Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer,homesearch,coolsearch And Others


  • This topic is locked This topic is locked
37 replies to this topic

#1 otsjim

otsjim

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 11 November 2006 - 03:32 AM

Multiple issues with this machine. Get system lockups, many many popups, and windows updates will not work. Iuspect the xp operating system may be compromised as well... HJT log attached below.

Logfile of HijackThis v1.99.1
Scan saved at 2:17:42 AM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} - C:\WINDOWS\appjc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {8F626EE5-B30B-3F5E-3FD1-BFA5F18BA72F} - C:\WINDOWS\addwn32.dll (file missing)
O2 - BHO: Class - {DC42B4BF-AEBD-5A1A-288E-435E8D572F2A} - C:\WINDOWS\system32\sysyb32.dll (file missing)
O2 - BHO: Class - {F53EC50C-1736-5E28-E668-CFFB2AA3AE8D} - C:\WINDOWS\mfckh32.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msrh32.exe] C:\WINDOWS\msrh32.exe
O4 - HKLM\..\Run: [mswd.exe] C:\WINDOWS\system32\mswd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [javaqn32.exe] C:\WINDOWS\javaqn32.exe
O4 - HKLM\..\Run: [Glwdlhv] C:\Program Files\Cdaqoru\Tcpyopd.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe
O4 - HKLM\..\Run: [winqb.exe] C:\WINDOWS\winqb.exe
O4 - HKLM\..\Run: [qyiorz] C:\WINDOWS\System32\ejlhwc.exe r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - ms-its:mhtml:file://c:\nosunel.mht!http://daemonlinks.net/script/lc.chm::/bridge-c46.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163106567500
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\mmcpx32r.dLL (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SmlsbGlhbiBPYmVybGFuZGVy\command.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Edited by otsjim, 11 November 2006 - 03:37 AM.


BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 11 November 2006 - 08:21 AM

Hello and welcome :thumbsup:

Please download Brute Force Uninstaller to your desktop.
  • Right-click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download MediaGateway.bfu.
Save it in the same folder you made earlier (c:\BFU).

Please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by double-clicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select MediaGateway.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the Complete script execution box to pop up and hit OK.
  • Press Exit to terminate the BFU program. Reboot.
-----

After reboot, please download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply. :flowers:
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Hi there, stranger!

#3 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 11 November 2006 - 10:18 AM

Thanks for helping with my dilema. Below find the log from comofix:

Jillian Oberlander - 06-11-11 9:05:59.73 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Jillian Oberlander\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{E98D75F1-DF44-48C8-9DBD-6B700C703CB4}]
@=""

[HKEY_CLASSES_ROOT\clsid\{E98D75F1-DF44-48C8-9DBD-6B700C703CB4}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{E98D75F1-DF44-48C8-9DBD-6B700C703CB4}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{E98D75F1-DF44-48C8-9DBD-6B700C703CB4}\InprocServer32]
@="C:\\WINDOWS\\system32\\agl71.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{83B3D232-4E3C-466E-9BEC-74C8EF6CE7FE}]
@=""

[HKEY_CLASSES_ROOT\clsid\{83B3D232-4E3C-466E-9BEC-74C8EF6CE7FE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{83B3D232-4E3C-466E-9BEC-74C8EF6CE7FE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{83B3D232-4E3C-466E-9BEC-74C8EF6CE7FE}\InprocServer32]
@="C:\\WINDOWS\\system32\\iyetres.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\SmlsbGlhbiBPYmVybGFuZGVy


((((((((((((((((((((((((((((((( Files Created from 2006-10-11 to 2006-11-11 ))))))))))))))))))))))))))))))))))


