Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slave Drive Not Seen By Hijackthis?


  • Please log in to reply
15 replies to this topic

#1 Chaeron

Chaeron

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 06 September 2007 - 03:59 PM

Had a system that was badly infected and crashed. Linked up to another OS (WIN2000Pro) as a slave drive and ran antivirus. Nothing found (suspicious). Wanted to do a HJT log on this drive (E:Drive) but only C: results came up when running HJT. I tried looking to direct HJT to run E Drive, but no luck... help please? Below is the result of the attempt just in case there is something on C Drive. Many thanks


Logfile of HijackThis v1.99.1
Scan saved at 1:51:17 PM, on 9/6/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\WINNT\SYSTEM32\kavosojob.exe
C:\WINNT\SYSTEM32\fabolous.exe
C:\WINNT\SYSTEM32\uhoxavak.exe
C:\winnt\system32\wcsntyfb.exe
C:\WINNT\system32\sugyte32.exe
C:\WINNT\system32\xudexoli.exe
C:\WINNT\system32\aqiyutyvo.exe
C:\winnt\system32\muwemafyh.exe
C:\WINNT\system32\uyohuvax.exe
C:\WINNT\system32\xofave.exe
C:\WINNT\system32\windll32.exe
C:\WINNT\system32\DllHost32.exe
C:\WINNT\system32\sugyte32.exe
C:\WINNT\system32\xudexoli.exe
C:\WINNT\system32\aqiyutyvo.exe
C:\WINNT\system32\uyohuvax.exe
C:\WINNT\system32\xofave.exe
C:\WINNT\system32\DllHost32.exe
C:\WINNT\system32\wuauclt.exe
C:\REUTERS\PLUS\Nav.exe
C:\REUTERS\PLUS\CONNSVR.exe
C:\REUTERS\PLUS\DiagServ.exe
C:\REUTERS\PLUS\ListMan.exe
C:\Program Files\Symantec AntiVirus\VPC32.EXE
E:\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [fqfeqajw] C:\WINNT\SYSTEM32\kavosojob.exe
O4 - HKLM\..\Run: [PlanCx] C:\WINNT\SYSTEM32\fabolous.exe
O4 - HKLM\..\Run: [vadseinst] C:\WINNT\SYSTEM32\uhoxavak.exe
O4 - HKLM\..\Run: [fsdsft] C:\winnt\system32\wcsntyfb.exe
O4 - HKLM\..\Run: [sugyte] sugyte32.exe
O4 - HKLM\..\Run: [jidifedig] xudexoli.exe
O4 - HKLM\..\Run: [epixowu] aqiyutyvo.exe
O4 - HKLM\..\Run: [WXcmeinst] C:\winnt\system32\muwemafyh.exe
O4 - HKLM\..\Run: [asejet] uyohuvax.exe
O4 - HKLM\..\Run: [gyvilacir] xofave.exe
O4 - HKLM\..\Run: [windll32] windll32.exe
O4 - HKLM\..\Run: [Windows Download Manager] DllHost32.exe
O4 - HKLM\..\RunServices: [sugyte] sugyte32.exe
O4 - HKLM\..\RunServices: [jidifedig] xudexoli.exe
O4 - HKLM\..\RunServices: [epixowu] aqiyutyvo.exe
O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe
O4 - HKLM\..\RunServices: [gyvilacir] xofave.exe
O4 - HKLM\..\RunServices: [windll32] windll32.exe
O4 - HKLM\..\RunServices: [Windows Download Manager] DllHost32.exe
O4 - HKCU\..\Run: [sugyte] sugyte32.exe
O4 - HKCU\..\Run: [jidifedig] xudexoli.exe
O4 - HKCU\..\Run: [epixowu] aqiyutyvo.exe
O4 - HKCU\..\Run: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [gyvilacir] xofave.exe
O4 - HKCU\..\Run: [Windows Download Manager] DllHost32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 07 September 2007 - 07:24 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Chaeron :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
[b]Note
:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.
Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 07 September 2007 - 11:34 AM

Hi Richie!

Many thanks again. Just a couple little occurances during the process:

When running SDFix, a Registry Editor Box popped up with the message: "Cannot import apps\FIXCU.reg Error accessing the registry"...

Also, when rebooting from SDFix, a Norton Antivirus Notification box popped up, but was blank with a yellow warning triangle and that's it... just thought I'd let you know in case it makes any difference...

Did this do anything for my slave drive (E)? I still see only C Drive results...

Here are the logs:


SDFix: Version 1.102

Run by Marshall Islands on Fri 09/07/2007 at 8:51a

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\~UI14.TMP - Deleted
C:\WINNT\windll32.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINNT
No streams found.

C:\WINNT\system32
No streams found.

C:\WINNT\system32\svchost.exe
No streams found.

C:\WINNT\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:


Finished




ComboFix 07-09-07.4 - "Marshall Islands" 09/07/2007 9:15:36.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.128 [GMT -7:00]
.

((((((((((((((((((((((((( Files Created from 2007-08-07 to 2007-09-07 )))))))))))))))))))))))))))))))
.

2007-09-07 09:14 51,200 --a------ C:\WINNT\NirCmd.exe
2007-09-07 09:14 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_150.dat
2007-09-07 09:09 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_550.dat
2007-09-07 08:49 <DIR> d-------- C:\WINNT\ERUNT
2007-09-07 03:02 <DIR> d-------- C:\WINNT\system32\BITS
2007-09-06 10:54 82,432 --a------ C:\WINNT\system32\msxml4r.dll
2007-09-06 10:54 45,056 --a------ C:\WINNT\system32\msxml4a.dll
2007-09-06 10:54 317,952 --a------ C:\WINNT\system32\Roboex32.dll
2007-09-06 10:54 290,816 --a------ C:\WINNT\system32\WINHTTP5.DLL
2007-09-06 10:54 22,528 --a------ C:\WINNT\system32\PROXYCFG.EXE
2007-09-06 10:54 1,230,336 --a------ C:\WINNT\system32\msxml4.dll
2007-09-06 10:53 344,064 --a------ C:\WINNT\system32\msexch35.dll
2007-09-06 10:53 294,912 --a------ C:\WINNT\system32\msxbse35.dll
2007-09-06 10:53 262,144 --a------ C:\WINNT\system32\msrd2x35.dll
2007-09-06 10:53 250,128 --a------ C:\WINNT\system32\mspdox35.dll
2007-09-06 10:53 168,720 --a------ C:\WINNT\system32\msltus35.dll
2007-09-06 10:53 166,672 --a------ C:\WINNT\system32\mstext35.dll
2007-09-06 10:53 1,238,288 --a------ C:\WINNT\system32\msjt4jlt.dll
2007-09-06 10:53 1,050,896 --a------ C:\WINNT\system32\msjet35.dll
2007-09-06 10:52 44,304 --a------ C:\WINNT\system32\msrpfs35.dll
2007-09-06 10:52 415,504 --a------ C:\WINNT\system32\msrepl35.dll
2007-09-06 10:52 39,424 --a------ C:\WINNT\system32\JETCOMP.exe
2007-09-06 10:52 368,912 --a------ C:\WINNT\system32\VBAR332.DLL
2007-09-06 10:52 252,688 --a------ C:\WINNT\system32\msexcl35.dll
2007-09-06 10:51 24,848 --a------ C:\WINNT\system32\msjter35.dll
2007-09-06 10:51 123,664 --a------ C:\WINNT\system32\msjint35.dll
2007-09-06 10:49 140,814 --a------ C:\WINNT\asn1code.dll
2007-09-06 10:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 10:48 <DIR> d-------- C:\REUTERS
2007-09-06 10:47 <DIR> d-------- C:\NavBackup
2007-09-06 10:47 <DIR> d-------- C:\ETC
2007-09-06 10:45 <DIR> d-------- C:\ReutersUpdate
2007-09-06 10:44 39,796,736 --a------ C:\Temp\Reuters_5[1].09.28.exe
2007-09-06 10:20 <DIR> d-------- C:\Program Files\Bomgar
2007-09-06 08:55 310,944 --a------ C:\WINNT\system32\s3savg4.dll
2007-09-06 08:55 156,200 --a------ C:\WINNT\system32\drivers\s3savg4m.sys
2007-09-06 08:48 <DIR> d-------- C:\WINNT\LMI22.tmp
2007-09-06 08:47 549,720 --a------ C:\WINNT\system32\wuapi.dll
2007-09-06 08:47 43,352 --a------ C:\WINNT\system32\wups2.dll
2007-09-06 08:47 33,624 --a------ C:\WINNT\system32\wups.dll
2007-09-06 08:47 325,976 --a------ C:\WINNT\system32\wucltui.dll
2007-09-06 08:47 203,096 --a------ C:\WINNT\system32\wuweb.dll
2007-09-06 08:47 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2007-09-06 08:47 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2007-09-06 08:21 65,072 --a------ C:\WINNT\system32\drivers\s3sav4m.sys
2007-09-06 08:21 246,256 --a------ C:\WINNT\system32\s3sav4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
12/07/99 12:00p 32528 --a------ C:\WINNT\inf\wbfirdma.sys
02/13/05 08:03a 72192 --a------ C:\DOCUME~1\MARSHA~1\DlHost32.exe
01/17/05 04:59p 271 ---h----- C:\Program Files\desktop.ini
01/17/05 04:59p 21952 ---h----- C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 11:05a C:\WINNT\system32\mobsync.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/10/04 06:02p]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [12/30/04 02:19p]
"RAM Idle Professional"="C:\Program Files\TweakNow PowerPack\RAM_XP.exe" [07/04/04 09:59a]
"fqfeqajw"="C:\WINNT\SYSTEM32\kavosojob.exe" []
"PlanCx"="C:\WINNT\SYSTEM32\fabolous.exe" []
"vadseinst"="C:\WINNT\SYSTEM32\uhoxavak.exe" []
"fsdsft"="C:\winnt\system32\wcsntyfb.exe" []
"sugyte"="sugyte32.exe" []
"jidifedig"="xudexoli.exe" []
"epixowu"="aqiyutyvo.exe" []
"WXcmeinst"="C:\winnt\system32\muwemafyh.exe" []
"asejet"="uyohuvax.exe" []
"gyvilacir"="xofave.exe" []
"windll32"="windll32.exe" []
"Windows Download Manager"="DllHost32.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sugyte"="sugyte32.exe" []
"jidifedig"="xudexoli.exe" []
"epixowu"="aqiyutyvo.exe" []
"asejet"="uyohuvax.exe" []
"gyvilacir"="xofave.exe" []
"Windows Download Manager"="DllHost32.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"sugyte"=sugyte32.exe
"jidifedig"=xudexoli.exe
"epixowu"=aqiyutyvo.exe
"asejet"=uyohuvax.exe
"gyvilacir"=xofave.exe
"windll32"=windll32.exe
"Windows Download Manager"=DllHost32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"epixowu"=aqiyutyvo.exe
"boqamah"=dytevevi.exe
"sugyte"=sugyte32.exe
"Windows Download Manager"=DllHost32.exe

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
R3 S3SAVAGE4;S3SAVAGE4;C:\WINNT\system32\DRIVERS\s3savg4m.sys
S3 S3Inc;S3Inc;C:\WINNT\system32\DRIVERS\s3sav4m.sys

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-07 09:17:09
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
sugyte = sugyte32.exe?????????????????????????????????????????????????????
jidifedig = xudexoli.exe?????????????????????????????????????????????????????
epixowu = aqiyutyvo.exe????????????????????????????????????????????????????
asejet = uyohuvax.exe?????????????????????????????????????????????????????
gyvilacir = xofave.exe???????????????????????????????????????????????????????
Windows Download Manager = DllHost32.exe????????????????????????????????????????????????????
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
sugyte = sugyte32.exe?????????????????????????????????????????????????????
jidifedig = xudexoli.exe?????????????????????????????????????????????????????
epixowu = aqiyutyvo.exe????????????????????????????????????????????????????
asejet = uyohuvax.exe?????????????????????????????????????????????????????
gyvilacir = xofave.exe???????????????????????????????????????????????????????
Windows Download Manager = DllHost32.exe????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
sugyte = sugyte32.exe?????????????????????????????????????????????????????
jidifedig = xudexoli.exe?????????????????????????????????????????????????????
epixowu = aqiyutyvo.exe????????????????????????????????????????????????????
asejet = uyohuvax.exe?????????????????????????????????????????????????????
gyvilacir = xofave.exe???????????????????????????????????????????????????????
Windows Download Manager = DllHost32.exe????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 09/07/2007 9:18:19
C:\ComboFix-quarantined-files.txt ... 09/07/07 09:18a
.
--- E O F ---

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 07 September 2007 - 02:53 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
C:\Documents and Settings\MARSHA~1\DlHost32.exe
C:\Program Files\folder.htt

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fqfeqajw"=-
"PlanCx"=-
"vadseinst"=-
"fsdsft"=-
"sugyte"=-
"jidifedig"=
"epixowu"=
"WXcmeinst"=-
"asejet"=-
"gyvilacir"=-
"windll32"=-
"Windows Download Manager"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sugyte"=-
"jidifedig"=-
"epixowu"=-
"asejet"=-
"gyvilacir"=-
"Windows Download Manager"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"sugyte"=-
"jidifedig"=-
"epixowu"=-
"asejet"=-
"gyvilacir"=-
"windll32"=-
"Windows Download Manager"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"epixowu"=-
"boqamah"=-
"sugyte"=-
"Windows Download Manager"=-

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply along with a new HijackThis log.
Posted Image
Posted Image

#5 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 10 September 2007 - 11:16 AM

Thanks Richie!



