-09-05 23:37 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-09-05 23:37 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-09-05 23:37 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2006-09-05 23:37 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-09-05 23:37 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-09-05 23:37 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-09-05 23:37 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-09-05 23:37 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-09-05 23:37 173,056 --a------ C:\WINDOWS\system32\qasf.dll
2006-09-05 23:37 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-09-05 23:37 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-09-05 23:37 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-09-05 23:37 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-09-05 23:37 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-09-05 23:37 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-09-05 23:37 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-09-05 23:37 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-09-05 23:37 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-09-05 23:37 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-09-05 23:37 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-09-05 23:37 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-09-05 23:37 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-09-05 23:37 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-09-05 23:37 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-09-05 23:17 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-05 23:17 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-01 11:54 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2006-09-01 11:43 44 --a------ C:\WINDOWS\system32\msssc.dll
2006-08-26 09:38 1,738,496 --a------ C:\WINDOWS\system32\nv4.dll
2006-08-26 09:27 198,424 --a------ C:\WINDOWS\system32\iuengine.dll
2006-08-26 00:43 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-08-26 00:43 0 -rahs---- C:\MSDOS.SYS
2006-08-26 00:43 0 -rahs---- C:\IO.SYS
2006-08-26 00:43 0 --a------ C:\CONFIG.SYS
2006-08-26 00:43 0 --a------ C:\AUTOEXEC.BAT
2006-08-26 00:41 77,824 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-26 00:41 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-26 00:41 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-08-26 00:41 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-26 00:41 47,616 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-26 00:41 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-26 00:41 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-26 00:41 33,280 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-26 00:41 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-26 00:41 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-26 00:41 266,240 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-26 00:41 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-26 00:41 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-08-26 00:41 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-08-26 00:41 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-08-26 00:40 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-08-26 00:40 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-08-26 00:40 489,984 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-26 00:40 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-08-26 00:40 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-08-26 00:40 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-08-26 00:40 179,200 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-26 00:40 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-08-26 00:40 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-08-26 00:40 124,416 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-26 00:39 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-26 00:39 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-08-26 00:39 869,376 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-26 00:39 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-26 00:39 83,968 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-26 00:39 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-08-26 00:39 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-08-26 00:39 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-26 00:39 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-08-26 00:39 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-26 00:39 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-08-26 00:39 56,832 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-26 00:39 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-08-26 00:39 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-26 00:39 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-08-26 00:39 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-26 00:39 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-08-26 00:39 495,616 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-26 00:39 468,480 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-26 00:39 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-08-26 00:39 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-08-26 00:39 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-08-26 00:39 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-08-26 00:39 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-08-26 00:39 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-08-26 00:39 215,040 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-26 00:39 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-08-26 00:39 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-08-26 00:39 18,432 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-26 00:39 174,592 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-26 00:39 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-08-26 00:39 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-08-26 00:39 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-08-26 00:39 16,384 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-26 00:39 151,040 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-08-26 00:39 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-08-26 00:39 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-08-26 00:39 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-08-26 00:39 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-08-26 00:39 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-08-26 00:39 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-08-26 00:39 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-08-26 00:39 129,024 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-26 00:39 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-08-26 00:39 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-08-26 00:39 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-08-26 00:39 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-08-26 00:39 100,864 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-26 00:39 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-08-26 00:39 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-18 20:49 -------- d-------- C:\Program Files\Internet Explorer