2006-11-10 18:56 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-11-09 23:31 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-09 23:31 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-11-09 23:31 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-11-09 23:31 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-11-09 23:31 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-11-09 23:31 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-11-09 22:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-09 21:30 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2006-11-09 21:30 9,216 --------- C:\WINDOWS\system32\proxycfg.exe
2006-11-09 21:30 88,064 --------- C:\WINDOWS\system32\p2pnetsh.dll
2006-11-09 21:30 86,016 --------- C:\WINDOWS\system32\p2pgasvc.dll
2006-11-09 21:30 86,016 --------- C:\WINDOWS\system32\mdmxsdk.dll
2006-11-09 21:30 81,920 --------- C:\WINDOWS\system32\ieencode.dll
2006-11-09 21:30 81,408 --------- C:\WINDOWS\system32\wscsvc.dll
2006-11-09 21:30 8,192 --------- C:\WINDOWS\system32\smbinst.exe
2006-11-09 21:30 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2006-11-09 21:30 755,200 --------- C:\WINDOWS\system32\ir50_32.dll
2006-11-09 21:30 75,776 --------- C:\WINDOWS\system32\strmfilt.dll
2006-11-09 21:30 73,832 --------- C:\WINDOWS\system32\slcoinst.dll
2006-11-09 21:30 73,796 --------- C:\WINDOWS\system32\slserv.exe
2006-11-09 21:30 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2006-11-09 21:30 71,680 --------- C:\WINDOWS\system32\blastcln.exe
2006-11-09 21:30 7,680 --------- C:\WINDOWS\system32\kbdsmsno.dll
2006-11-09 21:30 7,680 --------- C:\WINDOWS\system32\kbdsmsfi.dll
2006-11-09 21:30 7,168 --------- C:\WINDOWS\system32\kbdukx.dll
2006-11-09 21:30 7,168 --------- C:\WINDOWS\system32\kbdno1.dll
2006-11-09 21:30 7,168 --------- C:\WINDOWS\system32\kbdfi1.dll
2006-11-09 21:30 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2006-11-09 21:30 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2006-11-09 21:30 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2006-11-09 21:30 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2006-11-09 21:30 60,416 --------- C:\WINDOWS\system32\fwcfg.dll
2006-11-09 21:30 6,656 --------- C:\WINDOWS\system32\kbdinmal.dll
2006-11-09 21:30 6,656 --------- C:\WINDOWS\system32\kbdinben.dll
2006-11-09 21:30 6,144 --------- C:\WINDOWS\system32\kbdmlt48.dll
2006-11-09 21:30 6,144 --------- C:\WINDOWS\system32\kbdmlt47.dll
2006-11-09 21:30 6,144 --------- C:\WINDOWS\system32\kbdinbe1.dll
2006-11-09 21:30 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2006-11-09 21:30 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2006-11-09 21:30 59,392 --------- C:\WINDOWS\system32\logman.exe
2006-11-09 21:30 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2006-11-09 21:30 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2006-11-09 21:30 526,848 --------- C:\WINDOWS\system32\p2psvc.dll
2006-11-09 21:30 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2006-11-09 21:30 516,768 --------- C:\WINDOWS\system32\ativvaxx.dll
2006-11-09 21:30 50,688 --------- C:\WINDOWS\system32\btpanui.dll
2006-11-09 21:30 50,176 --------- C:\WINDOWS\system32\xmlprovi.dll
2006-11-09 21:30 5,632 --------- C:\WINDOWS\system32\kbdmaori.dll
2006-11-09 21:30 49,152 --------- C:\WINDOWS\system32\powercfg.exe
2006-11-09 21:30 48,640 --------- C:\WINDOWS\system32\pnrpnsp.dll
2006-11-09 21:30 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2006-11-09 21:30 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2006-11-09 21:30 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2006-11-09 21:30 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2006-11-09 21:30 44,032 --------- C:\WINDOWS\system32\twext.dll
2006-11-09 21:30 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2006-11-09 21:30 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2006-11-09 21:30 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2006-11-09 21:30 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2006-11-09 21:30 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2006-11-09 21:30 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2006-11-09 21:30 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll
2006-11-09 21:30 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2006-11-09 21:30 397,056 --------- C:\WINDOWS\system32\s3gnb.dll
2006-11-09 21:30 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2006-11-09 21:30 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2006-11-09 21:30 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2006-11-09 21:30 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2006-11-09 21:30 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2006-11-09 21:30 338,432 --------- C:\WINDOWS\system32\ir41_qcx.dll
2006-11-09 21:30 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2006-11-09 21:30 32,866 --------- C:\WINDOWS\system32\slrundll.exe
2006-11-09 21:30 32,866 --------- C:\WINDOWS\slrundll.exe
2006-11-09 21:30 32,768 --------- C:\WINDOWS\system32\ativtmxx.dll
2006-11-09 21:30 32,285 --------- C:\WINDOWS\system32\hsfcisp2.dll
2006-11-09 21:30 312,320 --------- C:\WINDOWS\system32\p2pgraph.dll
2006-11-09 21:30 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2006-11-09 21:30 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2006-11-09 21:30 30,208 --------- C:\WINDOWS\system32\bthserv.dll
2006-11-09 21:30 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2006-11-09 21:30 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2006-11-09 21:30 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2006-11-09 21:30 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2006-11-09 21:30 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2006-11-09 21:30 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2006-11-09 21:30 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2006-11-09 21:30 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2006-11-09 21:30 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2006-11-09 21:30 29,184 --------- C:\WINDOWS\system32\sdhcinst.dll
2006-11-09 21:30 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2006-11-09 21:30 286,792 --------- C:\WINDOWS\system32\slextspk.dll
2006-11-09 21:30 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2006-11-09 21:30 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2006-11-09 21:30 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2006-11-09 21:30 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2006-11-09 21:30 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2006-11-09 21:30 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2006-11-09 21:30 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2006-11-09 21:30 24,576 --------- C:\WINDOWS\system32\httpapi.dll
2006-11-09 21:30 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-11-09 21:30 229,376 --------- C:\WINDOWS\system32\ati2cqag.dll
2006-11-09 21:30 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2006-11-09 21:30 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2006-11-09 21:30 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2006-11-09 21:30 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2006-11-09 21:30 200,192 --------- C:\WINDOWS\system32\ir50_qc.dll
2006-11-09 21:30 20,992 --------- C:\WINDOWS\system32\bthci.dll
2006-11-09 21:30 193,024 --------- C:\WINDOWS\system32\fsquirt.exe
2006-11-09 21:30 188,508 --------- C:\WINDOWS\system32\slgen.dll
2006-11-09 21:30 183,808 --------- C:\WINDOWS\system32\ir50_qcx.dll
2006-11-09 21:30 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-09 21:30 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2006-11-09 21:30 17,408 --------- C:\WINDOWS\system32\winshfhc.dll
2006-11-09 21:30 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2006-11-09 21:30 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2006-11-09 21:30 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2006-11-09 21:30 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-11-09 21:30 15,872 --------- C:\WINDOWS\system32\w3ssl.dll
2006-11-09 21:30 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2006-11-09 21:30 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2006-11-09 21:30 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2006-11-09 21:30 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2006-11-09 21:30 14,336 --------- C:\WINDOWS\system32\auditusr.exe
2006-11-09 21:30 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2006-11-09 21:30 13,824 --------- C:\WINDOWS\system32\wscntfy.exe
2006-11-09 21:30 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2006-11-09 21:30 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2006-11-09 21:30 13,824 --------- C:\WINDOWS\system32\cmsetacl.dll
2006-11-09 21:30 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2006-11-09 21:30 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2006-11-09 21:30 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-09 21:30 129,536 --------- C:\WINDOWS\system32\xmlprov.dll
2006-11-09 21:30 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2006-11-09 21:30 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2006-11-09 21:30 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-09 21:30 120,320 --------- C:\WINDOWS\system32\ir41_qc.dll
2006-11-09 21:30 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2006-11-09 21:30 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2006-11-09 21:30 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2006-11-09 21:30 118,784 --------- C:\WINDOWS\system32\msdadiag.dll
2006-11-09 21:30 116,224 --------- C:\WINDOWS\system32\p2p.dll
2006-11-09 21:30 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2006-11-09 21:30 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2006-11-09 21:30 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-11-09 21:30 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2006-11-09 21:30 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2006-11-09 21:30 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2006-11-09 21:30 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2006-11-09 21:30 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2006-11-09 21:30 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2006-11-09 21:30 108,032 --------- C:\WINDOWS\system32\wshbth.dll
2006-11-09 21:30 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2006-11-09 21:30 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2006-11-09 21:30 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2006-11-09 21:30 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2006-11-09 21:30 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2006-11-09 21:30 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-09 21:30 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2006-11-09 20:12 97,280 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-11-09 20:12 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2006-11-09 20:12 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-11-09 20:12 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-11-09 20:12 7,168 --a------ C:\WINDOWS\system32\hccoin.dll
2006-11-09 20:12 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-11-09 20:12 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-11-09 20:12 537,088 --a------ C:\WINDOWS\system32\msftedit.dll
2006-11-09 20:12 52,224 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-11-09 20:12 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-11-09 20:12 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2006-11-09 20:12 4,096 --a------ C:\WINDOWS\system32\dsprpres.dll
2006-11-09 20:12 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-11-09 20:12 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-11-09 20:12 37,376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2006-11-09 20:12 36,096 --a------ C:\WINDOWS\system32\drivers\intelppm.sys
2006-11-09 20:12 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2006-11-09 20:12 310,272 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-11-09 20:12 270,848 --a------ C:\WINDOWS\system32\sbe.dll
2006-11-09 20:12 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2006-11-09 20:12 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2006-11-09 20:12 233,472 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-11-09 20:12 20,480 --a------ C:\WINDOWS\system32\encapi.dll
2006-11-09 20:12 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2006-11-09 20:12 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-11-09 20:12 187,392 --a------ C:\WINDOWS\system32\xpsp1res.dll
2006-11-09 20:12 186,368 --a------ C:\WINDOWS\system32\encdec.dll
2006-11-09 20:12 168,448 --a------ C:\WINDOWS\system32\wmerror.dll
2006-11-09 20:12 159,232 --a------ C:\WINDOWS\system32\sbeio.dll
2006-11-09 20:12 151,552 --a------ C:\WINDOWS\system32\wmidx.dll
2006-11-09 20:12 134,656 --a------ C:\WINDOWS\system32\mssap.dll
2006-11-09 20:12 12,416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2006-11-09 20:12 114,688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-11-09 20:12 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2006-11-09 20:12 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-11-09 20:12 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-11-09 20:11 99,840 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-09 20:11 98,304 --a------ C:\WINDOWS\system32\cscript.exe
2006-11-09 20:11 98,304 --a------ C:\WINDOWS\system32\ahui.exe
2006-11-09 20:11 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-11-09 20:11 84,992 --a------ C:\WINDOWS\system32\avifil32.dll
2006-11-09 20:11 84,480 --a------ C:\WINDOWS\system32\cabview.dll
2006-11-09 20:11 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-11-09 20:11 8,192 --a------ C:\WINDOWS\system32\asferror.dll
2006-11-09 20:11 792,064 --a------ C:\WINDOWS\system32\comres.dll
2006-11-09 20:11 78,336 --a------ C:\WINDOWS\system32\browsewm.dll
2006-11-09 20:11 77,824 --a------ C:\WINDOWS\system32\cliconfg.dll
2006-11-09 20:11 77,312 --a------ C:\WINDOWS\system32\browser.dll
2006-11-09 20:11 74,752 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-11-09 20:11 70,656 --a------ C:\WINDOWS\system32\amstream.dll
2006-11-09 20:11 69,120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-11-09 20:11 68,096 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-11-09 20:11 65,024 --a------ C:\WINDOWS\system32\asycfilt.dll
2006-11-09 20:11 64,000 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-11-09 20:11 63,488 --a------ C:\WINDOWS\system32\cryptnet.dll
2006-11-09 20:11 63,488 --a------ C:\WINDOWS\system32\cmstp.exe
2006-11-09 20:11 63,488 --a------ C:\WINDOWS\system32\browselc.dll
2006-11-09 20:11 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-11-09 20:11 61,440 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-09 20:11 60,416 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-11-09 20:11 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2006-11-09 20:11 597,504 --a------ C:\WINDOWS\system32\crypt32.dll
2006-11-09 20:11 59,904 --a------ C:\WINDOWS\system32\cabinet.dll
2006-11-09 20:11 580,608 --a------ C:\WINDOWS\system32\autofmt.exe
2006-11-09 20:11 58,880 --a------ C:\WINDOWS\system32\atl.dll
2006-11-09 20:11 57,856 --a------ C:\WINDOWS\system32\clusapi.dll
2006-11-09 20:11 56,832 --a------ C:\WINDOWS\system32\authz.dll
2006-11-09 20:11 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-11-09 20:11 53,760 --a------ C:\WINDOWS\system32\cryptext.dll
2006-11-09 20:11 52,736 --a------ C:\WINDOWS\system32\basesrv.dll
2006-11-09 20:11 512,512 --a------ C:\WINDOWS\system32\cryptui.dll
2006-11-09 20:11 50,688 --a------ C:\WINDOWS\twain_32.dll
2006-11-09 20:11 50,688 --a------ C:\WINDOWS\system32\camocx.dll
2006-11-09 20:11 5,632 --a------ C:\WINDOWS\system32\cisvc.exe
2006-11-09 20:11 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-11-09 20:11 47,104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2006-11-09 20:11 47,104 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-11-09 20:11 457,728 --a------ C:\WINDOWS\system32\certmgr.dll
