Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Hors Backdoor.generic6.wih


  • This topic is locked This topic is locked
21 replies to this topic

#1 SabineDiakopi

SabineDiakopi

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 23 May 2007 - 11:02 AM

the one undeletable file on C:\ keeps changing names between
cp1334.nls
cp1041.nls
cp1467.nls

was running most your suggestions, but always comes back

all several minutes, 15 to 30, zonealarm gets several alerts and I am offline and have to restart, then I can go online again.

here my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:47:24 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

this board was once able to help me in such a professional way I trust you again. Thank you!

Sabine

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 May 2007 - 03:18 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Download LSP-Fix
Disconnect from the Internet and close all Internet Explorer Windows.
Run the program and check the "I know what I'm doing" box.
Place all listings of rxfbirh.dll into the remove section by highlighting it and clicking on the button that points to the right. When all instances of this dll are in the remove section press the Finish button.

Reboot your computer, then scan again with HijackThis and post back a new log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 24 May 2007 - 04:44 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.

Download LSP-Fix
Disconnect from the Internet and close all Internet Explorer Windows.
Run the program and check the "I know what I'm doing" box.
Place all listings of rxfbirh.dll into the remove section by highlighting it and clicking on the button that points to the right. When all instances of this dll are in the remove section press the Finish button.

Reboot your computer, then scan again with HijackThis and post back a new log.
Thanks,
Charles



still have C:\cp1041.nls sitting changing its name. can I find internet exporer to download, I think I have it mixed english and greek... might help as well


Logfile of HijackThis v1.99.1
Scan saved at 12:35:49 PM, on 5/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Security\SSI\SYSENF~1.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rxfbirh.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Security\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\cp1041.nls is still sitting there, changing its name. also on this place I have "csb.log" and "RHDSetup.log". maybe they are bad as well?

Also I can add that AVG finds the file straight, puts in in the vault, it is gone for some moments from C:\ but just only for some moment, a minute or so. maybe that is a hint.

sabine

Edited by SabineDiakopi, 24 May 2007 - 05:58 AM.


#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 24 May 2007 - 11:58 AM

Hello Sabine,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

You can download Internet Explorer from here, it's the latest version which is much more secure than it was before.

Please download AVG Anti-Spyware to your Desktop.
Start the set-up program by double clicking the installer.
Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked.
Click the Update tab then select Start update; a progress bar will show the updates being installed.
Now press the Scanner icon, and click the Settings tab.
Click Recommended actions, then set it to Quarantine.
Close the program now, we will scan with it later on.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

c:\windows\system32\rxfbirh.dll

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Please reboot your computer into Safe Mode.
This is done by pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Let's clean out your temporary internet files:
Close all open windows before we start.
Go to Start | Control Panel | Internet Options | General.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed, we need to clean out these temporary files as well:
Go to Tools | Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now we'll clean other temporary files and your Recycle Bin:
Go to Start | Run | type: cleanmgr | OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Launch AVG Anti-Spyware by double clicking the icon on your Desktop.
Press the Scanner icon.
Then click on the Complete System Scan button.
If any infections are found, you will be asked for an action; select Apply all actions.
Now press the Reports icon at the top.
Choose Save report as and save the text file to your Desktop.
Please post this log in your next reply.

Run LSPFix again, using my last set of instructions if necessary.
Make sure you do this in Safe Mode so you are not connected to the internet.

Boot back into Normal Mode.

Scan again with HijackThis and post back the log, along with the AVG Antispyware report. FInally, I'd like some more information about cp1041.nls "changing its name" ...
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 01:50 AM

Hello Sabine,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

You can download Internet Explorer from here, it's the latest version which is much more secure than it was before.

Please download AVG Anti-Spyware to your Desktop.
Start the set-up program by double clicking the installer.
Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked.
Click the Update tab then select Start update; a progress bar will show the updates being installed.
Now press the Scanner icon, and click the Settings tab.
Click Recommended actions, then set it to Quarantine.
Close the program now, we will scan with it later on.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

c:\windows\system32\rxfbirh.dll

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Please reboot your computer into Safe Mode.
This is done by pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Let's clean out your temporary internet files:
Close all open windows before we start.
Go to Start | Control Panel | Internet Options | General.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed, we need to clean out these temporary files as well:
Go to Tools | Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now we'll clean other temporary files and your Recycle Bin:
Go to Start | Run | type: cleanmgr | OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Launch AVG Anti-Spyware by double clicking the icon on your Desktop.
Press the Scanner icon.
Then click on the Complete System Scan button.
If any infections are found, you will be asked for an action; select Apply all actions.
Now press the Reports icon at the top.
Choose Save report as and save the text file to your Desktop.
Please post this log in your next reply.

Run LSPFix again, using my last set of instructions if necessary.
Make sure you do this in Safe Mode so you are not connected to the internet.

Boot back into Normal Mode.

Scan again with HijackThis and post back the log, along with the AVG Antispyware report. FInally, I'd like some more information about cp1041.nls "changing its name" ...
Thanks,
Charles





Hi Charles,

I will do that all again now, about the changing name:

a weird file sits directly n C:\, the name changes between cp1041.nls, cp1334.nls, cp1467.nls and other, think it was cp1500.nls. AVG always finds it, puts it in the vault, it comes back straight again after 1 minute or so. even after deleting in safe mode.
I try all you said now, and will send the outcome.

thank you for your interest!

sabine

#6 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 01:59 AM

Hello Sabine,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

You can download Internet Explorer from here, it's the latest version which is much more secure than it was before.

Please download AVG Anti-Spyware to your Desktop.
Start the set-up program by double clicking the installer.
Follow the on screen instructions to install the program, making sure that "Launch AVG Anti-Spyware" is checked.
Click the Update tab then select Start update; a progress bar will show the updates being installed.
Now press the Scanner icon, and click the Settings tab.
Click Recommended actions, then set it to Quarantine.
Close the program now, we will scan with it later on.

