Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This! Log


  • Please log in to reply
4 replies to this topic

#1 shaydie

shaydie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 07 May 2007 - 09:04 PM

Hello all!

I've just restored XP yesterday and wiped everything out.

Today, the xxx pop ups, casino ads, etc have been popping up like crazy. I have a ten year old daughter; I need to get this taken care of so she can use the computer again.

Here is my log, I thank you SO much for looking at it for me!

Logfile of HijackThis v1.99.1
Scan saved at 6:49:29 PM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: (no name) - {d667f186-b28b-4a86-b9d0-05434d2127b7} - C:\WINDOWS\system32\Inetelp.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\RunOnce: [eISS_licreg] "C:\Program Files\CA\eTrust Internet Security Suite\licreg.exe" /s
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs:
O20 - Winlogon Notify: Inetelp - C:\WINDOWS\SYSTEM32\Inetelp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 08 May 2007 - 02:59 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum shaydie :thumbsup:

Please move HijackThis.exe to a permanent folder on the hard drive such as C:\HJT,so that any backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.

**************************

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

**************************

Download Killbox by Option^Explicit:
http://download.bleepingcomputer.com/spyware/KillBox.zip
Save it to your desktop.
Please double-click Killbox.exe to run it.
Select: 'Delete on Reboot'.
Then Click on the 'All Files' button.
Please copy ALL the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SYSTEM32\Inetelp.dll
C:\WINDOWS\system32\lsasss.exe


Return to Killbox,go to the File menu,and choose 'Paste from Clipboard'.
Click the red-and-white Delete File button.
Click 'Yes' at the 'Delete on Reboot' prompt.
Click OK at any 'PendingFileRenameOperations' prompt.
If your computer does not restart automatically,please restart it manually.

After rebooting, open up Killbox again.
Click 'File'>'Logs'>'Actions History Log'.
Post this log in your next reply.

**************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
Post the Actions History Log from Killbox,the contents of C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#3 shaydie

shaydie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 08 May 2007 - 11:14 AM

Thank you so much. Here are my logs:

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Tuesday, May 08, 2007, 8:43 AM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM32\Inetelp.dll


# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\lsasss.exe


I Rebooted @ 8:45:08 AM
Killbox Closed(Exit) @ 8:45:11 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Owner(Administrator)
was started @ Tuesday, May 08, 2007, 8:48 AM




"Owner" - 2007-05-08 8:50:11 Service Pack 2
ComboFix 07-05.08.1.V - Running from: "C:\Documents and Settings\Owner\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tmp3.tmp.dll


((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))