2006-11-09 20:11 44,544 --a------ C:\WINDOWS\system32\alg.exe
2006-11-09 20:11 42,496 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-11-09 20:11 4,096 --a------ C:\WINDOWS\system32\actmovie.exe
2006-11-09 20:11 39,936 --a------ C:\WINDOWS\system32\cmutil.dll
2006-11-09 20:11 39,936 --a------ C:\WINDOWS\system32\cmmon32.exe
2006-11-09 20:11 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-11-09 20:11 35,328 --a------ C:\WINDOWS\system32\corpol.dll
2006-11-09 20:11 343,040 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-11-09 20:11 33,280 --a------ C:\WINDOWS\system32\cryptdll.dll
2006-11-09 20:11 33,280 --a------ C:\WINDOWS\system32\clipsrv.exe
2006-11-09 20:11 326,656 --a------ C:\WINDOWS\system32\cscui.dll
2006-11-09 20:11 30,208 --a------ C:\WINDOWS\system32\atmlib.dll
2006-11-09 20:11 286,208 --a------ C:\WINDOWS\system32\blackbox.dll
2006-11-09 20:11 285,696 --a------ C:\WINDOWS\system32\atmfd.dll
2006-11-09 20:11 283,648 --a------ C:\WINDOWS\winhlp32.exe
2006-11-09 20:11 28,672 --a------ C:\WINDOWS\system32\batmeter.dll
2006-11-09 20:11 27,648 --a------ C:\WINDOWS\system32\conime.exe
2006-11-09 20:11 263,680 --a------ C:\WINDOWS\system32\adsnt.dll
2006-11-09 20:11 252,928 --a------ C:\WINDOWS\system32\compatui.dll
2006-11-09 20:11 25,088 --a------ C:\WINDOWS\system32\at.exe
2006-11-09 20:11 229,376 --a------ C:\WINDOWS\system32\compstui.dll
2006-11-09 20:11 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2006-11-09 20:11 20,480 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-11-09 20:11 2,067,968 --a------ C:\WINDOWS\system32\cdosys.dll
2006-11-09 20:11 194,560 --a------ C:\WINDOWS\system32\certcli.dll
2006-11-09 20:11 194,048 --a------ C:\WINDOWS\system32\activeds.dll
2006-11-09 20:11 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-11-09 20:11 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-11-09 20:11 175,616 --a------ C:\WINDOWS\system32\adsldp.dll
2006-11-09 20:11 17,408 --a------ C:\WINDOWS\system32\bidispl.dll
2006-11-09 20:11 17,408 --a------ C:\WINDOWS\system32\alrsvc.dll
2006-11-09 20:11 163,840 --a------ C:\WINDOWS\system32\credui.dll
2006-11-09 20:11 16,896 --a------ C:\WINDOWS\system32\cfgmgr32.dll
2006-11-09 20:11 159,232 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-11-09 20:11 15,872 --a------ C:\WINDOWS\system32\cmcfg32.dll
2006-11-09 20:11 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-11-09 20:11 146,432 --a------ C:\WINDOWS\regedit.exe
2006-11-09 20:11 143,360 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-11-09 20:11 126,976 --a------ C:\WINDOWS\system32\apphelp.dll
2006-11-09 20:11 114,688 --a------ C:\WINDOWS\system32\aclui.dll
2006-11-09 20:11 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-11-09 20:11 11,264 --a------ C:\WINDOWS\system32\autolfn.exe
2006-11-09 20:11 11,264 --a------ C:\WINDOWS\system32\atmadm.exe
2006-11-09 20:11 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-11-09 20:11 101,888 --a------ C:\WINDOWS\system32\cscdll.dll
2006-11-09 20:11 101,888 --a------ C:\WINDOWS\system32\actxprxy.dll
2006-11-09 20:11 100,352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-11-09 20:11 10,752 --a------ C:\WINDOWS\hh.exe
2006-11-09 20:11 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-11-09 20:11 1,032,192 --a------ C:\WINDOWS\explorer.exe
2006-11-09 20:10 994,304 --a------ C:\WINDOWS\system32\msgina.dll
2006-11-09 20:10 98,304 --a------ C:\WINDOWS\system32\slbiop.dll
2006-11-09 20:10 97,280 --a------ C:\WINDOWS\system32\loadperf.dll
2006-11-09 20:10 96,768 --a------ C:\WINDOWS\system32\psbase.dll
2006-11-09 20:10 96,256 --a------ C:\WINDOWS\system32\occache.dll
2006-11-09 20:10 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-11-09 20:10 94,208 --a------ C:\WINDOWS\system32\odbcint.dll
2006-11-09 20:10 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-11-09 20:10 92,672 --a------ C:\WINDOWS\system32\dskquota.dll
2006-11-09 20:10 92,224 --a------ C:\WINDOWS\system32\krnl386.exe
2006-11-09 20:10 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-11-09 20:10 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-11-09 20:10 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2006-11-09 20:10 90,624 --a------ C:\WINDOWS\system32\mydocs.dll
2006-11-09 20:10 9,728 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2006-11-09 20:10 9,344 --a------ C:\WINDOWS\system32\framebuf.dll
2006-11-09 20:10 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-11-09 20:10 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-11-09 20:10 875,008 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-11-09 20:10 87,552 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-11-09 20:10 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-11-09 20:10 87,040 --a------ C:\WINDOWS\system32\mprapi.dll
2006-11-09 20:10 87,040 --a------ C:\WINDOWS\system32\drmstor.dll
2006-11-09 20:10 86,016 --a------ C:\WINDOWS\system32\netsh.exe
2006-11-09 20:10 86,016 --a------ C:\WINDOWS\system32\msapsspc.dll
2006-11-09 20:10 858,624 --a------ C:\WINDOWS\system32\tapi3.dll
2006-11-09 20:10 85,504 --a------ C:\WINDOWS\system32\makecab.exe
2006-11-09 20:10 85,504 --a------ C:\WINDOWS\system32\diantz.exe
2006-11-09 20:10 84,480 --a------ C:\WINDOWS\system32\mciavi32.dll
2006-11-09 20:10 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-11-09 20:10 83,456 --a------ C:\WINDOWS\system32\olepro32.dll
2006-11-09 20:10 83,456 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-11-09 20:10 825,344 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-11-09 20:10 82,432 --a------ C:\WINDOWS\system32\dmscript.dll
2006-11-09 20:10 82,432 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-11-09 20:10 815,104 --a------ C:\WINDOWS\system32\mmc.exe
2006-11-09 20:10 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-11-09 20:10 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-11-09 20:10 80,896 --a------ C:\WINDOWS\system32\netui0.dll
2006-11-09 20:10 80,384 --a------ C:\WINDOWS\system32\iccvid.dll
2006-11-09 20:10 80,384 --a------ C:\WINDOWS\system32\faultrep.dll
2006-11-09 20:10 8,704 --a------ C:\WINDOWS\system32\dciman32.dll
2006-11-09 20:10 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2006-11-09 20:10 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-11-09 20:10 77,824 --a------ C:\WINDOWS\system32\shrpubw.exe
2006-11-09 20:10 77,312 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-11-09 20:10 77,312 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-11-09 20:10 75,776 --a------ C:\WINDOWS\system32\telnet.exe
2006-11-09 20:10 75,264 --a------ C:\WINDOWS\system32\inetpp.dll
2006-11-09 20:10 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-11-09 20:10 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2006-11-09 20:10 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-11-09 20:10 74,240 --a------ C:\WINDOWS\system32\unimdmat.dll
2006-11-09 20:10 74,240 --a------ C:\WINDOWS\system32\mscms.dll
2006-11-09 20:10 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-11-09 20:10 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-11-09 20:10 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2006-11-09 20:10 72,704 --a------ C:\WINDOWS\system32\msw3prt.dll
2006-11-09 20:10 72,704 --a------ C:\WINDOWS\system32\magnify.exe
2006-11-09 20:10 713,728 --a------ C:\WINDOWS\system32\opengl32.dll
2006-11-09 20:10 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2006-11-09 20:10 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-11-09 20:10 71,680 --a------ C:\WINDOWS\system32\msacm32.dll
2006-11-09 20:10 71,680 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-11-09 20:10 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-11-09 20:10 701,440 --a------ C:\WINDOWS\system32\msxml2.dll
2006-11-09 20:10 70,656 --a------ C:\WINDOWS\system32\mmcbase.dll
2006-11-09 20:10 70,144 --a------ C:\WINDOWS\system32\sigverif.exe
2006-11-09 20:10 7,424 --a------ C:\WINDOWS\system32\kd1394.dll
2006-11-09 20:10 695,296 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-11-09 20:10 69,632 --a------ C:\WINDOWS\system32\scarddlg.dll
2006-11-09 20:10 69,632 --a------ C:\WINDOWS\system32\raschap.dll
2006-11-09 20:10 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-11-09 20:10 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-11-09 20:10 69,120 --a------ C:\WINDOWS\system32\notepad.exe
2006-11-09 20:10 69,120 --a------ C:\WINDOWS\system32\msctfp.dll
2006-11-09 20:10 69,120 --a------ C:\WINDOWS\notepad.exe
2006-11-09 20:10 68,768 --a------ C:\WINDOWS\system32\mmsystem.dll
2006-11-09 20:10 68,608 --a------ C:\WINDOWS\system32\digest.dll
2006-11-09 20:10 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2006-11-09 20:10 68,096 --a------ C:\WINDOWS\system32\shgina.dll
2006-11-09 20:10 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-11-09 20:10 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-09 20:10 67,584 --a------ C:\WINDOWS\system32\sti.dll
2006-11-09 20:10 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-11-09 20:10 67,584 --a------ C:\WINDOWS\system32\osuninst.dll
2006-11-09 20:10 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-11-09 20:10 67,072 --a------ C:\WINDOWS\system32\ntdsapi.dll
2006-11-09 20:10 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-11-09 20:10 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-09 20:10 65,536 --a------ C:\WINDOWS\system32\shimeng.dll
2006-11-09 20:10 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-11-09 20:10 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-11-09 20:10 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-11-09 20:10 640,000 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-11-09 20:10 622,080 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-11-09 20:10 62,976 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-11-09 20:10 62,976 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-09 20:10 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-11-09 20:10 619,008 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-11-09 20:10 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2006-11-09 20:10 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-11-09 20:10 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2006-11-09 20:10 61,440 --a------ C:\WINDOWS\system32\msvcrt40.dll
2006-11-09 20:10 61,440 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-11-09 20:10 60,928 --a------ C:\WINDOWS\system32\miglibnt.dll
2006-11-09 20:10 60,928 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-11-09 20:10 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-11-09 20:10 6,656 --a------ C:\WINDOWS\system32\sensapi.dll
2006-11-09 20:10 6,656 --a------ C:\WINDOWS\system32\msidle.dll
2006-11-09 20:10 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-11-09 20:10 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-11-09 20:10 59,904 --a------ C:\WINDOWS\system32\regsvc.dll
2006-11-09 20:10 59,904 --a------ C:\WINDOWS\system32\mpr.dll
2006-11-09 20:10 59,904 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-11-09 20:10 59,904 --a------ C:\WINDOWS\system32\devenum.dll
2006-11-09 20:10 586,240 --a------ C:\WINDOWS\system32\mlang.dll
2006-11-09 20:10 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-11-09 20:10 58,880 --a------ C:\WINDOWS\system32\resutils.dll
2006-11-09 20:10 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-11-09 20:10 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-11-09 20:10 58,368 --a------ C:\WINDOWS\system32\packager.exe
2006-11-09 20:10 577,024 --a------ C:\WINDOWS\system32\user32.dll
2006-11-09 20:10 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2006-11-09 20:10 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2006-11-09 20:10 57,344 --a------ C:\WINDOWS\system32\msasn1.dll
2006-11-09 20:10 57,344 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-11-09 20:10 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2006-11-09 20:10 56,832 --a------ C:\WINDOWS\system32\rasphone.exe
2006-11-09 20:10 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-11-09 20:10 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-11-09 20:10 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-11-09 20:10 55,808 --a------ C:\WINDOWS\system32\secur32.dll
2006-11-09 20:10 55,808 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-11-09 20:10 55,808 --a------ C:\WINDOWS\system32\eventlog.dll
2006-11-09 20:10 55,296 --a------ C:\WINDOWS\system32\sendmail.dll
2006-11-09 20:10 549,376 --a------ C:\WINDOWS\system32\shdoclc.dll
2006-11-09 20:10 54,784 --a------ C:\WINDOWS\system32\npptools.dll
2006-11-09 20:10 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll
2006-11-09 20:10 54,272 --a------ C:\WINDOWS\system32\ixsso.dll
2006-11-09 20:10 54,272 --a------ C:\WINDOWS\system32\dataclen.dll
2006-11-09 20:10 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-11-09 20:10 53,840 --a------ C:\WINDOWS\system32\dosx.exe
2006-11-09 20:10 53,760 --a------ C:\WINDOWS\system32\narrator.exe
2006-11-09 20:10 53,279 --a------ C:\WINDOWS\system32\odbcji32.dll
2006-11-09 20:10 53,279 --a------ C:\WINDOWS\system32\msjter40.dll
2006-11-09 20:10 53,248 --a------ C:\WINDOWS\system32\ipv6.exe
2006-11-09 20:10 52,224 --a------ C:\WINDOWS\system32\dmutil.dll
2006-11-09 20:10 514,560 --a------ C:\WINDOWS\system32\logonui.exe
2006-11-09 20:10 512,029 --a------ C:\WINDOWS\system32\msexch40.dll
2006-11-09 20:10 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-11-09 20:10 51,712 --a------ C:\WINDOWS\system32\msident.dll
2006-11-09 20:10 51,200 --a------ C:\WINDOWS\system32\dssec.dll
2006-11-09 20:10 506,368 --a------ C:\WINDOWS\system32\msxml.dll
2006-11-09 20:10 50,688 --a------ C:\WINDOWS\system32\mmcshext.dll
2006-11-09 20:10 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2006-11-09 20:10 50,176 --a------ C:\WINDOWS\system32\reg.exe
2006-11-09 20:10 50,176 --a------ C:\WINDOWS\system32\proquota.exe
2006-11-09 20:10 5,632 --a------ C:\WINDOWS\system32\security.dll
2006-11-09 20:10 5,120 --a------ C:\WINDOWS\system32\sfc.dll
2006-11-09 20:10 498,205 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-11-09 20:10 49,664 --a------ C:\WINDOWS\system32\regapi.dll
2006-11-09 20:10 49,152 --a------ C:\WINDOWS\system32\wdigest.dll
2006-11-09 20:10 488,448 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2006-11-09 20:10 48,640 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-09 20:10 48,128 --a------ C:\WINDOWS\system32\msprivs.dll
2006-11-09 20:10 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-11-09 20:10 48,128 --a------ C:\WINDOWS\system32\docprop2.dll
2006-11-09 20:10 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-11-09 20:10 47,104 --a------ C:\WINDOWS\system32\ssmypics.scr
2006-11-09 20:10 45,568 --a------ C:\WINDOWS\system32\tcpmon.dll
2006-11-09 20:10 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-11-09 20:10 45,568 --a------ C:\WINDOWS\system32\extrac32.exe
2006-11-09 20:10 45,568 --a------ C:\WINDOWS\system32\dnsrslvr.dll
2006-11-09 20:10 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-11-09 20:10 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-11-09 20:10 44,032 --a------ C:\WINDOWS\system32\rtutils.dll
2006-11-09 20:10 438,272 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-11-09 20:10 435,200 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-11-09 20:10 431,616 --a------ C:\WINDOWS\system32\riched20.dll
2006-11-09 20:10 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2006-11-09 20:10 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-11-09 20:10 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-11-09 20:10 43,520 --a------ C:\WINDOWS\system32\pstorec.dll
2006-11-09 20:10 43,520 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-11-09 20:10 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-11-09 20:10 423,936 --a------ C:\WINDOWS\system32\licdll.dll
2006-11-09 20:10 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-11-09 20:10 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-11-09 20:10 42,496 --a------ C:\WINDOWS\system32\net.exe