ComboFix 07-09-07.4 - "Marshall Islands" 09/10/2007 8:56:15.3 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.150 [GMT -7:00]

FILE::
C:\Documents and Settings\MARSHA~1\DlHost32.exe
C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\_000006_.tmp.dll
C:\WINNT\system32\_000007_.tmp.dll
C:\WINNT\system32\_000008_.tmp.dll
C:\WINNT\system32\_000009_.tmp.dll
C:\WINNT\system32\_000010_.tmp.dll
C:\WINNT\system32\_000011_.tmp.dll
C:\WINNT\system32\_000012_.tmp.dll
C:\WINNT\system32\_000013_.tmp.dll
C:\WINNT\system32\_000035_.tmp.dll


((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.

2007-09-10 09:03 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_36c.dat
2007-09-10 08:55 <DIR> d--h----- C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$
2007-09-10 08:23 <DIR> d-------- C:\WINNT\mui
2007-09-10 08:21 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-07 13:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-09-07 13:24 <DIR> d-------- C:\Program Files\WinZip11.1
2007-09-07 13:20 <DIR> d-------- C:\New Folder
2007-09-07 11:20 <DIR> d-------- C:\DOCUME~1\MARSHA~1\APPLIC~1\Chessmaster Challenge
2007-09-07 11:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-09-07 09:14 51,200 --a------ C:\WINNT\NirCmd.exe
2007-09-07 08:49 <DIR> d-------- C:\WINNT\ERUNT
2007-09-07 03:45 83,728 --------- C:\WINNT\system32\dllcache\srvsvc.dll
2007-09-07 03:02 <DIR> d-------- C:\WINNT\system32\BITS
2007-09-06 10:54 82,432 --a------ C:\WINNT\system32\msxml4r.dll
2007-09-06 10:54 45,056 --a------ C:\WINNT\system32\msxml4a.dll
2007-09-06 10:54 317,952 --a------ C:\WINNT\system32\Roboex32.dll
2007-09-06 10:54 290,816 --a------ C:\WINNT\system32\WINHTTP5.DLL
2007-09-06 10:54 22,528 --a------ C:\WINNT\system32\PROXYCFG.EXE
2007-09-06 10:53 344,064 --a------ C:\WINNT\system32\msexch35.dll
2007-09-06 10:53 294,912 --a------ C:\WINNT\system32\msxbse35.dll
2007-09-06 10:53 262,144 --a------ C:\WINNT\system32\msrd2x35.dll
2007-09-06 10:53 250,128 --a------ C:\WINNT\system32\mspdox35.dll
2007-09-06 10:53 168,720 --a------ C:\WINNT\system32\msltus35.dll
2007-09-06 10:53 166,672 --a------ C:\WINNT\system32\mstext35.dll
2007-09-06 10:53 1,238,288 --a------ C:\WINNT\system32\msjt4jlt.dll
2007-09-06 10:53 1,050,896 --a------ C:\WINNT\system32\msjet35.dll
2007-09-06 10:52 44,304 --a------ C:\WINNT\system32\msrpfs35.dll
2007-09-06 10:52 415,504 --a------ C:\WINNT\system32\msrepl35.dll
2007-09-06 10:52 39,424 --a------ C:\WINNT\system32\JETCOMP.exe
2007-09-06 10:52 368,912 --a------ C:\WINNT\system32\VBAR332.DLL
2007-09-06 10:52 252,688 --a------ C:\WINNT\system32\msexcl35.dll
2007-09-06 10:51 24,848 --a------ C:\WINNT\system32\msjter35.dll
2007-09-06 10:51 123,664 --a------ C:\WINNT\system32\msjint35.dll
2007-09-06 10:49 140,814 --a------ C:\WINNT\asn1code.dll
2007-09-06 10:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 10:48 <DIR> d-------- C:\REUTERS
2007-09-06 10:47 <DIR> d-------- C:\NavBackup
2007-09-06 10:47 <DIR> d-------- C:\ETC
2007-09-06 10:45 <DIR> d-------- C:\ReutersUpdate
2007-09-06 10:44 39,796,736 --a------ C:\Temp\Reuters_5[1].09.28.exe
2007-09-06 10:20 <DIR> d-------- C:\Program Files\Bomgar
2007-09-06 09:32 53,008 --a------ C:\WINNT\system32\dllcache\agentdpv.dll
2007-09-06 09:31 840,976 --------- C:\WINNT\system32\dllcache\mmcndmgr.dll
2007-09-06 08:55 310,944 --a------ C:\WINNT\system32\s3savg4.dll
2007-09-06 08:55 156,200 --a------ C:\WINNT\system32\drivers\s3savg4m.sys
2007-09-06 08:48 <DIR> d-------- C:\WINNT\LMI22.tmp
2007-09-06 08:47 549,720 --a------ C:\WINNT\system32\wuapi.dll
2007-09-06 08:47 43,352 --a------ C:\WINNT\system32\wups2.dll
2007-09-06 08:47 33,624 --a------ C:\WINNT\system32\wups.dll
2007-09-06 08:47 325,976 --a------ C:\WINNT\system32\wucltui.dll
2007-09-06 08:47 203,096 --a------ C:\WINNT\system32\wuweb.dll
2007-09-06 08:47 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2007-09-06 08:47 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2007-09-06 08:21 65,072 --a------ C:\WINNT\system32\drivers\s3sav4m.sys
2007-09-06 08:21 246,256 --a------ C:\WINNT\system32\s3sav4.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
99-12-07 12:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys
07-07-30 19:19 92504 --a------ C:\WINNT\system32\dllcache\cdm.dll
07-07-30 19:19 92504 --a------ C:\WINNT\system32\cdm.dll
07-07-30 19:19 53080 --a------ C:\WINNT\system32\wuauclt.exe
07-07-30 19:19 53080 --a------ C:\WINNT\system32\dllcache\wuauclt.exe
07-07-30 19:19 1712984 --a------ C:\WINNT\system32\wuaueng.dll
07-07-30 19:19 1712984 --a------ C:\WINNT\system32\dllcache\wuaueng.dll
07-06-26 02:57 235280 --a------ C:\WINNT\system32\GDI32.DLL
07-06-26 02:57 235280 --a------ C:\WINNT\system32\dllcache\GDI32.DLL
05-01-17 16:59 271 ---h----- C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot_Fri 09-07-2007_130934.00 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 10,752 2005-04-15 01:08:24 C:\WINNT\hh.exe
------w 13,536 2005-10-13 18:24:56 C:\WINNT\system32\spmsg.dll
----a-w 97,040 2005-09-05 08:18:46 C:\WINNT\system32\clbcatex.dll
----a-w 271,360 2006-12-22 19:28:14 C:\WINNT\system32\mscoree.dll
----a-w 1,690,880 2007-03-05 15:51:50 C:\WINNT\system32\NTOSKRNL.EXE
----a-w 712,976 2007-04-16 12:44:08 C:\WINNT\system32\KERNEL32.DLL
----a-w 54,032 2007-04-16 12:44:08 C:\WINNT\system32\mpr.dll
----a-w 44,032 2006-02-27 20:29:32 C:\WINNT\system32\MSIDENT.DLL
----a-w 1,471,248 2005-09-05 08:18:48 C:\WINNT\system32\comsvcs.dll
----a-w 79,632 2005-11-24 23:54:16 C:\WINNT\system32\fontsub.dll
----a-w 91,136 2006-02-27 20:31:36 C:\WINNT\system32\MSOERT2.DLL
----a-w 229,376 2006-02-27 20:31:40 C:\WINNT\system32\MSOEACCT.DLL
----a-w 36,624 2005-09-05 08:18:46 C:\WINNT\system32\OLECNV32.DLL
----a-w 17,680 2005-09-23 11:03:26 C:\WINNT\system32\linkinfo.dll
----a-w 161,040 2006-06-22 00:47:18 C:\WINNT\system32\rasmans.dll
----a-w 246,814 2006-08-21 16:52:08 C:\WINNT\system32\strmdll.dll
----a-w 22,752 2007-01-05 15:49:42 C:\WINNT\system32\spupdsvc.exe
----a-w 163,600 2005-11-24 23:54:16 C:\WINNT\system32\t2embed.dll
----a-w 147,216 2007-04-25 07:52:16 C:\WINNT\system32\SCHANNEL.DLL
----a-w 143,872 2005-04-21 14:16:56 C:\WINNT\system32\itircl.dll
----a-w 2,854,400 2007-04-05 07:17:40 C:\WINNT\system32\msi.dll
----a-w 98,064 2006-08-17 13:14:38 C:\WINNT\system32\WKSSVC.DLL
----a-w 212,992 2007-01-10 18:09:52 C:\WINNT\system32\odbc32.dll
----a-w 102,672 2006-11-29 16:31:30 C:\WINNT\system32\ODBCCP32.dll
----a-w 53,520 2006-11-29 16:31:30 C:\WINNT\system32\odbcji32.dll
----a-w 513,808 2006-08-16 14:28:16 C:\WINNT\system32\LSASRV.DLL
----a-w 128,000 2005-04-21 14:16:56 C:\WINNT\system32\itss.dll
----a-w 840,976 2006-07-25 05:08:32 C:\WINNT\system32\mmcndmgr.dll
----a-w 61,200 2005-08-22 09:20:40 C:\WINNT\system32\NWWKS.DLL
----a-w 4,734,976 2007-04-30 09:22:16 C:\WINNT\system32\wmp.dll
----a-w 52,496 2006-04-23 08:01:02 C:\WINNT\system32\mtxclu.dll
----a-w 47,376 2005-07-12 04:59:12 C:\WINNT\system32\spoolsv.exe
----a-w 88,848 2005-07-13 07:22:02 C:\WINNT\system32\WIN32SPL.DLL
----a-w 1,227,776 2005-08-30 16:14:00 C:\WINNT\system32\quartz.dll
----a-w 595,728 2005-09-05 08:18:46 C:\WINNT\system32\catsrvut.dll
----a-w 551,184 2005-09-05 08:18:46 C:\WINNT\system32\clbcatq.dll
----a-w 97,552 2005-09-05 08:18:46 C:\WINNT\system32\comrepl.dll
----a-r 1,842,672 2006-03-06 05:07:32 C:\WINNT\system32\dtcsetup.exe
----a-w 242,448 2005-09-05 08:18:46 C:\WINNT\system32\es.dll
----a-w 138,000 2005-07-13 07:22:02 C:\WINNT\system32\faxui.dll
----a-w 726,800 2006-04-23 08:01:02 C:\WINNT\system32\msdtcprx.dll
----a-w 35,600 2005-09-05 08:18:50 C:\WINNT\system32\mtxlegih.dll
----a-w 123,152 2006-04-23 08:01:02 C:\WINNT\system32\mtxoci.dll
----a-w 957,712 2005-09-05 08:18:46 C:\WINNT\system32\OLE32.DLL
----a-w 140,048 2006-09-01 05:49:24 C:\WINNT\system32\NWPROVAU.DLL
----a-w 278,800 2006-11-29 16:31:30 C:\WINNT\system32\odbcjt32.dll
----a-w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\oddbse32.dll
----a-w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\odexl32.dll
----a-w 115,472 2006-10-19 20:32:22 C:\WINNT\system32\OLEDLG.DLL
----a-w 137,488 2006-07-06 11:45:32 C:\WINNT\system32\dnsapi.dll
----a-w 613,648 2006-07-06 18:52:40 C:\WINNT\system32\mmc.exe
----a-w 309,520 2006-08-17 13:14:38 C:\WINNT\system32\NETAPI32.DLL
----a-w 47,616 2006-02-27 20:31:50 C:\WINNT\system32\INETRES.DLL
----a-w 2,532,112 2005-08-30 09:29:42 C:\WINNT\system32\cdosys.dll
----a-w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\odfox32.dll
----a-w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\odpdx32.dll
----a-w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\odtext32.dll
----a-w 631,056 2006-07-11 19:49:36 C:\WINNT\system32\OLEAUT32.DLL
----a-w 72,704 2006-07-21 15:08:54 C:\WINNT\system32\hlink.dll
----a-w 398,608 2005-09-05 08:18:46 C:\WINNT\system32\txfaux.dll
----a-w 208,144 2005-06-15 04:22:48 C:\WINNT\system32\kerberos.dll
----a-w 165,648 2005-09-05 08:18:46 C:\WINNT\system32\catsrv.dll
----a-w 41,744 2005-09-05 08:18:46 C:\WINNT\system32\colbact.dll
----a-w 625,936 2005-09-05 08:18:48 C:\WINNT\system32\comuid.dll
----a-w 96,016 2006-04-23 08:01:02 C:\WINNT\system32\msdtclog.dll
----a-w 1,202,448 2006-04-23 08:01:02 C:\WINNT\system32\msdtctm.dll
----a-w 153,872 2006-04-23 08:01:02 C:\WINNT\system32\msdtcui.dll
----a-w 26,896 2005-09-05 08:18:48 C:\WINNT\system32\mtxdm.dll
----a-w 69,392 2005-09-05 08:18:46 C:\WINNT\system32\olecli32.dll
----a-w 212,240 2005-09-05 08:18:46 C:\WINNT\system32\rpcss.dll
----a-w 71,440 2005-09-05 08:18:50 C:\WINNT\system32\stclient.dll
----a-w 19,216 2006-04-23 08:01:02 C:\WINNT\system32\xolehlp.dll
----a-w 465,864 2006-05-17 18:43:58 C:\WINNT\system32\jscript.dll
----a-w 96,528 2006-07-06 11:45:32 C:\WINNT\system32\dnsrslvr.dll
----a-w 7,440 2006-07-06 11:45:32 C:\WINNT\system32\rasadhlp.dll
----a-w 64,784 2006-09-01 05:49:24 C:\WINNT\system32\NWAPI32.DLL
----a-w 1,120,016 2005-09-23 11:03:26 C:\WINNT\system32\webvw.dll
----a-w 409,088 2005-09-12 04:00:34 C:\WINNT\system32\shlwapi.dll
----a-w 1,713,536 2007-03-05 15:52:06 C:\WINNT\system32\NTKRNLPA.EXE
----a-w 1,119,232 2007-06-07 06:50:04 C:\WINNT\system32\msxml3.dll
----a-w 6,401,024 2006-05-03 06:57:40 C:\WINNT\system32\sp3res.dll
----a-w 596,480 2006-11-06 19:47:54 C:\WINNT\system32\INETCOMM.DLL