2007-05-08 08:43 <DIR> d-------- C:\!KillBox
2007-05-08 08:37 <DIR> d-------- C:\HJT
2007-05-08 07:07 1,088,579 --a------ C:\ComboFix.exe
2007-05-07 18:49 218,112 --a------ C:\HijackThis.exe
2007-05-07 15:14 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Google
2007-05-07 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-05-07 15:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-05-07 15:13 <DIR> d-------- C:\Program Files\Google
2007-05-07 14:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CA
2007-05-07 14:44 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-05-07 14:44 <DIR> d-------- C:\Program Files\CA
2007-05-07 14:22 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Lavasoft
2007-05-07 12:41 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-05-07 12:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-07 11:43 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-05-07 11:36 <DIR> d-------- C:\Program Files\EndItAll
2007-05-07 09:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-07 08:12 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-07 08:08 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-07 07:33 <DIR> d-------- C:\WINDOWS\system32\bak
2007-05-07 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-07 03:00 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-07 03:00 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-06 19:29 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\AdobeUM
2007-05-06 13:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
2007-05-06 13:09 <DIR> d-------- C:\Program Files\Siber Systems
2007-05-06 13:03 <DIR> d-------- C:\Program Files\Neopets
2007-05-06 13:03 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Neopets Toolbar
2007-05-06 12:57 <DIR> d--hs---- C:\RECYCLER
2007-05-06 12:54 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-05-06 12:54 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver
2007-05-06 12:54 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
2007-05-06 12:54 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\CyberLink
2007-05-06 12:53 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-06 12:50 <DIR> d--hs---- C:\System Volume Information
2007-05-06 12:42 51,712 --a------ C:\WINDOWS\system32\wzcsapi.dll
2007-05-06 12:42 359,936 --a------ C:\WINDOWS\system32\wzcsvc.dll
2007-05-06 12:41 86,073 --a------ C:\WINDOWS\system32\usrfaxa.dll
2007-05-06 12:41 77,891 --a------ C:\WINDOWS\system32\usrmlnka.exe
2007-05-06 12:41 77,883 --a------ C:\WINDOWS\system32\usrrtosa.dll
2007-05-06 12:41 69,700 --a------ C:\WINDOWS\system32\usrshuta.exe
2007-05-06 12:41 61,508 --a------ C:\WINDOWS\system32\usrprbda.exe
2007-05-06 12:41 53,305 --a------ C:\WINDOWS\system32\usrlbva.dll
2007-05-06 12:41 49,211 --a------ C:\WINDOWS\system32\usrvpa.dll
2007-05-06 12:41 49,211 --a------ C:\WINDOWS\system32\usrsdpia.dll
2007-05-06 12:41 49,209 --a------ C:\WINDOWS\system32\usrv80a.dll
2007-05-06 12:41 45,116 --a------ C:\WINDOWS\system32\usrvoica.dll
2007-05-06 12:41 41,019 --a------ C:\WINDOWS\system32\usrsvpia.dll
2007-05-06 12:41 323,641 --a------ C:\WINDOWS\system32\usrdtea.dll
2007-05-06 12:41 3,200 --a------ C:\WINDOWS\system32\wowfax.dll
2007-05-06 12:41 13,824 --a------ C:\WINDOWS\system32\wowfaxui.dll
2007-05-06 12:41 102,457 --a------ C:\WINDOWS\system32\usrv42a.dll
2007-05-06 12:40 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-05-06 12:40 8,192 --a------ C:\WINDOWS\system32\streamci.dll
2007-05-06 12:40 77,890 --a------ C:\WINDOWS\system32\usrdpa.dll
2007-05-06 12:40 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-06 12:40 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-06 12:40 72,192 --a------ C:\WINDOWS\system32\sprio800.dll
2007-05-06 12:40 70,656 --a------ C:\WINDOWS\system32\sprio600.dll
2007-05-06 12:40 69,699 --a------ C:\WINDOWS\system32\usrcoina.dll
2007-05-06 12:40 69,632 --a------ C:\WINDOWS\system32\spnike.dll
2007-05-06 12:40 61,500 --a------ C:\WINDOWS\system32\usrcntra.dll
2007-05-06 12:40 35,328 --a------ C:\WINDOWS\system32\pid.dll
2007-05-06 12:40 157,696 --a------ C:\WINDOWS\system32\paqsp.dll
2007-05-06 12:40 15,360 --a------ C:\WINDOWS\system32\pjlmon.dll
2007-05-06 12:39 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-06 12:39 80,128 --a------ C:\WINDOWS\system32\drivers\parport.sys
2007-05-06 12:39 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-06 12:39 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-06 12:39 58,112 --a------ C:\WINDOWS\system32\drivers\vdmindvd.sys
2007-05-06 12:39 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-06 12:39 55,296 --a------ C:\WINDOWS\system32\dvdplay.exe
2007-05-06 12:39 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-06 12:39 51,712 --a------ C:\WINDOWS\system32\drivers\tosdvd.sys
2007-05-06 12:39 48,640 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-05-06 12:39 47,616 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-05-06 12:39 42,496 --a------ C:\WINDOWS\system32\drivers\p3.sys
2007-05-06 12:39 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-06 12:39 4,352 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-05-06 12:39 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-06 12:39 35,328 --a------ C:\WINDOWS\system32\drivers\processr.sys
2007-05-06 12:39 25,472 --a------ C:\WINDOWS\system32\drivers\sonydcam.sys
2007-05-06 12:39 23,936 --a------ C:\WINDOWS\system32\drivers\usbcamd2.sys
2007-05-06 12:39 23,808 --a------ C:\WINDOWS\system32\drivers\usbcamd.sys
2007-05-06 12:39 21,376 --a------ C:\WINDOWS\system32\drivers\tsbvcap.sys
2007-05-06 12:39 20,992 --a------ C:\WINDOWS\system32\hid.dll
2007-05-06 12:39 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-06 12:39 17,408 --a------ C:\WINDOWS\system32\msyuv.dll
2007-05-06 12:39 16,000 --a------ C:\WINDOWS\system32\drivers\usbintel.sys
2007-05-06 12:39 147,968 --a------ C:\WINDOWS\system32\mdwmdmsp.dll
2007-05-06 12:39 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-06 12:39 12,416 --a------ C:\WINDOWS\system32\drivers\tunmp.sys
2007-05-06 12:39 12,032 --a------ C:\WINDOWS\system32\drivers\riodrv.sys
2007-05-06 12:39 12,032 --a------ C:\WINDOWS\system32\drivers\rio8drv.sys
2007-05-06 12:38 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-05-06 12:38 63,744 --a------ C:\WINDOWS\system32\drivers\mf.sys
2007-05-06 12:38 63,208 --a------ C:\WINDOWS\system32\drivers\dc21x4.sys
2007-05-06 12:38 61,824 --a------ C:\WINDOWS\system32\drivers\nic1394.sys
2007-05-06 12:38 60,800 --a------ C:\WINDOWS\system32\drivers\arp1394.sys
2007-05-06 12:38 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-06 12:38 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-05-06 12:38 52,224 --a------ C:\WINDOWS\system32\dmutil.dll
2007-05-06 12:38 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-05-06 12:38 44,928 --a------ C:\WINDOWS\system32\drivers\AGPCPQ.SYS
2007-05-06 12:38 43,008 --a------ C:\WINDOWS\system32\drivers\AMDAGP.SYS
2007-05-06 12:38 42,752 --a------ C:\WINDOWS\system32\drivers\ALIM1541.SYS
2007-05-06 12:38 42,368 --a------ C:\WINDOWS\system32\drivers\AGP440.SYS