2006-11-09 20:10 417,792 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-09 20:10 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-11-09 20:10 41,984 --a------ C:\WINDOWS\system32\htui.dll
2006-11-09 20:10 41,472 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-11-09 20:10 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-09 20:10 407,040 --a------ C:\WINDOWS\system32\netlogon.dll
2006-11-09 20:10 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2006-11-09 20:10 40,960 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-11-09 20:10 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-11-09 20:10 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-11-09 20:10 4,096 --a------ C:\WINDOWS\system32\nddeapir.exe
2006-11-09 20:10 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-11-09 20:10 399,872 --a------ C:\WINDOWS\system32\lmrt.dll
2006-11-09 20:10 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2006-11-09 20:10 397,824 --a------ C:\WINDOWS\system32\regwizc.dll
2006-11-09 20:10 393,216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-11-09 20:10 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2006-11-09 20:10 39,424 --a------ C:\WINDOWS\system32\grpconv.exe
2006-11-09 20:10 385,536 --a------ C:\WINDOWS\system32\themeui.dll
2006-11-09 20:10 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2006-11-09 20:10 384,000 --a------ C:\WINDOWS\system32\ipsmsnap.dll
2006-11-09 20:10 382,976 --a------ C:\WINDOWS\system32\fontext.dll
2006-11-09 20:10 380,957 --a------ C:\WINDOWS\system32\expsrv.dll
2006-11-09 20:10 38,912 --a------ C:\WINDOWS\system32\sens.dll
2006-11-09 20:10 38,912 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-11-09 20:10 375,296 --a------ C:\WINDOWS\system32\dpnet.dll
2006-11-09 20:10 37,888 --a------ C:\WINDOWS\system32\url.dll
2006-11-09 20:10 367,616 --a------ C:\WINDOWS\system32\dsound.dll
2006-11-09 20:10 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-11-09 20:10 363,008 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-11-09 20:10 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2006-11-09 20:10 36,864 --a------ C:\WINDOWS\system32\netstat.exe
2006-11-09 20:10 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dll
2006-11-09 20:10 36,352 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-11-09 20:10 358,976 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-11-09 20:10 358,400 --a------ C:\WINDOWS\system32\termmgr.dll
2006-11-09 20:10 356,352 --a------ C:\WINDOWS\system32\msscp.dll
2006-11-09 20:10 35,840 --a------ C:\WINDOWS\system32\umandlg.dll
2006-11-09 20:10 35,840 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-11-09 20:10 35,840 --a------ C:\WINDOWS\system32\imgutil.dll
2006-11-09 20:10 35,840 --a------ C:\WINDOWS\system32\dmloader.dll
2006-11-09 20:10 35,648 --a------ C:\WINDOWS\system32\ntio411.sys
2006-11-09 20:10 35,424 --a------ C:\WINDOWS\system32\ntio412.sys
2006-11-09 20:10 35,328 --a------ C:\WINDOWS\system32\pid.dll
2006-11-09 20:10 35,328 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-11-09 20:10 35,328 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-11-09 20:10 349,696 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2006-11-09 20:10 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-11-09 20:10 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-11-09 20:10 347,136 --a------ C:\WINDOWS\system32\tourstart.exe
2006-11-09 20:10 344,064 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-11-09 20:10 343,040 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-11-09 20:10 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-11-09 20:10 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-11-09 20:10 34,816 --a------ C:\WINDOWS\system32\perfproc.dll
2006-11-09 20:10 34,560 --a------ C:\WINDOWS\system32\ntio804.sys
2006-11-09 20:10 34,560 --a------ C:\WINDOWS\system32\ntio404.sys
2006-11-09 20:10 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-11-09 20:10 34,304 --a------ C:\WINDOWS\system32\pstorsvc.dll
2006-11-09 20:10 34,304 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-09 20:10 337,920 --a------ C:\WINDOWS\system32\filemgmt.dll
2006-11-09 20:10 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-11-09 20:10 330,752 --a------ C:\WINDOWS\system32\ippromon.dll
2006-11-09 20:10 330,752 --a------ C:\WINDOWS\system32\hnetwiz.dll
2006-11-09 20:10 33,840 --a------ C:\WINDOWS\system32\ntio.sys
2006-11-09 20:10 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2006-11-09 20:10 33,280 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-11-09 20:10 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2006-11-09 20:10 323,584 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-09 20:10 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-11-09 20:10 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-11-09 20:10 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-11-09 20:10 319,517 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-11-09 20:10 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-11-09 20:10 313,856 --a------ C:\WINDOWS\system32\scesrv.dll
2006-11-09 20:10 31,744 --a------ C:\WINDOWS\system32\rtipxmib.dll
2006-11-09 20:10 31,232 --a------ C:\WINDOWS\system32\sethc.exe
2006-11-09 20:10 306,176 --a------ C:\WINDOWS\system32\slbcsp.dll
2006-11-09 20:10 304,128 --a------ C:\WINDOWS\system32\duser.dll
2006-11-09 20:10 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-11-09 20:10 30,208 --a------ C:\WINDOWS\system32\mspatcha.dll
2006-11-09 20:10 30,208 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-11-09 20:10 30,208 --a------ C:\WINDOWS\system32\ddeshare.exe
2006-11-09 20:10 3,584 --a------ C:\WINDOWS\system32\msafd.dll
2006-11-09 20:10 3,584 --a------ C:\WINDOWS\system32\icmp.dll
2006-11-09 20:10 3,584 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-11-09 20:10 3,584 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-11-09 20:10 3,338 --a------ C:\WINDOWS\system32\redir.exe
2006-11-09 20:10 299,520 --a------ C:\WINDOWS\system32\drmclien.dll
2006-11-09 20:10 295,936 --a------ C:\WINDOWS\system32\kerberos.dll
2006-11-09 20:10 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-11-09 20:10 294,400 --a------ C:\WINDOWS\system32\msctf.dll
2006-11-09 20:10 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-11-09 20:10 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-11-09 20:10 29,184 --a------ C:\WINDOWS\system32\sendcmsg.dll
2006-11-09 20:10 29,184 --a------ C:\WINDOWS\system32\mshta.exe
2006-11-09 20:10 289,792 --a------ C:\WINDOWS\system32\vssvc.exe
2006-11-09 20:10 285,696 --a------ C:\WINDOWS\system32\objsel.dll
2006-11-09 20:10 283,648 --a------ C:\WINDOWS\system32\pdh.dll
2006-11-09 20:10 282,624 --a------ C:\WINDOWS\system32\devmgr.dll
2006-11-09 20:10 280,064 --a------ C:\WINDOWS\system32\gdi32.dll
2006-11-09 20:10 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-11-09 20:10 28,672 --a------ C:\WINDOWS\system32\dmband.dll
2006-11-09 20:10 28,672 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-11-09 20:10 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-11-09 20:10 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2006-11-09 20:10 278,559 --a------ C:\WINDOWS\system32\odbcjt32.dll
2006-11-09 20:10 276,480 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-09 20:10 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-11-09 20:10 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-11-09 20:10 27,648 --a------ C:\WINDOWS\system32\shscrap.dll
2006-11-09 20:10 27,648 --a------ C:\WINDOWS\system32\profmap.dll
2006-11-09 20:10 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2006-11-09 20:10 27,136 --a------ C:\WINDOWS\system32\findstr.exe
2006-11-09 20:10 27,136 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-11-09 20:10 266,752 --a------ C:\WINDOWS\system32\oakley.dll
2006-11-09 20:10 266,240 --a------ C:\WINDOWS\system32\ddraw.dll
2006-11-09 20:10 26,624 --a------ C:\WINDOWS\system32\perfdisk.dll
2006-11-09 20:10 26,112 --a------ C:\WINDOWS\system32\vdmdbg.dll
2006-11-09 20:10 26,112 --a------ C:\WINDOWS\system32\skeys.exe
2006-11-09 20:10 259,072 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-11-09 20:10 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2006-11-09 20:10 254,976 --a------ C:\WINDOWS\system32\icm32.dll
2006-11-09 20:10 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-11-09 20:10 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-11-09 20:10 25,088 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-11-09 20:10 25,088 --a------ C:\WINDOWS\system32\shfolder.dll
2006-11-09 20:10 25,088 --a------ C:\WINDOWS\system32\perfos.dll
2006-11-09 20:10 25,088 --a------ C:\WINDOWS\system32\mslbui.dll
2006-11-09 20:10 25,088 --a------ C:\WINDOWS\system32\defrag.exe
2006-11-09 20:10 249,856 --a------ C:\WINDOWS\system32\odbc32.dll
2006-11-09 20:10 249,344 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-11-09 20:10 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2006-11-09 20:10 248,832 --a------ C:\WINDOWS\system32\msieftp.dll
2006-11-09 20:10 246,302 --a------ C:\WINDOWS\system32\strmdll.dll
2006-11-09 20:10 245,760 --a------ C:\WINDOWS\system32\netui1.dll
2006-11-09 20:10 245,760 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-11-09 20:10 245,248 --a------ C:\WINDOWS\system32\mswsock.dll
2006-11-09 20:10 243,200 --a------ C:\WINDOWS\system32\es.dll
2006-11-09 20:10 241,693 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-11-09 20:10 240,640 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-11-09 20:10 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-11-09 20:10 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-11-09 20:10 24,576 --a------ C:\WINDOWS\system32\davclnt.dll
2006-11-09 20:10 239,616 --a------ C:\WINDOWS\system32\upnpui.dll
2006-11-09 20:10 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-11-09 20:10 239,104 --a------ C:\WINDOWS\system32\dsquery.dll
2006-11-09 20:10 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2006-11-09 20:10 23,552 --a------ C:\WINDOWS\system32\mciwave.dll
2006-11-09 20:10 23,552 --a------ C:\WINDOWS\system32\ipxroute.exe
2006-11-09 20:10 23,552 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-11-09 20:10 23,552 --a------ C:\WINDOWS\system32\dmserver.dll
2006-11-09 20:10 23,040 --a------ C:\WINDOWS\system32\setup.exe
2006-11-09 20:10 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2006-11-09 20:10 23,040 --a------ C:\WINDOWS\system32\mciseq.dll
2006-11-09 20:10 23,040 --a------ C:\WINDOWS\system32\ersvc.dll
2006-11-09 20:10 229,888 --a------ C:\WINDOWS\system32\dplayx.dll
2006-11-09 20:10 224,768 --a------ C:\WINDOWS\system32\dmadmin.exe
2006-11-09 20:10 221,696 --a------ C:\WINDOWS\system32\localsec.dll
2006-11-09 20:10 220,672 --a------ C:\WINDOWS\system32\logon.scr
2006-11-09 20:10 22,528 --a------ C:\WINDOWS\system32\mfcsubs.dll
2006-11-09 20:10 22,016 --a------ C:\WINDOWS\system32\lpk.dll
2006-11-09 20:10 22,016 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-11-09 20:10 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-11-09 20:10 216,576 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-09 20:10 216,064 --a------ C:\WINDOWS\system32\moricons.dll
2006-11-09 20:10 215,552 --a------ C:\WINDOWS\system32\osk.exe
2006-11-09 20:10 213,023 --a------ C:\WINDOWS\system32\msltus40.dll
2006-11-09 20:10 212,480 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-11-09 20:10 21,504 --a------ C:\WINDOWS\system32\rcp.exe
2006-11-09 20:10 21,504 --a------ C:\WINDOWS\system32\feclient.dll
2006-11-09 20:10 21,504 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-11-09 20:10 207,360 --a------ C:\WINDOWS\system32\mobsync.dll
2006-11-09 20:10 206,336 --a------ C:\WINDOWS\system32\rasppp.dll
2006-11-09 20:10 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-11-09 20:10 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-11-09 20:10 200,704 --a------ C:\WINDOWS\system32\dmdskmgr.dll
2006-11-09 20:10 20,992 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-11-09 20:10 20,992 --a------ C:\WINDOWS\system32\sclgntfy.dll
2006-11-09 20:10 20,992 --a------ C:\WINDOWS\system32\hid.dll
2006-11-09 20:10 20,992 --a------ C:\WINDOWS\system32\fontview.exe
2006-11-09 20:10 20,511 --a------ C:\WINDOWS\system32\odtext32.dll
2006-11-09 20:10 20,511 --a------ C:\WINDOWS\system32\oddbse32.dll
2006-11-09 20:10 20,510 --a------ C:\WINDOWS\system32\odpdx32.dll
2006-11-09 20:10 20,510 --a------ C:\WINDOWS\system32\odfox32.dll
2006-11-09 20:10 20,510 --a------ C:\WINDOWS\system32\odexl32.dll
2006-11-09 20:10 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-11-09 20:10 20,480 --a------ C:\WINDOWS\system32\msorc32r.dll
2006-11-09 20:10 197,632 --a------ C:\WINDOWS\system32\netman.dll
2006-11-09 20:10 195,072 --a------ C:\WINDOWS\system32\msutb.dll
2006-11-09 20:10 193,024 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-11-09 20:10 192,512 --a------ C:\WINDOWS\system32\qcap.dll
2006-11-09 20:10 191,488 --a------ C:\WINDOWS\system32\syncui.dll
2006-11-09 20:10 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-11-09 20:10 19,968 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-11-09 20:10 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-11-09 20:10 19,968 --a------ C:\WINDOWS\system32\linkinfo.dll
2006-11-09 20:10 19,456 --a------ C:\WINDOWS\system32\shutdown.exe
2006-11-09 20:10 19,456 --a------ C:\WINDOWS\system32\dswave.dll
2006-11-09 20:10 185,344 --a------ C:\WINDOWS\system32\upnphost.dll
2006-11-09 20:10 183,296 --a------ C:\WINDOWS\system32\els.dll
2006-11-09 20:10 182,784 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-11-09 20:10 182,272 --a------ C:\WINDOWS\system32\snmpsnap.dll
2006-11-09 20:10 181,760 --a------ C:\WINDOWS\system32\tapi32.dll
2006-11-09 20:10 181,760 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-11-09 20:10 181,760 --a------ C:\WINDOWS\system32\dinput8.dll
2006-11-09 20:10 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-11-09 20:10 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll
2006-11-09 20:10 180,224 --a------ C:\WINDOWS\system32\scecli.dll
2006-11-09 20:10 180,224 --a------ C:\WINDOWS\system32\dwwin.exe
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\version.dll
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\seclogon.dll
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\rsmps.dll
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-11-09 20:10 18,944 --a------ C:\WINDOWS\system32\midimap.dll
2006-11-09 20:10 18,432 --a------ C:\WINDOWS\system32\ups.exe
2006-11-09 20:10 18,432 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-11-09 20:10 179,712 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-11-09 20:10 176,128 --a------ C:\WINDOWS\system32\photowiz.dll
2006-11-09 20:10 174,592 --a------ C:\WINDOWS\system32\w32time.dll
2006-11-09 20:10 171,008 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-11-09 20:10 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-11-09 20:10 17,920 --a------ C:\WINDOWS\system32\ping.exe
2006-11-09 20:10 17,920 --a------ C:\WINDOWS\system32\nddeapi.dll
2006-11-09 20:10 17,920 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2006-11-09 20:10 17,664 --a------ C:\WINDOWS\system32\watchdog.sys
2006-11-09 20:10 17,408 --a------ C:\WINDOWS\system32\powrprof.dll
2006-11-09 20:10 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2006-11-09 20:10 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-11-09 20:10 163,840 --a------ C:\WINDOWS\system32\diskpart.exe
2006-11-09 20:10 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-11-09 20:10 16,896 --a------ C:\WINDOWS\system32\usbmon.dll
2006-11-09 20:10 16,896 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-11-09 20:10 16,896 --a------ C:\WINDOWS\system32\rassapi.dll
2006-11-09 20:10 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-11-09 20:10 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-11-09 20:10 159,744 --a-----