----a-w 38,160 2007-03-06 11:17:46 C:\WINNT\system32\mf3216.dll
----a-w 498,742 2006-08-22 11:05:26 C:\WINNT\system32\dxmasf.dll
----a-w 245,520 2007-03-13 09:44:50 C:\WINNT\system32\WINSRV.DLL
----a-w 81,168 2005-07-13 07:22:02 C:\WINNT\system32\spoolss.dll
----a-w 433,664 2006-11-17 13:16:08 C:\WINNT\system32\riched20.dll
----a-w 38,912 2005-04-21 14:16:56 C:\WINNT\system32\hhsetup.dll
----a-w 1,427,728 2006-06-27 08:30:50 C:\WINNT\system32\query.dll
----a-w 248,592 2005-08-05 20:53:02 C:\WINNT\system32\MSIEFTP.DLL
----a-w 2,361,616 2006-03-24 08:54:06 C:\WINNT\system32\SHELL32.DLL
------w 21,264 2006-03-18 22:21:34 C:\WINNT\system32\verclsid.exe
----a-w 89,872 2006-05-19 09:18:24 C:\WINNT\system32\DHCPCSVC.DLL
----a-w 68,368 2006-05-19 09:18:24 C:\WINNT\system32\IPHLPAPI.DLL
----a-w 1,275,392 2007-05-08 22:03:04 C:\WINNT\system32\msxml4.dll
----a-w 437,008 2006-04-13 05:17:08 C:\WINNT\system32\rpcrt4.dll
----a-w 89,328 2004-12-02 13:07:24 C:\WINNT\system32\drivers\mup.sys
----a-w 161,520 2006-09-01 04:57:48 C:\WINNT\system32\drivers\nwrdr.sys
----a-w 238,928 2005-05-03 08:10:44 C:\WINNT\system32\drivers\SRV.SYS
----a-w 415,536 2006-05-31 07:14:16 C:\WINNT\system32\drivers\mrxsmb.sys
----a-w 170,800 2005-07-19 05:42:04 C:\WINNT\system32\drivers\rdbss.sys
----a-w 342,288 2005-09-05 08:18:48 C:\WINNT\system32\Setup\comsetup.dll
------w 89,328 2004-12-02 13:07:24 C:\WINNT\system32\dllcache\mup.sys
----a-w 1,176,064 2006-02-27 20:32:00 C:\WINNT\system32\dllcache\MSOE.DLL
----a-w 93,184 2006-02-27 20:31:58 C:\WINNT\system32\dllcache\OEIMPORT.DLL
----a-w 77,824 2006-02-27 20:31:44 C:\WINNT\system32\dllcache\WABIMP.DLL
----a-w 31,744 2006-02-27 20:32:10 C:\WINNT\system32\dllcache\OEMIGLIB.DLL
------w 140,048 2006-09-01 05:49:24 C:\WINNT\system32\dllcache\nwprovau.dll
----a-w 229,376 2006-02-27 20:31:40 C:\WINNT\system32\dllcache\MSOEACCT.DLL
----a-w 79,632 2005-11-24 23:54:16 C:\WINNT\system32\dllcache\fontsub.dll
----a-w 2,479,616 2006-02-27 20:32:08 C:\WINNT\system32\dllcache\MSOERES.DLL
----a-w 91,136 2006-02-27 20:31:36 C:\WINNT\system32\dllcache\MSOERT2.DLL
----a-w 55,808 2006-02-27 20:32:08 C:\WINNT\system32\dllcache\OEMIG50.EXE
----a-w 56,832 2006-02-27 20:32:04 C:\WINNT\system32\dllcache\MSIMN.EXE
----a-w 596,480 2006-11-06 19:47:54 C:\WINNT\system32\dllcache\INETCOMM.DLL
----a-w 47,616 2006-02-27 20:31:50 C:\WINNT\system32\dllcache\INETRES.DLL
----a-w 465,920 2006-06-05 21:44:14 C:\WINNT\system32\dllcache\WAB32.DLL
------w 165,648 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\catsrv.dll
----a-w 42,496 2006-02-27 20:31:46 C:\WINNT\system32\dllcache\WAB.EXE
----a-w 27,648 2006-02-27 20:31:42 C:\WINNT\system32\dllcache\WABMIG.EXE
------w 170,800 2005-07-19 05:42:04 C:\WINNT\system32\dllcache\rdbss.sys
----a-w 44,032 2006-02-27 20:29:32 C:\WINNT\system32\dllcache\MSIDENT.DLL
----a-w 54,032 2007-04-16 12:44:08 C:\WINNT\system32\dllcache\mpr.dll
------w 68,368 2006-05-19 09:18:24 C:\WINNT\system32\dllcache\iphlpapi.dll
----a-w 7,440 2006-07-06 11:45:32 C:\WINNT\system32\dllcache\rasadhlp.dll
----a-w 208,144 2005-06-15 04:22:48 C:\WINNT\system32\dllcache\kerberos.dll
----a-w 1,714,496 2007-03-05 15:51:50 C:\WINNT\system32\dllcache\NTKRNLMP.EXE
------w 98,064 2006-08-17 13:14:38 C:\WINNT\system32\dllcache\wkssvc.dll
----a-w 1,735,808 2007-03-05 15:52:06 C:\WINNT\system32\dllcache\NTKRPAMP.EXE
------w 327,680 2007-01-10 18:09:50 C:\WINNT\system32\dllcache\msadce.dll
----a-w 30,208 2006-02-27 20:31:48 C:\WINNT\system32\dllcache\WABFIND.DLL
------w 245,520 2007-03-13 09:44:50 C:\WINNT\system32\dllcache\winsrv.dll
------w 4,734,976 2007-04-30 09:22:16 C:\WINNT\system32\dllcache\wmp.dll
------w 2,854,400 2007-04-05 07:17:40 C:\WINNT\system32\dllcache\msi.dll
----a-w 1,120,016 2005-09-23 11:03:26 C:\WINNT\system32\dllcache\webvw.dll
----a-w 69,392 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\olecli32.dll
----a-w 409,088 2005-09-12 04:00:34 C:\WINNT\system32\dllcache\shlwapi.dll
------w 595,728 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\catsrvut.dll
------w 97,040 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\clbcatex.dll
------w 551,184 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\clbcatq.dll
------w 41,744 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\colbact.dll
------w 197,904 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\comadmin.dll
------w 97,552 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\comrepl.dll
------w 342,288 2005-09-05 08:18:48 C:\WINNT\system32\dllcache\comsetup.dll
------w 1,471,248 2005-09-05 08:18:48 C:\WINNT\system32\dllcache\comsvcs.dll
------w 625,936 2005-09-05 08:18:48 C:\WINNT\system32\dllcache\comuid.dll
------w 1,842,672 2006-03-06 05:07:32 C:\WINNT\system32\dllcache\dtcsetup.exe
------w 242,448 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\es.dll
------w 96,016 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\msdtclog.dll
------w 726,800 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\msdtcprx.dll
----a-w 1,202,448 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\msdtctm.dll
------w 155,408 2005-08-30 05:05:22 C:\WINNT\system32\dllcache\mtstocom.exe
------w 52,496 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\mtxclu.dll
------w 26,896 2005-09-05 08:18:48 C:\WINNT\system32\dllcache\mtxdm.dll
----a-w 35,600 2005-09-05 08:18:50 C:\WINNT\system32\dllcache\mtxlegih.dll
------w 123,152 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\mtxoci.dll
------w 957,712 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\OLE32.DLL
------w 36,624 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\olecnv32.dll
------w 712,976 2007-04-16 12:44:08 C:\WINNT\system32\dllcache\kernel32.dll
----a-w 6,401,024 2006-05-03 06:57:40 C:\WINNT\system32\dllcache\sp3res.dll
----a-w 19,216 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\xolehlp.dll
----a-w 115,472 2006-10-19 20:32:22 C:\WINNT\system32\dllcache\oledlg.dll
------w 53,520 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\odbcji32.dll
------w 153,872 2006-04-23 08:01:02 C:\WINNT\system32\dllcache\msdtcui.dll
------w 128,000 2005-04-21 14:16:56 C:\WINNT\system32\dllcache\itss.dll
------w 24,848 2003-10-28 20:44:24 C:\WINNT\system32\dllcache\odbcbcp.dll
------w 613,648 2006-07-06 18:52:40 C:\WINNT\system32\dllcache\mmc.exe
------w 21,264 2006-03-18 22:21:34 C:\WINNT\system32\dllcache\verclsid.exe
------w 212,240 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\rpcss.dll
----a-w 71,440 2005-09-05 08:18:50 C:\WINNT\system32\dllcache\stclient.dll
------w 1,427,728 2006-06-27 08:30:50 C:\WINNT\system32\dllcache\query.dll
----a-w 248,592 2005-08-05 20:53:02 C:\WINNT\system32\dllcache\MSIEFTP.DLL
----a-w 1,227,776 2005-08-30 16:14:00 C:\WINNT\system32\dllcache\quartz.dll
----a-w 242,448 2006-08-23 04:18:40 C:\WINNT\system32\dllcache\agentsvr.exe
------w 2,361,616 2006-03-24 08:54:06 C:\WINNT\system32\dllcache\SHELL32.DLL
------w 89,872 2006-05-19 09:18:24 C:\WINNT\system32\dllcache\dhcpcsvc.dll
------w 96,528 2006-07-06 11:45:32 C:\WINNT\system32\dllcache\dnsrslvr.dll
------w 437,008 2006-04-13 05:17:08 C:\WINNT\system32\dllcache\rpcrt4.dll
----a-w 161,040 2006-06-22 00:47:18 C:\WINNT\system32\dllcache\rasmans.dll
------w 238,928 2005-05-03 08:10:44 C:\WINNT\system32\dllcache\srv.sys
------w 61,200 2005-08-22 09:20:40 C:\WINNT\system32\dllcache\nwwks.dll
----a-w 41,744 2006-08-24 08:07:56 C:\WINNT\system32\dllcache\agentdp2.dll
------w 309,520 2006-08-17 13:14:38 C:\WINNT\system32\dllcache\NETAPI32.DLL
------w 398,608 2005-09-05 08:18:46 C:\WINNT\system32\dllcache\txfaux.dll
------w 137,488 2006-07-06 11:45:32 C:\WINNT\system32\dllcache\dnsapi.dll
----a-w 64,784 2006-09-01 05:49:24 C:\WINNT\system32\dllcache\nwapi32.dll
------w 161,520 2006-09-01 04:57:48 C:\WINNT\system32\dllcache\nwrdr.sys
----a-w 17,680 2005-09-23 11:03:26 C:\WINNT\system32\dllcache\linkinfo.dll
------w 149,776 2005-06-15 04:33:18 C:\WINNT\system32\dllcache\kdcsvc.dll
------w 1,119,232 2007-06-07 06:50:04 C:\WINNT\system32\dllcache\msxml3.dll
----a-w 75,776 2006-02-27 20:31:38 C:\WINNT\system32\dllcache\DIRECTDB.DLL
----a-w 163,600 2005-11-24 23:54:16 C:\WINNT\system32\dllcache\t2embed.dll
------w 2,532,112 2005-08-30 09:29:42 C:\WINNT\system32\dllcache\cdosys.dll
----a-w 465,864 2006-05-17 18:43:58 C:\WINNT\system32\dllcache\jscript.dll
----a-w 38,160 2007-03-06 11:17:46 C:\WINNT\system32\dllcache\mf3216.dll
------w 498,742 2006-08-22 11:05:26 C:\WINNT\system32\dllcache\dxmasf.dll
------w 246,814 2006-08-21 16:52:08 C:\WINNT\system32\dllcache\strmdll.dll
------w 72,704 2006-07-21 15:08:54 C:\WINNT\system32\dllcache\hlink.dll
------w 138,000 2005-07-13 07:22:02 C:\WINNT\system32\dllcache\faxui.dll
------w 81,168 2005-07-13 07:22:02 C:\WINNT\system32\dllcache\spoolss.dll
------w 47,376 2005-07-12 04:59:12 C:\WINNT\system32\dllcache\spoolsv.exe
------w 88,848 2005-07-13 07:22:02 C:\WINNT\system32\dllcache\win32spl.dll
------w 433,664 2006-11-17 13:16:08 C:\WINNT\system32\dllcache\riched20.dll
------w 10,752 2005-04-15 01:08:24 C:\WINNT\system32\dllcache\hh.exe
------w 38,912 2005-04-21 14:16:56 C:\WINNT\system32\dllcache\hhsetup.dll
------w 143,872 2005-04-21 14:16:56 C:\WINNT\system32\dllcache\itircl.dll
------w 415,536 2006-05-31 07:14:16 C:\WINNT\system32\dllcache\mrxsmb.sys
------w 1,713,536 2007-03-05 15:52:06 C:\WINNT\system32\dllcache\ntkrnlpa.exe
------w 1,690,880 2007-03-05 15:51:50 C:\WINNT\system32\dllcache\ntoskrnl.exe
------w 151,824 2006-11-29 16:31:28 C:\WINNT\system32\dllcache\msadco.dll
------w 57,616 2006-11-29 16:31:28 C:\WINNT\system32\dllcache\msadcs.dll
------w 204,800 2007-01-10 18:09:50 C:\WINNT\system32\dllcache\msdaprst.dll
------w 487,424 2007-01-10 18:09:50 C:\WINNT\system32\dllcache\msado15.dll
------w 192,784 2006-11-29 16:31:28 C:\WINNT\system32\dllcache\msdaps.dll
------w 483,328 2007-01-10 18:09:52 C:\WINNT\system32\dllcache\oledb32.dll
----a-w 212,992 2007-01-10 18:09:52 C:\WINNT\system32\dllcache\odbc32.dll
----a-w 102,672 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\ODBCCP32.dll
------w 278,800 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\odbcjt32.dll
------w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\oddbse32.dll
------w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\odexl32.dll
