Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Too Slow And Too Many Popups


  • Please log in to reply
10 replies to this topic

#1 pjsam

pjsam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 14 April 2007 - 08:21 PM

I've run every antimalware, antivirus, etc. under the sun. I also followed all your instructions to the tee, and this laptop is STILL riduculously slow, especially at boot up. I have a popup blocker running since this problem started (before which I had no popups at all), and it has blocked 158 popups in about 3-4 weeks. I use Zone Alarm, McAfee Virus Scan, and AVG on a regular basis. Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:13:08 PM, on 4/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...986/mcfscan.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

I would appreciate any help. Thanks

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 15 April 2007 - 05:50 AM

Welcome to the BleepingComputer HijackThis forum pjsam :thumbsup:

Before we can provide you with any further assistance,you first need to go here and install Service Pack 1a;
http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
This will patch numerous security vulnerabilities in Internet Explorer and the Windows operating system.
As your machine stands right now it's exremely vulnerable to infection.
You need to get these updates installed first before we can proceed or we’ll both be wasting our time.

Note:
Do not install Service pack 2.
If you install SP 2 on an infected machine it will cause serious problems within the operating system.

When you've finished above,restart your pc and post a new Hijackthis log into your next reply please.
Posted Image
Posted Image

#3 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 16 April 2007 - 06:02 PM

Sorry this took so long--we had high winds and the Internet kept going out. Followed your instructions and installed SP1 and a buttload of Security Updates (about 60). I cannot thank you enough for your help. Here's my new log:

Logfile of HijackThis v1.99.1
Scan saved at 6:57:46 PM, on 4/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.com/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176687694785
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...986/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#4 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 17 April 2007 - 07:34 PM

Now, today, my USB ports are not recognizing my camera when plugged in. I thought I'd let you know in case it's connected to the problem in any way. Thanks.

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 18 April 2007 - 03:51 AM

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

*Note*
Don't forget to re-enable your antivirus program.


************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the BitDefender Online Scanner log,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.

Posted Image
Posted Image

#6 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 April 2007 - 09:18 PM

here's the report from bitdefender:

BitDefender Online Scanner



Scan report generated at: Wed, Apr 18, 2007 - 22:09:59





Scan path: C:\;D:\;







Statistics

Time
01:23:52

Files
338808

Folders
6708

Boot Sectors
3

Archives
3731

Packed Files
30792




Results

Identified Viruses
0

Infected Files
0

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
0




Engines Info

Virus Definitions
486734

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

No virus found.

#7 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 April 2007 - 09:31 PM

here's the combo fix report:

"Owner" - 07-04-18 22:19:00 Service Pack 1
ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Owner.PHYLLIS-8KVAY6O\Desktop\


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\OWNER~1.PHY\Desktop\internet.lnk
C:\WINDOWS\system32\drivers\fad.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\Iprip
-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_IPRIP