2007-05-06 12:38 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-05-06 12:38 41,088 --a------ C:\WINDOWS\system32\drivers\SISAGP.SYS
2007-05-06 12:38 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-05-06 12:38 37,376 --a------ C:\WINDOWS\system32\drivers\amdk7.sys
2007-05-06 12:38 36,992 --a------ C:\WINDOWS\system32\drivers\amdk6.sys
2007-05-06 12:38 36,480 --a------ C:\WINDOWS\system32\drivers\crusoe.sys
2007-05-06 12:38 30,080 --a------ C:\WINDOWS\system32\drivers\modem.sys
2007-05-06 12:38 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-06 12:38 262,528 --a------ C:\WINDOWS\system32\drivers\cinemst2.sys
2007-05-06 12:38 23,040 --a------ C:\WINDOWS\system32\drivers\mouclass.sys
2007-05-06 12:38 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-06 12:38 19,968 --a------ C:\WINDOWS\system32\drivers\mxnic.sys
2007-05-06 12:38 18,688 --a------ C:\WINDOWS\system32\drivers\cdaudio.sys
2007-05-06 12:38 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-06 12:38 15,488 --a------ C:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-06 12:38 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-06 12:38 140,928 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-05-06 12:38 12,928 --a------ C:\WINDOWS\system32\drivers\ndisuio.sys
2007-05-06 12:38 12,160 --a------ C:\WINDOWS\system32\drivers\fsvga.sys
2007-05-06 12:38 12,032 --a------ C:\WINDOWS\system32\drivers\nikedrv.sys
2007-05-06 12:38 11,776 --a------ C:\WINDOWS\system32\drivers\cpqdap01.sys
2007-05-06 12:36 47,104 --a------ C:\WINDOWS\system32\cnbjmon.dll
2007-05-06 12:35 99,328 --a------ C:\WINDOWS\system32\winscard.dll
2007-05-06 12:35 984,576 --a------ C:\WINDOWS\system32\syssetup.dll
2007-05-06 12:35 98,304 --a------ C:\WINDOWS\system32\verifier.exe
2007-05-06 12:35 94,784 --a------ C:\WINDOWS\twain.dll
2007-05-06 12:35 937,984 --a------ C:\WINDOWS\system32\winbrand.dll
2007-05-06 12:35 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-06 12:35 92,672 --a------ C:\WINDOWS\system32\wlnotify.dll
2007-05-06 12:35 91,648 --a------ C:\WINDOWS\system32\xactsrv.dll
2007-05-06 12:35 90,624 --a------ C:\WINDOWS\system32\trkwks.dll
2007-05-06 12:35 9,344 --a------ C:\WINDOWS\system32\vga.dll
2007-05-06 12:35 9,216 --a------ C:\WINDOWS\system32\wshatm.dll
2007-05-06 12:35 9,216 --a------ C:\WINDOWS\system32\winfax.dll
2007-05-06 12:35 9,216 --a------ C:\WINDOWS\system32\wifeman.dll
2007-05-06 12:35 9,216 --a------ C:\WINDOWS\system32\subst.exe
2007-05-06 12:35 9,008 --a------ C:\WINDOWS\system32\ver.dll
2007-05-06 12:35 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-06 12:35 896,512 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-05-06 12:35 858,624 --a------ C:\WINDOWS\system32\tapi3.dll
2007-05-06 12:35 82,944 --a------ C:\WINDOWS\system32\ws2_32.dll
2007-05-06 12:35 82,432 --a------ C:\WINDOWS\system32\ufat.dll
2007-05-06 12:35 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-05-06 12:35 809,984 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-05-06 12:35 8,192 --a------ C:\WINDOWS\system32\winhlp32.exe
2007-05-06 12:35 79,744 --a------ C:\WINDOWS\system32\drivers\videoprt.sys
2007-05-06 12:35 78,848 --a------ C:\WINDOWS\system32\tapiui.dll
2007-05-06 12:35 764,928 --a------ C:\WINDOWS\system32\winntbbu.dll
2007-05-06 12:35 759,296 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-05-06 12:35 75,776 --a------ C:\WINDOWS\system32\wiascr.dll
2007-05-06 12:35 75,776 --a------ C:\WINDOWS\system32\telnet.exe
2007-05-06 12:35 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-05-06 12:35 74,240 --a------ C:\WINDOWS\system32\unimdmat.dll
2007-05-06 12:35 723,456 --a------ C:\WINDOWS\system32\userenv.dll
2007-05-06 12:35 713,216 --a------ C:\WINDOWS\system32\sxs.dll
2007-05-06 12:35 707 --a------ C:\WINDOWS\_default.pif
2007-05-06 12:35 7,680 --a------ C:\WINDOWS\system32\vcdex.dll
2007-05-06 12:35 7,168 --a------ C:\WINDOWS\system32\wshnetbs.dll
2007-05-06 12:35 68,096 --a------ C:\WINDOWS\system32\webclnt.dll
2007-05-06 12:35 670,720 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-05-06 12:35 67,584 --a------ C:\WINDOWS\system32\sti.dll
2007-05-06 12:35 66,176 --a------ C:\WINDOWS\system32\drivers\udfs.sys
2007-05-06 12:35 65,536 --a------ C:\WINDOWS\system32\wshext.dll
2007-05-06 12:35 65,536 --a------ C:\WINDOWS\system32\wextract.exe
2007-05-06 12:35 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-06 12:35 6,144 --a------ C:\WINDOWS\system32\svcpack.dll
2007-05-06 12:35 589,312 --a------ C:\WINDOWS\system32\wiashext.dll
2007-05-06 12:35 577,536 --a------ C:\WINDOWS\system32\user32.dll
2007-05-06 12:35 57,856 --a------ C:\WINDOWS\system32\synceng.dll
2007-05-06 12:35 57,600 --a------ C:\WINDOWS\system32\drivers\usbhub.sys
2007-05-06 12:35 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-06 12:35 53,760 --a------ C:\WINDOWS\system32\winsta.dll
2007-05-06 12:35 52,352 --a------ C:\WINDOWS\system32\drivers\volsnap.sys
2007-05-06 12:35 52,224 --a------ C:\WINDOWS\system32\tsappcmp.dll
2007-05-06 12:35 51,712 --a------ C:\WINDOWS\system32\vdmredir.dll
2007-05-06 12:35 51,456 --a------ C:\WINDOWS\system32\vga256.dll
2007-05-06 12:35 51,200 --a------ C:\WINDOWS\system32\wmerrenu.dll
2007-05-06 12:35 51,200 --a------ C:\WINDOWS\system32\syncapp.exe
2007-05-06 12:35 502,272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-05-06 12:35 50,688 --a------ C:\WINDOWS\twain_32.dll
2007-05-06 12:35 50,688 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-05-06 12:35 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll
2007-05-06 12:35 50,176 --a------ C:\WINDOWS\system32\utilman.exe
2007-05-06 12:35 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-06 12:35 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2007-05-06 12:35 5,632 --a------ C:\WINDOWS\system32\winver.exe
2007-05-06 12:35 5,632 --a------ C:\WINDOWS\system32\tapiperf.dll
2007-05-06 12:35 5,376 --a------ C:\WINDOWS\system32\drivers\viaide.sys
2007-05-06 12:35 5,120 --a------ C:\WINDOWS\system32\winnls.dll
2007-05-06 12:35 49,680 --a------ C:\WINDOWS\twunk_16.exe
2007-05-06 12:35 49,664 --a------ C:\WINDOWS\system32\w32tm.exe
2007-05-06 12:35 49,152 --a------ C:\WINDOWS\system32\wdigest.dll
2007-05-06 12:35 484,864 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-05-06 12:35 47,872 --a------ C:\WINDOWS\system32\user.exe
2007-05-06 12:35 465,176 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-06 12:35 463,360 --a------ C:\WINDOWS\system32\wiadefui.dll
2007-05-06 12:35 45,568 --a------ C:\WINDOWS\system32\tcpmonui.dll
2007-05-06 12:35 45,568 --a------ C:\WINDOWS\system32\tcpmon.dll
2007-05-06 12:35 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-06 12:35 44,032 --a------ C:\WINDOWS\system32\twext.dll
2007-05-06 12:35 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-05-06 12:35 433,664 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2007-05-06 12:35 430,592 --a------ C:\WINDOWS\system32\vssapi.dll
2007-05-06 12:35 42,496 --a------ C:\WINDOWS\system32\wsnmp32.dll
2007-05-06 12:35 413,696 --a------ C:\WINDOWS\system32\vbscript.dll