#4 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 11 November 2006 - 10:25 AM

Here is remainder of log (too long???):

2006-11-09 20:10 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-11-09 20:10 159,744 --a------ C:\WINDOWS\system32\scrobj.dll
2006-11-09 20:10 159,232 --a------ C:\WINDOWS\system32\msimtf.dll
2006-11-09 20:10 159,232 --a------ C:\WINDOWS\system32\dinput.dll
2006-11-09 20:10 155,136 --a------ C:\WINDOWS\system32\itircl.dll
2006-11-09 20:10 153,600 --a------ C:\WINDOWS\system32\modemui.dll
2006-11-09 20:10 152,576 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-11-09 20:10 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2006-11-09 20:10 151,583 --a------ C:\WINDOWS\system32\msjint40.dll
2006-11-09 20:10 151,552 --a------ C:\WINDOWS\system32\shmedia.dll
2006-11-09 20:10 151,552 --a------ C:\WINDOWS\system32\scrrun.dll
2006-11-09 20:10 151,552 --a------ C:\WINDOWS\system32\msdart.dll
2006-11-09 20:10 150,528 --a------ C:\WINDOWS\system32\keymgr.dll
2006-11-09 20:10 150,016 --a------ C:\WINDOWS\system32\imapi.exe
2006-11-09 20:10 15,872 --a------ C:\WINDOWS\system32\perfmon.exe
2006-11-09 20:10 15,872 --a------ C:\WINDOWS\system32\inetppui.dll
2006-11-09 20:10 15,872 --a------ C:\WINDOWS\system32\dmremote.exe
2006-11-09 20:10 15,360 --a------ C:\WINDOWS\system32\pjlmon.dll
2006-11-09 20:10 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-11-09 20:10 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-11-09 20:10 147,456 --a------ C:\WINDOWS\system32\initpki.dll
2006-11-09 20:10 144,896 --a------ C:\WINDOWS\system32\hotplug.dll
2006-11-09 20:10 143,872 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-11-09 20:10 143,360 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-11-09 20:10 143,360 --a------ C:\WINDOWS\system32\mobsync.exe
2006-11-09 20:10 142,336 --a------ C:\WINDOWS\system32\dsprop.dll
2006-11-09 20:10 140,288 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-11-09 20:10 14,848 --a------ C:\WINDOWS\system32\tcpmib.dll
2006-11-09 20:10 14,848 --a------ C:\WINDOWS\system32\stimon.exe
2006-11-09 20:10 14,848 --a------ C:\WINDOWS\system32\rsh.exe
2006-11-09 20:10 14,848 --a------ C:\WINDOWS\system32\mcastmib.dll
2006-11-09 20:10 14,336 --a------ C:\WINDOWS\system32\svchost.exe
2006-11-09 20:10 14,336 --a------ C:\WINDOWS\system32\ssstars.scr
2006-11-09 20:10 14,336 --a------ C:\WINDOWS\system32\runonce.exe
2006-11-09 20:10 14,336 --a------ C:\WINDOWS\system32\msdmo.dll
2006-11-09 20:10 14,336 --a------ C:\WINDOWS\system32\drprov.dll
2006-11-09 20:10 139,264 --a------ C:\WINDOWS\system32\netid.dll
2006-11-09 20:10 139,264 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-09 20:10 137,216 --a------ C:\WINDOWS\system32\itss.dll
2006-11-09 20:10 137,216 --a------ C:\WINDOWS\system32\dssenh.dll
2006-11-09 20:10 136,704 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-11-09 20:10 135,680 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-11-09 20:10 135,680 --a------ C:\WINDOWS\system32\ifmon.dll
2006-11-09 20:10 135,168 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-11-09 20:10 134,656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-11-09 20:10 132,608 --a------ C:\WINDOWS\system32\upnp.dll
2006-11-09 20:10 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-11-09 20:10 13,824 --a------ C:\WINDOWS\system32\uniplat.dll
2006-11-09 20:10 13,824 --a------ C:\WINDOWS\system32\rexec.exe
2006-11-09 20:10 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-11-09 20:10 13,312 --a------ C:\WINDOWS\system32\sigtab.dll
2006-11-09 20:10 13,312 --a------ C:\WINDOWS\system32\lsass.exe
2006-11-09 20:10 124,928 --a------ C:\WINDOWS\system32\net1.exe
2006-11-09 20:10 123,904 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-11-09 20:10 123,392 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-11-09 20:10 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-11-09 20:10 123,392 --a------ C:\WINDOWS\system32\input.dll
2006-11-09 20:10 122,880 --a------ C:\WINDOWS\system32\glu32.dll
2006-11-09 20:10 121,856 --a------ C:\WINDOWS\system32\stobject.dll
2006-11-09 20:10 120,832 --a------ C:\WINDOWS\system32\offfilt.dll
2006-11-09 20:10 120,832 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-11-09 20:10 120,832 --a------ C:\WINDOWS\system32\idq.dll
2006-11-09 20:10 12,288 --a------ C:\WINDOWS\system32\tracert.exe
2006-11-09 20:10 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-11-09 20:10 12,288 --a------ C:\WINDOWS\system32\netrap.dll
2006-11-09 20:10 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-11-09 20:10 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-11-09 20:10 12,168 --a------ C:\WINDOWS\system32\tsddd.dll
2006-11-09 20:10 119,808 --a------ C:\WINDOWS\system32\iasrad.dll
2006-11-09 20:10 118,784 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-11-09 20:10 118,272 --a------ C:\WINDOWS\system32\t2embed.dll
2006-11-09 20:10 118,272 --a------ C:\WINDOWS\system32\mdminst.dll
2006-11-09 20:10 116,736 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-11-09 20:10 115,712 --a------ C:\WINDOWS\system32\mstlsapi.dll
2006-11-09 20:10 114,688 --a------ C:\WINDOWS\system32\iexpress.exe
2006-11-09 20:10 113,152 --a------ C:\WINDOWS\system32\dsuiext.dll
2006-11-09 20:10 112,128 --a------ C:\WINDOWS\system32\rastls.dll
2006-11-09 20:10 111,104 --a------ C:\WINDOWS\system32\netdde.exe
2006-11-09 20:10 111,104 --a------ C:\WINDOWS\system32\dgnet.dll
2006-11-09 20:10 110,592 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-11-09 20:10 110,080 --a------ C:\WINDOWS\system32\imm32.dll
2006-11-09 20:10 11,776 --a------ C:\WINDOWS\system32\regsvr32.exe
2006-11-09 20:10 11,776 --a------ C:\WINDOWS\system32\localui.dll
2006-11-09 20:10 11,264 --a------ C:\WINDOWS\system32\msrle32.dll
2006-11-09 20:10 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-11-09 20:10 109,568 --a------ C:\WINDOWS\system32\progman.exe
2006-11-09 20:10 107,008 --a------ C:\WINDOWS\system32\oleprn.dll
2006-11-09 20:10 106,496 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-11-09 20:10 105,984 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-11-09 20:10 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-11-09 20:10 105,984 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-11-09 20:10 105,472 --a------ C:\WINDOWS\system32\polstore.dll
2006-11-09 20:10 104,448 --a------ C:\WINDOWS\system32\dmusic.dll
2006-11-09 20:10 103,936 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-11-09 20:10 103,936 --a------ C:\WINDOWS\system32\logagent.exe
2006-11-09 20:10 103,424 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-11-09 20:10 102,400 --a------ C:\WINDOWS\system32\rcbdyctl.dll
2006-11-09 20:10 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2006-11-09 20:10 10,752 --a------ C:\WINDOWS\system32\dumprep.exe
2006-11-09 20:10 10,240 --a------ C:\WINDOWS\system32\lprhelp.dll
2006-11-09 20:10 1,708,032 --a------ C:\WINDOWS\system32\netshell.dll
2006-11-09 20:10 1,580,544 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-11-09 20:10 1,507,356 --a------ C:\WINDOWS\system32\msjet40.dll
2006-11-09 20:10 1,435,648 --a------ C:\WINDOWS\system32\query.dll
2006-11-09 20:10 1,428,480 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-11-09 20:10 1,392,671 --a------ C:\WINDOWS\system32\msvbvm60.dll
2006-11-09 20:10 1,298,432 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-11-09 20:10 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-11-09 20:10 1,287,168 --a------ C:\WINDOWS\system32\quartz.dll
2006-11-09 20:10 1,285,120 --a------ C:\WINDOWS\system32\ole32.dll
2006-11-09 20:10 1,227,264 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-11-09 20:10 1,192,960 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-11-09 20:10 1,179,648 --a------ C:\WINDOWS\system32\d3d8.dll
2006-11-09 20:10 1,084,416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-11-09 20:10 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2006-11-09 20:10 1,028,096 --a------ C:\WINDOWS\system32\mfc42.dll
2006-11-09 20:10 1,024,000 --a------ C:\WINDOWS\system32\mfc42u.dll
2006-11-09 20:09 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2006-11-09 20:09 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2006-11-09 20:09 983,552 --a------ C:\WINDOWS\system32\setupapi.dll
2006-11-09 20:09 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2006-11-09 20:09 96,256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2006-11-09 20:09 95,744 --a------ C:\WINDOWS\system32\scardsvr.exe
2006-11-09 20:09 95,360 --a------ C:\WINDOWS\system32\drivers\atapi.sys
2006-11-09 20:09 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-11-09 20:09 92,032 --a------ C:\WINDOWS\system32\drivers\ksecdd.sys
2006-11-09 20:09 91,776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2006-11-09 20:09 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-11-09 20:09 91,136 --a------ C:\WINDOWS\system32\ntprint.dll
2006-11-09 20:09 89,088 --a------ C:\WINDOWS\system32\rasauto.dll
2006-11-09 20:09 88,448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2006-11-09 20:09 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2006-11-09 20:09 85,376 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-11-09 20:09 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2006-11-09 20:09 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-11-09 20:09 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-11-09 20:09 80,128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2006-11-09 20:09 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2006-11-09 20:09 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2006-11-09 20:09 8,192 --a------ C:\WINDOWS\system32\ntlsapi.dll
2006-11-09 20:09 799,744 --a------ C:\WINDOWS\system32\drivers\dmboot.sys
2006-11-09 20:09 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2006-11-09 20:09 764,928 --a------ C:\WINDOWS\system32\winntbbu.dll
2006-11-09 20:09 76,800 --a------ C:\WINDOWS\system32\nslookup.exe
2006-11-09 20:09 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-11-09 20:09 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2006-11-09 20:09 75,264 --a------ C:\WINDOWS\system32\locator.exe
2006-11-09 20:09 74,752 --a------ C:\WINDOWS\system32\drivers\ipsec.sys
2006-11-09 20:09 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-11-09 20:09 721,920 --a------ C:\WINDOWS\system32\lsasrv.dll
2006-11-09 20:09 71,552 --a------ C:\WINDOWS\system32\drivers\bridge.sys
2006-11-09 20:09 71,040 --a------ C:\WINDOWS\system32\drivers\dxg.sys
2006-11-09 20:09 708,096 --a------ C:\WINDOWS\system32\ntdll.dll
2006-11-09 20:09 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2006-11-09 20:09 69,120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2006-11-09 20:09 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2006-11-09 20:09 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-11-09 20:09 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2006-11-09 20:09 657,920 --a------ C:\WINDOWS\system32\rasdlg.dll
2006-11-09 20:09 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2006-11-09 20:09 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2006-11-09 20:09 64,896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2006-11-09 20:09 64,000 --a------ C:\WINDOWS\system32\samlib.dll
2006-11-09 20:09 63,744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2006-11-09 20:09 63,744 --a------ C:\WINDOWS\system32\drivers\cdfs.sys
2006-11-09 20:09 617,472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-11-09 20:09 616,960 --a------ C:\WINDOWS\system32\advapi32.dll
2006-11-09 20:09 61,824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2006-11-09 20:09 61,440 --a------ C:\WINDOWS\system32\rasman.dll
2006-11-09 20:09 61,056 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2006-11-09 20:09 602,624 --a------ C:\WINDOWS\system32\autoconv.exe
