• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
specksturm

A whole lotta Boom Boom in my registry and stuff.

16 posts in this topic

Hi, after I formatted my hardisk and made a clean reinstall of XP two weeks ago I have been suffering from bad internet connection and popups and other annoying things. For example my computer doesn´t always find the connection when I startup. But as one also can see, when reading the reports, the system seem to be full of ugly stuff.

Here is two virusscan logs followed up by a Hijackthis log.Even Adaware and Spybot have been used. So if you think that you can help me get my computer back in business please let me know what to do. Any help is

appretiated. :blink:

 

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Tuesday, May 22, 2007 8:59:50 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.93.0

Kaspersky Anti-Virus database last update: 22/05/2007

Kaspersky Anti-Virus database records: 326545

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - Critical Areas:

C:\WINDOWS

C:\DOCUME~1\*\LOCALS~1\Temp\

 

Scan Statistics:

Total number of scanned objects: 21108

Number of viruses found: 7

Number of infected objects: 14

Number of suspicious objects: 0

Duration of the scan process: 00:15:49

 

Infected Object Name / Virus Name / Last Action

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\DATAFLESH.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{4E77F08C-31B5-4388-97A2-7EE566388BBD}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\iifgdbx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\system32\jnftupew.dll Infected: Trojan.Win32.BHO.g skipped

C:\WINDOWS\system32\kcmigcja.dll Infected: Packed.Win32.Klone.j skipped

C:\WINDOWS\system32\mlljk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped

C:\WINDOWS\system32\nnnolji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\system32\opnmkjh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\system32\opnnkhf.dll Object is locked skipped

C:\WINDOWS\system32\ssqqqqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\system32\uqfiqeio.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\WINDOWS\system32\urqronm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wintfj32.dll Infected: Trojan.Win32.Agent.qt skipped

C:\WINDOWS\Temp\Perflib_Perfdata_730.dat Object is locked skipped

C:\WINDOWS\Temp\win40B2.tmp.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped

C:\WINDOWS\Temp\win40B6.tmp.exe Infected: Trojan.Win32.Agent.qt skipped

C:\WINDOWS\Temp\win40BA.tmp.exe Infected: Trojan.Win32.Agent.qt skipped

C:\WINDOWS\Temp\winC8.tmp.exe Infected: Trojan.Win32.Agent.qt skipped

C:\WINDOWS\Temp\winCD.tmp Object is locked skipped

C:\WINDOWS\Temp\ZLT02f0e.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT02f12.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

C:\DOCUME~1\*\LOCALS~1\Temp\~DFF76C.tmp Object is locked skipped

Scan process completed.

-----------------------------------------------------------------------------------------------------------------------------

 

BitDefender Online Scanner

 

Scan report generated at: Tue, May 22, 2007 - 21:59:59

Scan path: A:\;C:\;D:\;E:\;F:\;

Statistics

Time

00:55:29

Files

403805

Folders

4209

Boot Sectors

3

Archives

3189

Packed Files

17901

Results

Identified Viruses

12

Infected Files

37

Suspect Files

0

Warnings

0

Disinfected

0

Deleted Files

48

Engines Info

Virus Definitions

507808

Engine build

AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins

14

Archive plugins

38

Unpack plugins

6

E-mail plugins

6

System plugins

1

Scan Settings

First Action

Disinfect

Second Action

Delete

Heuristics

Yes

Enable Warnings

Yes

Scanned Extensions

*;

Exclude Extensions

Scan Emails

Yes

Scan Archives

Yes

Scan Packed

Yes

Scan Files

Yes

Scan Boot

Yes

Scanned File

Status

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4VSDAZAZ\bugcheck[1].htm

Infected with: Generic.Malware.dld!!.16D584BC

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4VSDAZAZ\bugcheck[1].htm

Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4VSDAZAZ\bugcheck[1].htm

Deleted

 

C:\Documents and Settings\*\.housecall6.6\Quarantine\antzom[1].exe.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Agent.AUJ

C:\Documents and Settings\*\.housecall6.6\Quarantine\antzom[1].exe.bac_a02456=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\antzom[1].exe.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\inlw.exe.bac_a00292=>(Quarantine-4)

Infected with: Dropped:Trojan.Clicker.Agent.IS

C:\Documents and Settings\*\.housecall6.6\Quarantine\inlw.exe.bac_a00292=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\inlw.exe.bac_a00292=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\kiuijdkk.dll.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Spy.VBStat.B

C:\Documents and Settings\*\.housecall6.6\Quarantine\kiuijdkk.dll.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\kulkgtvh.dll.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Spy.VBStat.B

C:\Documents and Settings\*\.housecall6.6\Quarantine\kulkgtvh.dll.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\ntttvmir.dll.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Spy.VBStat.B

C:\Documents and Settings\*\.housecall6.6\Quarantine\ntttvmir.dll.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\tufrwxvb.dll.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Spy.VBStat.B

C:\Documents and Settings\*\.housecall6.6\Quarantine\tufrwxvb.dll.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\vwjrmrmur[1].htm.bac_a00292=>(Quarantine-4)

Infected with: Dropped:Trojan.Clicker.Agent.IS

C:\Documents and Settings\*\.housecall6.6\Quarantine\vwjrmrmur[1].htm.bac_a00292=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\vwjrmrmur[1].htm.bac_a00292=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\wbgrsota.dll.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Spy.VBStat.B

C:\Documents and Settings\*\.housecall6.6\Quarantine\wbgrsota.dll.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\win23.tmp.exe.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Agent.AUJ

C:\Documents and Settings\*\.housecall6.6\Quarantine\win23.tmp.exe.bac_a02456=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\win23.tmp.exe.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\win43.tmp.exe.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Agent.AUJ

C:\Documents and Settings\*\.housecall6.6\Quarantine\win43.tmp.exe.bac_a02456=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\win43.tmp.exe.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\wintfj32.dll.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Agent.AAAN

C:\Documents and Settings\*\.housecall6.6\Quarantine\wintfj32.dll.bac_a02456=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\wintfj32.dll.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13D.tmp.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Agent.AAAN

C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13D.tmp.bac_a02456=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13D.tmp.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13F.tmp.bac_a02456=>(Quarantine-4)

Infected with: Trojan.Agent.AAAN

C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13F.tmp.bac_a02456=>(Quarantine-4)

Disinfection failed

C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13F.tmp.bac_a02456=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\xkpgojx[1].htm.bac_a00292=>(Quarantine-4)

Infected with: Trojan.Downloader.Porndials.A

C:\Documents and Settings\*\.housecall6.6\Quarantine\xkpgojx[1].htm.bac_a00292=>(Quarantine-4)

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)

Infected with: Win32.Worm.Stration.FC.m

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe

Infected with: Win32.Warezov.GQ@mm

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[subject: ***SPAM*** Mail server report.][Date: ¼È, 21 2007 10:31:26 +0200]=>(MIME part)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Infected with: Win32.Worm.Stration.FC.m