2007-05-06 12:35 41,240 --a------ C:\WINDOWS\system32\wups.dll
2007-05-06 12:35 408,064 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-05-06 12:35 406,528 --a------ C:\WINDOWS\system32\usp10.dll
2007-05-06 12:35 40,448 --a------ C:\WINDOWS\system32\webhits.dll
2007-05-06 12:35 4,992 --a------ C:\WINDOWS\system32\drivers\toside.sys
2007-05-06 12:35 4,736 --a------ C:\WINDOWS\system32\drivers\usbd.sys
2007-05-06 12:35 4,608 --a------ C:\WINDOWS\system32\vjoy.dll
2007-05-06 12:35 4,352 --a------ C:\WINDOWS\system32\drivers\wmilib.sys
2007-05-06 12:35 4,208 --a------ C:\WINDOWS\system32\storage.dll
2007-05-06 12:35 4,096 --a------ C:\WINDOWS\system32\unlodctr.exe
2007-05-06 12:35 385,536 --a------ C:\WINDOWS\system32\themeui.dll
2007-05-06 12:35 378,368 --a------ C:\WINDOWS\system32\wzcdlg.dll
2007-05-06 12:35 36,864 --a------ C:\WINDOWS\system32\syskey.exe
2007-05-06 12:35 36,736 --a------ C:\WINDOWS\system32\drivers\ultra.sys
2007-05-06 12:35 359,808 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2007-05-06 12:35 358,400 --a------ C:\WINDOWS\system32\termmgr.dll
2007-05-06 12:35 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2007-05-06 12:35 35,840 --a------ C:\WINDOWS\system32\umandlg.dll
2007-05-06 12:35 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-06 12:35 347,136 --a------ C:\WINDOWS\system32\tourstart.exe
2007-05-06 12:35 34,560 --a------ C:\WINDOWS\system32\drivers\wanarp.sys
2007-05-06 12:35 337,920 --a------ C:\WINDOWS\system32\zipfldr.dll
2007-05-06 12:35 33,792 --a------ C:\WINDOWS\system32\vssadmin.exe
2007-05-06 12:35 32,768 --a------ C:\WINDOWS\system32\winipsec.dll
2007-05-06 12:35 32,640 --a------ C:\WINDOWS\system32\drivers\symc8xx.sys
2007-05-06 12:35 32,256 --a------ C:\WINDOWS\system32\wupdmgr.exe
2007-05-06 12:35 32,256 --a------ C:\WINDOWS\system32\wpnpinst.exe
2007-05-06 12:35 32,256 --a------ C:\WINDOWS\system32\wpabaln.exe
2007-05-06 12:35 316,416 --a------ C:\WINDOWS\system32\untfs.dll
2007-05-06 12:35 31,744 --a------ C:\WINDOWS\system32\tracert6.exe
2007-05-06 12:35 31,232 --a------ C:\WINDOWS\system32\traffic.dll
2007-05-06 12:35 303,616 --a------ C:\WINDOWS\system32\wmstream.dll
2007-05-06 12:35 30,749 --a------ C:\WINDOWS\system32\vbajet32.dll
2007-05-06 12:35 30,720 --a------ C:\WINDOWS\system32\xcopy.exe
2007-05-06 12:35 30,688 --a------ C:\WINDOWS\system32\drivers\sym_u3.sys
2007-05-06 12:35 3,072 --a------ C:\WINDOWS\system32\systray.exe
2007-05-06 12:35 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-06 12:35 292,864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-05-06 12:35 289,792 --a------ C:\WINDOWS\system32\vssvc.exe
2007-05-06 12:35 283,648 --a------ C:\WINDOWS\winhlp32.exe
2007-05-06 12:35 28,672 --a------ C:\WINDOWS\system32\wshcon.dll
2007-05-06 12:35 28,384 --a------ C:\WINDOWS\system32\drivers\sym_hi.sys
2007-05-06 12:35 275,456 --a------ C:\WINDOWS\system32\ulib.dll
2007-05-06 12:35 27,136 --a------ C:\WINDOWS\system32\wmdmlog.dll
2007-05-06 12:35 264,192 --a------ C:\WINDOWS\system32\wow32.dll
2007-05-06 12:35 26,624 --a------ C:\WINDOWS\system32\drivers\usbehci.sys
2007-05-06 12:35 26,112 --a------ C:\WINDOWS\system32\vdmdbg.dll
2007-05-06 12:35 256,192 --a------ C:\WINDOWS\winhelp.exe
2007-05-06 12:35 25,600 --a------ C:\WINDOWS\twunk_32.exe
2007-05-06 12:35 25,600 --a------ C:\WINDOWS\system32\utildll.dll
2007-05-06 12:35 25,600 --a------ C:\WINDOWS\system32\udhisapi.dll
2007-05-06 12:35 249,344 --a------ C:\WINDOWS\system32\tapisrv.dll
2007-05-06 12:35 246,814 --a------ C:\WINDOWS\system32\strmdll.dll
2007-05-06 12:35 24,576 --a------ C:\WINDOWS\system32\userinit.exe
2007-05-06 12:35 239,616 --a------ C:\WINDOWS\system32\upnpui.dll
2007-05-06 12:35 233,472 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-05-06 12:35 230,400 --a------ C:\WINDOWS\system32\wmasf.dll
2007-05-06 12:35 23,552 --a------ C:\WINDOWS\system32\wmdmps.dll
2007-05-06 12:35 225,664 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2007-05-06 12:35 22,528 --a------ C:\WINDOWS\system32\wsock32.dll
2007-05-06 12:35 22,016 --a------ C:\WINDOWS\system32\w32topl.dll
2007-05-06 12:35 218,624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-05-06 12:35 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-06 12:35 209,408 --a------ C:\WINDOWS\system32\drivers\update.sys
2007-05-06 12:35 208,896 --a------ C:\WINDOWS\system32\wavemsp.dll
2007-05-06 12:35 20,992 --a------ C:\WINDOWS\system32\drivers\vga.sys
2007-05-06 12:35 20,535 --a------ C:\WINDOWS\system32\vfpodbc.dll
2007-05-06 12:35 20,480 --a------ C:\WINDOWS\system32\wmpui.dll
2007-05-06 12:35 20,480 --a------ C:\WINDOWS\system32\wmpcore.dll
2007-05-06 12:35 20,480 --a------ C:\WINDOWS\system32\wmpcd.dll
2007-05-06 12:35 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys
2007-05-06 12:35 2,940,928 --a------ C:\WINDOWS\system32\wmploc.dll
2007-05-06 12:35 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-05-06 12:35 2,864 --a------ C:\WINDOWS\system32\winsock.dll
2007-05-06 12:35 2,736 --a------ C:\WINDOWS\system32\wowdeb.exe
2007-05-06 12:35 2,112 --a------ C:\WINDOWS\system32\winspool.exe
2007-05-06 12:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-06 12:35 191,488 --a------ C:\WINDOWS\system32\syncui.dll
2007-05-06 12:35 19,968 --a------ C:\WINDOWS\system32\wshtcpip.dll
2007-05-06 12:35 19,968 --a------ C:\WINDOWS\system32\ws2help.dll
2007-05-06 12:35 19,456 --a------ C:\WINDOWS\system32\tcpsvcs.exe
2007-05-06 12:35 19,200 --a------ C:\WINDOWS\system32\tapi.dll
2007-05-06 12:35 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-06 12:35 187,392 --a------ C:\WINDOWS\system32\xpsp1res.dll
2007-05-06 12:35 185,344 --a------ C:\WINDOWS\system32\upnphost.dll
2007-05-06 12:35 181,760 --a------ C:\WINDOWS\system32\tapi32.dll
2007-05-06 12:35 18,944 --a------ C:\WINDOWS\vmmreg32.dll
2007-05-06 12:35 18,944 --a------ C:\WINDOWS\system32\wmiprop.dll
2007-05-06 12:35 18,944 --a------ C:\WINDOWS\system32\winstrm.dll
2007-05-06 12:35 18,944 --a------ C:\WINDOWS\system32\version.dll
2007-05-06 12:35 18,896 --a------ C:\WINDOWS\system32\sysedit.exe
2007-05-06 12:35 18,560 --a------ C:\WINDOWS\system32\drivers\tdi.sys
2007-05-06 12:35 18,432 --a------ C:\WINDOWS\system32\wtsapi32.dll
2007-05-06 12:35 18,432 --a------ C:\WINDOWS\system32\win.com
2007-05-06 12:35 18,432 --a------ C:\WINDOWS\system32\ups.exe
2007-05-06 12:35 18,176 --a------ C:\WINDOWS\system32\vga64k.dll
2007-05-06 12:35 177,856 --a------ C:\WINDOWS\system32\typelib.dll
2007-05-06 12:35 176,640 --a------ C:\WINDOWS\system32\wintrust.dll
2007-05-06 12:35 176,128 --a------ C:\WINDOWS\system32\winmm.dll
2007-05-06 12:35 174,592 --a------ C:\WINDOWS\system32\w32time.dll
2007-05-06 12:35 174,200 --a------ C:\WINDOWS\system32\xenroll.dll
2007-05-06 12:35 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-06 12:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-06 12:35 172,032 --a------ C:\WINDOWS\system32\wldap32.dll
2007-05-06 12:35 17,920 --a------ C:\WINDOWS\system32\ureg.dll
2007-05-06 12:35 17,664 --a------ C:\WINDOWS\system32\watchdog.sys
2007-05-06 12:35 17,408 --a------ C:\WINDOWS\system32\winshfhc.dll