2006-09-18 20:10 -------- d-------- C:\Program Files\HijackThis
2006-09-18 20:03 -------- d-------- C:\Program Files\Spyware Doctor
2006-09-18 19:05 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\AVG7
2006-09-18 19:03 -------- d-------- C:\Program Files\Online Services
2006-09-18 18:59 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-18 18:59 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-18 18:59 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-18 18:58 776096 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-18 18:58 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-18 18:58 -------- d-------- C:\Program Files\Grisoft
2006-09-18 18:57 -------- d---s---- C:\Documents and Settings\Rodger-Dee\Application Data\Microsoft
2006-09-18 18:21 126976 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-09-18 18:21 106496 --a------ C:\WINDOWS\system32\igfxext.exe
2006-09-17 20:52 -------- d-------- C:\Program Files\Registry Mechanic
2006-09-17 20:41 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Help
2006-09-16 22:56 -------- d-------- C:\Program Files\MSN Messenger
2006-09-16 22:47 -------- d-------- C:\Program Files\Messenger
2006-09-16 22:30 -------- d-------- C:\Program Files\Movie Maker
2006-09-16 22:29 -------- d-------- C:\Program Files\Windows Media Player
2006-09-16 22:29 -------- d-------- C:\Program Files\NetMeeting
2006-09-16 22:28 -------- d-------- C:\Program Files\Outlook Express
2006-09-16 22:28 -------- d-------- C:\Program Files\Common Files\System
2006-09-16 20:52 -------- d-------- C:\Program Files\Zone Labs
2006-09-16 20:38 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-16 20:24 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-16 19:46 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Lavasoft
2006-09-16 02:33 -------- d-------- C:\Program Files\MetacrawlerToolbar
2006-09-16 02:33 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Infospace
2006-09-16 01:42 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\PC Tools
2006-09-16 01:11 -------- d-------- C:\Program Files\WinRAR
2006-09-16 00:01 -------- d-------- C:\Program Files\Webroot
2006-09-16 00:01 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Webroot
2006-09-15 23:41 -------- d-------- C:\Program Files\Common Files
2006-09-15 23:38 -------- d-------- C:\Program Files\Lavasoft
2006-09-15 19:15 -------- d-------- C:\Program Files\Windows NT
2006-09-15 19:14 32135 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2006-09-06 22:05 -------- d-------- C:\Program Files\Oberon Media
2006-09-06 21:14 -------- d-------- C:\Program Files\Morpheus
2006-09-06 21:14 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Morpheus
2006-09-05 23:18 -------- d-------- C:\Program Files\DivX
2006-09-05 23:01 -------- d-------- C:\Program Files\MorpheusBar
2006-09-05 17:26 -------- d-------- C:\Program Files\LimeWire
2006-09-04 21:30 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Sun
2006-09-04 21:29 -------- d-------- C:\Program Files\Java
2006-09-04 21:27 -------- d-------- C:\Program Files\Common Files\Java
2006-09-04 21:10 -------- d-------- C:\Program Files\Winamp
2006-09-04 15:14 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\AdobeUM
2006-09-04 15:14 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Adobe
2006-09-04 15:13 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-04 15:12 871 --a------ C:\Documents and Settings\Rodger-Dee\Application Data\AdobeDLM.log
2006-09-04 15:12 0 --a------ C:\Documents and Settings\Rodger-Dee\Application Data\dm.ini
2006-09-04 15:12 -------- d-------- C:\Program Files\Adobe
2006-09-04 14:28 -------- d-------- C:\Program Files\Yahoo!
2006-09-04 04:06 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Real
2006-09-04 04:03 -------- d-------- C:\Program Files\Total Video Player
2006-09-04 04:01 -------- d-------- C:\Program Files\Real
2006-09-04 04:01 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-04 04:01 -------- d-------- C:\Program Files\Common Files\Real
2006-09-04 03:09 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Macromedia
2006-09-04 03:08 -------- d-------- C:\Program Files\IncrediMail
2006-09-04 03:04 -------- d-------- C:\Program Files\COMonAmp
2006-09-03 10:45 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-02 09:43 -------- d-------- C:\Program Files\FarStone
2006-08-31 08:50 157184 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2006-08-26 00:50 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-26 00:50 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-08-26 00:50 -------- d-------- C:\Documents and Settings\Rodger-Dee\Application Data\Identities
2006-08-26 00:43 -------- d-------- C:\Program Files\xerox
2006-08-26 00:43 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-26 00:41 -------- d-------- C:\Program Files\Common Files\Services
2006-08-26 00:41 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-26 00:40 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-26 00:40 -------- d-------- C:\Program Files\MSN
2006-08-26 00:40 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-24 11:40 51072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-08-14 17:52 78848 --a------ C:\WINDOWS\system32\nsg21.dll
2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"IncrediMail"="\"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe\" /c"
"COM'on Winamp"="\"C:\\Program Files\\COMonAmp\\COMonAmp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"AVG7_CC"="\"C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe\" /STARTUP"
"MSConfig"="\"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe\" /auto"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Internet Explorer\\hozyxewi.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,a2,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aaeu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\SMBOLS~1\\rundll.exe\" -vt yazb"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Btecctbj]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="d?xplore"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\??pPatch\\d?xplore.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfj73fbc]
"key"="SOFTWARE\\Microsoft\\Wi