((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


2007-04-18 20:45 <DIR> d-------- C:\WINDOWS\LastGood
2007-04-18 20:45 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-17 20:41 <DIR> d-------- C:\Program Files\a-squared Free
2007-04-17 20:19 71,680 --a------ C:\WINDOWS\SYSTEM32\fnfilter.dll
2007-04-17 20:19 6,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys
2007-04-17 20:19 37,376 --a------ C:\WINDOWS\SYSTEM32\kousd.dll
2007-04-16 19:22 <DIR> d-------- C:\Program Files\Cartoonist
2007-04-16 18:33 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$
2007-04-16 18:18 67,584 --a------ C:\WINDOWS\SYSTEM32\magnify.exe
2007-04-16 18:18 53,760 --a------ C:\WINDOWS\SYSTEM32\cryptsvc.dll
2007-04-16 18:18 51,200 --a------ C:\WINDOWS\SYSTEM32\narrator.exe
2007-04-16 18:18 238,080 --a------ C:\WINDOWS\SYSTEM32\newdev.dll
2007-04-16 18:18 212,480 --a------ C:\WINDOWS\SYSTEM32\osk.exe
2007-04-16 18:18 179,200 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2007-04-16 17:13 <DIR> d-------- C:\57cb8c74d491195fc17753e54db671af
2007-04-16 16:58 991,232 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-04-16 16:32 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-04-16 16:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-04-16 16:24 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-04-15 22:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-15 22:12 <DIR> d-------- C:\Program Files\messenger
2007-04-15 22:07 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2007-04-15 22:07 86,016 --a------ C:\WINDOWS\SYSTEM32\xactsrv.dll
2007-04-15 22:07 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpstub.exe
2007-04-15 22:07 56,832 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll
2007-04-15 22:07 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2007-04-15 22:07 38,912 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2007-04-15 22:07 311,327 --a------ C:\WINDOWS\SYSTEM32\wmv8dmod.dll
2007-04-15 22:07 296,448 --a------ C:\WINDOWS\SYSTEM32\wmstream.dll
2007-04-15 22:07 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll
2007-04-15 22:07 23,552 --a------ C:\WINDOWS\SYSTEM32\wzcsapi.dll
2007-04-15 22:07 17,408 --a------ C:\WINDOWS\SYSTEM32\wtsapi32.dll
2007-04-15 22:07 118,784 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe.dll
2007-04-15 22:06 98,304 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll
2007-04-15 22:06 95,744 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2007-04-15 22:06 921,475 --------- C:\WINDOWS\SYSTEM32\ati3d2ag.dll
2007-04-15 22:06 91,136 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2007-04-15 22:06 891,711 --------- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
2007-04-15 22:06 88,064 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2007-04-15 22:06 87,304 --a------ C:\WINDOWS\SYSTEM32\rdpdd.dll
2007-04-15 22:06 86,528 --a------ C:\WINDOWS\SYSTEM32\wlnotify.dll
2007-04-15 22:06 844,675 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2007-04-15 22:06 82,944 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2007-04-15 22:06 82,944 --a------ C:\WINDOWS\SYSTEM32\psbase.dll
2007-04-15 22:06 81,920 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2007-04-15 22:06 8,192 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2007-04-15 22:06 75,912 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2007-04-15 22:06 74,240 --a------ C:\WINDOWS\SYSTEM32\rtcshare.exe
2007-04-15 22:06 72,192 --a------ C:\WINDOWS\SYSTEM32\telnet.exe
2007-04-15 22:06 71,168 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2007-04-15 22:06 71,168 --a------ C:\WINDOWS\SYSTEM32\sdbinst.exe
2007-04-15 22:06 686,080 --a------ C:\WINDOWS\SYSTEM32\opengl32.dll
2007-04-15 22:06 667,648 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2007-04-15 22:06 66,560 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2007-04-15 22:06 66,048 --a------ C:\WINDOWS\SYSTEM32\sigverif.exe
2007-04-15 22:06 638,976 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2007-04-15 22:06 63,663 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
2007-04-15 22:06 63,488 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2007-04-15 22:06 62,976 --a------ C:\WINDOWS\SYSTEM32\shgina.dll
2007-04-15 22:06 61,952 --a------ C:\WINDOWS\SYSTEM32\sti.dll
2007-04-15 22:06 60,416 --a------ C:\WINDOWS\SYSTEM32\wextract.exe
2007-04-15 22:06 60,416 --a------ C:\WINDOWS\SYSTEM32\shimeng.dll
2007-04-15 22:06 6,912 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2007-04-15 22:06 6,144 --a------ C:\WINDOWS\SYSTEM32\sensapi.dll
2007-04-15 22:06 58,880 --a------ C:\WINDOWS\SYSTEM32\pautoenr.dll
2007-04-15 22:06 57,856 --a------ C:\WINDOWS\SYSTEM32\raschap.dll
2007-04-15 22:06 569,344 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2007-04-15 22:06 56,591 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinbtxx.sys
2007-04-15 22:06 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2007-04-15 22:06 548,864 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2007-04-15 22:06 534,016 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2007-04-15 22:06 53,248 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2007-04-15 22:06 52,224 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2007-04-15 22:06 51,200 --a------ C:\WINDOWS\SYSTEM32\wmerrenu.dll
2007-04-15 22:06 5,504 --------- C:\WINDOWS\SYSTEM32\DRIVERS\smbali.sys
2007-04-15 22:06 49,664 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2007-04-15 22:06 49,152 --a------ C:\WINDOWS\SYSTEM32\npptools.dll
2007-04-15 22:06 48,640 --a------ C:\WINDOWS\SYSTEM32\vdmredir.dll
2007-04-15 22:06 48,128 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2007-04-15 22:06 48,128 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2007-04-15 22:06 479,261 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2007-04-15 22:06 47,616 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2007-04-15 22:06 450,176 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
2007-04-15 22:06 44,032 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2007-04-15 22:06 44,032 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2007-04-15 22:06 43,008 --a------ C:\WINDOWS\SYSTEM32\ssdpsrv.dll
2007-04-15 22:06 420,864 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
2007-04-15 22:06 409,088 --a------ C:\WINDOWS\SYSTEM32\vssapi.dll
2007-04-15 22:06 40,960 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2007-04-15 22:06 392,704 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2007-04-15 22:06 384,000 --a------ C:\WINDOWS\SYSTEM32\themeui.dll
2007-04-15 22:06 38,400 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2007-04-15 22:06 38,400 --a------ C:\WINDOWS\SYSTEM32\ntlanman.dll
2007-04-15 22:06 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2007-04-15 22:06 364,544 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2007-04-15 22:06 36,463 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys
2007-04-15 22:06 36,352 --a------ C:\WINDOWS\SYSTEM32\sens.dll
2007-04-15 22:06 34,735 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys
2007-04-15 22:06 34,304 --a------ C:\WINDOWS\SYSTEM32\rcimlby.exe
2007-04-15 22:06 339,456 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2007-04-15 22:06 334,848 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2007-04-15 22:06 33,280 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2007-04-15 22:06 327,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
2007-04-15 22:06 32,256 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2007-04-15 22:06 30,671 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys
2007-04-15 22:06 3,494,303 --------- C:\WINDOWS\SYSTEM32\nv4_disp.dll
2007-04-15 22:06 3,338 --a------ C:\WINDOWS\SYSTEM32\redir.exe
2007-04-15 22:06 297,984 --a------ C:\WINDOWS\SYSTEM32\scesrv.dll
2007-04-15 22:06 29,455 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxbxx.sys
2007-04-15 22:06 27,136 --a------ C:\WINDOWS\SYSTEM32\ssdpapi.dll
2007-04-15 22:06 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-04-15 22:06 26,367 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinsnxx.sys
2007-04-15 22:06 254,976 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2007-04-15 22:06 251,904 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2007-04-15 22:06 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2007-04-15 22:06 24,064 --a------ C:\WINDOWS\SYSTEM32\skeys.exe
2007-04-15 22:06 231,424 --a------ C:\WINDOWS\SYSTEM32\upnpui.dll
2007-04-15 22:06 22,528 --a------ C:\WINDOWS\SYSTEM32\slayerxp.dll
2007-04-15 22:06 22,528 --a------ C:\WINDOWS\SYSTEM32\shfolder.dll
2007-04-15 22:06 22,016 --a------ C:\WINDOWS\SYSTEM32\udhisapi.dll
2007-04-15 22:06 21,343 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinttxx.sys
2007-04-15 22:06 203,264 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2007-04-15 22:06 202,496 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-04-15 22:06 200,192 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2007-04-15 22:06 20,992 --a------ C:\WINDOWS\SYSTEM32\setup.exe
2007-04-15 22:06 193,536 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2007-04-15 22:06 19,456 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2007-04-15 22:06 18,944 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2007-04-15 22:06 18,944 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2007-04-15 22:06 174,592 --a------ C:\WINDOWS\SYSTEM32\scecli.dll
2007-04-15 22:06 171,520 --a------ C:\WINDOWS\SYSTEM32\winmm.dll
2007-04-15 22:06 171,008 --a------ C:\WINDOWS\SYSTEM32\sccsccp.dll
2007-04-15 22:06 17,408 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2007-04-15 22:06 17,408 --a------ C:\WINDOWS\SYSTEM32\psapi.dll
2007-04-15 22:06 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2007-04-15 22:06 168,448 --a------ C:\WINDOWS\SYSTEM32\wldap32.dll
2007-04-15 22:06 165,888 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2007-04-15 22:06 165,376 --a------ C:\WINDOWS\SYSTEM32\w32time.dll
2007-04-15 22:06 165,376 --a------ C:\WINDOWS\SYSTEM32\tapi32.dll
2007-04-15 22:06 164,864 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2007-04-15 22:06 16,896 --a------ C:\WINDOWS\SYSTEM32\snmpapi.dll
2007-04-15 22:06 16,384 --a------ C:\WINDOWS\SYSTEM32\watchdog.sys
2007-04-15 22:06 16,384 --a------ C:\WINDOWS\SYSTEM32\ups.exe
2007-04-15 22:06 16,384 --a------ C:\WINDOWS\SYSTEM32\ping.exe
2007-04-15 22:06 158,720 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2007-04-15 22:06 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2007-04-15 22:06 137,216 --a------ C:\WINDOWS\SYSTEM32\ntshrui.dll
2007-04-15 22:06 135,680 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2007-04-15 22:06 134,144 --a------ C:\WINDOWS\regedit.exe
2007-04-15 22:06 133,632 --a------ C:\WINDOWS\SYSTEM32\rsaenh.dll
2007-04-15 22:06 133,120 --a------ C:\WINDOWS\SYSTEM32\sfc_os.dll
2007-04-15 22:06 130,560 --a------ C:\WINDOWS\SYSTEM32\sti_ci.dll
2007-04-15 22:06 13,824 --a------ C:\WINDOWS\SYSTEM32\rassapi.dll
2007-04-15 22:06 13,312 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2007-04-15 22:06 13,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wacompen.sys
2007-04-15 22:06 128,512 --a------ C:\WINDOWS\SYSTEM32\taskmgr.exe
2007-04-15 22:06 124,928 --a------ C:\WINDOWS\SYSTEM32\webvw.dll
2007-04-15 22:06 120,320 --a------ C:\WINDOWS\SYSTEM32\upnp.dll
2007-04-15 22:06 12,800 --a------ C:\WINDOWS\SYSTEM32\runonce.exe
2007-04-15 22:06 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2007-04-15 22:06 12,288 --a------ C:\WINDOWS\SYSTEM32\odbcp32r.dll
2007-04-15 22:06 12,047 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys