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

c:\windows\system32\rxfbirh.dll

Open 'file' in the killbox menu on top and choose Paste from clipboard
You must use the file menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to reboot now, click "yes".
Click OK at any Pending File Rename Operations prompts, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now. Please reboot your computer into Safe Mode.
This is done by pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Let's clean out your temporary internet files:
Close all open windows before we start.
Go to Start | Control Panel | Internet Options | General.
Click the Delete Cookies button.
Next to it, click the Delete Files button.
When prompted, place a check in: 'Delete all offline content', click OK

If you have Firefox installed, we need to clean out these temporary files as well:
Go to Tools | Options.
Click Privacy.
Press the Clear button located to the right of each option (History, Cookies, Cache).
Click OK to finish, before closing it.
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Now we'll clean other temporary files and your Recycle Bin:
Go to Start | Run | type: cleanmgr | OK.
Let it scan your system for files to remove.
Make sure 'Temporary Files', 'Temporary Internet Files', and 'Recycle Bin' are the only things checked.
Press OK to remove them.

Launch AVG Anti-Spyware by double clicking the icon on your Desktop.
Press the Scanner icon.
Then click on the Complete System Scan button.
If any infections are found, you will be asked for an action; select Apply all actions.
Now press the Reports icon at the top.
Choose Save report as and save the text file to your Desktop.
Please post this log in your next reply.

Run LSPFix again, using my last set of instructions if necessary.
Make sure you do this in Safe Mode so you are not connected to the internet.

Boot back into Normal Mode.

Scan again with HijackThis and post back the log, along with the AVG Antispyware report. FInally, I'd like some more information about cp1041.nls "changing its name" ...
Thanks,
Charles





Hi Charles,

I will do that all again now, about the changing name:

a weird file sits directly n C:\, the name changes between cp1041.nls, cp1334.nls, cp1467.nls and other, think it was cp1500.nls. AVG always finds it, puts it in the vault, it comes back straight again after 1 minute or so. even after deleting in safe mode.
I try all you said now, and will send the outcome.

thank you for your interest!

sabine



(starting with explorer download, bad luck, cant validate originality of my system. that should be the smaller problem though, maybe I can deal with this later after the trojan.)

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 25 May 2007 - 03:52 AM

We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP?
In the meantime can you continue with the rest of my steps.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 04:53 AM

We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP?
In the meantime can you continue with the rest of my steps.



oh god! I made it all again exactly as written. I had to deal with another trojan once before and it was quite easy to come to an end. now I have a new pc, but someone used it once for his "nice" sites and straight came up with the trojan. MY NETWORK is gone now, I cannot connect to the internet. the hole connection is gone! I have not set it up by myself and I did not get any windows CD. we are in greece here and we dont easily get english windows cds. now what do I do? the cp1041.nls sits on C:\ still. I cant even save my data, couldnt find a cd-burner program yet, and cant open cd-drive anymore...

#9 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 04:58 AM

We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP?
In the meantime can you continue with the rest of my steps.



oh god! I made it all again exactly as written. I had to deal with another trojan once before and it was quite easy to come to an end. now I have a new pc, but someone used it once for his "nice" sites and straight came up with the trojan. MY NETWORK is gone now, I cannot connect to the internet. the hole connection is gone! I have not set it up by myself and I did not get any windows CD. we are in greece here and we dont easily get english windows cds. now what do I do? the cp1041.nls sits on C:\ still. I cant even save my data, couldnt find a cd-burner program yet, and cant open cd-drive anymore...



and I cant send any log because I cant see my connections and I just found out that my other pc doesnt take the floppy in...

seems all unsolvable. think I will ask the internet cafe guy to do a format c and set up the connections again. data loss though. any other ideas?

#10 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 05:29 AM

We'll try downloading Internet Explorer again later. Quick question: are you running a legitimate version of XP?
In the meantime can you continue with the rest of my steps.



oh god! I made it all again exactly as written. I had to deal with another trojan once before and it was quite easy to come to an end. now I have a new pc, but someone used it once for his "nice" sites and straight came up with the trojan. MY NETWORK is gone now, I cannot connect to the internet. the hole connection is gone! I have not set it up by myself and I did not get any windows CD. we are in greece here and we dont easily get english windows cds. now what do I do? the cp1041.nls sits on C:\ still. I cant even save my data, couldnt find a cd-burner program yet, and cant open cd-drive anymore...



and I cant send any log because I cant see my connections and I just found out that my other pc doesnt take the floppy in...

seems all unsolvable. think I will ask the internet cafe guy to do a format c and set up the connections again. data loss though. any other ideas?


ok. CD-drive opens again. but no burner program. would you know a safe download? I am just too afraid now to get problems with my second pc.

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 25 May 2007 - 05:34 AM

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.
Highlight Internet Protocol (TCP/IP) and click the Properties button.
Be sure Obtain DNS server address automatically is selected.
OK your way out.

Go to Start > Run and type in cmd
Click OK.
This will open a command prompt.
Type or copy and paste the following line in the command window:

ipconfig /flushdns

Hit Enter
Exit the command window

Does this sort out your internet?
I think we can sort this problem out eventually, if you want to try?

Edited by rookie147, 25 May 2007 - 05:35 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 05:45 AM

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.
Highlight Internet Protocol (TCP/IP) and click the Properties button.
Be sure Obtain DNS server address automatically is selected.
OK your way out.

Go to Start > Run and type in cmd
Click OK.
This will open a command prompt.
Type or copy and paste the following line in the command window:

ipconfig /flushdns

Hit Enter
Exit the command window

Does this sort out your internet?
I think we can sort this problem out eventually, if you want to try?


I would love to try, but you say:

*Right-click the Local Area Connection icon and select Properties.*

there is no connection anymore. so I shall make a new one?

#13 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 05:46 AM

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .
Double-click the Network Connections icon
Right-click the Local Area Connection icon and select Properties.
Highlight Internet Protocol (TCP/IP) and click the Properties button.
Be sure Obtain DNS server address automatically is selected.
OK your way out.

Go to Start > Run and type in cmd
Click OK.
This will open a command prompt.
Type or copy and paste the following line in the command window:

ipconfig /flushdns

Hit Enter
Exit the command window

Does this sort out your internet?
I think we can sort this problem out eventually, if you want to try?