------w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\odfox32.dll
------w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\odpdx32.dll
------w 20,752 2006-11-29 16:31:30 C:\WINNT\system32\dllcache\odtext32.dll
------w 524,560 2003-10-28 20:44:24 C:\WINNT\system32\dllcache\sqlsrv32.dll
------w 172,066 2007-01-10 18:09:52 C:\WINNT\system32\dllcache\msadomd.dll
------w 188,449 2007-01-10 18:09:52 C:\WINNT\system32\dllcache\msadox.dll
------w 94,240 2007-01-10 18:09:52 C:\WINNT\system32\dllcache\msjro.dll
------w 631,056 2006-07-11 19:49:36 C:\WINNT\system32\dllcache\oleaut32.dll
----a-w 6,144 2006-12-22 20:02:36 C:\WINNT\system32\mui\0409\mscorees.dll
----a-w 197,904 2005-09-05 08:18:46 C:\WINNT\system32\Com\comadmin.dll
----a-w 41,744 2006-08-24 08:07:56 C:\WINNT\msagent\agentdp2.dll
----a-w 242,448 2006-08-23 04:18:40 C:\WINNT\msagent\agentsvr.exe
----a-w 53,008 2007-03-09 07:39:18 C:\WINNT\msagent\agentdpv.dll
----a-w 712,976 2007-04-16 12:44:08 C:\WINNT\Driver Cache\i386\kernel32.dll
----a-w 245,520 2007-03-13 09:44:50 C:\WINNT\Driver Cache\i386\winsrv.dll
------w 138,000 2005-07-13 07:22:02 C:\WINNT\Driver Cache\i386\faxui.dll
----a-w 1,714,496 2007-03-05 15:51:50 C:\WINNT\Driver Cache\i386\ntkrnlmp.exe
----a-w 1,713,536 2007-03-05 15:52:06 C:\WINNT\Driver Cache\i386\ntkrnlpa.exe
----a-w 1,735,808 2007-03-05 15:52:06 C:\WINNT\Driver Cache\i386\ntkrpamp.exe
----a-w 1,690,880 2007-03-05 15:51:50 C:\WINNT\Driver Cache\i386\ntoskrnl.exe
----a-r 29,184 2007-09-07 20:27:48 C:\WINNT\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F6617.exe
----a-r 632,320 2007-09-07 20:27:48 C:\WINNT\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}\IconCD95F66110.exe
----a-r 32,768 2007-09-10 15:21:26 C:\WINNT\Installer\{C04E32E0-0416-434D-AFB9-6969D703A9EF}\icon.exe
----a-w 2,514,944 2007-04-14 03:57:28 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 1,265,664 2007-04-14 04:35:46 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 315,392 2007-04-14 03:56:30 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 2,142,208 2007-04-14 03:50:46 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 77,824 2007-04-14 03:58:02 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
----a-w 2,523,136 2007-04-14 03:57:00 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 81,920 2007-04-14 03:57:52 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 32,768 2007-04-14 04:30:52 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 86,016 2007-04-14 03:57:58 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
----a-w 102,400 2007-04-14 03:58:00 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 258,048 2007-04-14 04:30:52 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 1,232,896 2007-04-14 04:35:38 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 73,728 2007-01-15 23:11:26 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
----a-w 282,624 2004-07-15 07:24:30 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_fusion.dll
----a-w 315,392 2004-07-15 07:25:06 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorjit.dll
----a-w 2,138,112 2004-07-15 21:29:02 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorlib.dll
----a-w 77,824 2003-02-21 02:09:18 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorsn.dll
----a-w 2,510,848 2004-07-15 07:26:52 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorsvr.dll
----a-w 2,502,656 2004-07-15 07:28:34 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_mscorwks.dll
----a-w 348,160 2003-02-21 11:42:22 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_msvcr71.dll
----a-w 94,208 2004-07-15 07:34:50 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_PerfCounter.dll
----a-w 81,920 2004-07-15 07:32:22 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_CORPerfMonExt.dll
----a-w 258,048 2004-07-15 08:49:16 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\SHADOW960\_aspnet_isapi.dll
----a-w 1,265,664 2007-09-10 15:32:00 C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
----a-w 1,232,896 2007-09-10 15:32:06 C:\WINNT\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
----a-w 61,440 2007-09-10 15:33:46 C:\WINNT\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_faecd0e3\CustomMarshalers.dll
----a-w 118,784 2007-09-10 15:39:04 C:\WINNT\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_1ab649f0\CustomMarshalers.dll
----a-w 3,391,488 2007-09-10 15:37:32 C:\WINNT\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2e76aa6e\mscorlib.dll
----a-w 8,908,800 2007-09-10 15:46:32 C:\WINNT\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b59a4215\mscorlib.dll
----a-w 1,470,464 2007-09-10 15:36:16 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_abba10d8\System.Design.dll
----a-w 3,395,584 2007-09-10 15:43:52 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_3483eaae\System.Design.dll
----a-w 1,966,080 2007-09-10 15:33:24 C:\WINNT\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_feeef5c2\System.dll
----a-w 4,788,224 2007-09-10 15:38:42 C:\WINNT\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c2546378\System.dll
----a-w 90,112 2007-09-10 15:33:56 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9cc9a6fc\System.Drawing.Design.dll
----a-w 192,512 2007-09-10 15:39:08 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_fb769f9e\System.Drawing.Design.dll
----a-w 835,584 2007-09-10 15:36:46 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_cbedd51f\System.Drawing.dll
----a-w 2,244,608 2007-09-10 15:44:10 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_6d1b59ad\System.Drawing.dll
----a-w 3,018,752 2007-09-10 15:34:32 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_3be33f61\System.Windows.Forms.dll
----a-w 7,884,800 2007-09-10 15:41:04 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_c8009e8b\System.Windows.Forms.dll
----a-w 2,088,960 2007-09-10 15:35:34 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_aff53f0b\System.Xml.dll
----a-w 5,513,216 2007-09-10 15:42:46 C:\WINNT\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b4ee026f\System.Xml.dll
------w 1,427,216 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB920685$\query.dll
------w 371,424 2006-06-28 02:32:26 C:\WINNT\$NtUninstallKB920685$\spuninst\updspapi.dll
------w 213,216 2006-06-28 02:32:26 C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe
------w 248,080 2002-08-29 14:14:40 C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\msieftp.dll
------w 371,936 2005-02-24 20:24:48 C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\updspapi.dll
------w 209,632 2005-02-24 20:23:26 C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe
------w 36,864 2005-04-19 21:56:40 C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\iecustom.dll
------w 51,984 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB890046$\agentdpv.dll
------w 6,278,656 2005-01-06 03:29:18 C:\WINNT\$NtUninstallKB890046$\sp3res.dll
------w 371,936 2005-05-18 07:26:14 C:\WINNT\$NtUninstallKB890046$\spuninst\updspapi.dll
------w 209,632 2005-05-18 07:26:14 C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe
------w 2,359,056 2004-12-10 08:27:30 C:\WINNT\$NtUninstallKB908531$\shell32.dll
------w 371,424 2005-10-13 18:29:02 C:\WINNT\$NtUninstallKB908531$\spuninst\updspapi.dll
------w 213,216 2005-10-13 18:25:06 C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe
------w 92,944 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB914388$\dhcpcsvc.dll
------w 134,928 2004-03-24 01:17:00 C:\WINNT\$NtUninstallKB914388$\dnsapi.dll
------w 69,904 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB914388$\iphlpapi.dll
------w 371,424 2006-05-20 02:27:54 C:\WINNT\$NtUninstallKB914388$\spuninst\updspapi.dll
------w 213,216 2006-05-20 02:27:54 C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe
------w 449,808 2004-03-11 20:29:22 C:\WINNT\$NtUninstallKB917736$\rpcrt4.dll
------w 371,424 2006-04-14 12:50:40 C:\WINNT\$NtUninstallKB917736$\spuninst\updspapi.dll
------w 213,216 2006-04-14 12:50:40 C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe
------w 712,464 2004-06-22 00:35:10 C:\WINNT\$NtUninstallKB935839$\kernel32.dll
------w 54,544 2004-03-24 01:17:02 C:\WINNT\$NtUninstallKB935839$\mpr.dll
------w 371,424 2007-04-17 02:03:16 C:\WINNT\$NtUninstallKB935839$\spuninst\updspapi.dll
------w 213,216 2007-04-17 02:03:16 C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe
------w 153,360 2003-05-02 00:39:14 C:\WINNT\$NtUninstallKB911280$\rasmans.dll
------w 371,424 2005-10-13 18:29:02 C:\WINNT\$NtUninstallKB911280$\spuninst\updspapi.dll
------w 213,216 2005-10-13 18:25:06 C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe
------w 371,424 2007-01-24 17:33:46 C:\WINNT\$NtUninstallKB928843$\spuninst\updspapi.dll
------w 213,216 2007-01-24 17:33:46 C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe
------w 53,008 2005-05-18 06:54:46 C:\WINNT\$NtUninstallKB920213$\agentdpv.dll
------w 38,160 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB920213$\agentdp2.dll
------w 242,448 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB920213$\agentsvr.exe
------w 6,309,376 2005-04-21 10:07:06 C:\WINNT\$NtUninstallKB920213$\sp3res.dll
------w 371,424 2006-08-24 21:17:00 C:\WINNT\$NtUninstallKB920213$\spuninst\updspapi.dll
------w 213,216 2006-08-24 21:17:00 C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe
------w 1,136,640 2003-05-30 16:00:02 C:\WINNT\$NtUninstallKB904706$\quartz.dll
------w 371,936 2005-02-24 20:24:48 C:\WINNT\$NtUninstallKB904706$\spuninst\updspapi.dll
------w 209,632 2005-02-24 20:23:26 C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe
------w 371,424 2005-10-13 05:59:02 C:\WINNT\$NtUninstallKB917008$\spuninst\updspapi.dll
------w 213,216 2005-10-13 05:55:06 C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe
------w 60,688 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB899589$\nwwks.dll
------w 371,936 2005-08-22 10:07:22 C:\WINNT\$NtUninstallKB899589$\spuninst\updspapi.dll
------w 209,632 2005-08-22 10:07:22 C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe
------w 96,528 2003-10-02 20:53:34 C:\WINNT\$NtUninstallKB924270$\wkssvc.dll
------w 513,296 2004-10-15 17:16:52 C:\WINNT\$NtUninstallKB924270$\lsasrv.dll