2007-04-15 22:06 119,808 --a------ C:\WINDOWS\SYSTEM32\wiadss.dll
2007-04-15 22:06 117,760 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2007-04-15 22:06 112,128 --a------ C:\WINDOWS\SYSTEM32\ntmarta.dll
2007-04-15 22:06 11,904 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mutohpen.sys
2007-04-15 22:06 11,776 --a------ C:\WINDOWS\SYSTEM32\sigtab.dll
2007-04-15 22:06 11,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys
2007-04-15 22:06 109,568 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2007-04-15 22:06 10,752 --a------ C:\WINDOWS\SYSTEM32\tracert.exe
2007-04-15 22:06 1,350,144 --a------ C:\WINDOWS\SYSTEM32\query.dll
2007-04-15 22:06 1,157,632 --a------ C:\WINDOWS\SYSTEM32\sfcfiles.dll
2007-04-15 22:05 91,136 --a------ C:\WINDOWS\SYSTEM32\MSOERT2.DLL
2007-04-15 22:05 857,600 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2007-04-15 22:05 78,848 --a------ C:\WINDOWS\SYSTEM32\msiexec.exe
2007-04-15 22:05 699,392 --a------ C:\WINDOWS\SYSTEM32\msxml2.dll
2007-04-15 22:05 67,584 --a------ C:\WINDOWS\SYSTEM32\msctfp.dll
2007-04-15 22:05 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2007-04-15 22:05 598,016 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2007-04-15 22:05 584,192 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2007-04-15 22:05 57,856 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2007-04-15 22:05 56,320 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2007-04-15 22:05 504,320 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
2007-04-15 22:05 42,496 --a------ C:\WINDOWS\SYSTEM32\ncobjapi.dll
2007-04-15 22:05 401,462 --a------ C:\WINDOWS\SYSTEM32\msvcp60.dll
2007-04-15 22:05 4,608 --a------ C:\WINDOWS\SYSTEM32\msimg32.dll
2007-04-15 22:05 4,126 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2007-04-15 22:05 399,360 --a------ C:\WINDOWS\SYSTEM32\netlogon.dll
2007-04-15 22:05 39,424 --a------ C:\WINDOWS\SYSTEM32\net.exe
2007-04-15 22:05 388,608 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2007-04-15 22:05 381,440 --a------ C:\WINDOWS\SYSTEM32\lmrt.dll
2007-04-15 22:05 368,710 --a------ C:\WINDOWS\SYSTEM32\msisam11.dll
2007-04-15 22:05 339,968 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2007-04-15 22:05 326,656 --a------ C:\WINDOWS\SYSTEM32\netsetup.exe
2007-04-15 22:05 323,072 --a------ C:\WINDOWS\SYSTEM32\msvcrt.dll
2007-04-15 22:05 32,256 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2007-04-15 22:05 319,760 --a------ C:\WINDOWS\SYSTEM32\msnsspc.dll
2007-04-15 22:05 271,360 --a------ C:\WINDOWS\SYSTEM32\msihnd.dll
2007-04-15 22:05 266,752 --a------ C:\WINDOWS\SYSTEM32\msctf.dll
2007-04-15 22:05 241,725 --a------ C:\WINDOWS\SYSTEM32\msuni11.dll
2007-04-15 22:05 233,472 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2007-04-15 22:05 230,400 --a------ C:\WINDOWS\SYSTEM32\msieftp.dll
2007-04-15 22:05 229,376 --a------ C:\WINDOWS\SYSTEM32\MSOEACCT.DLL
2007-04-15 22:05 22,528 --a------ C:\WINDOWS\SYSTEM32\mslbui.dll
2007-04-15 22:05 219,648 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2007-04-15 22:05 210,944 --a------ C:\WINDOWS\SYSTEM32\moricons.dll
2007-04-15 22:05 2,890,240 --a------ C:\WINDOWS\SYSTEM32\msi.dll
2007-04-15 22:05 196,096 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2007-04-15 22:05 19,456 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2007-04-15 22:05 182,784 --a------ C:\WINDOWS\SYSTEM32\msutb.dll
2007-04-15 22:05 163,840 --a------ C:\WINDOWS\SYSTEM32\mindex.dll
2007-04-15 22:05 143,872 --a------ C:\WINDOWS\SYSTEM32\msimtf.dll
2007-04-15 22:05 12,288 --a------ C:\WINDOWS\SYSTEM32\mscpx32r.dll
2007-04-15 22:05 116,736 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2007-04-15 22:05 115,200 --a------ C:\WINDOWS\SYSTEM32\net1.exe
2007-04-15 22:05 113,664 --a------ C:\WINDOWS\SYSTEM32\msvfw32.dll
2007-04-15 22:05 10,240 --a------ C:\WINDOWS\SYSTEM32\msrle32.dll
2007-04-15 22:05 10,240 --a------ C:\WINDOWS\SYSTEM32\localui.dll
2007-04-15 22:05 1,622,528 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2007-04-15 22:05 1,128,960 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2007-04-15 22:04 91,648 --a------ C:\WINDOWS\SYSTEM32\iuctl.dll
2007-04-15 22:04 9,216 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2007-04-15 22:04 88,576 --a------ C:\WINDOWS\SYSTEM32\mqsec.dll
2007-04-15 22:04 8,832 --a------ C:\WINDOWS\SYSTEM32\framebuf.dll
2007-04-15 22:04 73,728 --a------ C:\WINDOWS\SYSTEM32\tlntsess.exe
2007-04-15 22:04 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2007-04-15 22:04 7,168 --a------ C:\WINDOWS\SYSTEM32\tlntsvrp.dll
2007-04-15 22:04 7,040 --a------ C:\WINDOWS\SYSTEM32\kd1394.dll
2007-04-15 22:04 67,584 --a------ C:\WINDOWS\SYSTEM32\tlntsvr.exe
2007-04-15 22:04 67,584 --a------ C:\WINDOWS\SYSTEM32\fdeploy.dll
2007-04-15 22:04 67,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys
2007-04-15 22:04 66,560 --a------ C:\WINDOWS\SYSTEM32\faultrep.dll
2007-04-15 22:04 608,768 --a------ C:\WINDOWS\SYSTEM32\mqqm.dll
2007-04-15 22:04 596,480 --a------ C:\WINDOWS\SYSTEM32\INETCOMM.DLL
2007-04-15 22:04 59,392 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2007-04-15 22:04 57,856 --a------ C:\WINDOWS\SYSTEM32\tlntadmn.exe
2007-04-15 22:04 57,856 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2007-04-15 22:04 545,792 --a------ C:\WINDOWS\SYSTEM32\wsecedit.dll
2007-04-15 22:04 51,712 --a------ C:\WINDOWS\SYSTEM32\ipconfig.exe
2007-04-15 22:04 49,664 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2007-04-15 22:04 49,152 --a------ C:\WINDOWS\SYSTEM32\eventlog.dll
2007-04-15 22:04 478,720 --a------ C:\WINDOWS\SYSTEM32\mqsnap.dll
2007-04-15 22:04 467,456 --a------ C:\WINDOWS\SYSTEM32\mqutil.dll
2007-04-15 22:04 435,200 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2007-04-15 22:04 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2007-04-15 22:04 36,922 --a------ C:\WINDOWS\SYSTEM32\imeshare.dll
2007-04-15 22:04 318,464 --a------ C:\WINDOWS\SYSTEM32\ippromon.dll
2007-04-15 22:04 30,208 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2007-04-15 22:04 29,696 --------- C:\WINDOWS\SYSTEM32\asr_pfu.exe
2007-04-15 22:04 28,160 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll
2007-04-15 22:04 277,504 --a------ C:\WINDOWS\SYSTEM32\appmgr.dll
2007-04-15 22:04 240,640 --a------ C:\WINDOWS\SYSTEM32\hnetcfg.dll
2007-04-15 22:04 237,056 --a------ C:\WINDOWS\SYSTEM32\icm32.dll
2007-04-15 22:04 231,936 --a------ C:\WINDOWS\SYSTEM32\tracerpt.exe
2007-04-15 22:04 19,456 --a------ C:\WINDOWS\SYSTEM32\fontview.exe
2007-04-15 22:04 183,808 --a------ C:\WINDOWS\SYSTEM32\gptext.dll
2007-04-15 22:04 178,688 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2007-04-15 22:04 17,792 --------- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys
2007-04-15 22:04 165,888 --a------ C:\WINDOWS\SYSTEM32\mqrt.dll
2007-04-15 22:04 164,352 --a------ C:\WINDOWS\SYSTEM32\mqtrig.dll
2007-04-15 22:04 156,672 --a------ C:\WINDOWS\SYSTEM32\appmgmts.dll
2007-04-15 22:04 156,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys
2007-04-15 22:04 14,848 --a------ C:\WINDOWS\SYSTEM32\mqise.dll
2007-04-15 22:04 130,048 --a------ C:\WINDOWS\SYSTEM32\mqad.dll
2007-04-15 22:04 123,904 --a------ C:\WINDOWS\SYSTEM32\imapi.exe
2007-04-15 22:04 115,200 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
2007-04-15 22:04 114,176 --a------ C:\WINDOWS\SYSTEM32\input.dll
2007-04-15 22:04 113,664 --a------ C:\WINDOWS\SYSTEM32\schtasks.exe
2007-04-15 22:04 113,152 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2007-04-15 22:04 113,152 --a------ C:\WINDOWS\SYSTEM32\gpresult.exe
2007-04-15 22:04 103,936 --a------ C:\WINDOWS\SYSTEM32\rsnotify.exe
2007-04-15 22:04 103,936 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2007-04-15 22:04 10,752 --------- C:\WINDOWS\SYSTEM32\spiisupd.exe
2007-04-15 22:04 1,004,032 --a------ C:\WINDOWS\explorer.exe
2007-04-15 22:03 98,816 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2007-04-15 22:03 91,648 --a------ C:\WINDOWS\SYSTEM32\ahui.exe
2007-04-15 22:03 9,216 --a------ C:\WINDOWS\SYSTEM32\dumprep.exe
2007-04-15 22:03 802,304 --a------ C:\WINDOWS\SYSTEM32\dxmrtp.dll
2007-04-15 22:03 8,192 --a------ C:\WINDOWS\SYSTEM32\autolfn.exe
2007-04-15 22:03 76,288 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2007-04-15 22:03 76,288 --a------ C:\WINDOWS\SYSTEM32\avifil32.dll
2007-04-15 22:03 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2007-04-15 22:03 71,680 --a------ C:\WINDOWS\SYSTEM32\browsewm.dll
2007-04-15 22:03 70,656 --a------ C:\WINDOWS\SYSTEM32\defrag.exe
2007-04-15 22:03 70,144 --a------ C:\WINDOWS\SYSTEM32\cryptdlg.dll
2007-04-15 22:03 64,512 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2007-04-15 22:03 62,976 --a------ C:\WINDOWS\SYSTEM32\browselc.dll
2007-04-15 22:03 62,464 --a------ C:\WINDOWS\SYSTEM32\adsmsext.dll
2007-04-15 22:03 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2007-04-15 22:03 59,904 --a------ C:\WINDOWS\SYSTEM32\cabinet.dll
2007-04-15 22:03 55,296 --a------ C:\WINDOWS\SYSTEM32\digest.dll
2007-04-15 22:03 54,272 --a------ C:\WINDOWS\SYSTEM32\clusapi.dll
2007-04-15 22:03 498,205 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2007-04-15 22:03 49,152 --a------ C:\WINDOWS\SYSTEM32\browser.dll
2007-04-15 22:03 489,984 --a------ C:\WINDOWS\SYSTEM32\dbghelp.dll
2007-04-15 22:03 45,568 --a------ C:\WINDOWS\SYSTEM32\docprop2.dll
2007-04-15 22:03 41,984 --a------ C:\WINDOWS\SYSTEM32\alg.exe
2007-04-15 22:03 41,472 --a------ C:\WINDOWS\SYSTEM32\cmdl32.exe
2007-04-15 22:03 38,912 --a------ C:\WINDOWS\SYSTEM32\audiosrv.dll
2007-04-15 22:03 35,328 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2007-04-15 22:03 324,608 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2007-04-15 22:03 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2007-04-15 22:03 307,712 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2007-04-15 22:03 263,680 --a------ C:\WINDOWS\SYSTEM32\duser.dll
2007-04-15 22:03 263,168 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2007-04-15 22:03 25,600 --a------ C:\WINDOWS\SYSTEM32\dfsshlex.dll
2007-04-15 22:03 24,576 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2007-04-15 22:03 239,616 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2007-04-15 22:03 238,592 --a------ C:\WINDOWS\SYSTEM32\compatui.dll
2007-04-15 22:03 227,840 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2007-04-15 22:03 22,528 --a------ C:\WINDOWS\SYSTEM32\at.exe
2007-04-15 22:03 19,456 --a------ C:\WINDOWS\SYSTEM32\ersvc.dll
2007-04-15 22:03 186,880 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2007-04-15 22:03 180,224 --a------ C:\WINDOWS\SYSTEM32\dwwin.exe
2007-04-15 22:03 168,960 --a------ C:\WINDOWS\SYSTEM32\dinput8.dll
2007-04-15 22:03 165,376 --a------ C:\WINDOWS\SYSTEM32\els.dll
2007-04-15 22:03 162,816 --a------ C:\WINDOWS\SYSTEM32\adsldp.dll
2007-04-15 22:03 158,720 --a------ C:\WINDOWS\SYSTEM32\credui.dll
2007-04-15 22:03 151,552 --a------ C:\WINDOWS\SYSTEM32\dinput.dll
2007-04-15 22:03 14,366 --a------ C:\WINDOWS\SYSTEM32\asfsipc.dll
2007-04-15 22:03 139,776 --a------ C:\WINDOWS\SYSTEM32\adsldpc.dll
2007-04-15 22:03 135,680 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2007-04-15 22:03 13,312 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-04-15 22:03 124,928 --a------ C:\WINDOWS\SYSTEM32\dssenh.dll
2007-04-15 22:03 115,712 --a------ C:\WINDOWS\SYSTEM32\apphelp.dll
2007-04-15 22:03 113,152 --a------ C:\WINDOWS\SYSTEM32\dfrgui.dll
2007-04-15 22:03 103,424 --a------ C:\WINDOWS\SYSTEM32\dgnet.dll
2007-04-15 22:03 1,740 --a------ C:\WINDOWS\SYSTEM32\dcache.bin
2007-04-12 19:07 <DIR> d-------- C:\DOCUME~1\OWNER~1.PHY\.housecall6.6