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Infected with: Win32.Worm.Stration.FC.m

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe

Infected with: Win32.Warezov.GQ@mm

C:\Documents and Settings\*Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[subject: ***SPAM*** Mail server report.][Date: \F, 21 èD 2007 10:37:09 +0200]=>(MIME part)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)

Infected with: Win32.Worm.Stration.FC.m

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)[/color]

Infected with: Win32.Worm.Stration.FC.m

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip=>Update-KB1378-x86.exe

Infected with: Win32.Warezov.GQ@mm

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip=>Update-KB1378-x86.exe

Disinfection failed

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip=>Update-KB1378-x86.exe

Deleted

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[subject: ***SPAM*** Mail server report.][Date: äÂ, 21 È 2007 11:35:02 +0300]=>(MIME part)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)

Updated

C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox

Updated

C:\Documents and Settings\*\Local Settings\Temporary Internet Files\Content.IE5\NGDMM38M\antzom[1].exe

Infected with: Trojan.Agent.AUJ

C:\Documents and Settings\*\Local Settings\Temporary Internet Files\Content.IE5\NGDMM38M\antzom[1].exe

Disinfection failed

C:\Documents and Settings\*\Local Settings\Temporary Internet Files\Content.IE5\NGDMM38M\antzom[1].exe

Deleted

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000760.dll

Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000760.dll

Deleted

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000761.dll

Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000761.dll

Deleted

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000762.dll

Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000762.dll

Deleted

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000763.dll

Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000763.dll

Deleted

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000764.dll

Infected with: Trojan.Spy.VBStat.B

C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000764.dll

Deleted

C:\WINDOWS\system32\iifgdbx.dll

Infected with: MemScan:Trojan.Vundo.DLO

C:\WINDOWS\system32\iifgdbx.dll

Disinfection failed

C:\WINDOWS\system32\iifgdbx.dll

Deleted

C:\WINDOWS\system32\jnftupew.dll

Infected with: MemScan:Trojan.BHO.BG

C:\WINDOWS\system32\jnftupew.dll

Disinfection failed

C:\WINDOWS\system32\jnftupew.dll

Delete failed

C:\WINDOWS\system32\kcmigcja.dll

Infected with: Trojan.BHO.AR

C:\WINDOWS\system32\kcmigcja.dll

Disinfection failed

C:\WINDOWS\system32\kcmigcja.dll

Delete failed

C:\WINDOWS\system32\wintfj32.dll

Infected with: Trojan.Agent.AAAN

C:\WINDOWS\system32\wintfj32.dll

Disinfection failed

C:\WINDOWS\system32\wintfj32.dll

Delete failed

C:\WINDOWS\Temp\47D2BAEC.exe

Infected with: Generic.Malware.dld!!.16D584BC

C:\WINDOWS\Temp\47D2BAEC.exe

Disinfection failed

C:\WINDOWS\Temp\47D2BAEC.exe

Deleted

C:\WINDOWS\Temp\win40B6.tmp.exe

Infected with: Trojan.Agent.AUJ

C:\WINDOWS\Temp\win40B6.tmp.exe

Disinfection failed

C:\WINDOWS\Temp\win40B6.tmp.exe

Deleted

C:\WINDOWS\Temp\win40BA.tmp.exe

Infected with: Trojan.Agent.QT

C:\WINDOWS\Temp\win40BA.tmp.exe

Disinfection failed

C:\WINDOWS\Temp\win40BA.tmp.exe

Deleted

C:\WINDOWS\Temp\winC8.tmp.exe

Infected with: Trojan.Agent.AUJ

C:\WINDOWS\Temp\winC8.tmp.exe

Disinfection failed

C:\WINDOWS\Temp\winC8.tmp.exe

Deleted

 

------------------------------------------------------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 00:07:50, on 23.5.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Hijackthis\HiJackThis_v2.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\jnftupew.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7781C800-DC0C-44A1-8F67-724DC95C5B11} - C:\WINDOWS\system32\mlljk.dll

O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\kcmigcja.dll

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

O2 - BHO: (no name) - {EDA72771-EEC5-493C-867D-3713DC90657E} - C:\WINDOWS\system32\opnnkhf.dll (file missing)

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

O20 - Winlogon Notify: opnnkhf - opnnkhf.dll (file missing)

O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 5097 bytes

Share this post


Link to post
Share on other sites

Hi again. Well I have run several cleaning programs and online antivirus stuff so now my log looks like this. The 02 and 020 entries in the list makes me suspect that it could be a virus called Vundo?

 

I have had some IE windows popping up now even if I always use firefox. And another thing that seems to happen now and then is that there is some randomly named program that want to contact internet. The name consist mainly of numbers. I do not give them permission to sneak out. This you cant see in the running programs list in the log file. Because it wasn´t running at the moment when I did the scan.

 

Here is the latest log.

--------------------------------------------------------------------------------------------------------------------

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:51:15, on 24.5.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Hijackthis\HiJackThis_v2.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

 

O2 - BHO: (no name) - {8B27CF84-76C8-4895-818C-FD6CE418A328} - C:\WINDOWS\system32\mlljk.dll

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 4233 bytes

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hello,

 

* Download Combofix to your desktop.

Doubleclick combofix.exe

Follow the prompts.

Don't click on the window while the fix is running, because that will cause your system to hang.

 

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.

Post this log in your next reply together with a new hijackthislog.

Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Share this post


Link to post
Share on other sites

Ok mikie. I followed your instructions and here are the results. :)

 

COMBOFIX

 

 

"*" - 2007-05-30 10:08:08 Service Pack 2

ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\*\Desktop\"

 

Rootkit driver xpdt is present. ... attempting disinfection

xpdt ...... driver unloaded successfully.