------w 309,008 2004-06-10 15:58:12 C:\WINNT\$NtUninstallKB924270$\netapi32.dll
------w 6,401,024 2006-05-03 06:57:40 C:\WINNT\$NtUninstallKB924270$\sp3res.dll
------w 371,424 2006-08-18 03:24:42 C:\WINNT\$NtUninstallKB924270$\spuninst\updspapi.dll
------w 213,216 2006-08-18 03:24:42 C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe
------w 36,624 2005-01-14 00:27:10 C:\WINNT\$NtUninstallKB913580$\olecnv32.dll
------w 169,232 2004-03-11 20:29:22 C:\WINNT\$NtUninstallKB913580$\catsrv.dll
------w 595,728 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\catsrvut.dll
------w 97,040 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\clbcatex.dll
------w 552,720 2004-03-11 20:29:22 C:\WINNT\$NtUninstallKB913580$\clbcatq.dll
------w 41,744 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\colbact.dll
------w 97,552 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\comrepl.dll
------w 1,467,664 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\comsvcs.dll
------w 625,936 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\comuid.dll
------w 1,816,552 2004-02-19 21:03:10 C:\WINNT\$NtUninstallKB913580$\dtcsetup.exe
------w 239,888 2004-03-11 20:29:22 C:\WINNT\$NtUninstallKB913580$\es.dll
------w 96,016 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\msdtclog.dll
------w 717,584 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\msdtcprx.dll
------w 1,139,984 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\msdtctm.dll
------w 153,872 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\msdtcui.dll
------w 52,496 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\mtxclu.dll
------w 26,896 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\mtxdm.dll
------w 35,600 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\mtxlegih.dll
------w 120,592 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\mtxoci.dll
------w 957,200 2005-01-14 00:27:10 C:\WINNT\$NtUninstallKB913580$\ole32.dll
------w 69,392 2005-01-14 00:27:10 C:\WINNT\$NtUninstallKB913580$\olecli32.dll
------w 212,240 2005-01-14 00:27:10 C:\WINNT\$NtUninstallKB913580$\rpcss.dll
------w 68,368 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB913580$\stclient.dll
------w 398,608 2004-03-11 20:29:22 C:\WINNT\$NtUninstallKB913580$\txfaux.dll
------w 18,704 2004-03-11 20:29:26 C:\WINNT\$NtUninstallKB913580$\xolehlp.dll
------w 342,288 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\comsetup.dll
------w 198,416 2004-03-11 20:29:24 C:\WINNT\$NtUninstallKB913580$\comadmin.dll
------w 155,408 2004-02-19 21:44:36 C:\WINNT\$NtUninstallKB913580$\mtstocom.exe
------w 371,424 2006-04-23 23:57:52 C:\WINNT\$NtUninstallKB913580$\spuninst\updspapi.dll
------w 213,216 2006-04-23 23:57:48 C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe
------w 118,032 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB926436$\oledlg.dll
------w 371,424 2005-10-13 18:29:02 C:\WINNT\$NtUninstallKB926436$\spuninst\updspapi.dll
------w 213,216 2005-10-13 18:25:06 C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe
------w 136,976 2006-05-19 09:18:24 C:\WINNT\$NtUninstallKB920683$\dnsapi.dll
------w 92,432 2004-03-24 01:17:02 C:\WINNT\$NtUninstallKB920683$\dnsrslvr.dll
------w 7,440 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB920683$\rasadhlp.dll
------w 371,424 2006-07-07 02:29:40 C:\WINNT\$NtUninstallKB920683$\spuninst\updspapi.dll
------w 213,216 2006-07-07 02:29:40 C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe
------w 64,784 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB923980$\nwapi32.dll
------w 139,536 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB923980$\nwprovau.dll
------w 161,072 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB923980$\nwrdr.sys
------w 371,424 2006-09-01 18:55:42 C:\WINNT\$NtUninstallKB923980$\spuninst\updspapi.dll
------w 213,216 2006-09-01 18:55:42 C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe
------w 244,496 2004-06-22 00:35:12 C:\WINNT\$NtUninstallKB900725$\winsrv.dll
------w 17,168 2004-09-02 19:03:50 C:\WINNT\$NtUninstallKB900725$\linkinfo.dll
------w 1,118,992 2004-09-18 07:24:58 C:\WINNT\$NtUninstallKB900725$\webvw.dll
------w 402,432 2004-12-08 01:11:50 C:\WINNT\$NtUninstallKB900725$\shlwapi.dll
------w 371,936 2005-09-23 12:15:52 C:\WINNT\$NtUninstallKB900725$\spuninst\updspapi.dll
------w 209,632 2005-09-23 12:15:52 C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe
------w 53,008 2006-08-24 08:07:56 C:\WINNT\$NtUninstallKB932168$\agentdpv.dll
------w 6,401,024 2006-05-03 06:57:40 C:\WINNT\$NtUninstallKB932168$\sp3res.dll
------w 371,424 2005-10-13 05:59:02 C:\WINNT\$NtUninstallKB932168$\spuninst\updspapi.dll
------w 213,216 2005-10-13 05:55:06 C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe
------w 244,944 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896422$\srv.sys
------w 371,936 2005-05-03 13:33:58 C:\WINNT\$NtUninstallKB896422$\spuninst\updspapi.dll
------w 209,632 2005-05-03 13:33:58 C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe
------w 245,008 2005-09-23 11:03:26 C:\WINNT\$NtUninstallKB930178$\winsrv.dll
------w 371,424 2007-03-13 22:53:38 C:\WINNT\$NtUninstallKB930178$\spuninst\updspapi.dll
------w 213,216 2007-03-13 22:53:38 C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe
------w 2,890,240 2005-05-04 21:45:32 C:\WINNT\$NtUninstallKB927891$\msi.dll
------w 371,424 2007-04-05 22:18:58 C:\WINNT\$NtUninstallKB927891$\spuninst\updspapi.dll
------w 213,216 2007-04-05 22:18:58 C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe
------w 210,192 2004-03-11 01:37:10 C:\WINNT\$NtUninstallKB899587$\kerberos.dll
------w 143,632 2004-03-24 01:17:02 C:\WINNT\$NtUninstallKB899587$\kdcsvc.dll
------w 371,936 2005-06-15 04:59:20 C:\WINNT\$NtUninstallKB899587$\spuninst\updspapi.dll
------w 209,632 2005-06-15 04:59:20 C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe
------w 81,680 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896423$\spoolss.dll
------w 45,328 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896423$\spoolsv.exe
------w 97,040 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896423$\win32spl.dll
------w 138,000 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896423$\faxui.dll
------w 371,936 2005-07-13 07:54:42 C:\WINNT\$NtUninstallKB896423$\spuninst\updspapi.dll
------w 209,632 2005-07-13 07:54:42 C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe
------w 431,888 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB918118$\riched20.dll
------w 371,424 2006-11-18 03:18:40 C:\WINNT\$NtUninstallKB918118$\spuninst\updspapi.dll
------w 213,216 2006-11-18 03:18:40 C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe
------w 37,888 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896358$\hhsetup.dll
------w 143,872 2003-08-27 22:13:52 C:\WINNT\$NtUninstallKB896358$\itircl.dll
------w 123,392 2004-06-22 21:42:32 C:\WINNT\$NtUninstallKB896358$\itss.dll
------w 10,752 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB896358$\hh.exe
------w 371,936 2005-04-21 14:47:24 C:\WINNT\$NtUninstallKB896358$\spuninst\updspapi.dll
------w 209,632 2005-04-21 14:47:24 C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe
------w 1,122,304 2002-08-29 14:14:40 C:\WINNT\$NtUninstallKB936021$\msxml3.dll
------w 371,424 2007-06-26 20:18:22 C:\WINNT\$NtUninstallKB936021$\spuninst\updspapi.dll
------w 213,216 2007-06-26 20:18:20 C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe
------w 4,874,240 2004-08-04 06:56:48 C:\WINNT\$NtUninstallKB936782_WMP9$\wmp.dll
------w 371,424 2005-06-28 17:23:54 C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\updspapi.dll
------w 213,216 2005-06-28 17:23:26 C:\WINNT\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe
------w 413,104 2005-01-20 06:25:24 C:\WINNT\$NtUninstallKB914389$\mrxsmb.sys
------w 170,512 2004-12-03 02:37:12 C:\WINNT\$NtUninstallKB914389$\rdbss.sys
------w 6,401,024 2006-05-03 06:57:40 C:\WINNT\$NtUninstallKB914389$\sp3res.dll
------w 371,424 2006-05-31 21:44:26 C:\WINNT\$NtUninstallKB914389$\spuninst\updspapi.dll
------w 213,216 2006-05-31 21:44:26 C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe
------w 1,704,320 2004-10-21 02:56:06 C:\WINNT\$NtUninstallKB931784$\ntkrnlpa.exe
------w 1,681,408 2004-10-21 02:55:48 C:\WINNT\$NtUninstallKB931784$\ntoskrnl.exe
------w 87,888 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB931784$\mup.sys
------w 1,704,768 2004-10-21 02:55:48 C:\WINNT\$NtUninstallKB931784$\ntkrnlmp.exe
------w 1,726,080 2004-10-21 02:56:04 C:\WINNT\$NtUninstallKB931784$\ntkrpamp.exe
------w 371,424 2007-03-07 17:56:28 C:\WINNT\$NtUninstallKB931784$\spuninst\updspapi.dll
------w 213,216 2007-03-07 17:56:28 C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe
------w 596,480 2004-10-14 19:19:12 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\inetcomm.dll
------w 47,616 2002-10-11 22:08:36 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\inetres.dll
------w 44,032 2003-03-03 23:57:20 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\msident.dll
------w 228,864 2003-03-03 23:57:20 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\msoeacct.dll
------w 91,136 2003-03-03 23:57:18 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\msoert2.dll
------w 56,832 2003-03-03 23:57:18 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\msimn.exe
------w 1,176,064 2004-10-14 19:19:22 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\msoe.dll
------w 2,479,616 2002-10-11 22:09:02 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\msoeres.dll
------w 93,184 2003-03-03 23:57:20 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\oeimport.dll
------w 55,808 2003-03-03 23:57:18 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\oemig50.exe
------w 31,744 2003-03-03 23:57:16 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\oemiglib.dll
------w 42,496 2003-03-03 23:57:20 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\wab.exe
------w 30,208 2003-03-03 23:57:18 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\wabfind.dll
------w 77,824 2004-10-14 19:18:56 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\wabimp.dll
------w 27,648 2003-03-03 23:57:18 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\wabmig.exe