I would love to try, but you say:

*Right-click the Local Area Connection icon and select Properties.*

there is no connection anymore. so I shall make a new one?


it is a wireless ADSL router

#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:07:52 AM

Posted 25 May 2007 - 07:31 AM

Yes, please try doing that.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 SabineDiakopi

SabineDiakopi
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Greece
  • Local time:07:52 AM

Posted 25 May 2007 - 01:32 PM

what happened after:

lets leave the internet connection out, as I dont know about the network I will leave that point to the specialist who made it to establish it again. back to our trojan - I found some other programs today and send the reports



SDFix: Version 1.85

Run by sd - Fri 05/25/2007 - 19:30:05.45

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
kprof
ntldr.sys
poof

ImagePath:
\??\C:\WINDOWS\system32\kprof
\??\C:\ntldr.sys
\??\C:\WINDOWS\system32\poof

kprof - Deleted
ntldr.sys - Deleted
poof - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\AA63.T - Deleted
C:\WINDOWS\SYSTEM32\AB63.T - Deleted
C:\CP1041.NLS - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\WINDOWS\\Explorer.EXE"="C:\\WINDOWS\\Explorer.EXE:*:Enabled:Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\sd\My Documents\My Docs\~WRL0003.tmp
C:\Documents and Settings\sd\My Documents\My Docs\~WRL3212.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\~WRL2153.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0001.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0002.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0003.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0004.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0228.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0504.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0585.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0588.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0610.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0773.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0778.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL0968.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1108.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1114.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1154.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1160.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1195.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1276.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1555.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1570.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1599.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1638.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL1645.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2282.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2380.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2655.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2808.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2860.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL2997.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3023.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3132.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3379.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3539.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3760.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-C\~WRL3975.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\INFO\INFO_E\SKOPELOS\SKO-T\~WRL3677.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0001.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0002.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0004.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\TemplatesMail\~WRL0937.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\1_Properties\Skopelos\SKO-C\~WRL0004.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL0004.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL1423.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL3525.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_E\Selling\~WRL4094.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0003.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0268.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0475.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL0993.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\~WRL1514.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0094.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0463.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0581.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0792.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL0894.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL1047.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL1312.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL1702.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL2032.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL2781.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3325.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3338.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3347.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3495.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3795.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL3811.tmp
C:\Documents and Settings\sd\My Documents\My Docs\GR_ISL_PROPERTIES\WEBSITE\WEB_G\6_Inselinfo\~WRL4023.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0003.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0280.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0367.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0390.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0562.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0570.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0740.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0971.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL0972.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1040.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1064.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1225.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1298.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1323.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1428.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1485.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1523.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL1594.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2119.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2218.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2318.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2635.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2776.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2864.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL2875.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3390.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3456.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3512.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3661.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3690.tmp
C:\Documents and Settings\sd\My Documents\My Docs\POOLS\Catalogue\Leitern\~WRL3983.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0001.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0295.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0933.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL0988.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL1194.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL2575.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL2972.tmp
C:\Documents and Settings\sd\My Documents\My Docs\THALPOS\~WRL3991.tmp
C:\Documents and Settings\sd\My Documents\My Pictures\Pix_Web\SKO-COM-002\~WRL0001.tmp

Finished







"sd" - 2007-05-25 19:37:09 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\sd\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\DOCUME~1\sd\Desktop.\internet explorer.lnk"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-25 ))))))))))))))))))))))))))))))))))