ADS removed - system32: deleted 78580 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\eqldurtv.dll

C:\WINDOWS\system32\gacvvqau.dll

C:\WINDOWS\system32\henvfiui.dll

C:\WINDOWS\system32\jphabrlj.dll

C:\WINDOWS\system32\myyetmwt.dll

C:\WINDOWS\system32\uqfiqeio.dll

C:\WINDOWS\system32\wagjxdkq.dll

C:\WINDOWS\system32\wuvujixc.dll

C:\WINDOWS\system32\xrqvrmkw.dll

C:\WINDOWS\system32\nnnolji.dll

C:\WINDOWS\system32\opnmkjh.dll

C:\WINDOWS\system32\ssqqqqo.dll

C:\WINDOWS\system32\vtrudlqe.ini

C:\WINDOWS\system32\uaqvvcag.ini

C:\WINDOWS\system32\iuifvneh.ini

C:\WINDOWS\system32\kjllm.bak1

C:\WINDOWS\system32\kjllm.bak2

C:\WINDOWS\system32\kjllm.ini

C:\WINDOWS\system32\oieqifqu.ini

C:\WINDOWS\system32\cxijuvuw.ini

C:\WINDOWS\system32\kjllm.bak1

C:\WINDOWS\system32\kjllm.bak2

C:\WINDOWS\system32\kjllm.ini

C:\WINDOWS\system32\mlljk.dll

C:\WINDOWS\system32\urqronm.dll

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))

 

 

2007-05-28 14:51 124,436 --a------ C:\WINDOWS\system32\cofkynos.dll

2007-05-24 17:53 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Media Player Classic

2007-05-23 23:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-05-23 22:25 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Lavasoft

2007-05-23 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-22 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-05-22 20:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-22 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-05-22 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-22 16:44 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-05-22 14:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-05-21 18:04 <DIR> d---s---- C:\Documents and Settings\*\UserData

2007-05-21 18:04 <DIR> d---s---- C:\DOCUME~1\*\UserData

2007-05-21 13:54 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-21 13:00 129,784 --a------ C:\WINDOWS\system32\pxafs.dll

2007-05-21 13:00 <DIR> d-------- C:\Program Files\Winamp

2007-05-18 13:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-05-17 12:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Azureus

2007-05-17 12:05 <DIR> d-------- C:\Program Files\Azureus

2007-05-16 22:07 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe

2007-05-16 22:07 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe

2007-05-16 18:20 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-05-16 18:15 <DIR> d-------- C:\Documents and Settings\*\.housecall6.6

2007-05-16 18:15 <DIR> d-------- C:\DOCUME~1\*\.housecall6.6

2007-05-16 18:10 614,191 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe

2007-05-16 18:10 <DIR> d-------- C:\Program Files\RegistryCleaner

2007-05-16 18:08 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-05-16 18:08 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-16 16:39 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\muvee Technologies

2007-05-16 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies

2007-05-16 00:44 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Ahead

2007-05-16 00:43 <DIR> d-------- C:\Program Files\Nero

2007-05-16 00:43 <DIR> d-------- C:\Program Files\Common Files\Ahead

2007-05-15 16:35 <DIR> d-------- C:\Program Files\Alex Feinman

2007-05-15 16:28 <DIR> d-------- C:\Program Files\WinZip Self-Extractor

2007-05-15 14:57 16,384 --a------ C:\WINDOWS\system32\FileOps.exe

2007-05-15 14:55 <DIR> d-------- C:\WINDOWS\Adobe Illustrator CS

2007-05-15 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

2007-05-15 14:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2007-05-15 13:52 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-05-15 13:51 <DIR> d-------- C:\Program Files\DAEMON Tools

2007-05-15 13:48 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-05-14 18:28 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\HP

2007-05-14 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

2007-05-14 18:21 <DIR> d-------- C:\Program Files\Common Files\HP

2007-05-14 18:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2007-05-14 18:18 430,080 -ra------ C:\WINDOWS\system32\hp3800co.dll

2007-05-14 18:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-05-14 18:17 <DIR> d-------- C:\Program Files\Hewlett-Packard

2007-05-14 18:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-05-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

2007-05-14 18:16 <DIR> d-------- C:\Program Files\HP

2007-05-14 18:14 173 --------- C:\WINDOWS\hpgmdl13.dat

2007-05-14 18:14 101,822 --a------ C:\WINDOWS\hpgins13.dat

2007-05-14 16:51 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2007-05-14 16:51 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll

2007-05-14 16:51 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll

2007-05-14 16:51 54,784 -ra------ C:\WINDOWS\system32\RedEye.dll

2007-05-14 16:51 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll

2007-05-14 16:51 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-05-14 16:51 48,128 -ra------ C:\WINDOWS\system32\picn20.dll

2007-05-14 16:51 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-05-14 16:51 2,867,200 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll

2007-05-14 16:51 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll

2007-05-14 16:51 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll

2007-05-14 16:51 176,128 -ra------ C:\WINDOWS\system32\Strato4.dll

2007-05-14 16:51 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll

2007-05-14 16:51 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll

2007-05-14 16:51 106,496 --a------ C:\WINDOWS\system32\ATL71.DLL

2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\Nikon

2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies

2007-05-14 16:51 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Nikon

2007-05-14 16:50 73,728 --a------ C:\WINDOWS\system32\LFFAX12N.DLL

2007-05-14 16:50 60,416 --a------ C:\WINDOWS\system32\LFPCT12N.DLL

2007-05-14 16:50 434,176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL

2007-05-14 16:50 406,016 --a------ C:\WINDOWS\system32\LTKRN12N.DLL

2007-05-14 16:50 36,864 --a------ C:\WINDOWS\system32\LFPSD12N.DLL

2007-05-14 16:50 358,912 --a------ C:\WINDOWS\system32\LFCMP12N.DLL

2007-05-14 16:50 30,720 --a------ C:\WINDOWS\system32\LFBMP12N.DLL

2007-05-14 16:50 26,112 --a------ C:\WINDOWS\system32\LFPCX12N.DLL

2007-05-14 16:50 259,072 --a------ C:\WINDOWS\system32\LTDIS12N.DLL

2007-05-14 16:50 230,400 --a------ C:\WINDOWS\system32\DC265.DLL

2007-05-14 16:50 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL

2007-05-14 16:50 207,872 --a------ C:\WINDOWS\system32\LTEFX12N.DLL

2007-05-14 16:50 19,968 --a------ C:\WINDOWS\system32\LFPCD12N.DLL

2007-05-14 16:50 181,248 --a------ C:\WINDOWS\system32\LFPNG12N.DLL

2007-05-14 16:50 164,864 --a------ C:\WINDOWS\system32\LTIMG12N.DLL

2007-05-14 16:50 141,312 --a------ C:\WINDOWS\system32\LFTIF12N.DLL

2007-05-14 16:50 131,072 --a------ C:\WINDOWS\system32\LTFIL12N.DLL

2007-05-14 16:50 <DIR> d-------- C:\Program Files\Nikon

2007-05-14 16:49 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2007-05-14 16:49 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2007-05-14 16:49 <DIR> d-------- C:\Program Files\QuickTime

2007-05-14 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

2007-05-12 10:41 <DIR> d-------- C:\WINDOWS\pss

2007-05-11 13:38 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-05-11 13:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-05-11 13:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-05-11 13:38 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-05-11 13:38 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-05-11 13:38 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-05-11 13:37 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-05-11 13:37 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-05-11 13:37 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-05-11 13:37 <DIR> d-------- C:\Program Files\Alwil Software

2007-05-11 08:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

2007-05-11 01:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-05-10 18:20 <DIR> d-------- C:\Program Files\Shareaza

2007-05-10 18:20 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Shareaza

2007-05-10 13:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-05-10 13:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-05-10 09:35 <DIR> d-------- C:\Program Files\Gspot