------w 75,776 2003-03-03 23:57:20 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\directdb.dll
------w 463,360 2004-10-14 19:18:58 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\wab32.dll
------w 371,424 2005-06-28 16:23:54 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\updspapi.dll
------w 213,216 2005-06-28 16:23:26 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe
------w 43,984 2006-10-13 22:50:46 C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\iecustom.dll
------w 856,768 2002-09-21 02:36:00 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadce.dll
------w 430,080 2002-09-21 02:36:00 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadco.dll
------w 135,168 2002-09-21 02:36:02 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadcs.dll
------w 615,655 2002-09-21 02:36:02 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msdaprst.dll
------w 212,992 2003-10-29 01:24:44 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbc32.dll
------w 102,672 2003-10-28 00:08:56 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbccp32.dll
------w 491,792 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msado15.dll
------w 172,304 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadomd.dll
------w 188,688 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msadox.dll
------w 94,480 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msjro.dll
------w 192,784 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\msdaps.dll
------w 483,600 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\oledb32.dll
------w 53,520 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbcji32.dll
------w 270,608 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odbcjt32.dll
------w 20,752 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\oddbse32.dll
------w 20,752 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odexl32.dll
------w 20,752 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odfox32.dll
------w 20,752 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odpdx32.dll
------w 20,752 2003-06-19 18:05:04 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\odtext32.dll
------w 371,424 2007-01-05 15:49:42 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\updspapi.dll
------w 213,216 2007-01-05 15:49:42 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\spuninst.exe
------w 2,290,688 2007-01-10 18:09:56 C:\WINNT\$SQLUninstallMDAC25SP3-KB927779-x86-ENU$\spuninst\SQLSTPCustomDLL.dll
------w 626,960 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB921503$\oleaut32.dll
------w 371,424 2005-10-13 18:29:02 C:\WINNT\$NtUninstallKB921503$\spuninst\updspapi.dll
------w 213,216 2005-10-13 18:25:06 C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe
------w 78,096 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB908519$\fontsub.dll
------w 194,320 1999-12-07 19:00:00 C:\WINNT\$NtUninstallKB908519$\t2embed.dll
------w 371,424 2005-10-13 18:29:02 C:\WINNT\$NtUninstallKB908519$\spuninst\updspapi.dll
------w 213,216 2005-10-13 18:25:06 C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe
------w 2,531,088 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB901017$\cdosys.dll
------w 371,936 2005-08-30 10:29:34 C:\WINNT\$NtUninstallKB901017$\spuninst\updspapi.dll
------w 209,632 2005-08-30 10:29:34 C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe
------w 364,544 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB911564$\npdsplay.dll
------w 371,424 2005-06-28 16:23:54 C:\WINNT\$NtUninstallKB911564$\spuninst\updspapi.dll
------w 213,216 2005-06-28 16:23:26 C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe
------w 231,184 2004-06-22 00:35:10 C:\WINNT\$NtUninstallKB938829$\gdi32.dll
------w 37,136 2004-03-24 01:17:02 C:\WINNT\$NtUninstallKB938829$\mf3216.dll
------w 371,424 2007-06-26 23:14:18 C:\WINNT\$NtUninstallKB938829$\spuninst\updspapi.dll
------w 213,216 2007-06-26 23:14:18 C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe
------w 498,205 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB925398_WMP64$\dxmasf.dll
------w 246,544 2003-06-19 18:05:04 C:\WINNT\$NtUninstallKB925398_WMP64$\strmdll.dll
------w 371,424 2005-06-28 17:23:54 C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\updspapi.dll
------w 213,216 2005-06-28 17:23:26 C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
------w 68,096 2004-11-16 09:37:18 C:\WINNT\$NtUninstallKB920670$\hlink.dll
------w 371,424 2006-07-22 04:25:10 C:\WINNT\$NtUninstallKB920670$\spuninst\updspapi.dll
------w 213,216 2006-07-22 04:25:10 C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe
------w 143,120 2004-03-11 01:37:42 C:\WINNT\$NtUninstallKB935840$\schannel.dll
------w 371,424 2007-04-25 21:25:10 C:\WINNT\$NtUninstallKB935840$\spuninst\updspapi.dll
------w 213,216 2007-04-25 21:25:10 C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe
.
----a-w 10,752 2003-06-19 18:05:04 C:\WINNT\hh.exe
----a-w 595,728 2004-03-11 20:29:24 C:\WINNT\system32\catsrvut.dll
----a-w 2,531,088 2003-06-19 18:05:04 C:\WINNT\system32\cdosys.dll
----a-w 1,704,320 2004-10-21 02:56:06 C:\WINNT\system32\NTKRNLPA.EXE
----a-w 47,616 2002-10-11 22:08:36 C:\WINNT\system32\INETRES.DLL
----a-w 97,552 2004-03-11 20:29:24 C:\WINNT\system32\comrepl.dll
----a-w 91,136 2003-03-03 23:57:18 C:\WINNT\system32\MSOERT2.DLL
----a-w 1,467,664 2004-03-11 20:29:24 C:\WINNT\system32\comsvcs.dll
----a-w 228,864 2003-03-03 23:57:20 C:\WINNT\system32\MSOEACCT.DLL
----a-w 44,032 2003-03-03 23:57:20 C:\WINNT\system32\MSIDENT.DLL
----a-w 244,496 2004-06-22 00:35:12 C:\WINNT\system32\WINSRV.DLL
----a-w 153,360 2003-05-02 00:39:14 C:\WINNT\system32\rasmans.dll
----a-w 712,464 2004-06-22 00:35:10 C:\WINNT\system32\KERNEL32.DLL
----a-w 239,888 2004-03-11 20:29:22 C:\WINNT\system32\es.dll
----a-w 498,205 2003-06-19 18:05:04 C:\WINNT\system32\dxmasf.dll
----a-w 54,544 2004-03-24 01:17:02 C:\WINNT\system32\mpr.dll
----a-w 138,000 2003-06-19 18:05:04 C:\WINNT\system32\faxui.dll
----a-w 1,118,992 2004-09-18 07:24:58 C:\WINNT\system32\webvw.dll
----a-w 155,648 2004-07-15 07:24:50 C:\WINNT\system32\mscoree.dll
----a-w 78,096 1999-12-07 19:00:00 C:\WINNT\system32\fontsub.dll
----a-w 68,096 2004-11-16 09:37:18 C:\WINNT\system32\hlink.dll
----a-w 37,888 2003-06-19 18:05:04 C:\WINNT\system32\hhsetup.dll
----a-w 2,359,056 2004-12-10 08:27:30 C:\WINNT\system32\SHELL32.DLL
----a-w 139,536 2003-06-19 18:05:04 C:\WINNT\system32\NWPROVAU.DLL
----a-w 60,688 2003-06-19 18:05:04 C:\WINNT\system32\NWWKS.DLL
----a-w 626,960 2003-06-19 18:05:04 C:\WINNT\system32\OLEAUT32.DLL
----a-w 957,200 2005-01-14 00:27:10 C:\WINNT\system32\OLE32.DLL
----a-w 1,681,408 2004-10-21 02:55:48 C:\WINNT\system32\NTOSKRNL.EXE
----a-w 513,296 2004-10-15 17:16:52 C:\WINNT\system32\LSASRV.DLL
----a-w 69,904 2003-06-19 18:05:04 C:\WINNT\system32\IPHLPAPI.DLL
----a-w 212,992 2003-10-29 01:24:44 C:\WINNT\system32\odbc32.dll
----a-w 102,672 2003-10-28 00:08:56 C:\WINNT\system32\odbccp32.dll
----a-w 96,528 2003-10-02 20:53:34 C:\WINNT\system32\WKSSVC.DLL
----a-w 17,168 2004-09-02 19:03:50 C:\WINNT\system32\linkinfo.dll
----a-w 143,872 2003-08-27 22:13:52 C:\WINNT\system32\itircl.dll
----a-w 603,408 2003-06-19 18:05:04 C:\WINNT\system32\mmc.exe
----a-w 835,856 2003-06-19 18:05:04 C:\WINNT\system32\mmcndmgr.dll
----a-w 123,392 2004-06-22 21:42:32 C:\WINNT\system32\itss.dll
----a-w 717,584 2004-03-11 20:29:24 C:\WINNT\system32\msdtcprx.dll
----a-w 153,872 2004-03-11 20:29:26 C:\WINNT\system32\msdtcui.dll
----a-w 309,008 2004-06-10 15:58:12 C:\WINNT\system32\NETAPI32.DLL
----a-w 81,680 2003-06-19 18:05:04 C:\WINNT\system32\spoolss.dll
----a-w 45,328 2003-06-19 18:05:04 C:\WINNT\system32\spoolsv.exe
----a-w 169,232 2004-03-11 20:29:22 C:\WINNT\system32\catsrv.dll
----a-w 97,040 2004-03-11 20:29:24 C:\WINNT\system32\clbcatex.dll
----a-w 552,720 2004-03-11 20:29:22 C:\WINNT\system32\clbcatq.dll
----a-w 41,744 2004-03-11 20:29:24 C:\WINNT\system32\colbact.dll
----a-w 625,936 2004-03-11 20:29:24 C:\WINNT\system32\comuid.dll
----a-r 1,816,552 2004-02-19 21:03:10 C:\WINNT\system32\dtcsetup.exe
----a-w 97,040 2003-06-19 18:05:04 C:\WINNT\system32\WIN32SPL.DLL
----a-w 96,016 2004-03-11 20:29:24 C:\WINNT\system32\msdtclog.dll
----a-w 1,139,984 2004-03-11 20:29:26 C:\WINNT\system32\msdtctm.dll
----a-w 52,496 2004-03-11 20:29:26 C:\WINNT\system32\mtxclu.dll
----a-w 26,896 2004-03-11 20:29:26 C:\WINNT\system32\mtxdm.dll
----a-w 35,600 2004-03-11 20:29:26 C:\WINNT\system32\mtxlegih.dll
----a-w 120,592 2004-03-11 20:29:26 C:\WINNT\system32\mtxoci.dll
----a-w 64,784 1999-12-07 19:00:00 C:\WINNT\system32\nwapi32.dll
----a-w 449,808 2004-03-11 20:29:22 C:\WINNT\system32\rpcrt4.dll
----a-w 53,520 2003-06-19 18:05:04 C:\WINNT\system32\odbcji32.dll
----a-w 270,608 2003-06-19 18:05:04 C:\WINNT\system32\odbcjt32.dll
----a-w 20,752 2003-06-19 18:05:04 C:\WINNT\system32\oddbse32.dll
----a-w 398,608 2004-03-11 20:29:22 C:\WINNT\system32\txfaux.dll
----a-w 18,704 2004-03-11 20:29:26 C:\WINNT\system32\xolehlp.dll
----a-w 118,032 1999-12-07 19:00:00 C:\WINNT\system32\oledlg.dll
----a-w 143,120 2004-03-11 01:37:42 C:\WINNT\system32\SCHANNEL.DLL
----a-w 134,928 2004-03-24 01:17:00 C:\WINNT\system32\dnsapi.dll
----a-w 92,432 2004-03-24 01:17:02 C:\WINNT\system32\dnsrslvr.dll
----a-w 1,136,640 2003-05-30 16:00:02 C:\WINNT\system32\quartz.dll
----a-w 7,440 1999-12-07 19:00:00 C:\WINNT\system32\rasadhlp.dll
----a-w 210,192 2004-03-11 01:37:10 C:\WINNT\system32\kerberos.dll
----a-w 37,136 2004-03-24 01:17:02 C:\WINNT\system32\mf3216.dll
----a-w 596,480 2004-10-14 19:19:12 C:\WINNT\system32\INETCOMM.DLL
----a-w 194,320 1999-12-07 19:00:00 C:\WINNT\system32\t2embed.dll
----a-w 20,752 2003-06-19 18:05:04 C:\WINNT\system32\odexl32.dll
----a-w 20,752 2003-06-19 18:05:04 C:\WINNT\system32\odfox32.dll
----a-w 20,752 2003-06-19 18:05:04 C:\WINNT\system32\odpdx32.dll
----a-w 20,752 2003-06-19 18:05:04 C:\WINNT\system32\odtext32.dll
----a-w 246,544 2003-06-19 18:05:04 C:\WINNT\system32\strmdll.dll
----a-w 68,368 1999-12-07 19:00:00 C:\WINNT\system32\stclient.dll
----a-w 1,427,216 2003-06-19 18:05:04 C:\WINNT\system32\query.dll
----a-w 431,888 2003-06-19 18:05:04 C:\WINNT\system32\riched20.dll
----a-w 15,872 2004-09-28 19:33:30 C:\WINNT\system32\spupdsvc.exe