2007-05-06 12:35 17,024 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2007-05-06 12:35 168,448 --a------ C:\WINDOWS\system32\wmerror.dll
2007-05-06 12:35 16,896 --a------ C:\WINDOWS\system32\winrnr.dll
2007-05-06 12:35 16,896 --a------ C:\WINDOWS\system32\vss_ps.dll
2007-05-06 12:35 16,896 --a------ C:\WINDOWS\system32\usbmon.dll
2007-05-06 12:35 16,896 --a------ C:\WINDOWS\system32\upnpcont.exe
2007-05-06 12:35 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-06 12:35 16,896 --a------ C:\WINDOWS\system32\tftp.exe
2007-05-06 12:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-06 12:35 16,256 --a------ C:\WINDOWS\system32\drivers\symc810.sys
2007-05-06 12:35 151,552 --a------ C:\WINDOWS\system32\wmidx.dll
2007-05-06 12:35 15,872 --a------ C:\WINDOWS\system32\w3ssl.dll
2007-05-06 12:35 15,872 --a------ C:\WINDOWS\system32\sysinv.dll
2007-05-06 12:35 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-06 12:35 15,360 --a------ C:\WINDOWS\system32\tsd32.dll
2007-05-06 12:35 15,360 --a------ C:\WINDOWS\system32\taskman.exe
2007-05-06 12:35 145,408 --a------ C:\WINDOWS\system32\wiavusd.dll
2007-05-06 12:35 142,976 --a------ C:\WINDOWS\system32\drivers\usbport.sys
2007-05-06 12:35 14,976 --a------ C:\WINDOWS\system32\drivers\tape.sys
2007-05-06 12:35 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-06 12:35 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-06 12:35 14,848 --a------ C:\WINDOWS\system32\tcpmib.dll
2007-05-06 12:35 14,848 --a------ C:\WINDOWS\system32\stimon.exe
2007-05-06 12:35 14,336 --a------ C:\WINDOWS\system32\wship6.dll
2007-05-06 12:35 14,336 --a------ C:\WINDOWS\system32\svchost.exe
2007-05-06 12:35 138,752 --a------ C:\WINDOWS\system32\swprv.dll
2007-05-06 12:35 136,704 --a------ C:\WINDOWS\system32\sti_ci.dll
2007-05-06 12:35 135,680 --a------ C:\WINDOWS\system32\webvw.dll
2007-05-06 12:35 135,680 --a------ C:\WINDOWS\system32\taskmgr.exe
2007-05-06 12:35 132,608 --a------ C:\WINDOWS\system32\upnp.dll
2007-05-06 12:35 132,096 --a------ C:\WINDOWS\system32\wkssvc.dll
2007-05-06 12:35 13,888 --a------ C:\WINDOWS\system32\toolhelp.dll
2007-05-06 12:35 13,824 --a------ C:\WINDOWS\system32\wscntfy.exe
2007-05-06 12:35 13,824 --a------ C:\WINDOWS\system32\uniplat.dll
2007-05-06 12:35 13,312 --a------ C:\WINDOWS\system32\win87em.dll
2007-05-06 12:35 13,312 --a------ C:\WINDOWS\system32\verifier.dll
2007-05-06 12:35 13,312 --a------ C:\WINDOWS\system32\umdmxfrm.dll
2007-05-06 12:35 129,536 --a------ C:\WINDOWS\system32\xmlprov.dll
2007-05-06 12:35 127,256 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-06 12:35 124,416 --a------ C:\WINDOWS\system32\wiadss.dll
2007-05-06 12:35 124,184 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-06 12:35 123,392 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2007-05-06 12:35 121,856 --a------ C:\WINDOWS\system32\stobject.dll
2007-05-06 12:35 12,672 --a------ C:\WINDOWS\system32\drivers\usb8023.sys
2007-05-06 12:35 12,288 --a------ C:\WINDOWS\system32\tracert.exe
2007-05-06 12:35 12,288 --a------ C:\WINDOWS\system32\tcmsetup.exe
2007-05-06 12:35 12,168 --a------ C:\WINDOWS\system32\tsddd.dll
2007-05-06 12:35 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-06 12:35 12,032 --a------ C:\WINDOWS\system32\drivers\ws2ifsl.sys
2007-05-06 12:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-06 12:35 118,272 --a------ C:\WINDOWS\system32\t2embed.dll
2007-05-06 12:35 115,200 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2007-05-06 12:35 114,688 --a------ C:\WINDOWS\system32\wscript.exe
2007-05-06 12:35 114,688 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-05-06 12:35 111,104 --a------ C:\WINDOWS\system32\wiavideo.dll
2007-05-06 12:35 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-06 12:35 11,776 --a------ C:\WINDOWS\system32\WshRm.dll
2007-05-06 12:35 11,776 --a------ C:\WINDOWS\system32\wshisn.dll
2007-05-06 12:35 11,776 --a------ C:\WINDOWS\system32\winmsd.exe
2007-05-06 12:35 11,264 --a------ C:\WINDOWS\system32\tree.com
2007-05-06 12:35 108,032 --a------ C:\WINDOWS\system32\wshbth.dll
2007-05-06 12:35 105,984 --a------ C:\WINDOWS\system32\sysocmgr.exe
2007-05-06 12:35 102,400 --a------ C:\WINDOWS\system32\wmpshell.dll
2007-05-06 12:35 101,888 --a------ C:\WINDOWS\system32\win32spl.dll
2007-05-06 12:35 101,376 --a------ C:\WINDOWS\system32\txflog.dll
2007-05-06 12:35 10,368 --a------ C:\WINDOWS\system32\wowexec.exe
2007-05-06 12:35 1,843,584 --a------ C:\WINDOWS\system32\win32k.sys
2007-05-06 12:35 1,343,768 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-06 12:35 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-06 12:35 1,119,744 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-05-06 12:35 1,050,624 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-05-06 12:35 1,001,472 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-05-06 12:34 983,552 --a------ C:\WINDOWS\system32\setupapi.dll
2007-05-06 12:34 98,304 --a------ C:\WINDOWS\system32\slbiop.dll
2007-05-06 12:34 98,304 --a------ C:\WINDOWS\system32\rtm.dll
2007-05-06 12:34 96,768 --a------ C:\WINDOWS\system32\srvsvc.dll
2007-05-06 12:34 96,768 --a------ C:\WINDOWS\system32\psbase.dll
2007-05-06 12:34 96,256 --a------ C:\WINDOWS\system32\drivers\scsiport.sys
2007-05-06 12:34 95,744 --a------ C:\WINDOWS\system32\scardsvr.exe
2007-05-06 12:34 94,208 --a------ C:\WINDOWS\system32\odbcint.dll
2007-05-06 12:34 92,168 --a------ C:\WINDOWS\system32\rdpdd.dll
2007-05-06 12:34 91,776 --a------ C:\WINDOWS\system32\drivers\ndiswan.sys
2007-05-06 12:34 91,136 --a------ C:\WINDOWS\system32\ntprint.dll
2007-05-06 12:34 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-06 12:34 90,624 --a------ C:\WINDOWS\system32\mydocs.dll
2007-05-06 12:34 90,112 --a------ C:\WINDOWS\system32\rsvpsp.dll
2007-05-06 12:34 90,112 --a------ C:\WINDOWS\system32\mycomput.dll
2007-05-06 12:34 9,728 --a------ C:\WINDOWS\system32\sprestrt.exe
2007-05-06 12:34 9,728 --a------ C:\WINDOWS\system32\sfc.exe
2007-05-06 12:34 9,728 --a------ C:\WINDOWS\system32\rsvpperf.dll
2007-05-06 12:34 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-06 12:34 9,600 --a------ C:\WINDOWS\system32\drivers\ndistapi.sys
2007-05-06 12:34 9,216 --a------ C:\WINDOWS\system32\scrnsave.scr
2007-05-06 12:34 9,216 --a------ C:\WINDOWS\system32\proxycfg.exe
2007-05-06 12:34 9,216 --a------ C:\WINDOWS\system32\print.exe
2007-05-06 12:34 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2007-05-06 12:34 89,088 --a------ C:\WINDOWS\system32\rasauto.dll
2007-05-06 12:34 882 --a------ C:\WINDOWS\system32\share.exe
2007-05-06 12:34 88,448 --a------ C:\WINDOWS\system32\drivers\nwlnkipx.sys
2007-05-06 12:34 88,064 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-05-06 12:34 875,008 --a------ C:\WINDOWS\system32\netplwiz.dll
2007-05-06 12:34 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-06 12:34 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-05-06 12:34 86,016 --a------ C:\WINDOWS\system32\netsh.exe
2007-05-06 12:34 831,519 --a------ C:\WINDOWS\system32\mswdat10.dll
2007-05-06 12:34 83,456 --a------ C:\WINDOWS\system32\olepro32.dll