2007-05-09 22:50 1,286 --a------ C:\WINDOWS\mozver.dat

2007-05-09 20:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird

2007-05-09 20:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Thunderbird

2007-05-09 19:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2007-05-09 19:53 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys

2007-05-09 19:53 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2007-05-09 19:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2007-05-09 19:53 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2007-05-09 19:53 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2007-05-09 19:53 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys

2007-05-09 19:53 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys

2007-05-09 19:53 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-05-09 19:53 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2007-05-09 19:53 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2007-05-09 19:53 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2007-05-09 19:52 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2007-05-09 19:52 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-05-09 19:52 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys

2007-05-09 19:52 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2007-05-09 19:52 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-05-09 19:52 51,200 --a------ C:\WINDOWS\system32\sfman32.dll

2007-05-09 19:52 495,616 --a------ C:\WINDOWS\system32\sblfx.dll

2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll

2007-05-09 19:52 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys

2007-05-09 19:52 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys

2007-05-09 19:52 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys

2007-05-09 19:52 256,512 --a------ C:\WINDOWS\system32\devcon32.dll

2007-05-09 19:52 24,064 --a------ C:\WINDOWS\system32\devldr32.exe

2007-05-09 19:52 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys

2007-05-09 19:52 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

2007-05-09 19:52 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2007-05-09 19:52 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2007-05-09 19:51 <DIR> d-------- C:\Program Files\Common Files\ODBC

2007-05-09 19:50 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL

2007-05-09 19:50 9,008 --a------ C:\WINDOWS\system\VER.DLL

2007-05-09 19:50 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

2007-05-09 19:50 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL

2007-05-09 19:50 8,704 --a------ C:\WINDOWS\system32\batt.dll

2007-05-09 19:50 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll

2007-05-09 19:50 74,752 --a------ C:\WINDOWS\system32\storprop.dll

2007-05-09 19:50 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll

2007-05-09 19:50 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL

2007-05-09 19:50 69,120 --a------ C:\WINDOWS\notepad.exe

2007-05-09 19:50 68,768 --a------ C:\WINDOWS\system\mmsystem.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll

2007-05-09 19:50 5,120 --a------ C:\WINDOWS\system\SHELL.DLL

2007-05-09 19:50 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL

2007-05-09 19:50 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-05-09 19:50 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL

2007-05-09 19:50 19,200 --a------ C:\WINDOWS\system\TAPI.DLL

2007-05-09 19:50 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll

2007-05-09 19:50 15,360 --a------ C:\WINDOWS\TASKMAN.EXE

2007-05-09 19:50 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-05-09 19:50 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL

2007-05-09 19:50 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys

2007-05-09 19:50 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL

2007-05-09 19:50 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

2007-05-09 19:50 <DIR> dr------- C:\Program Files

2007-05-09 19:50 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents

2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot

2007-05-09 19:50 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines

2007-05-09 19:49 <DIR> d-------- C:\Documents and Settings

2007-05-09 19:44 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache

2007-05-09 19:44 <DIR> dr--s---- C:\WINDOWS\Fonts

2007-05-09 19:44 <DIR> dr------- C:\WINDOWS\Web

2007-05-09 19:44 <DIR> d-a------ C:\WINDOWS\system32

2007-05-09 19:44 <DIR> d--h----- C:\WINDOWS\inf

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\WinSxS

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\twain_32

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wins

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wbem

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\usmt

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\spool

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ShellExt

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\Setup

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ras

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\oobe

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\npp

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\mui

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\inetsrv

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\IME

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\icsxml

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ias

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\export

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\etc

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\dhcp

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\config

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3com_dmi

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3076

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\2052

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1054

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1042

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1041

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1037

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1033

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1031

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1028

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1025

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\security

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Resources

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\repair

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\mui

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msapps

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msagent

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Media

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\ime

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Help

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Driver Cache

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Debug

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Cursors

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Connection Wizard

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Config

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\AppPatch

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\addins

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS

2007-05-09 18:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-05-09 18:29 <DIR> d-------- C:\HEMSIDA 2007

2007-05-09 18:28 <DIR> d-------- C:\HEMSIDA2

2007-05-09 18:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-05-09 18:21 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-05-09 18:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-05-09 18:18 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Talkback

2007-05-09 18:15 <DIR> d-------- C:\Program Files\Skype

2007-05-09 18:15 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Skype

2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2007-05-09 18:14 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\ICQ

2007-05-09 18:13 <DIR> d-------- C:\Program Files\ICQ6

2007-05-09 18:11 <DIR> d--hs---- C:\RECYCLER

2007-05-09 17:52 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-05-09 17:50 0 --a------ C:\WINDOWS\nsreg.dat

2007-05-09 17:47 75,512 --a------ C:\WINDOWS\zllsputility.exe

2007-05-09 17:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat

2007-05-09 17:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-05-09 17:47 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-05-09 17:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-05-09 17:45 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\SoftwareDistribution

2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\Prefetch

2007-05-09 17:35 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys

2007-05-09 17:35 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe

2007-05-09 17:35 88,064 --a------ C:\WINDOWS\system32\p2pnetsh.dll

2007-05-09 17:35 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll

2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll

2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll

2007-05-09 17:35 81,920 --a------ C:\WINDOWS\system32\ieencode.dll

2007-05-09 17:35 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll

2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\smbinst.exe

2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll

2007-05-09 17:35 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys

2007-05-09 17:35 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll

2007-05-09 17:35 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll

2007-05-09 17:35 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll

2007-05-09 17:35 73,796 --a------ C:\WINDOWS\system32\slserv.exe

2007-05-09 17:35 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys

2007-05-09 17:35 71,680 --a------ C:\WINDOWS\system32\blastcln.exe

2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsno.dll

2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsfi.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdukx.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdno1.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdfi1.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

2007-05-09 17:35 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2007-05-09 17:35 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys

2007-05-09 17:35 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys

2007-05-09 17:35 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys

2007-05-09 17:35 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll

2007-05-09 17:35 60,416 --a------ C:\WINDOWS\system32\fwcfg.dll

2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinmal.dll

2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinben.dll

2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt48.dll

2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt47.dll

2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdinbe1.dll

2007-05-09 17:35 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys

2007-05-09 17:35 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys

2007-05-09 17:35 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys

2007-05-09 17:35 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys

2007-05-09 17:35 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-05-09 17:35 526,848 --a------ C:\WINDOWS\system32\p2psvc.dll