2006-11-09 20:09 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-11-09 20:09 60,800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2006-11-09 20:09 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-11-09 20:09 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-11-09 20:09 59,904 --a------ C:\WINDOWS\system32\drivers\atmarpc.sys
2006-11-09 20:09 589,312 --a------ C:\WINDOWS\system32\wiashext.dll
2006-11-09 20:09 588,800 --a------ C:\WINDOWS\system32\autochk.exe
2006-11-09 20:09 58,880 --a------ C:\WINDOWS\system32\rastapi.dll
2006-11-09 20:09 574,592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2006-11-09 20:09 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2006-11-09 20:09 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-11-09 20:09 560,640 --a------ C:\WINDOWS\system32\printui.dll
2006-11-09 20:09 553,472 --a------ C:\WINDOWS\system32\oleaut32.dll
2006-11-09 20:09 55,936 --a------ C:\WINDOWS\system32\drivers\atmlane.sys
2006-11-09 20:09 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2006-11-09 20:09 53,248 --a------ C:\WINDOWS\system32\drivers\1394bus.sys
2006-11-09 20:09 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2006-11-09 20:09 52,736 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-11-09 20:09 52,352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2006-11-09 20:09 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-11-09 20:09 51,328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2006-11-09 20:09 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-11-09 20:09 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2006-11-09 20:09 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-11-09 20:09 50,688 --a------ C:\WINDOWS\system32\smss.exe
2006-11-09 20:09 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2006-11-09 20:09 5,632 --a------ C:\WINDOWS\system32\winver.exe
2006-11-09 20:09 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2006-11-09 20:09 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2006-11-09 20:09 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2006-11-09 20:09 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2006-11-09 20:09 49,664 --a------ C:\WINDOWS\system32\drivers\classpnp.sys
2006-11-09 20:09 49,536 --a------ C:\WINDOWS\system32\drivers\cdrom.sys
2006-11-09 20:09 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-11-09 20:09 48,384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2006-11-09 20:09 463,360 --a------ C:\WINDOWS\system32\wiadefui.dll
2006-11-09 20:09 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-09 20:09 45,568 --a------ C:\WINDOWS\system32\tcpmonui.dll
2006-11-09 20:09 433,664 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-11-09 20:09 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-11-09 20:09 42,496 --a------ C:\WINDOWS\system32\ftp.exe
2006-11-09 20:09 42,496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2006-11-09 20:09 42,240 --a------ C:\WINDOWS\system32\drivers\mountmgr.sys
2006-11-09 20:09 419,840 --a------ C:\WINDOWS\system32\ntvdm.exe
2006-11-09 20:09 415,744 --a------ C:\WINDOWS\system32\samsrv.dll
2006-11-09 20:09 41,856 --a------ C:\WINDOWS\system32\drivers\imapi.sys
2006-11-09 20:09 41,472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2006-11-09 20:09 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-11-09 20:09 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-11-09 20:09 40,320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2006-11-09 20:09 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2006-11-09 20:09 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2006-11-09 20:09 39,936 --a------ C:\WINDOWS\system32\rshx32.dll
2006-11-09 20:09 39,936 --a------ C:\WINDOWS\system32\perfctrs.dll
2006-11-09 20:09 388,608 --a------ C:\WINDOWS\system32\cmd.exe
2006-11-09 20:09 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-11-09 20:09 360,576 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2006-11-09 20:09 36,992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2006-11-09 20:09 36,480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2006-11-09 20:09 36,352 --a------ C:\WINDOWS\system32\drivers\disk.sys
2006-11-09 20:09 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2006-11-09 20:09 359,936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-11-09 20:09 35,328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2006-11-09 20:09 35,072 --a------ C:\WINDOWS\system32\drivers\msgpc.sys
2006-11-09 20:09 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-11-09 20:09 341,504 --a------ C:\WINDOWS\system32\localspl.dll
2006-11-09 20:09 34,560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2006-11-09 20:09 34,560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2006-11-09 20:09 337,920 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-11-09 20:09 333,312 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-11-09 20:09 332,928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2006-11-09 20:09 33,792 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-11-09 20:09 32,768 --a------ C:\WINDOWS\system32\winipsec.dll
2006-11-09 20:09 32,768 --a------ C:\WINDOWS\system32\csrsrv.dll
2006-11-09 20:09 32,256 --a------ C:\WINDOWS\system32\wpnpinst.exe
2006-11-09 20:09 32,256 --a------ C:\WINDOWS\system32\wpabaln.exe
2006-11-09 20:09 316,416 --a------ C:\WINDOWS\system32\untfs.dll
2006-11-09 20:09 303,616 --a------ C:\WINDOWS\system32\wmstream.dll
2006-11-09 20:09 30,848 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2006-11-09 20:09 30,720 --a------ C:\WINDOWS\system32\xcopy.exe
2006-11-09 20:09 30,080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2006-11-09 20:09 30,080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2006-11-09 20:09 291,840 --a------ C:\WINDOWS\system32\winsrv.dll
2006-11-09 20:09 28,672 --a------ C:\WINDOWS\system32\wshcon.dll
2006-11-09 20:09 28,672 --a------ C:\WINDOWS\system32\drivers\nscirda.sys
2006-11-09 20:09 276,992 --a------ C:\WINDOWS\system32\comdlg32.dll
2006-11-09 20:09 275,456 --a------ C:\WINDOWS\system32\ulib.dll
2006-11-09 20:09 27,392 --a------ C:\WINDOWS\system32\drivers\fdc.sys
2006-11-09 20:09 27,136 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-11-09 20:09 264,192 --a------ C:\WINDOWS\system32\wow32.dll
2006-11-09 20:09 26,496 --a------ C:\WINDOWS\system32\drivers\usbstor.sys
2006-11-09 20:09 25,472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2006-11-09 20:09 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2006-11-09 20:09 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2006-11-09 20:09 24,576 --a------ C:\WINDOWS\system32\userinit.exe
2006-11-09 20:09 24,576 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys
2006-11-09 20:09 236,544 --a------ C:\WINDOWS\system32\rasapi32.dll
2006-11-09 20:09 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2006-11-09 20:09 23,552 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-11-09 20:09 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2006-11-09 20:09 225,664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2006-11-09 20:09 22,528 --a------ C:\WINDOWS\system32\wsock32.dll
2006-11-09 20:09 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-11-09 20:09 209,408 --a------ C:\WINDOWS\system32\drivers\update.sys
2006-11-09 20:09 20,992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2006-11-09 20:09 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2006-11-09 20:09 20,992 --a------ C:\WINDOWS\system32\drivers\ipinip.sys
2006-11-09 20:09 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2006-11-09 20:09 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-11-09 20:09 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-11-09 20:09 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2006-11-09 20:09 20,480 --a------ C:\WINDOWS\system32\drivers\flpydisk.sys
2006-11-09 20:09 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-11-09 20:09 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2006-11-09 20:09 2,179,328 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2006-11-09 20:09 2,105,344 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-11-09 20:09 2,056,832 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2006-11-09 20:09 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-11-09 20:09 19,968 --a------ C:\WINDOWS\system32\wshtcpip.dll
2006-11-09 20:09 19,968 --a------ C:\WINDOWS\system32\ws2help.dll
2006-11-09 20:09 19,328 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-11-09 20:09 19,072 --a------ C:\WINDOWS\system32\drivers\msfs.sys
2006-11-09 20:09 187,776 --a------ C:\WINDOWS\system32\drivers\acpi.sys
2006-11-09 20:09 182,912 --a------ C:\WINDOWS\system32\drivers\ndis.sys
2006-11-09 20:09 181,248 --a------ C:\WINDOWS\system32\drivers\mrxdav.sys
2006-11-09 20:09 18,560 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2006-11-09 20:09 18,432 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-11-09 20:09 176,640 --a------ C:\WINDOWS\system32\wintrust.dll
2006-11-09 20:09 176,128 --a------ C:\WINDOWS\system32\winmm.dll
2006-11-09 20:09 174,592 --a------ C:\WINDOWS\system32\drivers\rdbss.sys
2006-11-09 20:09 174,200 --a------ C:\WINDOWS\system32\xenroll.dll
2006-11-09 20:09 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-11-09 20:09 172,032 --a------ C:\WINDOWS\system32\wldap32.dll
2006-11-09 20:09 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2006-11-09 20:09 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-11-09 20:09 162,816 --a------ C:\WINDOWS\system32\drivers\netbt.sys
2006-11-09 20:09 16,896 --a------ C:\WINDOWS\system32\winrnr.dll
2006-11-09 20:09 16,000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2006-11-09 20:09 153,344 --a------ C:\WINDOWS\system32\drivers\dmio.sys
2006-11-09 20:09 15,488 --a------ C:\WINDOWS\system32\drivers\serenum.sys
2006-11-09 20:09 15,360 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-11-09 20:09 15,360 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-11-09 20:09 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-11-09 20:09 144,896 --a------ C:\WINDOWS\system32\schannel.dll
2006-11-09 20:09 144,384 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-11-09 20:09 144,384 --a------ C:\WINDOWS\system32\imagehlp.dll
2006-11-09 20:09 143,360 --a------ C:\WINDOWS\system32\drivers\fastfat.sys
2006-11-09 20:09 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2006-11-09 20:09 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-11-09 20:09 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2006-11-09 20:09 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-11-09 20:09 14,976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2006-11-09 20:09 14,848 --a------ C:\WINDOWS\system32\mgmtapi.dll
2006-11-09 20:09 14,336 --a------ C:\WINDOWS\system32\wship6.dll
2006-11-09 20:09 14,336 --a------ C:\WINDOWS\system32\drivers\asyncmac.sys
2006-11-09 20:09 14,208 --a------ C:\WINDOWS\system32\drivers\diskdump.sys
2006-11-09 20:09 14,080 --a------ C:\WINDOWS\system32\drivers\cmbatt.sys
2006-11-09 20:09 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-11-09 20:09 138,496 --a------ C:\WINDOWS\system32\drivers\afd.sys
2006-11-09 20:09 135,680 --a------ C:\WINDOWS\system32\webvw.dll
2006-11-09 20:09 134,912 --a------ C:\WINDOWS\system32\drivers\ipnat.sys
2006-11-09 20:09 132,096 --a------ C:\WINDOWS\system32\wkssvc.dll
2006-11-09 20:09 13,824 --a------ C:\WINDOWS\system32\lmhsvc.dll
2006-11-09 20:09 13,312 --a------ C:\WINDOWS\system32\savedump.exe
2006-11-09 20:09 129,536 --a------ C:\WINDOWS\system32\msv1_0.dll
2006-11-09 20:09 124,416 --a------ C:\WINDOWS\system32\wiadss.dll
2006-11-09 20:09 12,928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2006-11-09 20:09 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2006-11-09 20:09 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-11-09 20:09 119,936 --a------ C:\WINDOWS\system32\drivers\pcmcia.sys
2006-11-09 20:09 115,200 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-11-09 20:09 114,688 --a------ C:\WINDOWS\system32\wscript.exe