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-17 20:48 -------- d-------- C:\Program Files\intermute
2007-04-15 22:11 -------- d-------- C:\Program Files\movie maker
2007-04-14 16:56 -------- d-------- C:\Program Files\xoftspy
2007-04-14 15:31 -------- d-------- C:\Program Files\spyware doctor
2007-04-14 15:22 -------- d-------- C:\Program Files\spywareblaster
2007-04-09 23:48 -------- d-------- C:\Program Files\regscrubxp
2007-03-17 20:28 4212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-03-14 20:21 -------- d-------- C:\Program Files\iolo
2007-03-14 19:38 -------- d--h----- C:\Program Files\installshield installation information
2007-03-14 19:02 -------- d-------- C:\Program Files\hjt
2007-03-13 22:28 -------- d-------- C:\Program Files\Common Files\real
2007-03-10 21:57 -------- d-------- C:\Program Files\cleanmypc popup blocker
2007-03-04 21:59 -------- d-------- C:\Program Files\microsoft antispyware
2007-03-03 20:54 69 --a-s---- C:\WINDOWS\url1.bat
2007-02-10 18:34 192000 --a------ C:\WINDOWS\screensaver.scr
2007-02-10 18:33 545280 --a------ C:\WINDOWS\flashax.exe
2007-02-10 18:33 12288 --a------ C:\WINDOWS\impborl.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{7A9BC6B1-7F27-47c6-A66D-13582E81E537} C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HPHmon06"="C:\\WINDOWS\\System32\\hphmon06.exe"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"System Mechanic Popup Stopper"="\"C:\\Program Files\\iolo\\System Mechanic 5 Professional\\PopupStopper.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoNetHood"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-18 22:24:55
C:\ComboFix-quarantined-files.txt ... 07-04-18 22:24

#8 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 April 2007 - 09:34 PM

I just realized that I forgot to turn zone alarm back on before I did combo fix. So, I will do that now and give you a new report from combo fix. sorry.