2007-05-09 17:35 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys

2007-05-09 17:35 50,688 --a------ C:\WINDOWS\system32\btpanui.dll

2007-05-09 17:35 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll

2007-05-09 17:35 5,632 --a------ C:\WINDOWS\system32\kbdmaori.dll

2007-05-09 17:35 49,152 --a------ C:\WINDOWS\system32\powercfg.exe

2007-05-09 17:35 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll

2007-05-09 17:35 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys

2007-05-09 17:35 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys

2007-05-09 17:35 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys

2007-05-09 17:35 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys

2007-05-09 17:35 44,032 --a------ C:\WINDOWS\system32\twext.dll

2007-05-09 17:35 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll

2007-05-09 17:35 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys

2007-05-09 17:35 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys

2007-05-09 17:35 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys

2007-05-09 17:35 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys

2007-05-09 17:35 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys

2007-05-09 17:35 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys

2007-05-09 17:35 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys

2007-05-09 17:35 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-05-09 17:35 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll

2007-05-09 17:35 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll

2007-05-09 17:35 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys

2007-05-09 17:35 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll

2007-05-09 17:35 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys

2007-05-09 17:35 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys

2007-05-09 17:35 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys

2007-05-09 17:35 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys

2007-05-09 17:35 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll

2007-05-09 17:35 33,624 --a------ C:\WINDOWS\system32\wups.dll

2007-05-09 17:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2007-05-09 17:35 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-05-09 17:35 32,866 --a------ C:\WINDOWS\system32\slrundll.exe

2007-05-09 17:35 32,866 --------- C:\WINDOWS\slrundll.exe

2007-05-09 17:35 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll

2007-05-09 17:35 32,285 --a------ C:\WINDOWS\system32\hsfcisp2.dll

2007-05-09 17:35 314,880 --a------ C:\WINDOWS\system32\wmpdxm.dll

2007-05-09 17:35 312,320 --a------ C:\WINDOWS\system32\p2pgraph.dll

2007-05-09 17:35 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys

2007-05-09 17:35 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys

2007-05-09 17:35 30,208 --a------ C:\WINDOWS\system32\bthserv.dll

2007-05-09 17:35 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys

2007-05-09 17:35 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll

2007-05-09 17:35 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll

2007-05-09 17:35 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll

2007-05-09 17:35 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll

2007-05-09 17:35 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll

2007-05-09 17:35 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll

2007-05-09 17:35 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll

2007-05-09 17:35 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys

2007-05-09 17:35 29,184 --a------ C:\WINDOWS\system32\sdhcinst.dll

2007-05-09 17:35 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys

2007-05-09 17:35 286,792 --a------ C:\WINDOWS\system32\slextspk.dll

2007-05-09 17:35 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys

2007-05-09 17:35 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys

2007-05-09 17:35 27,136 --a------ C:\WINDOWS\system32\mspmsnsv.dll

2007-05-09 17:35 262,784 --------- C:\WINDOWS\system32\drivers\http.sys

2007-05-09 17:35 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys

2007-05-09 17:35 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys

2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys

2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll

2007-05-09 17:35 242,688 --a------ C:\WINDOWS\system32\wmpasf.dll

2007-05-09 17:35 24,576 --a------ C:\WINDOWS\system32\httpapi.dll

2007-05-09 17:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe

2007-05-09 17:35 227,328 --a------ C:\WINDOWS\system32\wmerror.dll

2007-05-09 17:35 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2007-05-09 17:35 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys

2007-05-09 17:35 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys

2007-05-09 17:35 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll

2007-05-09 17:35 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-05-09 17:35 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll

2007-05-09 17:35 20,992 --a------ C:\WINDOWS\system32\bthci.dll

2007-05-09 17:35 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll

2007-05-09 17:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll

2007-05-09 17:35 193,024 --a------ C:\WINDOWS\system32\fsquirt.exe

2007-05-09 17:35 188,508 --a------ C:\WINDOWS\system32\slgen.dll

2007-05-09 17:35 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll

2007-05-09 17:35 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys

2007-05-09 17:35 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys

2007-05-09 17:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe

2007-05-09 17:35 17,408 --a------ C:\WINDOWS\system32\winshfhc.dll

2007-05-09 17:35 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll

2007-05-09 17:35 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys

2007-05-09 17:35 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys

2007-05-09 17:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll

2007-05-09 17:35 157,184 --a------ C:\WINDOWS\system32\wmidx.dll

2007-05-09 17:35 15,872 --a------ C:\WINDOWS\system32\w3ssl.dll

2007-05-09 17:35 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys

2007-05-09 17:35 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll

2007-05-09 17:35 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys

2007-05-09 17:35 14,336 --a------ C:\WINDOWS\system32\auditusr.exe

2007-05-09 17:35 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys

2007-05-09 17:35 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll

2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\wscntfy.exe

2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\cmsetacl.dll

2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys

2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys

2007-05-09 17:35 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys

2007-05-09 17:35 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys

2007-05-09 17:35 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys

2007-05-09 17:35 129,536 --a------ C:\WINDOWS\system32\xmlprov.dll

2007-05-09 17:35 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys

2007-05-09 17:35 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys

2007-05-09 17:35 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys

2007-05-09 17:35 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll

2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys

2007-05-09 17:35 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys

2007-05-09 17:35 118,784 --a------ C:\WINDOWS\system32\msdadiag.dll

2007-05-09 17:35 116,224 --a------ C:\WINDOWS\system32\p2p.dll

2007-05-09 17:35 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys

2007-05-09 17:35 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys

2007-05-09 17:35 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys

2007-05-09 17:35 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys

2007-05-09 17:35 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys

2007-05-09 17:35 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll

2007-05-09 17:35 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll

2007-05-09 17:35 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys

2007-05-09 17:35 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys

2007-05-09 17:35 108,032 --a------ C:\WINDOWS\system32\wshbth.dll

2007-05-09 17:35 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys

2007-05-09 17:35 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys

2007-05-09 17:35 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys

2007-05-09 17:35 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-05-09 17:35 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll

2007-05-09 17:35 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll

2007-05-09 17:35 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll

2007-05-09 17:35 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys

2007-05-09 17:35 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\provisioning

2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\peernet

2007-05-09 17:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2007-05-09 17:31 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll

2007-05-09 17:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups

2007-05-09 17:29 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-05-09 17:27 <DIR> d-------- C:\WINDOWS\EHome

2007-05-09 17:23 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-05-09 17:19 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe

2007-05-09 17:19 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2007-05-09 17:19 <DIR> d-------- C:\Program Files\ATI Technologies

2007-05-09 17:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2007-05-09 17:18 <DIR> d-------- C:\ATI