2007-05-25 18:13 <DIR> d-------- C:\Program Files\Ahead
2007-05-25 13:06 191 --a------ C:\Program Files\Settings.dat
2007-05-25 11:30 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-24 19:29 <DIR> d-------- C:\Program Files\Trend Micro
2007-05-24 10:44 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-24 10:25 159,744 --a------ C:\WINDOWS\system32\hasher.dll
2007-05-23 20:42 94,208 --a------ C:\WINDOWS\system32\P2bdao.dll
2007-05-23 20:42 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2007-05-23 20:42 77,824 --a------ C:\WINDOWS\system32\msbind.dll
2007-05-23 20:42 65,536 --a------ C:\WINDOWS\system32\ssfm1032.dll
2007-05-23 20:42 65,536 --a------ C:\WINDOWS\system32\P2irdao.dll
2007-05-23 20:42 61,440 --a------ C:\WINDOWS\system32\SSPNG2.DLL
2007-05-23 20:42 539,824 --a------ C:\WINDOWS\system32\TIBase6.DLL
2007-05-23 20:42 53,248 --a------ C:\WINDOWS\system32\P2ctdao.dll
2007-05-23 20:42 510,976 --a------ C:\WINDOWS\system32\msde.dll
2007-05-23 20:42 4,587,577 --a------ C:\WINDOWS\system32\Crpe32.dll
2007-05-23 20:42 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-05-23 20:42 316,344 --a------ C:\WINDOWS\system32\Tdbgpp.DLL
2007-05-23 20:42 286,720 --a------ C:\WINDOWS\system32\P2sodbc.dll
2007-05-23 20:42 242,640 --a------ C:\WINDOWS\system32\Todgub6.DLL
2007-05-23 20:42 180,888 --a------ C:\WINDOWS\system32\TIHolyX6.DLL
2007-05-23 20:42 17,920 --a------ C:\WINDOWS\system32\Implode.dll
2007-05-23 20:42 163,840 --a------ C:\WINDOWS\system32\P2SMON.dll
2007-05-23 20:42 136,704 --a------ C:\WINDOWS\system32\msderun.dll
2007-05-23 20:42 133,296 --a------ C:\WINDOWS\system32\TIShare6.DLL
2007-05-23 20:42 123,664 --a------ C:\WINDOWS\system32\MSJINT35.DLL
2007-05-23 20:42 1,249,334 --a------ C:\WINDOWS\system32\cxlibw-1-6.dll
2007-05-23 20:42 1,046,288 --a------ C:\WINDOWS\system32\msjet35.dll
2007-05-23 20:42 <DIR> d-------- C:\WINDOWS\CRYSTAL
2007-05-23 20:42 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
2007-05-23 20:41 98,356 --a------ C:\WINDOWS\system32\msjter32.dll
2007-05-23 20:41 965,904 --a------ C:\WINDOWS\system32\msjt3032.dll
2007-05-23 20:41 33,552 --a------ C:\WINDOWS\system32\msjint32.dll
2007-05-23 20:41 262,144 --a------ C:\WINDOWS\uninst.exe
2007-05-23 20:41 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.dll
2007-05-23 20:41 244,496 --a------ C:\WINDOWS\system32\vbar2232.dll
2007-05-23 12:22 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-23 10:29 <DIR> d-------- C:\DOCUME~1\sd\.housecall6.6
2007-05-23 09:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-23 09:48 <DIR> d-------- C:\!KillBox
2007-05-22 20:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-22 10:24 <DIR> d-------- C:\Program Files\Footsteps
2007-05-21 10:21 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-05-18 11:05 <DIR> d-------- C:\Program Files\Cobian Backup 8
2007-05-17 19:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-15 12:53 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-03 20:19 <DIR> d-------- C:\Program Files\BackUp
2007-04-30 18:33 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-30 18:31 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\Google
2007-04-30 18:26 <DIR> d-------- C:\Program Files\Google
2007-04-30 18:25 14,993,976 --a------ C:\Program Files\Google_Earth_AZXV.exe
2007-04-27 18:09 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\Lavasoft
2007-04-27 13:15 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-04-27 13:15 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-27 13:15 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-04-27 13:15 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-04-27 13:15 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-27 13:14 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-04-27 13:09 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-27 13:08 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-27 13:07 6,006,832 --a------ C:\Program Files\Firefox Setup 2.0.0.3.exe
2007-04-27 13:00 953,008 --a------ C:\Program Files\install_flash_player.exe
2007-04-27 12:59 1,126,405 --a------ C:\Program Files\microburner.exe
2007-04-27 12:56 <DIR> d-------- C:\Program Files\WS_FTP
2007-04-27 12:55 1,085,965 --a------ C:\Program Files\ws_ftple.exe
2007-04-27 12:53 523,976 --a------ C:\Program Files\PopUpStopperFree.exe
2007-04-27 12:46 21,822,168 --a------ C:\Program Files\AdbeRdr80_en_US.exe
2007-04-27 12:37 <DIR> d-------- C:\Program Files\No23 Recorder
2007-04-26 20:52 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\Skype
2007-04-26 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-26 20:51 <DIR> d-------- C:\Program Files\Skype
2007-04-26 18:18 <DIR> d-------- C:\Program Files\Security
2007-04-26 18:15 <DIR> d---s---- C:\DOCUME~1\sd\UserData
2007-04-26 14:00 <DIR> d--hs---- C:\RECYCLER
2007-04-26 12:28 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\HP
2007-04-26 12:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-04-26 12:26 <DIR> d-------- C:\Program Files\Common Files\HP
2007-04-26 12:25 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-04-26 12:24 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2007-04-26 12:24 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2007-04-26 12:24 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-04-26 12:23 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-04-26 12:23 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-04-26 12:23 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-04-26 12:21 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-04-26 12:21 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-04-26 12:21 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-04-26 12:21 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-04-26 12:21 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-04-26 12:21 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-04-26 12:21 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-04-26 12:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-04-26 12:19 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-04-26 12:19 <DIR> d-------- C:\Program Files\HP
2007-04-26 12:18 117,128 --a------ C:\WINDOWS\hpoins11.dat
2007-04-26 10:48 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-26 10:47 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-26 10:47 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-26 10:46 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-26 10:45 <DIR> dr-h----- C:\MSOCache
2007-04-26 01:07 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-04-26 01:06 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-04-26 01:06 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-04-26 01:05 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-04-26 01:05 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-04-26 01:05 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-04-26 01:05 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-04-26 01:05 <DIR> dr------- C:\Program Files
2007-04-26 01:05 <DIR> d--hs---- C:\WINDOWS\Installer
2007-04-26 01:05 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-26 01:05 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-04-26 01:04 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-04-26 01:04 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-04-26 01:04 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-04-26 01:04 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-04-26 01:04 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-04-26 01:04 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-04-26 01:04 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-04-26 01:04 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-04-26 01:04 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2007-04-26 01:04 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-04-26 01:04 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-04-26 01:04 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-04-26 01:04 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-04-26 01:04 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-04-26 01:04 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-04-26 01:04 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-04-26 01:04 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-04-26 01:04 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-04-26 01:04 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-04-26 01:04 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-04-26 01:04 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-04-26 01:04 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-04-26 01:04 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-04-26 01:04 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-04-26 01:04 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-04-26 01:04 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-04-26 01:04 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-04-26 01:04 <DIR> d--hs---- C:\System Volume Information
2007-04-26 01:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-04-26 01:04 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-04-26 01:04 <DIR> d-------- C:\Documents and Settings