2007-05-06 12:34 82,944 --a------ C:\WINDOWS\system32\olecli.dll
2007-05-06 12:34 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-06 12:34 80,896 --a------ C:\WINDOWS\system32\netui0.dll
2007-05-06 12:34 8,832 --a------ C:\WINDOWS\system32\drivers\rasacd.sys
2007-05-06 12:34 8,192 --a------ C:\WINDOWS\system32\smbinst.exe
2007-05-06 12:34 8,192 --a------ C:\WINDOWS\system32\qosname.dll
2007-05-06 12:34 8,192 --a------ C:\WINDOWS\system32\psnppagn.dll
2007-05-06 12:34 8,192 --a------ C:\WINDOWS\system32\ntlsapi.dll
2007-05-06 12:34 77,824 --a------ C:\WINDOWS\system32\shrpubw.exe
2007-05-06 12:34 77,312 --a------ C:\WINDOWS\system32\sdbinst.exe
2007-05-06 12:34 77,312 --a------ C:\WINDOWS\system32\rtcshare.exe
2007-05-06 12:34 76,800 --a------ C:\WINDOWS\system32\nslookup.exe
2007-05-06 12:34 741 --a------ C:\WINDOWS\system32\noise.dat
2007-05-06 12:34 74,752 --a------ C:\WINDOWS\system32\spoolss.dll
2007-05-06 12:34 74,752 --a------ C:\WINDOWS\system32\olecli32.dll
2007-05-06 12:34 733,696 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-05-06 12:34 73,802 --a------ C:\WINDOWS\system32\msrclr40.dll
2007-05-06 12:34 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-06 12:34 72,704 --a------ C:\WINDOWS\system32\msw3prt.dll
2007-05-06 12:34 713,728 --a------ C:\WINDOWS\system32\opengl32.dll
2007-05-06 12:34 71,680 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2007-05-06 12:34 708,096 --a------ C:\WINDOWS\system32\ntdll.dll
2007-05-06 12:34 704,512 --a------ C:\WINDOWS\system32\ss3dfo.scr
2007-05-06 12:34 701,440 --a------ C:\WINDOWS\system32\msxml2.dll
2007-05-06 12:34 70,144 --a------ C:\WINDOWS\system32\sigverif.exe
2007-05-06 12:34 7,680 --a------ C:\WINDOWS\system32\ncxpnt.dll
2007-05-06 12:34 7,168 --a------ C:\WINDOWS\system32\recover.exe
2007-05-06 12:34 7,168 --a------ C:\WINDOWS\system32\msr2cenu.dll
2007-05-06 12:34 7,052 --a------ C:\WINDOWS\system32\nlsfunc.exe
2007-05-06 12:34 69,632 --a------ C:\WINDOWS\system32\scarddlg.dll
2007-05-06 12:34 69,632 --a------ C:\WINDOWS\system32\raschap.dll
2007-05-06 12:34 69,632 --a------ C:\WINDOWS\system32\odbcconf.exe
2007-05-06 12:34 69,632 --a------ C:\WINDOWS\system32\msr2c.dll
2007-05-06 12:34 69,120 --a------ C:\WINDOWS\system32\olethk32.dll
2007-05-06 12:34 69,120 --a------ C:\WINDOWS\system32\notepad.exe
2007-05-06 12:34 69,120 --a------ C:\WINDOWS\system32\drivers\psched.sys
2007-05-06 12:34 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-05-06 12:34 68,224 --a------ C:\WINDOWS\system32\drivers\pci.sys
2007-05-06 12:34 68,096 --a------ C:\WINDOWS\system32\shgina.dll
2007-05-06 12:34 679,936 --a------ C:\WINDOWS\system32\sstext3d.scr
2007-05-06 12:34 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-06 12:34 67,584 --a------ C:\WINDOWS\system32\osuninst.dll
2007-05-06 12:34 67,584 --a------ C:\WINDOWS\system32\drivers\sdbus.sys
2007-05-06 12:34 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-06 12:34 67,072 --a------ C:\WINDOWS\system32\ntdsapi.dll
2007-05-06 12:34 66,560 --a------ C:\WINDOWS\system32\mtxclu.dll
2007-05-06 12:34 657,920 --a------ C:\WINDOWS\system32\rasdlg.dll
2007-05-06 12:34 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-06 12:34 65,536 --a------ C:\WINDOWS\system32\shimeng.dll
2007-05-06 12:34 65,536 --a------ C:\WINDOWS\system32\odbccu32.dll
2007-05-06 12:34 65,536 --a------ C:\WINDOWS\system32\odbccr32.dll
2007-05-06 12:34 64,896 --a------ C:\WINDOWS\system32\drivers\serial.sys
2007-05-06 12:34 64,000 --a------ C:\WINDOWS\system32\samlib.dll
2007-05-06 12:34 63,232 --a------ C:\WINDOWS\system32\drivers\nwlnknb.sys
2007-05-06 12:34 622,080 --a------ C:\WINDOWS\system32\netcfgx.dll
2007-05-06 12:34 62,976 --a------ C:\WINDOWS\system32\pautoenr.dll
2007-05-06 12:34 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-06 12:34 614,429 --a------ C:\WINDOWS\system32\mswstr10.dll
2007-05-06 12:34 610,304 --a------ C:\WINDOWS\system32\sspipes.scr
2007-05-06 12:34 61,440 --a------ C:\WINDOWS\system32\rasman.dll
2007-05-06 12:34 61,440 --a------ C:\WINDOWS\system32\msvcrt40.dll
2007-05-06 12:34 60,928 --a------ C:\WINDOWS\system32\ocmanage.dll
2007-05-06 12:34 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-06 12:34 60,416 --a------ C:\WINDOWS\system32\msratelc.dll
2007-05-06 12:34 6,784 --a------ C:\WINDOWS\system32\drivers\parvdm.sys
2007-05-06 12:34 6,656 --a------ C:\WINDOWS\system32\sensapi.dll
2007-05-06 12:34 6,656 --a------ C:\WINDOWS\system32\routetab.dll
2007-05-06 12:34 6,656 --a------ C:\WINDOWS\system32\msswchx.exe
2007-05-06 12:34 59,904 --a------ C:\WINDOWS\system32\regsvc.dll
2007-05-06 12:34 581,120 --a------ C:\WINDOWS\system32\rpcrt4.dll
2007-05-06 12:34 58,880 --a------ C:\WINDOWS\system32\resutils.dll
2007-05-06 12:34 58,880 --a------ C:\WINDOWS\system32\rastapi.dll
2007-05-06 12:34 58,368 --a------ C:\WINDOWS\system32\packager.exe
2007-05-06 12:34 574,592 --a------ C:\WINDOWS\system32\drivers\ntfs.sys
2007-05-06 12:34 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe
2007-05-06 12:34 57,856 --a------ C:\WINDOWS\system32\ntlanui.dll
2007-05-06 12:34 565,760 --a------ C:\WINDOWS\system32\msvcp50.dll
2007-05-06 12:34 562,176 --a------ C:\WINDOWS\system32\qedit.dll
2007-05-06 12:34 560,640 --a------ C:\WINDOWS\system32\printui.dll
2007-05-06 12:34 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-06 12:34 56,832 --a------ C:\WINDOWS\system32\rasphone.exe
2007-05-06 12:34 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-06 12:34 553,472 --a------ C:\WINDOWS\system32\oleaut32.dll
2007-05-06 12:34 552,989 --a------ C:\WINDOWS\system32\msrepl40.dll
2007-05-06 12:34 55,936 --a------ C:\WINDOWS\system32\drivers\nwlnkspx.sys
2007-05-06 12:34 55,808 --a------ C:\WINDOWS\system32\secur32.dll
2007-05-06 12:34 55,296 --a------ C:\WINDOWS\system32\sendmail.dll
2007-05-06 12:34 549,376 --a------ C:\WINDOWS\system32\shdoclc.dll
2007-05-06 12:34 54,784 --a------ C:\WINDOWS\system32\npptools.dll
2007-05-06 12:34 54,784 --a------ C:\WINDOWS\system32\msvcirt.dll
2007-05-06 12:34 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-06 12:34 53,760 --a------ C:\WINDOWS\system32\narrator.exe
2007-05-06 12:34 53,279 --a------ C:\WINDOWS\system32\odbcji32.dll
2007-05-06 12:34 526,848 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-05-06 12:34 52,224 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-05-06 12:34 51,328 --a------ C:\WINDOWS\system32\drivers\rasl2tp.sys
2007-05-06 12:34 506,368 --a------ C:\WINDOWS\system32\msxml.dll
2007-05-06 12:34 50,688 --a------ C:\WINDOWS\system32\smss.exe
2007-05-06 12:34 50,176 --a------ C:\WINDOWS\system32\reg.exe
2007-05-06 12:34 50,176 --a------ C:\WINDOWS\system32\proquota.exe
2007-05-06 12:34 5,888 --a------ C:\WINDOWS\system32\drivers\rootmdm.sys
2007-05-06 12:34 5,632 --a------ C:\WINDOWS\system32\softpub.dll
2007-05-06 12:34 5,632 --a------ C:\WINDOWS\system32\skdll.dll
2007-05-06 12:34 5,632 --a------ C:\WINDOWS\system32\security.dll
2007-05-06 12:34 5,504 --a------ C:\WINDOWS\system32\drivers\perc2hib.sys
2007-05-06 12:34 5,151 --a------ C:\WINDOWS\system32\oembios.dat