2007-05-09 17:14 2,883,584 --ah----- C:\Documents and Settings\*\NTUSER.DAT

2007-05-09 17:14 2,883,584 --ah----- C:\DOCUME~1\*\NTUSER.DAT

2007-05-09 17:14 <DIR> d--hs---- C:\WINDOWS\Installer

2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT

2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT

2007-05-09 17:12 <DIR> d--hs---- C:\System Volume Information

2007-05-09 17:09 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT

2007-05-09 17:09 0 -rahs---- C:\MSDOS.SYS

2007-05-09 17:09 0 -rahs---- C:\IO.SYS

2007-05-09 17:09 0 --a------ C:\CONFIG.SYS

2007-05-09 17:09 0 --a------ C:\AUTOEXEC.BAT

2007-05-09 17:09 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-05-09 17:09 <DIR> d-------- C:\Program Files\microsoft frontpage

2007-05-09 17:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll

2007-05-09 17:08 <DIR> dr------- C:\WINDOWS\Offline Web Pages

2007-05-09 17:08 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM

2007-05-09 17:08 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2007-05-09 17:07 45,568 --a------ C:\WINDOWS\system32\safrslv.dll

2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll

2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll

2007-05-09 17:07 29,696 --a------ C:\WINDOWS\system32\safrdm.dll

2007-05-09 17:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll

2007-05-09 17:07 <DIR> d-------- C:\WINDOWS\system32\DirectX

2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll

2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\ils.dll

2007-05-09 17:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll

2007-05-09 17:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys

2007-05-09 17:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll

2007-05-09 17:06 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-09 17:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll

2007-05-09 17:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll

2007-05-09 17:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll

2007-05-09 17:06 48,128 --a------ C:\WINDOWS\system32\inetres.dll

2007-05-09 17:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll

2007-05-09 17:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll

2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe

2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll

2007-05-09 17:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll

2007-05-09 17:06 274,944 --a------ C:\WINDOWS\system32\mstask.dll

2007-05-09 17:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll

2007-05-09 17:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll

2007-05-09 17:06 239,104 --a------ C:\WINDOWS\system32\srrstr.dll

2007-05-09 17:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll

2007-05-09 17:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-05-09 17:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll

2007-05-09 17:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll

2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll

2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe

2007-05-09 17:06 105,984 --a------ C:\WINDOWS\system32\msoert2.dll

2007-05-09 17:06 <DIR> d---s---- C:\WINDOWS\Tasks

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Restore

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Macromed

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\srchasst

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\PCHealth

2007-05-09 17:06 <DIR> d-------- C:\Program Files\Movie Maker

2007-05-09 17:06 <DIR> d-------- C:\Program Files\Common Files\MSSoap

2007-05-09 17:05 5,632 --a------ C:\WINDOWS\system32\write.exe

2007-05-09 17:05 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-05-09 17:05 183,808 --a------ C:\WINDOWS\system32\accwiz.exe

2007-05-09 17:05 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe

2007-05-09 17:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe

2007-05-09 17:05 <DIR> d--h----- C:\Program Files\WindowsUpdate

2007-05-09 17:05 <DIR> d-------- C:\WINDOWS\Registration

2007-05-09 17:05 <DIR> d-------- C:\Program Files\Online Services

2007-05-09 17:05 <DIR> d-------- C:\Program Files\MSN Gaming Zone

2007-05-09 17:05 <DIR> d-------- C:\Program Files\Messenger

2007-05-09 17:04 97,792 --a------ C:\WINDOWS\system32\comrepl.dll

2007-05-09 17:04 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll

2007-05-09 17:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll

2007-05-09 17:04 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll

2007-05-09 17:04 9,728 --a------ C:\WINDOWS\system32\reset.exe

2007-05-09 17:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll

2007-05-09 17:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll

2007-05-09 17:04 80,384 --a------ C:\WINDOWS\system32\charmap.exe

2007-05-09 17:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll

2007-05-09 17:04 67,072 --a------ C:\WINDOWS\system32\rdshost.exe

2007-05-09 17:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll

2007-05-09 17:04 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll

2007-05-09 17:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe

2007-05-09 17:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll

2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\remotepg.dll

2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\colbact.dll

2007-05-09 17:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll

2007-05-09 17:04 6,144 --a------ C:\WINDOWS\system32\msdtc.exe

2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll

2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll

2007-05-09 17:04 56,832 --a------ C:\WINDOWS\system32\sol.exe

2007-05-09 17:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll

2007-05-09 17:04 55,296 --a------ C:\WINDOWS\system32\freecell.exe

2007-05-09 17:04 540,160 --a------ C:\WINDOWS\system32\comuid.dll

2007-05-09 17:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll

2007-05-09 17:04 538,624 --a------ C:\WINDOWS\system32\spider.exe

2007-05-09 17:04 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-05-09 17:04 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe

2007-05-09 17:04 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll

2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe

2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll

2007-05-09 17:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll

2007-05-09 17:04 407,552 --a------ C:\WINDOWS\system32\mstsc.exe

2007-05-09 17:04 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll

2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\mtxex.dll

2007-05-09 17:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll

2007-05-09 17:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe

2007-05-09 17:04 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll

2007-05-09 17:04 343,040 --a------ C:\WINDOWS\system32\mspaint.exe

2007-05-09 17:04 33,792 --a------ C:\WINDOWS\system32\regini.exe

2007-05-09 17:04 295,424 --a------ C:\WINDOWS\system32\termsrv.dll

2007-05-09 17:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll

2007-05-09 17:04 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll

2007-05-09 17:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll

2007-05-09 17:04 225,792 --a------ C:\WINDOWS\system32\catsrv.dll

2007-05-09 17:04 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe

2007-05-09 17:04 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys

2007-05-09 17:04 20,992 --a------ C:\WINDOWS\system32\msg.exe

2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\qprocess.exe

2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll

2007-05-09 17:04 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

2007-05-09 17:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll

2007-05-09 17:04 185,344 --a------ C:\WINDOWS\system32\cmprops.dll

2007-05-09 17:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll

2007-05-09 17:04 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll

2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe

2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe

2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\tskill.exe

2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll

2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe

2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll

2007-05-09 17:04 15,360 --a------ C:\WINDOWS\system32\logoff.exe

2007-05-09 17:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll

2007-05-09 17:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll

2007-05-09 17:04 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe

2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe

2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tscon.exe

2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\shadow.exe

2007-05-09 17:04 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys

2007-05-09 17:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe

2007-05-09 17:04 126,976 --a------ C:\WINDOWS\system32\mshearts.exe

2007-05-09 17:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe

2007-05-09 17:04 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys

2007-05-09 17:04 119,808 --a------ C:\WINDOWS\system32\winmine.exe

2007-05-09 17:04 114,688 --a------ C:\WINDOWS\system32\calc.exe

2007-05-09 17:04 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll

2007-05-09 17:04 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll

2007-05-09 17:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll

2007-05-09 17:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe

2007-05-09 17:04 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-05-09 17:04 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll

2007-05-09 17:04 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd

2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\MsDtc

2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\Com

2007-05-09 17:04 <DIR> d-------- C:\Program Files\Windows NT

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat

2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{8157994B-3E01-4937-B478-0E218A35D8F4}=C:\WINDOWS\system32\cofkynos.dll [2007-05-28 14:51]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Snabbstart.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Snabbstart.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=C:\Documents and Settings\*\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

E:\Skanner\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_

Edited by specksturm

Share this post


Link to post
Share on other sites

Hi,

 

Your log from Combofix got cut off, so look where it stopped and post the rest in your next reply.