2007-04-26 00:57 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-04-26 00:57 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-04-26 00:57 <DIR> dr------- C:\WINDOWS\Web
2007-04-26 00:57 <DIR> d--h----- C:\WINDOWS\inf
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\WinSxS
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\twain_32
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\wins
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\spool
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\ras
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\npp
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\mui
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\IME
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\ias
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\export
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\config
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\3076
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\2052
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1054
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1042
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1041
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1037
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1033
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1031
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1028
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32\1025
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system32
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\system
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\security
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Resources
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\repair
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Provisioning
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\PeerNet
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\pchealth
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\mui
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\msapps
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\msagent
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Media
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\ime
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Help
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Debug
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Cursors
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\Config
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\AppPatch
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS\addins
2007-04-26 00:57 <DIR> d-------- C:\WINDOWS
2007-04-26 00:35 135,168 -ra------ C:\WINDOWS\system32\igfxres.dll
2007-04-26 00:35 <DIR> d-------- C:\WINDOWS\system32\Lang
2007-04-26 00:34 85,120 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-04-26 00:34 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-04-26 00:34 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2007-04-26 00:34 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-04-26 00:34 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-04-26 00:34 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-04-26 00:34 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2007-04-26 00:34 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2007-04-26 00:34 49,152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-04-26 00:34 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2007-04-26 00:34 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-04-26 00:34 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-04-26 00:34 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-04-26 00:34 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2007-04-26 00:34 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-04-26 00:33 9,709,568 -r------- C:\WINDOWS\RTLCPL.exe
2007-04-26 00:33 86,016 -r------- C:\WINDOWS\SoundMan.exe
2007-04-26 00:33 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2007-04-26 00:33 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-04-26 00:33 499,712 -r------- C:\WINDOWS\RtlExUpd.dll
2007-04-26 00:33 4,225,920 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2007-04-26 00:33 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-26 00:33 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-04-26 00:33 2,879,488 -r------- C:\WINDOWS\SkyTel.exe
2007-04-26 00:33 2,808,832 -r------- C:\WINDOWS\alcwzrd.exe
2007-04-26 00:33 2,157,568 -r------- C:\WINDOWS\MicCal.exe
2007-04-26 00:33 16,270,848 -r------- C:\WINDOWS\RTHDCPL.exe
2007-04-26 00:33 1,183,744 -r------- C:\WINDOWS\RtlUpd.exe
2007-04-26 00:33 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-26 00:33 <DIR> d-------- C:\Program Files\Realtek
2007-04-26 00:33 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-26 00:33 <DIR> d-------- C:\DOCUME~1\sd\APPLIC~1\InstallShield
2007-04-26 00:32 98,304 -ra------ C:\WINDOWS\system32\igfxtray.exe
2007-04-26 00:32 94,208 -ra------ C:\WINDOWS\system32\igfxext.exe
2007-04-26 00:32 899,194 -ra------ C:\WINDOWS\system32\ialmdd5.dll
2007-04-26 00:32 86,016 -ra------ C:\WINDOWS\system32\igfxdo.dll
2007-04-26 00:32 77,824 -ra------ C:\WINDOWS\system32\hkcmd.exe
2007-04-26 00:32 73,728 -ra------ C:\WINDOWS\system32\hccutils.dll
2007-04-26 00:32 61,440 -ra------ C:\WINDOWS\system32\iAlmCoIn_v4436.dll
2007-04-26 00:32 57,344 -ra------ C:\WINDOWS\system32\igfxsrvc.dll
2007-04-26 00:32 524,288 -ra------ C:\WINDOWS\system32\igldev32.dll
2007-04-26 00:32 49,152 -ra------ C:\WINDOWS\system32\ialmrem.dll
2007-04-26 00:32 450,560 -ra------ C:\WINDOWS\system32\igfxcfg.exe
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\igfxexps.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuTRK.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuTHA.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuSVE.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuRUS.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuPTG.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuPTB.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuPLK.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuNOR.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuNLD.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuKOR.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuJPN.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuITA.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuHUN.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuHEB.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuFRC.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuFRA.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuFIN.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuESP.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuENG.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuELL.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuDEU.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuDAN.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuCSY.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuCHT.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuCHS.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuARB.dll
2007-04-26 00:32 40,960 -ra------ C:\WINDOWS\system32\ialmuARA.dll
2007-04-26 00:32 36,990 -ra------ C:\WINDOWS\system32\ialmrnt5.dll
2007-04-26 00:32 214,746 -ra------ C:\WINDOWS\system32\ialmdev5.dll
2007-04-26 00:32 2,310,144 -ra------ C:\WINDOWS\system32\iglicd32.dll
2007-04-26 00:32 159,744 -ra------ C:\WINDOWS\system32\igfxsrvc.exe
2007-04-26 00:32 147,456 -ra------ C:\WINDOWS\system32\igfxpph.dll
2007-04-26 00:32 135,168 -ra------ C:\WINDOWS\system32\igfxdev.dll
2007-04-26 00:32 119,419 -ra------ C:\WINDOWS\system32\ialmdnt5.dll
2007-04-26 00:32 118,784 -ra------ C:\WINDOWS\system32\igfxpers.exe
2007-04-26 00:32 114,688 -ra------ C:\WINDOWS\system32\igfxzoom.exe
2007-04-26 00:32 114,688 -ra------ C:\WINDOWS\system32\ialmudlg.exe
2007-04-26 00:32 1,503,232 -ra------ C:\WINDOWS\system32\igfxress.dll
2007-04-26 00:32 1,353,820 -ra------ C:\WINDOWS\system32\drivers\ialmnt5.sys
2007-04-26 00:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-26 00:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-26 00:30 <DIR> d-------- C:\Program Files\Intel
2007-04-26 00:28 4,456,448 --a------ C:\DOCUME~1\sd\NTUSER.DAT
2007-04-26 00:26 761,856 --a------ C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-26 00:26 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-26 00:26 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-26 00:13 757,760 --a------ C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-26 00:11 262,144 --ah----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-26 00:11 0 -rahs---- C:\MSDOS.SYS
2007-04-26 00:11 0 -rahs---- C:\IO.SYS
2007-04-26 00:11 0 --a------ C:\CONFIG.SYS
2007-04-26 00:11 0 --a------ C:\AUTOEXEC.BAT