----a-w 248,080 2002-08-29 14:14:40 C:\WINNT\system32\msieftp.dll
----a-w 1,122,304 2002-08-29 14:14:40 C:\WINNT\system32\msxml3.dll
----a-w 589,881 2003-01-13 21:57:58 C:\WINNT\system32\jscript.dll
----a-w 402,432 2004-12-08 01:11:50 C:\WINNT\system32\SHLWAPI.DLL
------w 6,278,656 2005-01-06 03:29:18 C:\WINNT\system32\sp3res.dll
----a-w 36,624 2005-01-14 00:27:10 C:\WINNT\system32\OLECNV32.DLL
----a-w 69,392 2005-01-14 00:27:10 C:\WINNT\system32\olecli32.dll
----a-w 212,240 2005-01-14 00:27:10 C:\WINNT\system32\rpcss.dll
----a-w 4,874,240 2004-08-04 06:56:48 C:\WINNT\system32\wmp.dll
----a-w 92,944 2003-06-19 18:05:04 C:\WINNT\system32\DHCPCSVC.DLL
----a-w 1,230,336 2002-02-04 09:52:54 C:\WINNT\system32\msxml4.dll
------w 13,536 2005-05-04 21:45:26 C:\WINNT\system32\spmsg.dll
----a-w 2,890,240 2005-05-04 21:45:32 C:\WINNT\system32\msi.dll
----a-w 170,512 2004-12-03 02:37:12 C:\WINNT\system32\drivers\rdbss.sys
----a-w 87,888 2003-06-19 18:05:04 C:\WINNT\system32\drivers\mup.sys
----a-w 161,072 2003-06-19 18:05:04 C:\WINNT\system32\drivers\nwrdr.sys
----a-w 244,944 2003-06-19 18:05:04 C:\WINNT\system32\drivers\SRV.SYS
----a-w 413,104 2005-01-20 06:25:24 C:\WINNT\system32\drivers\mrxsmb.sys
----a-w 342,288 2004-03-11 20:29:24 C:\WINNT\system32\Setup\comsetup.dll
----a-w 589,881 2003-01-13 21:57:58 C:\WINNT\system32\dllcache\jscript.dll
----a-w 402,432 2004-12-08 01:11:50 C:\WINNT\system32\dllcache\SHLWAPI.DLL
----a-w 56,832 2003-03-03 23:57:18 C:\WINNT\system32\dllcache\msimn.exe
----a-w 91,136 2003-03-03 23:57:18 C:\WINNT\system32\dllcache\msoert2.dll
----a-w 30,208 2003-03-03 23:57:18 C:\WINNT\system32\dllcache\wabfind.dll
----a-w 55,808 2003-03-03 23:57:18 C:\WINNT\system32\dllcache\oemig50.exe
----a-w 64,784 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\nwapi32.dll
----a-w 1,176,064 2004-10-14 19:19:22 C:\WINNT\system32\dllcache\MSOE.DLL
----a-w 27,648 2003-03-03 23:57:18 C:\WINNT\system32\dllcache\wabmig.exe
----a-w 228,864 2003-03-03 23:57:20 C:\WINNT\system32\dllcache\msoeacct.dll
----a-w 2,479,616 2002-10-11 22:09:02 C:\WINNT\system32\dllcache\msoeres.dll
----a-w 93,184 2003-03-03 23:57:20 C:\WINNT\system32\dllcache\oeimport.dll
----a-w 44,032 2003-03-03 23:57:20 C:\WINNT\system32\dllcache\msident.dll
----a-w 75,776 2003-03-03 23:57:20 C:\WINNT\system32\dllcache\directdb.dll
----a-w 596,480 2004-10-14 19:19:12 C:\WINNT\system32\dllcache\INETCOMM.DLL
----a-w 42,496 2003-03-03 23:57:20 C:\WINNT\system32\dllcache\wab.exe
----a-w 31,744 2003-03-03 23:57:16 C:\WINNT\system32\dllcache\oemiglib.dll
----a-w 77,824 2004-10-14 19:18:56 C:\WINNT\system32\dllcache\WABIMP.DLL
------w 413,104 2005-01-20 06:25:24 C:\WINNT\system32\dllcache\mrxsmb.sys
----a-w 47,616 2002-10-11 22:08:36 C:\WINNT\system32\dllcache\inetres.dll
------w 712,464 2004-06-22 00:35:10 C:\WINNT\system32\dllcache\kernel32.dll
------w 54,544 2004-03-24 01:17:02 C:\WINNT\system32\dllcache\mpr.dll
------w 134,928 2004-03-24 01:17:00 C:\WINNT\system32\dllcache\dnsapi.dll
------w 92,432 2004-03-24 01:17:02 C:\WINNT\system32\dllcache\dnsrslvr.dll
------w 143,632 2004-03-24 01:17:02 C:\WINNT\system32\dllcache\kdcsvc.dll
------w 210,192 2004-03-11 01:37:10 C:\WINNT\system32\dllcache\kerberos.dll
------w 170,512 2004-12-03 02:37:12 C:\WINNT\system32\dllcache\rdbss.sys
------w 309,008 2004-06-10 15:58:12 C:\WINNT\system32\dllcache\NETAPI32.DLL
------w 1,704,320 2004-10-21 02:56:06 C:\WINNT\system32\dllcache\ntkrnlpa.exe
------w 1,704,768 2004-10-21 02:55:48 C:\WINNT\system32\dllcache\ntkrnlmp.exe
------w 1,681,408 2004-10-21 02:55:48 C:\WINNT\system32\dllcache\ntoskrnl.exe
----a-w 463,360 2004-10-14 19:18:58 C:\WINNT\system32\dllcache\WAB32.DLL
------w 1,726,080 2004-10-21 02:56:04 C:\WINNT\system32\dllcache\ntkrpamp.exe
------w 68,096 2004-11-16 09:37:18 C:\WINNT\system32\dllcache\hlink.dll
------w 123,392 2004-06-22 21:42:32 C:\WINNT\system32\dllcache\itss.dll
----a-w 1,118,992 2004-09-18 07:24:58 C:\WINNT\system32\dllcache\webvw.dll
----a-w 17,168 2004-09-02 19:03:50 C:\WINNT\system32\dllcache\linkinfo.dll
------w 957,200 2005-01-14 00:27:10 C:\WINNT\system32\dllcache\OLE32.DLL
------w 244,496 2004-06-22 00:35:12 C:\WINNT\system32\dllcache\winsrv.dll
------w 169,232 2004-03-11 20:29:22 C:\WINNT\system32\dllcache\catsrv.dll
------w 595,728 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\catsrvut.dll
------w 97,040 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\clbcatex.dll
------w 552,720 2004-03-11 20:29:22 C:\WINNT\system32\dllcache\clbcatq.dll
------w 41,744 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\colbact.dll
------w 198,416 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\comadmin.dll
------w 97,552 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\comrepl.dll
------w 342,288 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\comsetup.dll
------w 1,467,664 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\comsvcs.dll
------w 625,936 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\comuid.dll
------w 1,816,552 2004-02-19 21:03:10 C:\WINNT\system32\dllcache\dtcsetup.exe
------w 239,888 2004-03-11 20:29:22 C:\WINNT\system32\dllcache\es.dll
------w 96,016 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\msdtclog.dll
------w 717,584 2004-03-11 20:29:24 C:\WINNT\system32\dllcache\msdtcprx.dll
------w 1,139,984 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\msdtctm.dll
------w 153,872 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\msdtcui.dll
------w 155,408 2004-02-19 21:44:36 C:\WINNT\system32\dllcache\mtstocom.exe
------w 52,496 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\mtxclu.dll
------w 26,896 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\mtxdm.dll
----a-w 35,600 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\mtxlegih.dll
------w 120,592 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\mtxoci.dll
----a-w 69,392 2005-01-14 00:27:10 C:\WINNT\system32\dllcache\olecli32.dll
------w 449,808 2004-03-11 20:29:22 C:\WINNT\system32\dllcache\rpcrt4.dll
------w 4,874,240 2004-08-04 06:56:48 C:\WINNT\system32\dllcache\wmp.dll
------w 398,608 2004-03-11 20:29:22 C:\WINNT\system32\dllcache\txfaux.dll
----a-w 18,704 2004-03-11 20:29:26 C:\WINNT\system32\dllcache\xolehlp.dll
----a-w 37,136 2004-03-24 01:17:02 C:\WINNT\system32\dllcache\mf3216.dll
----a-w 102,672 2003-10-28 00:08:56 C:\WINNT\system32\dllcache\odbccp32.dll
------w 96,528 2003-10-02 20:53:34 C:\WINNT\system32\dllcache\wkssvc.dll
------w 143,872 2003-08-27 22:13:52 C:\WINNT\system32\dllcache\itircl.dll
----a-w 212,992 2003-10-29 01:24:44 C:\WINNT\system32\dllcache\odbc32.dll
------w 153,360 2003-05-02 00:39:14 C:\WINNT\system32\dllcache\rasmans.dll
----a-w 1,136,640 2003-05-30 16:00:02 C:\WINNT\system32\dllcache\quartz.dll
------w 6,278,656 2005-01-06 03:29:18 C:\WINNT\system32\dllcache\sp3res.dll
------w 2,359,056 2004-12-10 08:27:30 C:\WINNT\system32\dllcache\SHELL32.DLL
------w 36,624 2005-01-14 00:27:10 C:\WINNT\system32\dllcache\olecnv32.dll
------w 212,240 2005-01-14 00:27:10 C:\WINNT\system32\dllcache\rpcss.dll
----a-w 38,160 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\agentdp2.dll
----a-w 242,448 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\agentsvr.exe
----a-w 78,096 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\fontsub.dll
----a-w 7,440 1999-12-07 11:00:00 C:\WINNT\system32\dllcache\rasadhlp.dll
----a-w 118,032 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\oledlg.dll
----a-w 68,368 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\stclient.dll
----a-w 194,320 1999-12-07 19:00:00 C:\WINNT\system32\dllcache\t2embed.dll
----a-w 248,080 2002-08-29 14:14:40 C:\WINNT\system32\dllcache\msieftp.dll
----a-w 198,416 2004-03-11 20:29:24 C:\WINNT\system32\Com\comadmin.dll
----a-w 38,160 1999-12-07 19:00:00 C:\WINNT\msagent\agentdp2.dll
----a-w 51,984 1999-12-07 19:00:00 C:\WINNT\msagent\agentdpv.dll
----a-w 242,448 1999-12-07 19:00:00 C:\WINNT\msagent\agentsvr.exe
------w 1,704,768 2004-10-21 02:55:48 C:\WINNT\Driver Cache\i386\ntkrnlmp.exe
------w 1,704,320 2004-10-21 02:56:06 C:\WINNT\Driver Cache\i386\ntkrnlpa.exe
------w 1,726,080 2004-10-21 02:56:04 C:\WINNT\Driver Cache\i386\ntkrpamp.exe
------w 1,681,408 2004-10-21 02:55:48 C:\WINNT\Driver Cache\i386\ntoskrnl.exe
------w 712,464 2004-06-22 00:35:10 C:\WINNT\Driver Cache\i386\kernel32.dll
------w 244,496 2004-06-22 00:35:12 C:\WINNT\Driver Cache\i386\winsrv.dll
----a-w 2,502,656 2004-07-15 07:28:34 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
----a-w 1,257,472 2004-10-08 13:20:12 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
----a-w 315,392 2004-07-15 07:25:06 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
----a-w 2,138,112 2004-07-15 21:29:02 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
----a-w 77,824 2003-02-21 02:09:18 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
----a-w 2,510,848 2004-07-15 07:26:52 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
----a-w 81,920 2004-07-15 07:32:22 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
----a-w 86,016 2003-02-21 02:09:14 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
----a-w 258,048 2004-07-15 08:49:16 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
----a-w 106,496 2004-08-10 23:20:00 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
----a-w 32,768 2004-07-15 08:49:22 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
----a-w 102,400 2004-07-15 07:33:04 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
----a-w 1,224,704 2004-07-15 21:31:16 C:\WINNT\Microsoft.NET\Framework\v1.1.4322\System.dll
----a-w 1,224,704 2005-01-18 22:52:24 C:\WINNT\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
----a-w 1,257,472 2005-02-12 10:47:44 C:\WINNT\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 11:05 C:\WINNT\system32\mobsync.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04-12-10 18:02 ]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04-12-30 14:19 ]
"RAM Idle Professional"="C:\Program Files\TweakNow PowerPack\RAM_XP.exe" [04-07-04 09:59 ]
"jidifedig"="xudexoli.exe" []
"epixowu"="aqiyutyvo.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
R3 S3SAVAGE4;S3SAVAGE4;C:\WINNT\system32\DRIVERS\s3savg4m.sys
S3 S3Inc;S3Inc;C:\WINNT\system32\DRIVERS\s3sav4m.sys