Edited by pjsam, 18 April 2007 - 09:36 PM.


#9 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 April 2007 - 10:02 PM

OK here's the combo fix report after I turned zone alarm back on. I'll reboot and do another hijack this and send that next.

"Owner" - 07-04-18 22:49:00 Service Pack 1
ComboFix 07-04-19.1V - Running from: C:\Documents and Settings\Owner.PHYLLIS-8KVAY6O\Desktop\


((((((((((((((((((((((((((((((( Files Created from 2007-03-18 to 2007-04-18 ))))))))))))))))))))))))))))))))))


2007-04-18 20:45 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-04-17 20:41 <DIR> d-------- C:\Program Files\a-squared Free
2007-04-17 20:19 71,680 --a------ C:\WINDOWS\SYSTEM32\fnfilter.dll
2007-04-17 20:19 6,784 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\serscan.sys
2007-04-17 20:19 37,376 --a------ C:\WINDOWS\SYSTEM32\kousd.dll
2007-04-16 19:22 <DIR> d-------- C:\Program Files\Cartoonist
2007-04-16 18:33 <DIR> d--h-c--- C:\WINDOWS\$SQLUninstallMDAC28-KB911562-x86-ENU$
2007-04-16 18:18 67,584 --a------ C:\WINDOWS\SYSTEM32\magnify.exe
2007-04-16 18:18 53,760 --a------ C:\WINDOWS\SYSTEM32\cryptsvc.dll
2007-04-16 18:18 51,200 --a------ C:\WINDOWS\SYSTEM32\narrator.exe
2007-04-16 18:18 238,080 --a------ C:\WINDOWS\SYSTEM32\newdev.dll
2007-04-16 18:18 212,480 --a------ C:\WINDOWS\SYSTEM32\osk.exe
2007-04-16 18:18 179,200 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2007-04-16 17:13 <DIR> d-------- C:\57cb8c74d491195fc17753e54db671af
2007-04-16 16:58 991,232 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2007-04-16 16:32 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2007-04-16 16:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2007-04-16 16:24 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2007-04-15 22:12 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-04-15 22:12 <DIR> d-------- C:\Program Files\messenger
2007-04-15 22:07 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2007-04-15 22:07 86,016 --a------ C:\WINDOWS\SYSTEM32\xactsrv.dll
2007-04-15 22:07 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpstub.exe
2007-04-15 22:07 56,832 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll
2007-04-15 22:07 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2007-04-15 22:07 38,912 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2007-04-15 22:07 311,327 --a------ C:\WINDOWS\SYSTEM32\wmv8dmod.dll
2007-04-15 22:07 296,448 --a------ C:\WINDOWS\SYSTEM32\wmstream.dll
2007-04-15 22:07 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll
2007-04-15 22:07 23,552 --a------ C:\WINDOWS\SYSTEM32\wzcsapi.dll
2007-04-15 22:07 17,408 --a------ C:\WINDOWS\SYSTEM32\wtsapi32.dll
2007-04-15 22:07 118,784 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe.dll
2007-04-15 22:06 98,304 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll
2007-04-15 22:06 95,744 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2007-04-15 22:06 921,475 --------- C:\WINDOWS\SYSTEM32\ati3d2ag.dll
2007-04-15 22:06 91,136 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2007-04-15 22:06 891,711 --------- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys
2007-04-15 22:06 88,064 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2007-04-15 22:06 87,304 --a------ C:\WINDOWS\SYSTEM32\rdpdd.dll
2007-04-15 22:06 86,528 --a------ C:\WINDOWS\SYSTEM32\wlnotify.dll
2007-04-15 22:06 844,675 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2007-04-15 22:06 82,944 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2007-04-15 22:06 82,944 --a------ C:\WINDOWS\SYSTEM32\psbase.dll
2007-04-15 22:06 81,920 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2007-04-15 22:06 8,192 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2007-04-15 22:06 75,912 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2007-04-15 22:06 74,240 --a------ C:\WINDOWS\SYSTEM32\rtcshare.exe
2007-04-15 22:06 72,192 --a------ C:\WINDOWS\SYSTEM32\telnet.exe
2007-04-15 22:06 71,168 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2007-04-15 22:06 71,168 --a------ C:\WINDOWS\SYSTEM32\sdbinst.exe
2007-04-15 22:06 686,080 --a------ C:\WINDOWS\SYSTEM32\opengl32.dll
2007-04-15 22:06 667,648 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2007-04-15 22:06 66,560 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2007-04-15 22:06 66,048 --a------ C:\WINDOWS\SYSTEM32\sigverif.exe
2007-04-15 22:06 638,976 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2007-04-15 22:06 63,663 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinrvxx.sys
2007-04-15 22:06 63,488 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2007-04-15 22:06 62,976 --a------ C:\WINDOWS\SYSTEM32\shgina.dll
2007-04-15 22:06 61,952 --a------ C:\WINDOWS\SYSTEM32\sti.dll
2007-04-15 22:06 60,416 --a------ C:\WINDOWS\SYSTEM32\wextract.exe
2007-04-15 22:06 60,416 --a------ C:\WINDOWS\SYSTEM32\shimeng.dll
2007-04-15 22:06 6,912 --------- C:\WINDOWS\SYSTEM32\DRIVERS\hidir.sys
2007-04-15 22:06 6,144 --a------ C:\WINDOWS\SYSTEM32\sensapi.dll
2007-04-15 22:06 58,880 --a------ C:\WINDOWS\SYSTEM32\pautoenr.dll
2007-04-15 22:06 57,856 --a------ C:\WINDOWS\SYSTEM32\raschap.dll
2007-04-15 22:06 569,344 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2007-04-15 22:06 56,591 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinbtxx.sys
2007-04-15 22:06 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2007-04-15 22:06 548,864 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2007-04-15 22:06 534,016 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2007-04-15 22:06 53,248 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2007-04-15 22:06 52,224 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2007-04-15 22:06 51,200 --a------ C:\WINDOWS\SYSTEM32\wmerrenu.dll
2007-04-15 22:06 5,504 --------- C:\WINDOWS\SYSTEM32\DRIVERS\smbali.sys
2007-04-15 22:06 49,664 --a------ C:\WINDOWS\SYSTEM32\vfwwdm32.dll
2007-04-15 22:06 49,152 --a------ C:\WINDOWS\SYSTEM32\npptools.dll
2007-04-15 22:06 48,640 --a------ C:\WINDOWS\SYSTEM32\vdmredir.dll
2007-04-15 22:06 48,128 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2007-04-15 22:06 48,128 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2007-04-15 22:06 479,261 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2007-04-15 22:06 47,616 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2007-04-15 22:06 450,176 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys
2007-04-15 22:06 44,032 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2007-04-15 22:06 44,032 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2007-04-15 22:06 43,008 --a------ C:\WINDOWS\SYSTEM32\ssdpsrv.dll
2007-04-15 22:06 420,864 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
2007-04-15 22:06 409,088 --a------ C:\WINDOWS\SYSTEM32\vssapi.dll
2007-04-15 22:06 40,960 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2007-04-15 22:06 392,704 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2007-04-15 22:06 384,000 --a------ C:\WINDOWS\SYSTEM32\themeui.dll
2007-04-15 22:06 38,400 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2007-04-15 22:06 38,400 --a------ C:\WINDOWS\SYSTEM32\ntlanman.dll
2007-04-15 22:06 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2007-04-15 22:06 364,544 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2007-04-15 22:06 36,463 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atintuxx.sys
2007-04-15 22:06 36,352 --a------ C:\WINDOWS\SYSTEM32\sens.dll
2007-04-15 22:06 34,735 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxsxx.sys
2007-04-15 22:06 34,304 --a------ C:\WINDOWS\SYSTEM32\rcimlby.exe
2007-04-15 22:06 339,456 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2007-04-15 22:06 334,848 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2007-04-15 22:06 33,280 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2007-04-15 22:06 327,040 --------- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtaa.sys