2007-04-26 00:11 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-26 00:11 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-26 00:10 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-26 00:10 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-26 00:10 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-26 00:10 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-26 00:09 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-26 00:09 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-26 00:09 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-26 00:09 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-26 00:09 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-26 00:08 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-26 00:08 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-26 00:08 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-26 00:08 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-26 00:08 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-26 00:08 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-26 00:08 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-26 00:08 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-26 00:08 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-26 00:08 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-26 00:08 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-26 00:08 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-26 00:08 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-26 00:08 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-26 00:08 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-26 00:08 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-26 00:08 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-26 00:08 36,864 --a------ C:\WINDOWS\system32\wups.dll
2007-04-26 00:08 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-26 00:08 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-26 00:08 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-26 00:08 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-26 00:08 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-26 00:08 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-26 00:08 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-26 00:08 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-26 00:08 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-26 00:08 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-26 00:08 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-26 00:08 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-26 00:08 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-26 00:08 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-26 00:08 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-26 00:08 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-26 00:08 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-26 00:08 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-26 00:08 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-26 00:08 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-26 00:08 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-26 00:08 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-26 00:08 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-26 00:08 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-26 00:08 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-26 00:08 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-26 00:08 <DIR> d-------- C:\WINDOWS\Registration
2007-04-26 00:08 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-26 00:08 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-26 00:07 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-26 00:07 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-26 00:07 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-26 00:07 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-26 00:07 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-26 00:07 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-26 00:07 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-26 00:07 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-26 00:07 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-26 00:07 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-26 00:07 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-26 00:07 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-26 00:07 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-26 00:07 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-26 00:07 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-26 00:07 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-26 00:07 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-26 00:07 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-26 00:07 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-26 00:07 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-26 00:07 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-26 00:07 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-26 00:07 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-26 00:07 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-26 00:07 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-26 00:07 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-26 00:07 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-26 00:07 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-26 00:07 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-26 00:07 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-26 00:07 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-26 00:07 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-26 00:07 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-26 00:07 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-26 00:07 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-26 00:07 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-26 00:07 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-26 00:07 <DIR> d-------- C:\Program Files\Online Services
2007-04-26 00:07 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-26 00:07 <DIR> d-------- C:\Program Files\Messenger
2007-04-26 00:06 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-26 00:06 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-26 00:06 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-26 00:06 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-26 00:06 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-26 00:06 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-26 00:06 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-26 00:06 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-26 00:06 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-26 00:06 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-26 00:06 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-26 00:06 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-26 00:06 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-26 00:06 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-26 00:06 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-26 00:06 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-26 00:06 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-26 00:06 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-26 00:06 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-26 00:06 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-26 00:06 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-26 00:06 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-26 00:06 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-26 00:06 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-26 00:06 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-26 00:06 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-26 00:06 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-26 00:06 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-26 00:06 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-26 00:06 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-26 00:06 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-26 00:06 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-26 00:06 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-26 00:06 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-26 00:06 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-26 00:06 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-26 00:06 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-26 00:06 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-26 00:06 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-26 00:06 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-26 00:06 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-26 00:06 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-26 00:06 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-26 00:06 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-26 00:06 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-26 00:06 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-26 00:06 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-26 00:06 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-26 00:06 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-26 00:06 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 08:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 08:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 08:55]
"RTHDCPL"="RTHDCPL.EXE" []
"SkyTel"="SkyTel.EXE" []
"Alcmtr"="ALCMTR.EXE" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-30 09:10]
"ZoneAlarm Client"="C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe" [2007-01-08 14:29]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 13:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06]