 

Also, use another reply to post your HijackThislog, because I need to see this log as well.

Share this post


Link to post
Share on other sites

This is how it continues...

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcpipmon]

tcpipmon.exe

 

 

 

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

 

backup-20070524-153815-723

O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32]

"Asynchronous"=dword:00000001

"DllName"="wintfj32.dll"

"Impersonate"=dword:00000000

"Startup"="EvtStartup"

"Shutdown"="EvtShutdown"

 

 

 

backup-20070524-153814-260

O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]

"Asynchronous"=dword:00000001

"DllName"="urqronm.dll"

"Impersonate"=dword:00000000

"Logon"="Logon"

"Logoff"="Logoff"

 

 

 

backup-20070524-153814-443

O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"

"Impersonate"=dword:00000000

"Startup"="RealLogon"

"Logoff"="RealLogoff"

 

 

 

backup-20070524-153814-985

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

 

backup-20070524-153814-517

O2 - BHO: (no name) - {8B27CF84-76C8-4895-818C-FD6CE418A328} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070524-153814-915

O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\bxwgyhcy.dll

 

backup-20070523-233716-346

O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070523-233716-305

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

 

backup-20070523-230626-391

O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070523-230156-632

O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]

"Asynchronous"=dword:00000001

"DllName"="urqronm.dll"

"Impersonate"=dword:00000000

"Logon"="Logon"

"Logoff"="Logoff"

 

 

 

backup-20070523-230156-983

O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"

"Impersonate"=dword:00000000

"Startup"="RealLogon"

"Logoff"="RealLogoff"

 

 

 

backup-20070523-230140-690

O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]

"Asynchronous"=dword:00000001

"DllName"="urqronm.dll"

"Impersonate"=dword:00000000

"Logon"="Logon"

"Logoff"="Logoff"

 

 

 

backup-20070523-230139-826

O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"

"Impersonate"=dword:00000000

"Startup"="RealLogon"

"Logoff"="RealLogoff"

 

 

 

backup-20070523-230139-559

O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070523-230139-737

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

 

backup-20070523-230112-139

O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070523-230112-964

O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\myyetmwt.dll

 

backup-20070523-230112-744

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

 

backup-20070523-225422-538

O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070523-225422-672

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

 

backup-20070523-225421-895

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

 

backup-20070523-225133-995

O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32]

"Asynchronous"=dword:00000001

"DllName"="wintfj32.dll"

"Impersonate"=dword:00000000

"Startup"="EvtStartup"

"Shutdown"="EvtShutdown"

 

 

 

backup-20070523-225133-784

O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]

"Asynchronous"=dword:00000001

"DllName"="urqronm.dll"

"Impersonate"=dword:00000000

"Logon"="Logon"

"Logoff"="Logoff"

 

 

 

backup-20070523-225133-733

O20 - Winlogon Notify: opnnkhf - opnnkhf.dll (file missing)

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnkhf]

"Asynchronous"=dword:00000001

"DllName"="opnnkhf.dll"

"Impersonate"=dword:00000000

"Logon"="Logon"

"Logoff"="Logoff"

 

 

 

backup-20070523-225133-833

O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

 

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]

"Asynchronous"=dword:00000001

"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"

"Impersonate"=dword:00000000

"Startup"="RealLogon"

"Logoff"="RealLogoff"

 

 

 

backup-20070523-225132-333

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

 

 

backup-20070523-225131-711

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

 

 

backup-20070523-225131-312

O2 - BHO: (no name) - {EDA72771-EEC5-493C-867D-3713DC90657E} - C:\WINDOWS\system32\opnnkhf.dll (file missing)

 

backup-20070523-225131-514

O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

 

backup-20070523-225131-157

O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

 

backup-20070523-225131-343

O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\kcmigcja.dll (file missing)

 

backup-20070523-225131-354

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

 

backup-20070523-225131-126

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

 

backup-20070523-225131-574

O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\jnftupew.dll (file missing)

********************************************************************

 

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-30 10:12:09

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

Completion time: 2007-05-30 10:12:55 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-05-30 10:12

 

--- E O F ---

...........................................................................................................................................................

*****************************************************************************************

 

HIJACK THIS

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 10:21:50, on 30.5.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\notepad.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Hijackthis\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\cofkynos.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 4003 bytes

 

The Combofix found something called Rostock rootkit but did it also delete it?

Share this post


Link to post
Share on other sites

Hi,

 

The Combofix found something called Rostock rootkit but did it also delete it?
Normally yes, but we'll see afterwards...

 

First of all, I see you have RegistryCleaner installed. This is a so called registry cleaning tool supported by malware and damages more than it fixes. So uninstall RegistryCleaner.

 

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\cofkynos.dll

 

* Click on Fix Checked when finished and exit HijackThis.

Make sure your Internet Explorer is closed when you click Fix Checked!

 

Reboot your computer.

 

After reboot,

 

Delete next files and folder:

 

C:\WINDOWS\system32\RegistryCleanerSetup.exe

C:\WINDOWS\system32\cofkynos.dll <== if still present

C:\Program Files\RegistryCleaner <== folder

 

Then, Open notepad and copy and paste next present in the quotebox below in it:

(don't forget to copy and paste REGEDIT4)

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcpipmon]

Save this as fix.reg Choose to save as *all files and place it on your desktop.

It should look like this: reg.gif

Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

 

Rescan with Combofix and post the log in your next reply together with a new HijackThislog.