2006-11-09 20:09 111,104 --a------ C:\WINDOWS\system32\wiavideo.dll
2006-11-09 20:09 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-11-09 20:09 11,776 --a------ C:\WINDOWS\system32\wshrm.dll
2006-11-09 20:09 11,776 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-11-09 20:09 11,392 --a------ C:\WINDOWS\system32\drivers\sfloppy.sys
2006-11-09 20:09 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-11-09 20:09 11,136 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-11-09 20:09 108,032 --a------ C:\WINDOWS\system32\services.exe
2006-11-09 20:09 107,904 --a------ C:\WINDOWS\system32\drivers\mup.sys
2006-11-09 20:09 102,400 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-11-09 20:09 101,888 --a------ C:\WINDOWS\system32\win32spl.dll
2006-11-09 20:09 10,880 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-11-09 20:09 1,839,488 --a------ C:\WINDOWS\system32\win32k.sys
2006-11-09 20:09 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-11-09 15:40 0 --a------ C:\WINDOWS\mfcgw.exe
2006-11-09 15:18 0 --a------ C:\WINDOWS\system32\hmitu.dll
2006-11-09 15:07 0 --a------ C:\WINDOWS\system32\addzx32.exe
2006-11-09 15:07 0 --a------ C:\WINDOWS\system32\addzx32.dll
2006-11-09 14:40 0 --a------ C:\WINDOWS\system32\javadi.exe
2006-11-09 14:40 0 --a------ C:\WINDOWS\system32\javadi.dll
2006-11-09 14:30 0 --a------ C:\WINDOWS\system32\ierg32.exe
2006-11-09 14:22 53,248 --a------ C:\WINDOWS\UpdtNv28.exe
2006-11-09 13:07 1,244,840 --a------ C:\WINDOWS\system32\new.exe
2006-11-09 13:07 0 -rahs---- C:\MSDOS.SYS
2006-11-09 13:07 0 -rahs---- C:\IO.SYS
2006-11-09 12:57 0 --a------ C:\WINDOWS\yvgvw.dll
2006-11-09 11:38 0 --a------ C:\WINDOWS\appfy32.exe
2006-11-09 00:34 0 --a------ C:\WINDOWS\osnni.dll
2006-11-08 08:24 0 --a------ C:\WINDOWS\sysmb32.exe
2006-11-08 06:45 0 --a------ C:\WINDOWS\sdkgw32.exe
2006-11-08 03:24 0 --a------ C:\WINDOWS\system32\sdkoa32.exe
2006-11-08 03:24 0 --a------ C:\WINDOWS\system32\sdkoa32.dll
2006-11-07 11:44 0 --a------ C:\WINDOWS\system32\winjh.exe
2006-11-07 11:44 0 --a------ C:\WINDOWS\apief.exe
2006-11-06 13:25 0 --a------ C:\WINDOWS\system32\prxbz.dll
2006-11-06 05:09 0 --a------ C:\WINDOWS\ntvh32.exe
2006-11-06 04:08 0 --a------ C:\WINDOWS\ynbea.dll
2006-11-05 12:58 0 --a------ C:\WINDOWS\system32\sdkal.exe
2006-11-05 10:53 0 --a------ C:\WINDOWS\finxu.dll
2006-11-05 08:06 0 --a------ C:\WINDOWS\system32\zpyrq.dll
2006-11-04 17:08 0 --a------ C:\WINDOWS\system32\iexw.exe
2006-11-04 13:40 0 --a------ C:\WINDOWS\system32\mfcvu32.exe
2006-11-04 13:39 0 --a------ C:\WINDOWS\system32\ieto.exe
2006-11-04 13:39 0 --a------ C:\WINDOWS\appvo.exe
2006-11-04 13:38 0 --a------ C:\WINDOWS\netye32.exe
2006-11-04 13:36 0 --a------ C:\WINDOWS\system32\netxz32.exe
2006-11-04 13:35 0 --a------ C:\WINDOWS\system32\javami32.exe
2006-11-04 10:33 0 --a------ C:\WINDOWS\system32\grjtv.dll
2006-11-04 08:22 0 --a------ C:\WINDOWS\system32\iefz.exe
2006-11-04 05:11 0 --a------ C:\WINDOWS\nettu32.exe
2006-11-04 05:11 0 --a------ C:\WINDOWS\addyx.exe
2006-11-03 17:38 0 --a------ C:\WINDOWS\system32\atlnn.exe
2006-11-03 16:54 0 --a------ C:\WINDOWS\system32\fyerl.dll
2006-11-03 15:01 0 --a------ C:\WINDOWS\mshb32.exe
2006-11-03 08:00 0 --a------ C:\WINDOWS\system32\mfczx32.exe
2006-11-03 06:51 0 --a------ C:\WINDOWS\moubj.dll
2006-11-02 15:21 0 --a------ C:\WINDOWS\msqm.exe
2006-11-02 06:00 0 --a------ C:\WINDOWS\system32\crpp.exe
2006-11-01 08:18 0 --a------ C:\WINDOWS\system32\lpxmc.dll
2006-10-31 06:34 0 --a------ C:\WINDOWS\netid.exe
2006-10-30 23:51 0 --a------ C:\WINDOWS\system32\yfdon.dll
2006-10-30 23:43 0 --a------ C:\WINDOWS\system32\appyc32.exe
2006-10-30 21:26 0 --a------ C:\WINDOWS\fpkdg.dll
2006-10-30 20:04 0 --a------ C:\WINDOWS\system32\ievq32.exe
2006-10-30 20:04 0 --a------ C:\WINDOWS\atlpw32.exe
2006-10-30 11:09 0 --a------ C:\WINDOWS\nethe.exe
2006-10-30 11:09 0 --a------ C:\WINDOWS\nethe.dll
2006-10-30 04:30 0 --a------ C:\WINDOWS\system32\spfrd.dll
2006-10-30 04:25 0 --a------ C:\WINDOWS\system32\iqxzj.dll
2006-10-30 03:46 0 --a------ C:\WINDOWS\system32\eefie.dll
2006-10-30 02:33 0 --a------ C:\WINDOWS\winqc.exe
2006-10-29 11:14 0 --a------ C:\WINDOWS\sdkan32.exe
2006-10-29 11:14 0 --a------ C:\WINDOWS\sdkan32.dll
2006-10-29 05:44 0 --a------ C:\WINDOWS\ipke.exe
2006-10-29 05:03 0 --a------ C:\WINDOWS\windp.exe
2006-10-29 05:03 0 --a------ C:\WINDOWS\windp.dll
2006-10-28 20:40 0 --a------ C:\WINDOWS\system32\rakea.dll
2006-10-28 07:04 0 --a------ C:\WINDOWS\grxnh.dll
2006-10-28 06:18 0 --a------ C:\WINDOWS\bvarh.dll
2006-10-28 02:20 0 --a------ C:\WINDOWS\wmymn.dll
2006-10-28 01:54 0 --a------ C:\WINDOWS\system32\cvmed.dll
2006-10-28 01:12 0 --a------ C:\WINDOWS\zxncw.dll
2006-10-28 00:46 0 --a------ C:\WINDOWS\system32\klyrc.dll
2006-10-28 00:25 0 --a------ C:\WINDOWS\system32\awlsl.dll
2006-10-27 23:40 0 --a------ C:\WINDOWS\nhisj.dll
2006-10-27 23:33 0 --a------ C:\WINDOWS\system32\zyzpw.dll
2006-10-27 23:32 0 --a------ C:\WINDOWS\system32\tbaui.dll
2006-10-27 20:42 0 --a------ C:\WINDOWS\system32\sysxs.exe
2006-10-27 20:42 0 --a------ C:\WINDOWS\system32\sysxs.dll
2006-10-27 18:20 0 --a------ C:\WINDOWS\mfcnt32.exe
2006-10-27 18:20 0 --a------ C:\WINDOWS\mfcnt32.dll
2006-10-27 13:03 0 --a------ C:\WINDOWS\system32\sdkda.exe
2006-10-27 13:03 0 --a------ C:\WINDOWS\system32\sdkda.dll
2006-10-27 08:03 0 --a------ C:\WINDOWS\system32\atllh32.exe
2006-10-27 02:36 0 --a------ C:\WINDOWS\system32\jzjmp.dll
2006-10-26 13:31 0 --a------ C:\WINDOWS\jfhdz.dll
2006-10-26 09:49 0 --a------ C:\WINDOWS\system32\gukhd.dll
2006-10-25 03:02 0 --a------ C:\WINDOWS\system32\ipfb.exe
2006-10-25 03:02 0 --a------ C:\WINDOWS\d3az.exe
2006-10-24 18:31 0 --a------ C:\WINDOWS\apiek.exe
2006-10-24 16:27 0 --a------ C:\WINDOWS\addir32.exe
2006-10-24 16:27 0 --a------ C:\WINDOWS\addir32.dll
2006-10-24 12:10 0 --a------ C:\WINDOWS\system32\d3qv.exe
2006-10-24 12:10 0 --a------ C:\WINDOWS\system32\d3qv.dll
2006-10-24 08:17 0 --a------ C:\WINDOWS\system32\ieze.exe
2006-10-24 08:17 0 --a------ C:\WINDOWS\system32\ieze.dll
2006-10-24 03:11 0 --a------ C:\WINDOWS\system32\mfcbd.exe
2006-10-23 23:05 0 --a------ C:\WINDOWS\system32\xjhxm.dll
2006-10-23 21:18 0 --a------ C:\WINDOWS\system32\aoklt.dll
2006-10-23 21:11 0 --a------ C:\WINDOWS\msdx32.exe
2006-10-23 10:59 0 --a------ C:\WINDOWS\system32\mzbjo.dll
2006-10-23 10:56 0 --a------ C:\WINDOWS\system32\sdkof32.exe
2006-10-23 10:56 0 --a------ C:\WINDOWS\sblyz.dll
2006-10-23 06:48 0 --a------ C:\WINDOWS\system32\sysux.exe
2006-10-23 06:48 0 --a------ C:\WINDOWS\system32\javazr32.exe
2006-10-22 23:31 0 --a------ C:\WINDOWS\xaucj.dll
2006-10-22 23:07 0 --a------ C:\WINDOWS\gigit.dll
2006-10-22 17:43 0 --a------ C:\WINDOWS\ojssh.dll
2006-10-22 17:16 0 --a------ C:\WINDOWS\system32\apipu.exe
2006-10-22 17:16 0 --a------ C:\WINDOWS\system32\apipu.dll
2006-10-21 23:54 0 --a------ C:\WINDOWS\system32\javahu.exe
2006-10-21 21:39 0 --a------ C:\WINDOWS\sdkud.exe
2006-10-21 17:35 0 --a------ C:\WINDOWS\zxpsa.dll
2006-10-21 16:23 0 --a------ C:\WINDOWS\sysrq.exe
2006-10-21 15:34 0 --a------ C:\WINDOWS\system32\cxrvi.dll
2006-10-20 21:27 0 --a------ C:\WINDOWS\system32\adduz32.exe
2006-10-20 21:27 0 --a------ C:\WINDOWS\system32\adduz32.dll
2006-10-20 21:17 0 --a------ C:\WINDOWS\iega32.exe
2006-10-20 12:57 0 --a------ C:\WINDOWS\system32\rpafy.dll
2006-10-18 22:52 0 --a------ C:\WINDOWS\system32\pemnc.dll
2006-10-18 11:17 0 --a------ C:\WINDOWS\system32\xhtwf.dll
2006-10-18 10:12 0 --a------ C:\WINDOWS\system32\yzcil.dll
2006-10-18 02:25 0 --a------ C:\WINDOWS\ootkc.dll
2006-10-17 23:44 0 --a------ C:\WINDOWS\crno.exe
2006-10-17 12:55 0 --a------ C:\WINDOWS\ievj32.exe
2006-10-17 12:55 0 --a------ C:\WINDOWS\ievj32.dll
2006-10-17 11:59 0 --a------ C:\WINDOWS\system32\winpe32.exe
2006-10-17 07:22 0 --a------ C:\WINDOWS\apifi32.exe
2006-10-16 21:40 0 --a------ C:\WINDOWS\system32\atleu32.exe
2006-10-16 21:40 0 --a------ C:\WINDOWS\system32\atleu32.dll
2006-10-16 18:46 0 --a------ C:\WINDOWS\iehq32.exe
2006-10-16 17:30 0 --a------ C:\WINDOWS\system32\sysga.exe
2006-10-16 01:32 707 --a------ C:\WINDOWS\_default.pif
2006-10-15 23:47 0 --a------ C:\WINDOWS\sysgt.exe
2006-10-15 23:47 0 --a------ C:\WINDOWS\sdkmn32.exe
2006-10-15 11:40 0 --a------ C:\WINDOWS\system32\ftkrz.dll
2006-10-15 04:17 0 --a------ C:\WINDOWS\system32\apiel.exe
2006-10-14 14:41 0 --a------ C:\WINDOWS\ntnv32.exe
2006-10-14 10:44 0 --a------ C:\WINDOWS\system32\fpgpx.dll
2006-10-14 05:27 0 --a------ C:\WINDOWS\addet32.exe
2006-10-13 11:34 0 --a------ C:\WINDOWS\uzlya.dll
2006-10-13 09:19 0 --a------ C:\WINDOWS\sdkfu.exe
2006-10-13 06:50 0 --a------ C:\WINDOWS\system32\ipaq.exe
2006-10-13 06:50 0 --a------ C:\WINDOWS\system32\ipaq.dll
2006-10-13 01:17 0 --a------ C:\WINDOWS\system32\sysek.exe
2006-10-13 00:59 0 --a------ C:\WINDOWS\system32\flxuq.dll
2006-10-12 21:27 0 --a------ C:\WINDOWS\zraud.dll
2006-10-12 13:45 0 --a------ C:\WINDOWS\addlq.exe
2006-10-12 13:45 0 --a------ C:\WINDOWS\addlq.dll
2006-10-12 07:23 0 --a------ C:\WINDOWS\zonkc.dll
2006-10-11 20:49 0 --a------ C:\WINDOWS\system32\kayoa.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-11 08:43 -------- d-------- C:\Documents and Settings\Jillian Oberlander\Application Data\AVG7
2006-11-11 02:45 -------- d-------- C:\Program Files\HijackThis
2006-11-10 19:50 94784 --a------ C:\WINDOWS\twain.dll
2006-11-10 19:50 18944 --a------ C:\WINDOWS\vmmreg32.dll
2006-11-10 19:50 -------- d-------- C:\Program Files\Windows Media Player
2006-11-10 01:33 -------- d-------- C:\Program Files\Messenger
2006-11-10 01:33 -------- d-------- C:\Program Files\Internet Explorer
2006-11-10 01:27 -------- d-------- C:\Program Files\Outlook Express
2006-11-10 01:27 -------- d-------- C:\Program Files\Common Files\System
2006-11-09 23:31 -------- d-------- C:\Program Files\Grisoft
2006-11-09 23:27 44288 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-11-09 22:57 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-09 22:56 -------- d-------- C:\Program Files\Symantec
2006-11-09 22:54 -------- d-------- C:\Program Files\Cdaqoru
2006-11-09 22:53 -------- d-a------ C:\Program Files\Common Files
2006-11-09 22:47 -------- d-------- C:\Program Files\Norton AntiVirus
2006-11-09 21:30 -------- d-------- C:\Program Files\Movie Maker
2006-11-09 21:25 -------- d-------- C:\Program Files\Windows NT
2006-11-09 21:25 -------- d-------- C:\Program Files\NetMeeting
2006-11-09 15:58 -------- d-------- C:\Program Files\Lavasoft
2006-11-09 15:58 -------- d-------- C:\Documents and Settings\Jillian Oberlander\Application Data\Lavasoft
2006-11-09 14:04 -------- d-------- C:\Program Files\LimeWire
2006-10-16 01:32 707 --a------ C:\WINDOWS\_default.pif
2006-10-06 03:28 0 --a------ C:\WINDOWS\system32\crjb32.exe
2006-10-06 03:28 0 --a------ C:\WINDOWS\system32\apiwd32.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MoneyAgent"="\"c:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"ATIModeChange"="Ati2mdxx.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"CamMonitor"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\hpqcmon.exe"
"MMTray"=""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy CD Creator 6\\DragToDisc\\DrgToDsc.exe\""
"HPHUPD05"="C:\\Program Files\\Hewlett-Packard\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"WinTools"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"msrh32.exe"="C:\\WINDOWS\\msrh32.exe"
"mswd.exe"="C:\\WINDOWS\\system32\\mswd.exe"
"Dinst"="C:\\WINDOWS\\dinst.exe"
"javaqn32.exe"="C:\\WINDOWS\\javaqn32.exe"
"Glwdlhv"="C:\\Program Files\\Cdaqoru\\Tcpyopd.exe"
"AUNPS2"="RUNDLL32 AUNPS2.DLL,_Run@16"
"new.exe"="C:\\WINDOWS\\system32\\new.exe"
"winqb.exe"="C:\\WINDOWS\\winqb.exe"
"qyiorz"="C:\\WINDOWS\\System32\\ejlhwc.exe r"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,fe,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-11-11 9:10:17.48
C:\ComboFix.txt ... 06-11-11 09:10