*Newly Created Service* -PROCEXP90

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-25 19:40:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-25 19:40:53
C:\ComboFix-quarantined-files.txt ... 2007-05-25 19:40

--- E O F ---


2007-04-30 19:52	  767	--a------	C:\Qoobox\Quarantine\C\DOCUME~1\sd\Desktop\Internet Explorer.lnk.vir


Folder PATH listing
Volume serial number is 38B5-1842
C:\QOOBOX
\---Quarantine
	+---C
	|   \---DOCUME~1
	|	   \---sd
	|		   \---Desktop
	|				   Internet Explorer.lnk.vir
	|				   
	\---Registry_backups





Deckard's System Scanner v20070426.43
Run by sd on 2007-05-25 at 19:56:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-05-25 16:56:14 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2007-05-25 15:13:37 UTC - RP2 - ┼Ńŕߢ▄ˇ˘ßˇš Nero - Burning Rom
1: 2007-05-25 09:59:06 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as sd.exe) --------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 7:56:57 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Security\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\sd\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\sd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Security\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SysEnforce - c:\progra~1\security\ssi\sysenf~1.exe


-- Files created between 2007-04-25 and 2007-05-25 -----------------------------

2007-05-25 18:13:50 0 d-------- C:\Program Files\Ahead
2007-05-25 13:06:59 191 --a------ C:\Program Files\Settings.dat
2007-05-25 11:38:58 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2007-05-25 11:30:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-05-24 19:29:48 0 d-------- C:\Program Files\Trend Micro
2007-05-24 10:44:38 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-24 10:25:12 159744 --a------ C:\WINDOWS\system32\hasher.dll <Not Verified; ; hasher Dynamic Link Library>
2007-05-23 20:42:27 61440 --a------ C:\WINDOWS\system32\SSPNG2.DLL <Not Verified; Infragistics, Inc.; Infragistics SSPng>
2007-05-23 20:42:25 65536 --a------ C:\WINDOWS\system32\ssfm1032.dll <Not Verified; Sheridan Software Systems, Inc; Sheridan Software Systems, Inc>
2007-05-23 20:42:24 1249334 --a------ C:\WINDOWS\system32\cxlibw-1-6.dll <Not Verified; Crystal Decisions; Crystal Enterprise>
2007-05-23 20:42:18 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2007-05-23 20:42:14 286720 --a------ C:\WINDOWS\system32\P2sodbc.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports>
2007-05-23 20:42:14 163840 --a------ C:\WINDOWS\system32\P2SMON.dll <Not Verified; Seagate Software, Inc; Crystal Reports>
2007-05-23 20:42:14 65536 --a------ C:\WINDOWS\system32\P2irdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports>
2007-05-23 20:42:14 53248 --a------ C:\WINDOWS\system32\P2ctdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports>
2007-05-23 20:42:14 94208 --a------ C:\WINDOWS\system32\P2bdao.dll <Not Verified; Seagate Software Information Management Group, Inc.; Crystal Reports>
2007-05-23 20:42:14 17920 --a------ C:\WINDOWS\system32\Implode.dll
2007-05-23 20:42:14 0 d-------- C:\WINDOWS\CRYSTAL
2007-05-23 20:42:13 136704 --a------ C:\WINDOWS\system32\msderun.dll <Not Verified; Microsoft Corporation; Microsoft Data Environment Runtime 1.0>
2007-05-23 20:42:13 510976 --a------ C:\WINDOWS\system32\msde.dll <Not Verified; Microsoft Corporation; Microsoft Data Environment 1.0>
2007-05-23 20:42:13 77824 --a------ C:\WINDOWS\system32\msbind.dll <Not Verified; Microsoft Corporation; MSBind Object Library>
2007-05-23 20:42:13 4587577 --a------ C:\WINDOWS\system32\Crpe32.dll <Not Verified; Seagate Software, Inc.; Crystal Reports>
2007-05-23 20:42:12 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-05-23 20:42:12 1046288 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft« Jet>
2007-05-23 20:42:11 123664 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft« Jet>
2007-05-23 20:41:59 244496 --a------ C:\WINDOWS\system32\vbar2232.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-05-23 20:41:59 245520 --a------ C:\WINDOWS\system32\MSRD2X32.dll <Not Verified; Microsoft Corporation; Microsoft« Jet>
2007-05-23 20:41:59 98356 --a------ C:\WINDOWS\system32\msjter32.dll <Not Verified; Microsoft Corporation; Microsoft« Jet>
2007-05-23 20:41:59 965904 --a------ C:\WINDOWS\system32\msjt3032.dll <Not Verified; Microsoft Corporation; Microsoft« Jet>
2007-05-23 20:41:59 33552 --a------ C:\WINDOWS\system32\msjint32.dll <Not Verified; Microsoft Corporation; Microsoft« Jet Database Engine>
2007-05-23 20:41:56 262144 --a------ C:\WINDOWS\uninst.exe <Not Verified; Stirling Technologies, Inc.; InstallSHIELD Deinstaller>
2007-05-23 10:29:28 0 d-------- C:\Documents and Settings\sd\.housecall6.6
2007-05-23 09:48:50 0 d-------- C:\!KillBox
2007-05-22 20:43:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-22 10:24:55 0 d-------- C:\Program Files\Footsteps
2007-05-18 11:05:23 0 d-------- C:\Program Files\Cobian Backup 8
2007-05-17 19:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-05-17 19:36:43 0 dr-h----- C:\Documents and Settings\sd\Recent
2007-05-17 16:37:37 10 --a------ C:\WINDOWS\393799389
2007-05-17 16:37:33 0 dr-h----- C:\$VAULT$.AVG
2007-05-15 12:53:35 0 d-------- C:\WINDOWS\system32\LogFiles
2007-05-08 12:34:19 0 d-------- C:\Program Files\Common Files\Macromedia
2007-05-08 12:34:13 0 d-------- C:\Program Files\Macromedia
2007-05-03 20:19:33 0 d-------- C:\Program Files\BackUp
2007-04-30 18:33:22 0 d-------- C:\Program Files\Common Files\Skype
2007-04-30 18:31:16 0 d-------- C:\Documents and Settings\sd\Application Data\Google
2007-04-30 18:26:46 0 d-------- C:\Program Files\Google
2007-04-27 18:09:33 0 d-------- C:\Documents and Settings\sd\Application Data\Lavasoft
2007-04-27 13:19:46 0 d-------- C:\Documents and Settings\sd\Application Data\Adobe
2007-04-27 13:15:42 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-04-27 13:15:30 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-04-27 13:15:13 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-04-27 13:14:24 0 d-------- C:\WINDOWS\Internet Logs
2007-04-27 13:09:45 0 d-------- C:\Documents and Settings\sd\Application Data\Macromedia
2007-04-27 13:09:37 1156 --a------ C:\WINDOWS\mozver.dat
2007-04-27 13:08:27 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-27 13:08:23 0 d-------- C:\Documents and Settings\sd\Application Data\Mozilla
2007-04-27 12:59:00 1126405 --a------ C:\Program Files\microburner.exe <Not Verified; SilentNight Network and Security Tool; SilentNight Micro Burner>
2007-04-27 12:56:11 0 d-------- C:\Program Files\WS_FTP
2007-04-27 12:55:31 1085965 --a------ C:\Program Files\ws_ftple.exe <Not Verified; InstallShield Software Corporation; PackageForTheWeb Stub>
2007-04-27 12:53:27 523976 --a------ C:\Program Files\PopUpStopperFree.exe
2007-04-27 12:52:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-27 12:52:41 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-27 12:37:31 0 d-------- C:\Program Files\No23 Recorder
2007-04-26 20:52:23 0 d-------- C:\Documents and Settings\sd\Application Data\Skype
2007-04-26 20:52:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-04-26 20:51:15 0 d-------- C:\Program Files\Skype
2007-04-26 18:32:18 0 d-------- C:\Documents and Settings\sd\Application Data\AVG7
2007-04-26 18:32:11 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-04-26 18:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-04-26 18:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-04-26 18:18:47 0 d-------- C:\Program Files\Security
2007-04-26 18:15:28 0 d---s---- C:\Documents and Settings\sd\UserData
2007-04-26 12:28:32 0 d-------- C:\Documents and Settings\sd\Application Data\HP
2007-04-26 12:28:21 0 d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-04-26 12:26:44 0 d-------- C:\Program Files\Common Files\HP
2007-04-26 12:25:04 0 d-------- C:\Program Files\Hewlett-Packard
2007-04-26 12:24:42 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-04-26 12:21:01 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield« unInstaller>
2007-04-26 12:19:42 0 d-------- C:\Program Files\HP
2007-04-26 12:18:33 117128 --a------ C:\WINDOWS\hpoins11.dat
2007-04-26 10:47:26 0 d-------- C:\Program Files\Microsoft.NET
2007-04-26 10:47:23 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-26 10:46:54 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-26 10:45:11 0 dr-h----- C:\MSOCache
2007-04-26 01:05:15 0 d--hs---- C:\WINDOWS\Installer
2007-04-26 01:05:14 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-26 01:05:11 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-26 01:05:10 0 dr------- C:\Program Files
2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-04-26 01:04:45 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-04-26 01:04:45 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-04-26 01:04:45 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-04-26 01:04:45 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-04-26 01:04:45 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-04-26 01:04:45 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-04-26 01:04:45 0 dr------- C:\Documents and Settings\All Users\Documents