#6 Wecklt

Wecklt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 18 September 2006 - 11:12 PM

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfj73fbc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="\"RUNDLL32"
"hkey"="HKLM"
"command"="\"RUNDLL32.EXE\" w010bbc0.dll,n 00473fb80000000a010bbc0"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_e4"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_e4.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iohqhfiA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iohqhfiA"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\iohqhfiA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_e4"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_e4.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mpblock]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mpblock"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmff_e4"
"hkey"="HKLM"
"command"="C:\\\\nwnmff_e4.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\septpop06apsept]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="septpop06apsept"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swdoctor"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys01388334042-]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys01388334042-"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Duce6"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\webHancer Agent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whAgent"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\webHancer Survey Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whSurvey"
"hkey"="HKLM"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job

Completion time: Mon 09/18/2006 20:56:21.31
ComboFix.txt
ComboFix2.txt ---> first shot it found look2me and remove it.


And avg found 4 virus:

Trojan horse generic2.VH
Trojan horse generic2.HR
Trojan horse Colleted.8.BJ
Trojan horse Downloader.Generic2.LGT


Did a restart and the problem Seem's to be gone...
Well Thank you very much! It took me so much time to find out how to get out of this...
I still notice that there are several files still on the computer (if i'm refering to the log, am i right?)
Startupreg\septpop06apsept ?

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:08 PM

Posted 19 September 2006 - 09:53 AM

Let's take care of your desktop first.
  • Click Start -> Control Panel -> Display
  • Go to the Desktop tab and click on the Customize Desktop button.
  • Go to the Web tab
  • Select anything except "My Current Homepage" and then click the Delete button.
===========


Open Notepad, and copy everything in the code box below and paste it into a new notepad file. Change the "Save As Type" to "All Files". Save it as fixme.reg on your Desktop. Make sure there is NO blank line above "REGEDIT4"!

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\webHancer Survey Companion]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\webHancer Agent]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TheMonitor]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\sys01388334042-]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfSideKick 3]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\septpop06apsept]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\newname]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iohqhfiA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Internet Optimizer]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\defender]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\cfj73fbc]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Btecctbj]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Aaeu]
Locate fixme.reg on your Desktop and double-click on it. When it asks if you want to merge with the registry, click YES.


==========



Download KillBox and unzip it to your desktop.

Open Killbox and select the Delete on reboot option.
Copy and paste the following file to the field labeled "Full path of file to delete"


C:\WINDOWS\iohqhfiA.exe


Press the Delete button (the button that looks like a red circle with a white X in it).
A first dialog box will ask if you want to delete the file on reboot, press the YES button.
A second dialog box will ask you if you want to REBOOT now. Press the YES button.

Your computer will reboot.



============



Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Wecklt

Wecklt
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 21 September 2006 - 08:50 PM

Everything above have been done. But i'm not able to get the Panda's activescan working on my computer... I did allow it to install activex the scan never complete.

From now everything seem's to be running good with any issue.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:08 PM

Posted 22 September 2006 - 07:41 AM

Panda has been acting up lately for a few others too, so it's not just you. :thumbsup:

Let's get our second opinion elsewhere.

Please download Bit Defender 8 Free Edition
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.
Also post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:08 PM

Posted 03 October 2006 - 08:56 AM

Unfortunately there has been no response, and this thread will now be closed. :thumbsup:

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users