.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 09:04:51
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-10 9:06:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-09-10 09:06
C:\ComboFix3.txt ... 07-09-07 09:18
C:\ComboFix2.txt ... 07-09-07 13:10
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:13 AM, on 9/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINNT\system32\notepad.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [jidifedig] xudexoli.exe
O4 - HKLM\..\Run: [epixowu] aqiyutyvo.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 3899 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 10 September 2007 - 01:04 PM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [jidifedig] xudexoli.exe
O4 - HKLM\..\Run: [epixowu] aqiyutyvo.exe

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 11 September 2007 - 10:30 AM

Richie,

Followed your instructions to the letter. All seemed ok and it rebooted by itself after finishing scan and deleting everything. Problen is that it will not boot up. Flashes a blue screen of death too fast to read and then tryies to boot again, over and over in a loop. I can't get anything... help please.

chaeron

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 11 September 2007 - 10:45 AM

That sounds odd.
If you have the Microsoft Windows XP installation disk try doing a Repair Install.
Configure your computer to start from the CD-ROM drive.
[Boot into the Bios and set your CD-Rom drive as first boot device].
For more information about how to do this,refer to your computer's documentation or contact your computer manufacturer.
Then insert your Microsoft Windows XP Setup CD,and restart your computer.
When the 'Press any key to boot from CD' message is displayed on screen, press a key.
Press ENTER when you see the message to setup Windows XP now, and then press ENTER displayed on the 'Welcome to Setup' screen.
Do not choose the option to press R to use the Recovery Console.
In the Windows XP Licensing Agreement, press F8 to agree to the license agreement.
Make sure that your current installation of Windows XP is selected in the box, and then press R to repair Windows XP.
Follow the instructions on the screen to complete Setup.
Posted Image
Posted Image

#9 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 11 September 2007 - 11:29 AM

It's not an XP OS, it's 2000Pro. Don't have disks. Pulled slave drive though and got the original C up and running. Here are the logs that might help a bit.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/10/2007 at 02:57 PM

Application Version : 3.9.1008

Core Rules Database Version : 3302
Trace Rules Database Version: 1308

Scan type : Complete Scan
Total Scan Time : 03:22:01

Memory items scanned : 141
Memory threats detected : 0
Registry items scanned : 4268
Registry threats detected : 0
File items scanned : 66398
File threats detected : 60

Adware.Tracking Cookie
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@doubleclick[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@500[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ehg-socaledison.hitbox[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@perf.overture[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@windowsmedia[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@cgi-bin[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@adinterax[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@adopt.euroclick[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@z1.adserver[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@tribalfusion[3].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@burstnet[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@www.windowsmedia[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@server.iad.liveperson[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@casalemedia[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@atdmt[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@zedo[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@hitbox[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@richmedia.yahoo[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@advertpro.investorvillage[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ad.thehill[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@2o7[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@dcst9izv9wievvyrjr3f97xtp_6o2h[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@mediaplex[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ehg-viacom.hitbox[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@trafficmp[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@anad.tacoda[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@questionmarket[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@S008-00-9-12-185518-26772[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@revsci[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@anat.tacoda[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@amlocalhost.trymedia[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@S154222[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@specificclick[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@0[3].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@fastclick[3].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@276[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@interclick[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@www.burstnet[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@advertising[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@S120978[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@adopt.specificclick[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@realmedia[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@27391302[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@0[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ad.yieldmanager[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@overture[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@tacoda[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ads.pointroll[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@doubleclick[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@tribalfusion[2].txt
C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@fastclick[2].txt
E:\Documents and Settings\Default User.WINDOWS2\Cookies\administrator@belnk[1].txt
E:\Documents and Settings\Default User.WINDOWS2\Cookies\administrator@drivecleaner[2].txt
E:\Documents and Settings\Default User.WINDOWS2\Cookies\administrator@stats.drivecleaner[2].txt
E:\Documents and Settings\Default User.WINDOWS2\Cookies\administrator@www.drivecleaner[2].txt
E:\Documents and Settings\Default User.WINDOWS2\Cookies\administrator@www.winantiviruspro[2].txt

Sdbot-UW Worm




Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:28:49 AM, on 9/11/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TweakNow PowerPack\RAM_XP.exe
C:\WINNT\System32\svchost.exe
C:\RTC\mirc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 4136 bytes

C:\WINNT\SYSTEM32\EDYDITYD.EXE

Unclassified.Unknown Origin
C:\WINNT\SYSTEM32\SINOR.EXE


EOM

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 11 September 2007 - 11:49 AM

Your log is clean but i would like you to run the following if you will:

Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.

Post the Activescan report into your next reply.
Posted Image
Posted Image

#11 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 11 September 2007 - 02:24 PM

Incident Status Location

Virus:Trj/Multidropper.PF Disinfected C:\WINNT\SYSTEM32\ARURA.EXE
Virus:W32/Gaobot.DAK.worm Disinfected C:\WINNT\SYSTEM32\DIKOWEB.EXE
Virus:W32/Sdbot.BSG.worm Disinfected C:\WINNT\SYSTEM32\UQICE.EXE
Virus:W32/Sdbot.BVT.worm Disinfected C:\WINNT\SYSTEM32\HIQOH.EXE
Virus:W32/Sdbot.BVT.worm Disinfected C:\WINNT\SYSTEM32\ILUPUPAC.EXE
Virus:W32/Sdbot.BUT.worm Disinfected C:\WINNT\SYSTEM32\akoxikapa.exe
Virus:W32/Sdbot.CVW.worm Disinfected C:\WINNT\SYSTEM32\DlHost32.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\NirCmd.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Marshall Islands\Desktop\SDFix\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Marshall Islands\Desktop\ComboFix.exe[nircmd.exe]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@tribalfusion[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ads.pointroll[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@com[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@realmedia[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@perf.overture[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ad.yieldmanager[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@doubleclick[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@trafficmp[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@mediaplex[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@anm.co[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@fastclick[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@zedo[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@ehg-dig.hitbox[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@tucows[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@advertising[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@statcounter[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Marshall Islands\Cookies\marshall islands@go[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\APPS\Process.exe
Virus:Generic Backdoor Disinfected C:\RTC\MIRC32.EXE

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 11 September 2007 - 04:05 PM

Download and install CCleaner:
http://www.ccleaner.com/download/builds/downloading-slim

Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
*Note*
Do not use the Issues block to clean anything with this program.
It is for experts only and it is risky.

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked.
In the Advanced section,have a check only on Old PreFetch Data.

Click on the Options block on the left.
Select Advanced.
Uncheck "Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan.
Click on the Cleaner block on the left.
Choose the Windows tab.
Click the Run Cleaner button.
This process could take a while.
When CCleaner shows how much has been removed,cleaning is finished.

Restart your pc.
Let me know how your pc is running now.
Posted Image
Posted Image

#13 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 17 September 2007 - 11:48 AM

Richie:

Couldn't get anything to work, so I separated the drives and cleaned the master first. All seems ok finally, but have seen a few popups.

Just going to try the slave as a master in other system tonight. Will let you know in 24 hours.

Many thanks,
Chaeron

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 17 September 2007 - 12:19 PM

Ok Chaeron.thanks for the update,let me know if you run into problems.
Posted Image
Posted Image

#15 Chaeron

Chaeron
  • Topic Starter

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 23 September 2007 - 08:48 PM

Richie,

I've tried just about everything on that infected slave drive. I got the master finally back up and clean I think, but the slave just tries to boot, but goes into a startup loop, not even getting to the desktop. I think I'll just reformat. Was scared of this, but I'll live.

I have a big favor to ask: would you post that url again what to do to prevent and keep my pc clean and the software with all the links that you recommend? Many thanks.

Chaeron




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users