2007-04-26 01:04:45 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-04-26 01:04:31 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-04-26 01:04:31 0 d-------- C:\WINDOWS\system32\CatRoot
2007-04-26 01:04:26 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-04-26 01:04:26 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-04-26 01:04:26 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-04-26 01:04:26 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-04-26 01:04:04 0 d--hs---- C:\System Volume Information
2007-04-26 01:04:04 0 d-------- C:\Documents and Settings
2007-04-26 00:57:30 0 d-------- C:\WINDOWS
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\WinSxS
2007-04-26 00:57:30 0 dr------- C:\WINDOWS\Web
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\twain_32
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\wins
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\wbem
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\usmt
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\spool
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\ShellExt
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\Setup
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\ras
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\oobe
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\npp
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\mui
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\inetsrv
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\IME
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\icsxml
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\ias
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\export
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\drivers
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-04-26 00:57:30 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\dhcp
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\config
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\3076
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\2052
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1054
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1042
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1041
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1037
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1033
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1031
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1028
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system32\1025
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\system
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\security
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Resources
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\repair
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Provisioning
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\PeerNet
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\pchealth
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\mui
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\msapps
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\msagent
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Media
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\java
2007-04-26 00:57:30 0 d--h----- C:\WINDOWS\inf
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\ime
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Help
2007-04-26 00:57:30 0 dr--s---- C:\WINDOWS\Fonts
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Driver Cache
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Debug
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Cursors
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Connection Wizard
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\Config
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\AppPatch
2007-04-26 00:57:30 0 d-------- C:\WINDOWS\addins
2007-04-26 00:35:21 0 d-------- C:\WINDOWS\system32\Lang
2007-04-26 00:34:25 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2007-04-26 00:34:01 0 d-------- C:\WINDOWS\system32\RTCOM
2007-04-26 00:34:00 0 d-------- C:\WINDOWS\OPTIONS
2007-04-26 00:33:52 0 d-------- C:\Documents and Settings\sd\Application Data\InstallShield
2007-04-26 00:33:30 0 d-------- C:\Program Files\Realtek
2007-04-26 00:33:29 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-26 00:33:27 499712 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2007-04-26 00:33:21 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-26 00:30:47 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-26 00:30:45 0 d-------- C:\Program Files\Intel
2007-04-26 00:30:40 0 d-------- C:\Program Files\Yahoo!
2007-04-26 00:28:55 0 d-------- C:\Documents and Settings\sd\Application Data\Identities
2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\Templates
2007-04-26 00:28:48 0 dr------- C:\Documents and Settings\sd\Start Menu
2007-04-26 00:28:48 0 dr-h----- C:\Documents and Settings\sd\SendTo
2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\PrintHood
2007-04-26 00:28:48 4456448 --a------ C:\Documents and Settings\sd\NTUSER.DAT
2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\NetHood
2007-04-26 00:28:48 0 dr------- C:\Documents and Settings\sd\My Documents
2007-04-26 00:28:48 0 d--h----- C:\Documents and Settings\sd\Local Settings
2007-04-26 00:28:48 0 dr------- C:\Documents and Settings\sd\Favorites
2007-04-26 00:28:48 0 d-------- C:\Documents and Settings\sd\Desktop
2007-04-26 00:28:48 0 d---s---- C:\Documents and Settings\sd\Cookies
2007-04-26 00:28:48 0 dr-h----- C:\Documents and Settings\sd\Application Data
2007-04-26 00:26:34 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-04-26 00:26:34 0 d-------- C:\WINDOWS\Prefetch
2007-04-26 00:26:33 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-04-26 00:26:32 761856 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-26 00:26:32 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-04-26 00:26:32 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-04-26 00:26:32 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-04-26 00:26:32 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-04-26 00:13:56 757760 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-26 00:13:56 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-04-26 00:13:56 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-04-26 00:13:56 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-04-26 00:13:56 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-04-26 00:11:17 0 d-------- C:\WINDOWS\system32\xircom
2007-04-26 00:11:17 0 d-------- C:\Program Files\microsoft frontpage
2007-04-26 00:11:14 262144 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-26 00:11:07 0 -rahs---- C:\MSDOS.SYS
2007-04-26 00:11:07 0 -rahs---- C:\IO.SYS
2007-04-26 00:11:07 0 --a------ C:\CONFIG.SYS
2007-04-26 00:11:07 0 --a------ C:\AUTOEXEC.BAT
2007-04-26 00:10:12 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-26 00:10:03 0 dr------- C:\WINDOWS\Offline Web Pages
2007-04-26 00:10:03 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-26 00:09:53 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-26 00:09:32 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-26 00:08:57 0 d---s---- C:\WINDOWS\Tasks
2007-04-26 00:08:56 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-26 00:08:52 0 d-------- C:\WINDOWS\srchasst
2007-04-26 00:08:51 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-26 00:08:43 0 d-------- C:\Program Files\Movie Maker
2007-04-26 00:08:35 0 d-------- C:\WINDOWS\system32\Restore
2007-04-26 00:08:15 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-26 00:08:01 0 d-------- C:\WINDOWS\Registration
2007-04-26 00:07:35 0 d-------- C:\Program Files\Online Services
2007-04-26 00:07:30 0 d-------- C:\Program Files\Messenger
2007-04-26 00:07:27 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-26 00:06:46 0 d-------- C:\Program Files\Windows NT
2007-04-26 00:06:43 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-26 00:06:41 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-04-26 01:04:45 62 --ahs---- C:\Documents and Settings\sd\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"ZoneAlarm Client"="\"C:\\Program Files\\Security\\Zone Labs\\ZoneAlarm\\ZoneAlarm\\zlclient.exe\""
"NeroCheck"="C:\\WINDOWS\\system32\\\\NeroCheck.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0




Logfile of HijackThis v1.99.1
Scan saved at 8:22:11 PM, on 5/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Security\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.greekislandsproperties.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Security\Zone Labs\ZoneAlarm\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A03024-B3AB-4742-BF66-014BABEDA9AA}: NameServer = 195.170.0.1,195.170.2.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\Security\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


at least in the last half hour or more for the first time the cp1041.nls did not return onto C:\

Sabine

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users