2007-04-15 22:06 32,256 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2007-04-15 22:06 30,671 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinraxx.sys
2007-04-15 22:06 3,494,303 --------- C:\WINDOWS\SYSTEM32\nv4_disp.dll
2007-04-15 22:06 3,338 --a------ C:\WINDOWS\SYSTEM32\redir.exe
2007-04-15 22:06 297,984 --a------ C:\WINDOWS\SYSTEM32\scesrv.dll
2007-04-15 22:06 29,455 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinxbxx.sys
2007-04-15 22:06 27,136 --a------ C:\WINDOWS\SYSTEM32\ssdpapi.dll
2007-04-15 22:06 266,752 --a------ C:\WINDOWS\winhlp32.exe
2007-04-15 22:06 26,367 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinsnxx.sys
2007-04-15 22:06 254,976 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2007-04-15 22:06 251,904 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2007-04-15 22:06 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2007-04-15 22:06 24,064 --a------ C:\WINDOWS\SYSTEM32\skeys.exe
2007-04-15 22:06 231,424 --a------ C:\WINDOWS\SYSTEM32\upnpui.dll
2007-04-15 22:06 22,528 --a------ C:\WINDOWS\SYSTEM32\slayerxp.dll
2007-04-15 22:06 22,528 --a------ C:\WINDOWS\SYSTEM32\shfolder.dll
2007-04-15 22:06 22,016 --a------ C:\WINDOWS\SYSTEM32\udhisapi.dll
2007-04-15 22:06 21,343 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinttxx.sys
2007-04-15 22:06 203,264 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2007-04-15 22:06 202,496 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2007-04-15 22:06 200,192 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2007-04-15 22:06 20,992 --a------ C:\WINDOWS\SYSTEM32\setup.exe
2007-04-15 22:06 193,536 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2007-04-15 22:06 19,456 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2007-04-15 22:06 18,944 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2007-04-15 22:06 18,944 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2007-04-15 22:06 174,592 --a------ C:\WINDOWS\SYSTEM32\scecli.dll
2007-04-15 22:06 171,520 --a------ C:\WINDOWS\SYSTEM32\winmm.dll
2007-04-15 22:06 171,008 --a------ C:\WINDOWS\SYSTEM32\sccsccp.dll
2007-04-15 22:06 17,408 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2007-04-15 22:06 17,408 --a------ C:\WINDOWS\SYSTEM32\psapi.dll
2007-04-15 22:06 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2007-04-15 22:06 168,448 --a------ C:\WINDOWS\SYSTEM32\wldap32.dll
2007-04-15 22:06 165,888 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2007-04-15 22:06 165,376 --a------ C:\WINDOWS\SYSTEM32\w32time.dll
2007-04-15 22:06 165,376 --a------ C:\WINDOWS\SYSTEM32\tapi32.dll
2007-04-15 22:06 164,864 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2007-04-15 22:06 16,896 --a------ C:\WINDOWS\SYSTEM32\snmpapi.dll
2007-04-15 22:06 16,384 --a------ C:\WINDOWS\SYSTEM32\watchdog.sys
2007-04-15 22:06 16,384 --a------ C:\WINDOWS\SYSTEM32\ups.exe
2007-04-15 22:06 16,384 --a------ C:\WINDOWS\SYSTEM32\ping.exe
2007-04-15 22:06 158,720 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2007-04-15 22:06 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2007-04-15 22:06 137,216 --a------ C:\WINDOWS\SYSTEM32\ntshrui.dll
2007-04-15 22:06 135,680 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2007-04-15 22:06 134,144 --a------ C:\WINDOWS\regedit.exe
2007-04-15 22:06 133,632 --a------ C:\WINDOWS\SYSTEM32\rsaenh.dll
2007-04-15 22:06 133,120 --a------ C:\WINDOWS\SYSTEM32\sfc_os.dll
2007-04-15 22:06 130,560 --a------ C:\WINDOWS\SYSTEM32\sti_ci.dll
2007-04-15 22:06 13,824 --a------ C:\WINDOWS\SYSTEM32\rassapi.dll
2007-04-15 22:06 13,312 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2007-04-15 22:06 13,056 --------- C:\WINDOWS\SYSTEM32\DRIVERS\wacompen.sys
2007-04-15 22:06 128,512 --a------ C:\WINDOWS\SYSTEM32\taskmgr.exe
2007-04-15 22:06 124,928 --a------ C:\WINDOWS\SYSTEM32\webvw.dll
2007-04-15 22:06 120,320 --a------ C:\WINDOWS\SYSTEM32\upnp.dll
2007-04-15 22:06 12,800 --a------ C:\WINDOWS\SYSTEM32\runonce.exe
2007-04-15 22:06 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2007-04-15 22:06 12,288 --a------ C:\WINDOWS\SYSTEM32\odbcp32r.dll
2007-04-15 22:06 12,047 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinpdxx.sys
2007-04-15 22:06 119,808 --a------ C:\WINDOWS\SYSTEM32\wiadss.dll
2007-04-15 22:06 117,760 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2007-04-15 22:06 112,128 --a------ C:\WINDOWS\SYSTEM32\ntmarta.dll
2007-04-15 22:06 11,904 --------- C:\WINDOWS\SYSTEM32\DRIVERS\mutohpen.sys
2007-04-15 22:06 11,776 --a------ C:\WINDOWS\SYSTEM32\sigtab.dll
2007-04-15 22:06 11,615 --------- C:\WINDOWS\SYSTEM32\DRIVERS\atinmdxx.sys
2007-04-15 22:06 109,568 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2007-04-15 22:06 10,752 --a------ C:\WINDOWS\SYSTEM32\tracert.exe
2007-04-15 22:06 1,350,144 --a------ C:\WINDOWS\SYSTEM32\query.dll
2007-04-15 22:06 1,157,632 --a------ C:\WINDOWS\SYSTEM32\sfcfiles.dll
2007-04-15 22:05 91,136 --a------ C:\WINDOWS\SYSTEM32\MSOERT2.DLL
2007-04-15 22:05 857,600 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2007-04-15 22:05 78,848 --a------ C:\WINDOWS\SYSTEM32\msiexec.exe
2007-04-15 22:05 699,392 --a------ C:\WINDOWS\SYSTEM32\msxml2.dll
2007-04-15 22:05 67,584 --a------ C:\WINDOWS\SYSTEM32\msctfp.dll
2007-04-15 22:05 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2007-04-15 22:05 598,016 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2007-04-15 22:05 584,192 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2007-04-15 22:05 57,856 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2007-04-15 22:05 56,320 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2007-04-15 22:05 504,320 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
2007-04-15 22:05 42,496 --a------ C:\WINDOWS\SYSTEM32\ncobjapi.dll
2007-04-15 22:05 401,462 --a------ C:\WINDOWS\SYSTEM32\msvcp60.dll
2007-04-15 22:05 4,608 --a------ C:\WINDOWS\SYSTEM32\msimg32.dll
2007-04-15 22:05 4,126 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2007-04-15 22:05 399,360 --a------ C:\WINDOWS\SYSTEM32\netlogon.dll
2007-04-15 22:05 39,424 --a------ C:\WINDOWS\SYSTEM32\net.exe
2007-04-15 22:05 388,608 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2007-04-15 22:05 381,440 --a------ C:\WINDOWS\SYSTEM32\lmrt.dll
2007-04-15 22:05 368,710 --a------ C:\WINDOWS\SYSTEM32\msisam11.dll
2007-04-15 22:05 339,968 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2007-04-15 22:05 326,656 --a------ C:\WINDOWS\SYSTEM32\netsetup.exe
2007-04-15 22:05 323,072 --a------ C:\WINDOWS\SYSTEM32\msvcrt.dll
2007-04-15 22:05 32,256 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2007-04-15 22:05 319,760 --a------ C:\WINDOWS\SYSTEM32\msnsspc.dll
2007-04-15 22:05 271,360 --a------ C:\WINDOWS\SYSTEM32\msihnd.dll
2007-04-15 22:05 266,752 --a------ C:\WINDOWS\SYSTEM32\msctf.dll
2007-04-15 22:05 241,725 --a------ C:\WINDOWS\SYSTEM32\msuni11.dll
2007-04-15 22:05 233,472 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2007-04-15 22:05 230,400 --a------ C:\WINDOWS\SYSTEM32\msieftp.dll
2007-04-15 22:05 229,376 --a------ C:\WINDOWS\SYSTEM32\MSOEACCT.DLL
2007-04-15 22:05 22,528 --a------ C:\WINDOWS\SYSTEM32\mslbui.dll
2007-04-15 22:05 219,648 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2007-04-15 22:05 210,944 --a------ C:\WINDOWS\SYSTEM32\moricons.dll
2007-04-15 22:05 2,890,240 --a------ C:\WINDOWS\SYSTEM32\msi.dll
2007-04-15 22:05 196,096 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2007-04-15 22:05 19,456 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2007-04-15 22:05 182,784 --a------ C:\WINDOWS\SYSTEM32\msutb.dll
2007-04-15 22:05 163,840 --a------ C:\WINDOWS\SYSTEM32\mindex.dll
2007-04-15 22:05 143,872 --a------ C:\WINDOWS\SYSTEM32\msimtf.dll
2007-04-15 22:05 12,288 --a------ C:\WINDOWS\SYSTEM32\mscpx32r.dll
2007-04-15 22:05 116,736 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2007-04-15 22:05 115,200 --a------ C:\WINDOWS\SYSTEM32\net1.exe