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 11 November 2006 - 01:09 PM

Ok lets continue :thumbsup:

Go ahead and delete MediaGateway.BFU.

Please print these instructions out, or write them down, as you can't read them during the fix.

We'll run AVG Anti-Spyware next.

Please launch AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results aswell as a fresh HijackThis log. :flowers:

Hi there, stranger!

#6 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 11 November 2006 - 09:53 PM

New HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 8:44:10 PM, on 11/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} - C:\WINDOWS\appjc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [msrh32.exe] C:\WINDOWS\msrh32.exe
O4 - HKLM\..\Run: [mswd.exe] C:\WINDOWS\system32\mswd.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [javaqn32.exe] C:\WINDOWS\javaqn32.exe
O4 - HKLM\..\Run: [Glwdlhv] C:\Program Files\Cdaqoru\Tcpyopd.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe
O4 - HKLM\..\Run: [winqb.exe] C:\WINDOWS\winqb.exe
O4 - HKLM\..\Run: [qyiorz] C:\WINDOWS\System32\ejlhwc.exe r
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163106567500
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



AVG Spy Log: The 1st time I ran this, when i went to the reports icon, it did not show a report. So I rebooted and reran in safe mode, and selected save report from the "Scanner" page. I did set it up to generate reports automatically after every scan. Any way - here is the log I did get:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:55:37 PM 11/11/2006

+ Scan result:



C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:pzkjer -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qacayp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:pzkjer -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qacayp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qacayp -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:mbbfss -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:mwyqax -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:nfduko -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:nwouei -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:oyjmam -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:paksjl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:pfdlvd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qlzhsf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:mbbfss -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:mwyqax -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:nfduko -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:nwouei -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:oyjmam -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:paksjl -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:pfdlvd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qlzhsf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:pfdlvd -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qlzhsf -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:trpfoq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:tzqiuq -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:nwbetm -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:ocmxno -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:oefihp -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:pihaxs -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:rbwgwe -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:rwhvky -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:lvylfu -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:nwbetm -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:ocmxno -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:oefihp -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:pihaxs -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:rbwgwe -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:rwhvky -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:pihaxs -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:rbwgwe -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:rwhvky -> Downloader.WinShow.ak : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:mawauu -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:meqgsk -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:mhttju -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:mtglvs -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:ploxls -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qbattt -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qbgltx -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qfhkww -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qvsuys -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:qwdmro -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:rhkufh -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:rtmqoz -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP69\A0043657.pif:sstvoj -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:mawauu -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:meqgsk -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:mhttju -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:mtglvs -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:nizdxb -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:ploxls -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qbattt -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qbgltx -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qfhkww -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qvsuys -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:qwdmro -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:rhkufh -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{970BF179-4538-46F7-A171-F13CFC09440B}\RP70\A0045790.pif:rtmqoz -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:ploxls -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qbattt -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qbgltx -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qfhkww -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qvsuys -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:qwdmro -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:rhkufh -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:rtmqoz -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:sstvoj -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:tiwzst -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:txvnuk -> Trojan.Agent.em : Cleaned with backup (quarantined).
C:\WINDOWS\_default.pif:ucfdmh -> Trojan.Agent.em : Cleaned with backup (quarantined).


::Report end

#7 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 12 November 2006 - 06:52 AM

Well, its a bit better now :thumbsup:

You can go ahead and uninstall AVG Anti-Spyware.

----

Please run a scan with HijackThis and check the following objects for removal:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Class - {4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} - C:\WINDOWS\appjc.dll (file missing)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\a.exe


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Reboot.

-----

Next, please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Sweep Type, make sure to check Custom Sweep.
  • Click Change Settings.
  • Check all the objects under What to Sweep.
  • Now, go to Where to Sweep, and make sure everything has a check next to it.
  • Click OK.
  • Click the Sweep button on the left side.
  • Click the Start Custom Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt) along with a fresh HijackThis log. :flowers: You may need several posts to get it all fit.
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Hi there, stranger!

#8 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 12 November 2006 - 09:55 AM

After downloading and installing spysweeper, XP will not boot normally. Can it be ran from safe mode?

What should I do?

I rebooted using last good known configuration, after it booted it said problem with spy sweeper install. I reinstalled and same problem with boot up.

I installed the spysweep only, should I try the spysweep with antivirus option?

I also deleted the zipfile and redownloaded and reinstalled, same problem.

I am in process of trying to download and install trial version of spysweeper 5.2 from webroot to see if that will work for me.

NO LUCK with the install of the new version either - will not boot to desktop normally

Edited by otsjim, 12 November 2006 - 10:58 AM.


#9 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 12 November 2006 - 03:29 PM

There must be an issue with the laptop not installing the spysweeper program because it downloaded, installed, and ran on my desktop machine.

I also tried using a cleaner from webroot that their support page said to try when getting the error, and still will not boot normal, and when boot using last good configuration, get the error saying bad installation.

The actual error message is as follows: "The Spy Sweeper installation has been damaged. Please reinstall the product."

The version installed is: v5.2.3.2125

It let me get into the program before rebooting, but once I reboot I get that error. Does it do any good to run the scan prior to rebooting?

Edited by otsjim, 12 November 2006 - 05:27 PM.


#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 13 November 2006 - 06:05 AM

Yes, you can also try running the scan in Safe Mode and see if this helps. Then you'll need to save the scanlog in a notepad file so that you can post it back in the normal mode. Or we need to run another scanner, it might also be that SpySweeper is either removing a false positive that screws your bootup OR it removes a part of a infection that might screw it up somehow. Let me know if there's any difference, if not we'll run something else... :thumbsup:

Oh and, just to clarify, the last known good configuration actually works to fix the bootup issue or are you still having it from the first scan?
Hi there, stranger!

#11 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 13 November 2006 - 06:06 AM

And as for the installing error, try again, but if it still gives it, we will need to run another scan. It seems a infection might be screwing the installation.
Hi there, stranger!

#12 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 13 November 2006 - 07:59 AM

Last known good config does allow me to boot up.

Must be something not allowing the install. When trying to run in safe mode, the sweep button is grayed out.

I tried running it after installing without a reboot, and it ran for a few minutes, finding a few items until a blue screen of death popped up with a message , it was fast but I believe it said something like "page fault in a non paged area."

It then went automatically to a reboot, and in order to boot had to use "Last good configuration". Then I get the message "The Spy Sweeper installation has been damaged. Please reinstall the product."

Looks like we may need to try another scanner.

Thanks for your help so far,

When the system did reboot, It said your sytem recovered from a serious error. When I clicked on "Send error report to microsoft" A Microsoft Online crash analysis page popped up that says the error was likey caused by a virus with the following name - Win32/Apropos.B, WinNT/Zufyx.A, Spyware.Apropos.C, Trojan.Win32.Crypt.t.

I did run a complete virus scan with AVG after this message and the only thing it found was a change in "Hosts" (I believe, am at work now so its not in front of me. No virus found.

Edited by otsjim, 13 November 2006 - 09:54 AM.


#13 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 13 November 2006 - 10:16 AM

Lets try to tackle your CWS infection instead then. Go ahead and uninstall SpySweeper.

First, let's default the hosts files just incase - AVG probably detected a trojan that changes your hosts.

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download Hoster.zip:
  • Unzip Hoster to a convenient folder such as C:\Hoster.
  • Run Hoster.exe from its new home.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Original Hosts and then click OK.
  • Click the X to exit the program.
-----

Please download AboutBuster.
  • Double click-the AboutBuster folder, then double-click the AboutBuster.exe file inside.
  • Click "Extract all" in the box that pops up, then "Next"
  • Choose the location you would like to install AboutBuster, such as My Documents.
  • Make sure "Show extracted files" is checked, then click "Finish".
  • Reboot into safe mode by continually tapping the F8 key as the computer begins to boot.
  • Launch AboutBuster and click the "Begin Removal" button. It will shut down all Explorer windows (if open) while it works.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into Safe Mode again.
  • Run About:Buster again following the same instructions as above, this time without the restart at the end.
-----

Reboot back into Normal mode and post back with the About:Buster logs aswell as a fresh HijackThis log :thumbsup:
Hi there, stranger!

#14 otsjim

otsjim
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 13 November 2006 - 01:10 PM

AboutBuster 6.05
Scan started on [11/13/2006] at [11:38:10 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\bootstat.dat:nbwxw
Removed Stream! C:\WINDOWS\bootstat.dat:rxsag
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:kykgi
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:zxhnmv
Removed Stream! C:\WINDOWS\COM+.log:gcody
Removed Stream! C:\WINDOWS\control.ini:czdld
Removed Stream! C:\WINDOWS\Crystal Rush.bmp:rxsagf
Removed Stream! C:\WINDOWS\Greenstone.bmp:vbrcs
Removed Stream! C:\WINDOWS\hphmdl01.dat:fckhn
Removed Stream! C:\WINDOWS\IsUninst.exe:dznby
Removed Stream! C:\WINDOWS\KB822603.log:gtlci
Removed Stream! C:\WINDOWS\KB823182.log:kbfcd
Removed Stream! C:\WINDOWS\KB823182.log:vagos
Removed Stream! C:\WINDOWS\KB824146.log:yueic
Removed Stream! C:\WINDOWS\KB825119.log:dcyix
Removed Stream! C:\WINDOWS\kcmgw.txt:gbjzo
Removed Stream! C:\WINDOWS\ODBC.INI:ofoodc
Removed Stream! C:\WINDOWS\ODBCINST.INI:aeyjw
Removed Stream! C:\WINDOWS\orun32.ini:hxyugf
Removed Stream! C:\WINDOWS\orun32.ini:teroq
Removed Stream! C:\WINDOWS\Q330994.exe:lxjts
Removed Stream! C:\WINDOWS\setuplog.txt:kdtky
Removed Stream! C:\WINDOWS\Sti_Trace.log:uemqs
Removed Stream! C:\WINDOWS\system.ini:vwrab
Removed Stream! C:\WINDOWS\twain.dll:nxkfe
Removed Stream! C:\WINDOWS\twunk_32.exe:fqdky
Removed Stream! C:\WINDOWS\_default.pif:boodfh
Removed Stream! C:\WINDOWS\_default.pif:ebtsid
Removed Stream! C:\WINDOWS\_default.pif:gfaffp
Removed Stream! C:\WINDOWS\_default.pif:hscvhx
Removed Stream! C:\WINDOWS\_default.pif:ijjnrr
Removed Stream! C:\WINDOWS\_default.pif:lcjkrs
Removed Stream! C:\WINDOWS\_default.pif:ldbvbi
Removed Stream! C:\WINDOWS\_default.pif:lkurxu
Removed Stream! C:\WINDOWS\_default.pif:nhaifh
Removed Stream! C:\WINDOWS\_default.pif:oclxub
Removed Stream! C:\WINDOWS\_default.pif:rwwoeu
Removed Stream! C:\WINDOWS\_default.pif:sufgdp
Removed Stream! C:\WINDOWS\_default.pif:vqvvzj
Removed Stream! C:\WINDOWS\_default.pif:wqjxkv
Removed Stream! C:\WINDOWS\_default.pif:yeswag
-------------------------------------------------------------
Removed File! : C:\WINDOWS\arnmh.dat
Removed File! : C:\WINDOWS\ivhph.dat
Removed File! : C:\WINDOWS\kcmgw.txt
Removed File! : C:\WINDOWS\kwqlp.dat
Removed File! : C:\WINDOWS\lqxhk.log
Removed File! : C:\WINDOWS\oazfs.txt
Removed File! : C:\WINDOWS\purcu.log
Removed File! : C:\WINDOWS\qoggk.log
Removed File! : C:\WINDOWS\sitqt.dat
Removed File! : C:\WINDOWS\tiwzs.txt
Removed File! : C:\WINDOWS\wmbig.dat
Removed File! : C:\WINDOWS\wntsn.txt
Removed File! : C:\WINDOWS\ydoll.dat
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:46:53 AM


AboutBuster 6.05
Scan started on [11/13/2006] at [11:52:17 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:55:32 AM

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


And the HJT log follows:
Logfile of HijackThis v1.99.1
Scan saved at 12:00:04 PM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [CamMonitor] "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163106567500
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jin...ows-i586-jc.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

#15 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:45 AM

Posted 13 November 2006 - 01:39 PM

Your log is looking much better :thumbsup:

Go ahead and delete Hoster & About:Buster.

Please run a scan with HijackThis and check the following object for removal:

O4 - HKLM\..\Run: [new.exe] C:\WINDOWS\system32\new.exe


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

----

Please navigate to, and delete the following file if present (if you can't delete it, please try in Safe Mode):

C:\WINDOWS\system32\new.exe

Empty recycle bin.

-----

Please download GMER:
  • Unzip it and double-click GMER.exe
  • Click the rootkit-tab and click scan.
  • Once done, click Copy.
  • This will copy the results to clipboard.
  • Paste the results in your next reply along with a fresh log from ComboFix, rerun that with the same instructions as in the first instructions. :flowers:

Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users