2007-05-06 12:34 5,120 --a------ C:\WINDOWS\system32\shell.dll
2007-05-06 12:34 5,120 --a------ C:\WINDOWS\system32\sfc.dll
2007-05-06 12:34 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-06 12:34 49,664 --a------ C:\WINDOWS\system32\regapi.dll
2007-05-06 12:34 49,179 --a------ C:\WINDOWS\system32\sqlwoa.dll
2007-05-06 12:34 49,152 --a------ C:\WINDOWS\system32\rsmui.exe
2007-05-06 12:34 49,152 --a------ C:\WINDOWS\system32\rsm.exe
2007-05-06 12:34 49,152 --a------ C:\WINDOWS\system32\powercfg.exe
2007-05-06 12:34 49,024 --a------ C:\WINDOWS\system32\drivers\ql1280.sys
2007-05-06 12:34 488,448 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2007-05-06 12:34 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-05-06 12:34 48,384 --a------ C:\WINDOWS\system32\drivers\raspptp.sys
2007-05-06 12:34 48,128 --a------ C:\WINDOWS\system32\msprivs.dll
2007-05-06 12:34 47,104 --a------ C:\WINDOWS\system32\ssmypics.scr
2007-05-06 12:34 46,592 --a------ C:\WINDOWS\system32\pmspl.dll
2007-05-06 12:34 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-06 12:34 45,312 --a------ C:\WINDOWS\system32\drivers\ql12160.sys
2007-05-06 12:34 442,368 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2007-05-06 12:34 44,032 --a------ C:\WINDOWS\system32\rtutils.dll
2007-05-06 12:34 44,032 --a------ C:\WINDOWS\system32\msxml3r.dll
2007-05-06 12:34 438,272 --a------ C:\WINDOWS\system32\shimgvw.dll
2007-05-06 12:34 435,200 --a------ C:\WINDOWS\system32\ntmssvc.dll
2007-05-06 12:34 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-06 12:34 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-06 12:34 43,520 --a------ C:\WINDOWS\system32\pstorec.dll
2007-05-06 12:34 43,520 --a------ C:\WINDOWS\system32\ntlanman.dll
2007-05-06 12:34 421,919 --a------ C:\WINDOWS\system32\msrd2x40.dll
2007-05-06 12:34 42,496 --a------ C:\WINDOWS\system32\shmgrate.exe
2007-05-06 12:34 42,496 --a------ C:\WINDOWS\system32\net.exe
2007-05-06 12:34 419,840 --a------ C:\WINDOWS\system32\ntvdm.exe
2007-05-06 12:34 415,744 --a------ C:\WINDOWS\system32\samsrv.dll
2007-05-06 12:34 414,208 --a------ C:\WINDOWS\system32\setupdll.dll
2007-05-06 12:34 413,696 --a------ C:\WINDOWS\system32\msvcp60.dll
2007-05-06 12:34 41,984 --a------ C:\WINDOWS\system32\msports.dll
2007-05-06 12:34 41,472 --a------ C:\WINDOWS\system32\drivers\raspppoe.sys
2007-05-06 12:34 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-06 12:34 407,040 --a------ C:\WINDOWS\system32\netlogon.dll
2007-05-06 12:34 40,960 --a------ C:\WINDOWS\system32\ntmsapi.dll
2007-05-06 12:34 40,448 --a------ C:\WINDOWS\system32\osuninst.exe
2007-05-06 12:34 40,448 --a------ C:\WINDOWS\system32\drivers\ql1240.sys
2007-05-06 12:34 40,320 --a------ C:\WINDOWS\system32\drivers\ql1080.sys
2007-05-06 12:34 40,320 --a------ C:\WINDOWS\system32\drivers\nmnt.sys
2007-05-06 12:34 4,608 --a------ C:\WINDOWS\system32\regwiz.exe
2007-05-06 12:34 4,608 --a------ C:\WINDOWS\system32\mssip32.dll
2007-05-06 12:34 4,569 --a------ C:\WINDOWS\system32\secupd.dat
2007-05-06 12:34 4,224 --a------ C:\WINDOWS\system32\drivers\rdpcdd.sys
2007-05-06 12:34 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-06 12:34 4,096 --a------ C:\WINDOWS\system32\nddeapir.exe
2007-05-06 12:34 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-06 12:34 397,824 --a------ C:\WINDOWS\system32\rpcss.dll
2007-05-06 12:34 397,824 --a------ C:\WINDOWS\system32\regwizc.dll
2007-05-06 12:34 393,216 --a------ C:\WINDOWS\system32\ssflwbox.scr
2007-05-06 12:34 39,936 --a------ C:\WINDOWS\system32\rshx32.dll
2007-05-06 12:34 39,936 --a------ C:\WINDOWS\system32\perfctrs.dll
2007-05-06 12:34 39,744 --a------ C:\WINDOWS\system32\ole2.dll
2007-05-06 12:34 385,024 --a------ C:\WINDOWS\system32\qdvd.dll
2007-05-06 12:34 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-06 12:34 38,912 --a------ C:\WINDOWS\system32\sens.dll
2007-05-06 12:34 38,016 --a------ C:\WINDOWS\system32\drivers\ndproxy.sys
2007-05-06 12:34 37,916 --a------ C:\WINDOWS\system32\msxml2r.dll
2007-05-06 12:34 37,888 --a------ C:\WINDOWS\system32\olecnv32.dll
2007-05-06 12:34 363,008 --a------ C:\WINDOWS\system32\smlogcfg.dll
2007-05-06 12:34 36,864 --a------ C:\WINDOWS\system32\ntsdexts.dll
2007-05-06 12:34 36,864 --a------ C:\WINDOWS\system32\ntmsevt.dll
2007-05-06 12:34 36,864 --a------ C:\WINDOWS\system32\netstat.exe
2007-05-06 12:34 36,352 --a------ C:\WINDOWS\system32\ncobjapi.dll
2007-05-06 12:34 356,352 --a------ C:\WINDOWS\system32\msscp.dll
2007-05-06 12:34 35,840 --a------ C:\WINDOWS\system32\rcimlby.exe
2007-05-06 12:34 35,840 --a------ C:\WINDOWS\system32\narrhook.dll
2007-05-06 12:34 35,840 --a------ C:\WINDOWS\system32\mssign32.dll
2007-05-06 12:34 35,648 --a------ C:\WINDOWS\system32\ntio411.sys
2007-05-06 12:34 35,424 --a------ C:\WINDOWS\system32\ntio412.sys
2007-05-06 12:34 35,328 --a------ C:\WINDOWS\system32\pifmgr.dll
2007-05-06 12:34 348,189 --a------ C:\WINDOWS\system32\msxbde40.dll
2007-05-06 12:34 348,189 --a------ C:\WINDOWS\system32\mspbde40.dll
2007-05-06 12:34 343,040 --a------ C:\WINDOWS\system32\msvcrt.dll
2007-05-06 12:34 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-06 12:34 34,816 --a------ C:\WINDOWS\system32\ssdpapi.dll
2007-05-06 12:34 34,816 --a------ C:\WINDOWS\system32\perfproc.dll
2007-05-06 12:34 34,560 --a------ C:\WINDOWS\system32\ntio804.sys
2007-05-06 12:34 34,560 --a------ C:\WINDOWS\system32\ntio404.sys
2007-05-06 12:34 34,560 --a------ C:\WINDOWS\system32\drivers\netbios.sys
2007-05-06 12:34 34,432 --a------ C:\WINDOWS\system32\drivers\rawwan.sys
2007-05-06 12:34 34,304 --a------ C:\WINDOWS\system32\pstorsvc.dll
2007-05-06 12:34 332,928 --a------ C:\WINDOWS\system32\drivers\srv.sys
2007-05-06 12:34 33,840 --a------ C:\WINDOWS\system32\ntio.sys
2007-05-06 12:34 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-06 12:34 33,280 --a------ C:\WINDOWS\system32\rundll32.exe
2007-05-06 12:34 33,280 --a------ C:\WINDOWS\system32\ping6.exe
2007-05-06 12:34 33,280 --a------ C:\WINDOWS\system32\msobjs.dll
2007-05-06 12:34 33,152 --a------ C:\WINDOWS\system32\drivers\ql10wnt.sys
2007-05-06 12:34 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2007-05-06 12:34 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2007-05-06 12:34 32,512 --a------ C:\WINDOWS\system32\drivers\nwlnkfwd.sys
2007-05-06 12:34 315,423 --a------ C:\WINDOWS\system32\msrd3x40.dll
2007-05-06 12:34 313,856 --a------ C:\WINDOWS\system32\scesrv.dll
2007-05-06 12:34 312,320 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-05-06 12:34 31,744 --a------ C:\WINDOWS\system32\rtipxmib.dll
2007-05-06 12:34 31,744 --a------ C:\WINDOWS\system32\ntsd.exe
2007-05-06 12:34 31,232 --a------ C:\WINDOWS\system32\sethc.exe
2007-05-06 12:34 31,232 --a------ C:\WINDOWS\system32\sc.exe
2007-05-06 12:34 308,224 --a------ C:\WINDOWS\system32\netui2.dll
2007-05-06 12:34 306,176 --a------ C:\WINDOWS\system32\slbcsp.dll
2007-05-06 12:34 30,848 --a------ C:\WINDOWS\system32\drivers\npfs.sys
2007-05-06 12:34 30,720 --a------ C:\WINDOWS\system32\plustab.dll
2007-05-06 12:34 30,208 --a------ C:\WINDOWS\system32\mspatcha.dll