2007-04-15 22:05 113,664 --a------ C:\WINDOWS\SYSTEM32\msvfw32.dll
2007-04-15 22:05 10,240 --a------ C:\WINDOWS\SYSTEM32\msrle32.dll
2007-04-15 22:05 10,240 --a------ C:\WINDOWS\SYSTEM32\localui.dll
2007-04-15 22:05 1,622,528 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2007-04-15 22:05 1,128,960 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2007-04-15 22:04 91,648 --a------ C:\WINDOWS\SYSTEM32\iuctl.dll
2007-04-15 22:04 9,216 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2007-04-15 22:04 88,576 --a------ C:\WINDOWS\SYSTEM32\mqsec.dll
2007-04-15 22:04 8,832 --a------ C:\WINDOWS\SYSTEM32\framebuf.dll
2007-04-15 22:04 73,728 --a------ C:\WINDOWS\SYSTEM32\tlntsess.exe
2007-04-15 22:04 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2007-04-15 22:04 7,168 --a------ C:\WINDOWS\SYSTEM32\tlntsvrp.dll
2007-04-15 22:04 7,040 --a------ C:\WINDOWS\SYSTEM32\kd1394.dll
2007-04-15 22:04 67,584 --a------ C:\WINDOWS\SYSTEM32\tlntsvr.exe
2007-04-15 22:04 67,584 --a------ C:\WINDOWS\SYSTEM32\fdeploy.dll
2007-04-15 22:04 67,456 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mqac.sys
2007-04-15 22:04 66,560 --a------ C:\WINDOWS\SYSTEM32\faultrep.dll
2007-04-15 22:04 608,768 --a------ C:\WINDOWS\SYSTEM32\mqqm.dll
2007-04-15 22:04 596,480 --a------ C:\WINDOWS\SYSTEM32\INETCOMM.DLL
2007-04-15 22:04 59,392 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2007-04-15 22:04 57,856 --a------ C:\WINDOWS\SYSTEM32\tlntadmn.exe
2007-04-15 22:04 57,856 --a------ C:\WINDOWS\SYSTEM32\nwwks.dll
2007-04-15 22:04 545,792 --a------ C:\WINDOWS\SYSTEM32\wsecedit.dll
2007-04-15 22:04 51,712 --a------ C:\WINDOWS\SYSTEM32\ipconfig.exe
2007-04-15 22:04 49,664 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2007-04-15 22:04 49,152 --a------ C:\WINDOWS\SYSTEM32\eventlog.dll
2007-04-15 22:04 478,720 --a------ C:\WINDOWS\SYSTEM32\mqsnap.dll
2007-04-15 22:04 467,456 --a------ C:\WINDOWS\SYSTEM32\mqutil.dll
2007-04-15 22:04 435,200 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2007-04-15 22:04 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2007-04-15 22:04 36,922 --a------ C:\WINDOWS\SYSTEM32\imeshare.dll
2007-04-15 22:04 318,464 --a------ C:\WINDOWS\SYSTEM32\ippromon.dll
2007-04-15 22:04 30,208 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2007-04-15 22:04 29,696 --------- C:\WINDOWS\SYSTEM32\asr_pfu.exe
2007-04-15 22:04 28,160 --a------ C:\WINDOWS\SYSTEM32\pidgen.dll
2007-04-15 22:04 277,504 --a------ C:\WINDOWS\SYSTEM32\appmgr.dll
2007-04-15 22:04 240,640 --a------ C:\WINDOWS\SYSTEM32\hnetcfg.dll
2007-04-15 22:04 237,056 --a------ C:\WINDOWS\SYSTEM32\icm32.dll
2007-04-15 22:04 231,936 --a------ C:\WINDOWS\SYSTEM32\tracerpt.exe
2007-04-15 22:04 19,456 --a------ C:\WINDOWS\SYSTEM32\fontview.exe
2007-04-15 22:04 183,808 --a------ C:\WINDOWS\SYSTEM32\gptext.dll
2007-04-15 22:04 178,688 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2007-04-15 22:04 17,792 --------- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys
2007-04-15 22:04 165,888 --a------ C:\WINDOWS\SYSTEM32\mqrt.dll
2007-04-15 22:04 164,352 --a------ C:\WINDOWS\SYSTEM32\mqtrig.dll
2007-04-15 22:04 156,672 --a------ C:\WINDOWS\SYSTEM32\appmgmts.dll
2007-04-15 22:04 156,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\nwrdr.sys
2007-04-15 22:04 14,848 --a------ C:\WINDOWS\SYSTEM32\mqise.dll
2007-04-15 22:04 130,048 --a------ C:\WINDOWS\SYSTEM32\mqad.dll
2007-04-15 22:04 123,904 --a------ C:\WINDOWS\SYSTEM32\imapi.exe
2007-04-15 22:04 115,200 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
2007-04-15 22:04 114,176 --a------ C:\WINDOWS\SYSTEM32\input.dll
2007-04-15 22:04 113,664 --a------ C:\WINDOWS\SYSTEM32\schtasks.exe
2007-04-15 22:04 113,152 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2007-04-15 22:04 113,152 --a------ C:\WINDOWS\SYSTEM32\gpresult.exe
2007-04-15 22:04 103,936 --a------ C:\WINDOWS\SYSTEM32\rsnotify.exe
2007-04-15 22:04 103,936 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2007-04-15 22:04 10,752 --------- C:\WINDOWS\SYSTEM32\spiisupd.exe
2007-04-15 22:04 1,004,032 --a------ C:\WINDOWS\explorer.exe
2007-04-15 22:03 98,816 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2007-04-15 22:03 91,648 --a------ C:\WINDOWS\SYSTEM32\ahui.exe
2007-04-15 22:03 9,216 --a------ C:\WINDOWS\SYSTEM32\dumprep.exe
2007-04-15 22:03 802,304 --a------ C:\WINDOWS\SYSTEM32\dxmrtp.dll
2007-04-15 22:03 8,192 --a------ C:\WINDOWS\SYSTEM32\autolfn.exe
2007-04-15 22:03 76,288 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2007-04-15 22:03 76,288 --a------ C:\WINDOWS\SYSTEM32\avifil32.dll
2007-04-15 22:03 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2007-04-15 22:03 71,680 --a------ C:\WINDOWS\SYSTEM32\browsewm.dll
2007-04-15 22:03 70,656 --a------ C:\WINDOWS\SYSTEM32\defrag.exe
2007-04-15 22:03 70,144 --a------ C:\WINDOWS\SYSTEM32\cryptdlg.dll
2007-04-15 22:03 64,512 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2007-04-15 22:03 62,976 --a------ C:\WINDOWS\SYSTEM32\browselc.dll
2007-04-15 22:03 62,464 --a------ C:\WINDOWS\SYSTEM32\adsmsext.dll
2007-04-15 22:03 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2007-04-15 22:03 59,904 --a------ C:\WINDOWS\SYSTEM32\cabinet.dll
2007-04-15 22:03 55,296 --a------ C:\WINDOWS\SYSTEM32\digest.dll
2007-04-15 22:03 54,272 --a------ C:\WINDOWS\SYSTEM32\clusapi.dll
2007-04-15 22:03 498,205 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2007-04-15 22:03 49,152 --a------ C:\WINDOWS\SYSTEM32\browser.dll
2007-04-15 22:03 489,984 --a------ C:\WINDOWS\SYSTEM32\dbghelp.dll
2007-04-15 22:03 45,568 --a------ C:\WINDOWS\SYSTEM32\docprop2.dll
2007-04-15 22:03 41,984 --a------ C:\WINDOWS\SYSTEM32\alg.exe
2007-04-15 22:03 41,472 --a------ C:\WINDOWS\SYSTEM32\cmdl32.exe
2007-04-15 22:03 38,912 --a------ C:\WINDOWS\SYSTEM32\audiosrv.dll
2007-04-15 22:03 35,328 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2007-04-15 22:03 324,608 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2007-04-15 22:03 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2007-04-15 22:03 307,712 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2007-04-15 22:03 263,680 --a------ C:\WINDOWS\SYSTEM32\duser.dll
2007-04-15 22:03 263,168 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2007-04-15 22:03 25,600 --a------ C:\WINDOWS\SYSTEM32\dfsshlex.dll
2007-04-15 22:03 24,576 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2007-04-15 22:03 239,616 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2007-04-15 22:03 238,592 --a------ C:\WINDOWS\SYSTEM32\compatui.dll
2007-04-15 22:03 227,840 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2007-04-15 22:03 22,528 --a------ C:\WINDOWS\SYSTEM32\at.exe
2007-04-15 22:03 19,456 --a------ C:\WINDOWS\SYSTEM32\ersvc.dll
2007-04-15 22:03 186,880 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2007-04-15 22:03 180,224 --a------ C:\WINDOWS\SYSTEM32\dwwin.exe
2007-04-15 22:03 168,960 --a------ C:\WINDOWS\SYSTEM32\dinput8.dll
2007-04-15 22:03 165,376 --a------ C:\WINDOWS\SYSTEM32\els.dll
2007-04-15 22:03 162,816 --a------ C:\WINDOWS\SYSTEM32\adsldp.dll
2007-04-15 22:03 158,720 --a------ C:\WINDOWS\SYSTEM32\credui.dll
2007-04-15 22:03 151,552 --a------ C:\WINDOWS\SYSTEM32\dinput.dll
2007-04-15 22:03 14,366 --a------ C:\WINDOWS\SYSTEM32\asfsipc.dll
2007-04-15 22:03 139,776 --a------ C:\WINDOWS\SYSTEM32\adsldpc.dll
2007-04-15 22:03 135,680 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2007-04-15 22:03 13,312 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2007-04-15 22:03 124,928 --a------ C:\WINDOWS\SYSTEM32\dssenh.dll
2007-04-15 22:03 115,712 --a------ C:\WINDOWS\SYSTEM32\apphelp.dll
2007-04-15 22:03 113,152 --a------ C:\WINDOWS\SYSTEM32\dfrgui.dll
2007-04-15 22:03 103,424 --a------ C:\WINDOWS\SYSTEM32\dgnet.dll
2007-04-15 22:03 1,740 --a------ C:\WINDOWS\SYSTEM32\dcache.bin
2007-04-12 19:07 <DIR> d-------- C:\DOCUME~1\OWNER~1.PHY\.housecall6.6