2007-05-06 12:34 30,080 --a------ C:\WINDOWS\system32\drivers\rndismp.sys
2007-05-06 12:34 3,708 --a------ C:\WINDOWS\system32\pubprn.vbs
2007-05-06 12:34 3,584 --a------ C:\WINDOWS\system32\riched32.dll
2007-05-06 12:34 3,584 --a------ C:\WINDOWS\system32\regedt32.exe
2007-05-06 12:34 3,456 --a------ C:\WINDOWS\system32\drivers\oprghdlr.sys
2007-05-06 12:34 3,338 --a------ C:\WINDOWS\system32\redir.exe
2007-05-06 12:34 3,328 --a------ C:\WINDOWS\system32\drivers\pciide.sys
2007-05-06 12:34 3,072 --a------ C:\WINDOWS\system32\rnr20.dll
2007-05-06 12:34 290,816 --a------ C:\WINDOWS\system32\msnsspc.dll
2007-05-06 12:34 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-06 12:34 29,370 --a------ C:\WINDOWS\system32\ntdos411.sys
2007-05-06 12:34 29,274 --a------ C:\WINDOWS\system32\ntdos412.sys
2007-05-06 12:34 29,184 --a------ C:\WINDOWS\system32\sendcmsg.dll
2007-05-06 12:34 29,184 --a------ C:\WINDOWS\system32\sdhcinst.dll
2007-05-06 12:34 29,146 --a------ C:\WINDOWS\system32\ntdos804.sys
2007-05-06 12:34 29,146 --a------ C:\WINDOWS\system32\ntdos404.sys
2007-05-06 12:34 285,696 --a------ C:\WINDOWS\system32\objsel.dll
2007-05-06 12:34 283,648 --a------ C:\WINDOWS\system32\pdh.dll
2007-05-06 12:34 28,746 --a------ C:\WINDOWS\system32\msrecr40.dll
2007-05-06 12:34 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-06 12:34 28,626 --a------ C:\WINDOWS\system32\perfd009.dat
2007-05-06 12:34 279,040 --a------ C:\WINDOWS\system32\qdv.dll
2007-05-06 12:34 278,559 --a------ C:\WINDOWS\system32\odbcjt32.dll
2007-05-06 12:34 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-06 12:34 272,128 --a------ C:\WINDOWS\system32\perfi009.dat
2007-05-06 12:34 270,848 --a------ C:\WINDOWS\system32\sbe.dll
2007-05-06 12:34 27,866 --a------ C:\WINDOWS\system32\ntdos.sys
2007-05-06 12:34 27,648 --a------ C:\WINDOWS\system32\shscrap.dll
2007-05-06 12:34 27,648 --a------ C:\WINDOWS\system32\profmap.dll
2007-05-06 12:34 27,440 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-05-06 12:34 27,296 --a------ C:\WINDOWS\system32\drivers\perc2.sys
2007-05-06 12:34 266,752 --a------ C:\WINDOWS\system32\oakley.dll
2007-05-06 12:34 26,624 --a------ C:\WINDOWS\system32\scredir.dll
2007-05-06 12:34 26,624 --a------ C:\WINDOWS\system32\perfdisk.dll
2007-05-06 12:34 26,624 --a------ C:\WINDOWS\system32\msxmlr.dll
2007-05-06 12:34 26,224 --a------ C:\WINDOWS\system32\odbc16gt.dll
2007-05-06 12:34 26,112 --a------ C:\WINDOWS\system32\skeys.exe
2007-05-06 12:34 258,077 --a------ C:\WINDOWS\system32\mstext40.dll
2007-05-06 12:34 253,952 --a------ C:\WINDOWS\system32\neth.dll
2007-05-06 12:34 253,952 --a------ C:\WINDOWS\system32\msvcrt20.dll
2007-05-06 12:34 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-06 12:34 25,600 --a------ C:\WINDOWS\system32\routemon.exe
2007-05-06 12:34 25,600 --a------ C:\WINDOWS\system32\msvidc32.dll
2007-05-06 12:34 25,088 --a------ C:\WINDOWS\system32\slayerxp.dll
2007-05-06 12:34 25,088 --a------ C:\WINDOWS\system32\shfolder.dll
2007-05-06 12:34 25,088 --a------ C:\WINDOWS\system32\perfos.dll
2007-05-06 12:34 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-06 12:34 25,088 --a------ C:\WINDOWS\system32\drivers\pciidex.sys
2007-05-06 12:34 249,856 --a------ C:\WINDOWS\system32\odbc32.dll
2007-05-06 12:34 248,832 --a------ C:\WINDOWS\system32\newdev.dll
2007-05-06 12:34 245,760 --a------ C:\WINDOWS\system32\netui1.dll
2007-05-06 12:34 245,760 --a------ C:\WINDOWS\system32\mswmdm.dll
2007-05-06 12:34 245,248 --a------ C:\WINDOWS\system32\mswsock.dll
2007-05-06 12:34 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-06 12:34 24,603 --a------ C:\WINDOWS\system32\sqlwid.dll
2007-05-06 12:34 24,576 --a------ C:\WINDOWS\system32\rsmsink.exe
2007-05-06 12:34 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2007-05-06 12:34 24,064 --a------ C:\WINDOWS\system32\pidgen.dll
2007-05-06 12:34 24,064 --a------ C:\WINDOWS\system32\olesvr.dll
2007-05-06 12:34 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-06 12:34 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-06 12:34 237,568 --a------ C:\WINDOWS\system32\qasf.dll
2007-05-06 12:34 236,544 --a------ C:\WINDOWS\system32\rasapi32.dll
2007-05-06 12:34 23,552 --a------ C:\WINDOWS\system32\sort.exe
2007-05-06 12:34 23,552 --a------ C:\WINDOWS\system32\sfmapi.dll
2007-05-06 12:34 23,552 --a------ C:\WINDOWS\system32\rsvpmsg.dll
2007-05-06 12:34 23,552 --a------ C:\WINDOWS\system32\rasrad.dll
2007-05-06 12:34 23,040 --a------ C:\WINDOWS\system32\setup.exe
2007-05-06 12:34 23,040 --a------ C:\WINDOWS\system32\psapi.dll
2007-05-06 12:34 22,528 --a------ C:\WINDOWS\system32\rasmxs.dll
2007-05-06 12:34 22,016 --a------ C:\WINDOWS\system32\rpcns4.dll
2007-05-06 12:34 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-06 12:34 22,016 --a------ C:\WINDOWS\system32\olesvr32.dll
2007-05-06 12:34 215,552 --a------ C:\WINDOWS\system32\osk.exe
2007-05-06 12:34 214,016 --a------ C:\WINDOWS\system32\netevent.dll
2007-05-06 12:34 21,504 --a------ C:\WINDOWS\system32\rcp.exe
2007-05-06 12:34 21,504 --a------ C:\WINDOWS\system32\pathping.exe
2007-05-06 12:34 206,336 --a------ C:\WINDOWS\system32\rasppp.dll
2007-05-06 12:34 204,288 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-05-06 12:34 202,240 --a------ C:\WINDOWS\system32\drivers\rmcast.sys
2007-05-06 12:34 201,728 --a------ C:\WINDOWS\system32\mspmsp.dll
2007-05-06 12:34 20,992 --a------ C:\WINDOWS\system32\ssmarque.scr
2007-05-06 12:34 20,992 --a------ C:\WINDOWS\system32\sclgntfy.dll
2007-05-06 12:34 20,511 --a------ C:\WINDOWS\system32\odtext32.dll
2007-05-06 12:34 20,511 --a------ C:\WINDOWS\system32\oddbse32.dll
2007-05-06 12:34 20,510 --a------ C:\WINDOWS\system32\odpdx32.dll
2007-05-06 12:34 20,510 --a------ C:\WINDOWS\system32\odfox32.dll
2007-05-06 12:34 20,510 --a------ C:\WINDOWS\system32\odexl32.dll
2007-05-06 12:34 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-06 12:34 20,480 --a------ C:\WINDOWS\system32\nbtstat.exe
2007-05-06 12:34 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-06 12:34 20,480 --a------ C:\WINDOWS\system32\msorc32r.dll
2007-05-06 12:34 2,944 --a------ C:\WINDOWS\system32\drivers\null.sys
2007-05-06 12:34 197,632 --a------ C:\WINDOWS\system32\netman.dll
2007-05-06 12:34 195,072 --a------ C:

#4 shaydie

shaydie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:20 PM

Posted 08 May 2007 - 11:15 AM

and the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:09 AM, on 5/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\internet explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O2 - BHO: (no name) - {d667f186-b28b-4a86-b9d0-05434d2127b7} - C:\WINDOWS\system32\Inetelp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: Inetelp - Inetelp.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 08 May 2007 - 11:44 AM

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {d667f186-b28b-4a86-b9d0-05434d2127b7} - C:\WINDOWS\system32\Inetelp.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O20 - Winlogon Notify: Inetelp - Inetelp.dll (file missing)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users