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-17 20:48 -------- d-------- C:\Program Files\intermute
2007-04-15 22:11 -------- d-------- C:\Program Files\movie maker
2007-04-14 16:56 -------- d-------- C:\Program Files\xoftspy
2007-04-14 15:31 -------- d-------- C:\Program Files\spyware doctor
2007-04-14 15:22 -------- d-------- C:\Program Files\spywareblaster
2007-04-09 23:48 -------- d-------- C:\Program Files\regscrubxp
2007-03-17 20:28 4212 ---h----- C:\WINDOWS\SYSTEM32\zllictbl.dat
2007-03-14 20:21 -------- d-------- C:\Program Files\iolo
2007-03-14 19:38 -------- d--h----- C:\Program Files\installshield installation information
2007-03-14 19:02 -------- d-------- C:\Program Files\hjt
2007-03-13 22:28 -------- d-------- C:\Program Files\Common Files\real
2007-03-10 21:57 -------- d-------- C:\Program Files\cleanmypc popup blocker
2007-03-04 21:59 -------- d-------- C:\Program Files\microsoft antispyware
2007-03-03 20:54 69 --a-s---- C:\WINDOWS\url1.bat
2007-02-10 18:34 192000 --a------ C:\WINDOWS\screensaver.scr
2007-02-10 18:33 545280 --a------ C:\WINDOWS\flashax.exe
2007-02-10 18:33 12288 --a------ C:\WINDOWS\impborl.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
{7A9BC6B1-7F27-47c6-A66D-13582E81E537} C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"McAfeeUpdaterUI"="\"C:\\Program Files\\Network Associates\\Common Framework\\UpdaterUI.exe\" /StartedFromRunKey"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HPHmon06"="C:\\WINDOWS\\System32\\hphmon06.exe"
"Network Associates Error Reporting Service"="\"C:\\Program Files\\Common Files\\Network Associates\\TalkBack\\tbmon.exe\""
"ShStatEXE"="\"C:\\Program Files\\Network Associates\\VirusScan\\SHSTAT.EXE\" /STANDALONE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"System Mechanic Popup Stopper"="\"C:\\Program Files\\iolo\\System Mechanic 5 Professional\\PopupStopper.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoNetHood"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-18 22:57:00
C:\ComboFix-quarantined-files.txt ... 07-04-18 22:57
C:\ComboFix2.txt ... 07-04-18 22:24

#10 pjsam

pjsam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:46 AM

Posted 18 April 2007 - 10:15 PM

OK. I rebooted and here's my latest hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:10:14 PM, on 4/18/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.com/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CleanMyPC Popup Blocker - {7A9BC6B1-7F27-47c6-A66D-13582E81E537} - C:\Program Files\CleanMyPC Popup Blocker\CleanBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: CleanMyPC Toolbar - {04164EC4-1E48-4279-818E-3721931E7636} - C:\Program Files\CleanMyPC Popup Blocker\CleanBar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 5 Professional\PopupStopper.exe"
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1176687694785
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...986/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:46 PM

Posted 19 April 2007 - 04:17 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Exit Hijackthis.

***************************************

Your log is clean :thumbsup:
If all's ok,please do the following:

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u1'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u1-windows-i586-p.exe to install the newest version.

You should now go to Windows Update and install all the latest critical updates including Service Pack 2.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users