Share this post


Link to post
Share on other sites

First the combofix log

 

"*" - 2007-05-30 13:14:17 Service Pack 2

ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\*\Desktop\"

 

 

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))

 

 

2007-05-30 10:12 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-05-24 17:53 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Media Player Classic

2007-05-23 23:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-05-23 22:25 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Lavasoft

2007-05-23 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

2007-05-22 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-05-22 20:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-05-22 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab

2007-05-22 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-22 16:44 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP

2007-05-22 14:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations

2007-05-21 18:04 <DIR> d---s---- C:\Documents and Settings\*\UserData

2007-05-21 18:04 <DIR> d---s---- C:\DOCUME~1\*\UserData

2007-05-21 13:54 <DIR> d-------- C:\Program Files\Lavasoft

2007-05-21 13:00 129,784 --a------ C:\WINDOWS\system32\pxafs.dll

2007-05-21 13:00 <DIR> d-------- C:\Program Files\Winamp

2007-05-18 13:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2007-05-17 12:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Azureus

2007-05-17 12:05 <DIR> d-------- C:\Program Files\Azureus

2007-05-16 22:07 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe

2007-05-16 22:07 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe

2007-05-16 18:20 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-05-16 18:15 <DIR> d-------- C:\Documents and Settings\*\.housecall6.6

2007-05-16 18:15 <DIR> d-------- C:\DOCUME~1\*\.housecall6.6

2007-05-16 18:08 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll

2007-05-16 18:08 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll

2007-05-16 16:39 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\muvee Technologies

2007-05-16 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies

2007-05-16 00:44 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Ahead

2007-05-16 00:43 <DIR> d-------- C:\Program Files\Nero

2007-05-16 00:43 <DIR> d-------- C:\Program Files\Common Files\Ahead

2007-05-15 16:35 <DIR> d-------- C:\Program Files\Alex Feinman

2007-05-15 16:28 <DIR> d-------- C:\Program Files\WinZip Self-Extractor

2007-05-15 14:57 16,384 --a------ C:\WINDOWS\system32\FileOps.exe

2007-05-15 14:55 <DIR> d-------- C:\WINDOWS\Adobe Illustrator CS

2007-05-15 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems

2007-05-15 14:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2007-05-15 13:52 <DIR> d-------- C:\Program Files\MSXML 4.0

2007-05-15 13:51 <DIR> d-------- C:\Program Files\DAEMON Tools

2007-05-15 13:48 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-05-14 18:28 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\HP

2007-05-14 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic

2007-05-14 18:21 <DIR> d-------- C:\Program Files\Common Files\HP

2007-05-14 18:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp

2007-05-14 18:18 430,080 -ra------ C:\WINDOWS\system32\hp3800co.dll

2007-05-14 18:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-05-14 18:17 <DIR> d-------- C:\Program Files\Hewlett-Packard

2007-05-14 18:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

2007-05-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP

2007-05-14 18:16 <DIR> d-------- C:\Program Files\HP

2007-05-14 18:14 173 --------- C:\WINDOWS\hpgmdl13.dat

2007-05-14 18:14 101,822 --a------ C:\WINDOWS\hpgins13.dat

2007-05-14 16:51 974,848 --a------ C:\WINDOWS\system32\mfc70.dll

2007-05-14 16:51 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll

2007-05-14 16:51 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll

2007-05-14 16:51 54,784 -ra------ C:\WINDOWS\system32\RedEye.dll

2007-05-14 16:51 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll

2007-05-14 16:51 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-05-14 16:51 48,128 -ra------ C:\WINDOWS\system32\picn20.dll

2007-05-14 16:51 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-05-14 16:51 2,867,200 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll

2007-05-14 16:51 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll

2007-05-14 16:51 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll

2007-05-14 16:51 176,128 -ra------ C:\WINDOWS\system32\Strato4.dll

2007-05-14 16:51 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll

2007-05-14 16:51 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll

2007-05-14 16:51 106,496 --a------ C:\WINDOWS\system32\ATL71.DLL

2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\Nikon

2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies

2007-05-14 16:51 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Nikon

2007-05-14 16:50 73,728 --a------ C:\WINDOWS\system32\LFFAX12N.DLL

2007-05-14 16:50 60,416 --a------ C:\WINDOWS\system32\LFPCT12N.DLL

2007-05-14 16:50 434,176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL

2007-05-14 16:50 406,016 --a------ C:\WINDOWS\system32\LTKRN12N.DLL

2007-05-14 16:50 36,864 --a------ C:\WINDOWS\system32\LFPSD12N.DLL

2007-05-14 16:50 358,912 --a------ C:\WINDOWS\system32\LFCMP12N.DLL

2007-05-14 16:50 30,720 --a------ C:\WINDOWS\system32\LFBMP12N.DLL

2007-05-14 16:50 26,112 --a------ C:\WINDOWS\system32\LFPCX12N.DLL

2007-05-14 16:50 259,072 --a------ C:\WINDOWS\system32\LTDIS12N.DLL

2007-05-14 16:50 230,400 --a------ C:\WINDOWS\system32\DC265.DLL

2007-05-14 16:50 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL

2007-05-14 16:50 207,872 --a------ C:\WINDOWS\system32\LTEFX12N.DLL

2007-05-14 16:50 19,968 --a------ C:\WINDOWS\system32\LFPCD12N.DLL

2007-05-14 16:50 181,248 --a------ C:\WINDOWS\system32\LFPNG12N.DLL

2007-05-14 16:50 164,864 --a------ C:\WINDOWS\system32\LTIMG12N.DLL

2007-05-14 16:50 141,312 --a------ C:\WINDOWS\system32\LFTIF12N.DLL

2007-05-14 16:50 131,072 --a------ C:\WINDOWS\system32\LTFIL12N.DLL

2007-05-14 16:50 <DIR> d-------- C:\Program Files\Nikon

2007-05-14 16:49 86,016 --a------ C:\WINDOWS\unvise32qt.exe

2007-05-14 16:49 <DIR> d-------- C:\WINDOWS\system32\QuickTime

2007-05-14 16:49 <DIR> d-------- C:\Program Files\QuickTime

2007-05-14 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime

2007-05-12 10:41 <DIR> d-------- C:\WINDOWS\pss

2007-05-11 13:38 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-05-11 13:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-05-11 13:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-05-11 13:38 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-05-11 13:38 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-05-11 13:38 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-05-11 13:37 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-05-11 13:37 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-05-11 13:37 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-05-11 13:37 <DIR> d-------- C:\Program Files\Alwil Software

2007-05-11 08:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

2007-05-11 01:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

2007-05-10 18:20 <DIR> d-------- C:\Program Files\Shareaza

2007-05-10 18:20 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Shareaza

2007-05-10 13:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2007-05-10 13:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall

2007-05-10 09:35 <DIR> d-------- C:\Program Files\Gspot

2007-05-09 22:50 1,286 --a------ C:\WINDOWS\mozver.dat

2007-05-09 20:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird

2007-05-09 20:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Thunderbird

2007-05-09 19:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2007-05-09 19:53 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys

2007-05-09 19:53 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys

2007-05-09 19:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2007-05-09 19:53 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys

2007-05-09 19:53 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys

2007-05-09 19:53 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys

2007-05-09 19:53 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys

2007-05-09 19:53 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-05-09 19:53 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys

2007-05-09 19:53 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys

2007-05-09 19:53 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys

2007-05-09 19:52 74,240 --a------ C:\WINDOWS\system32\usbui.dll

2007-05-09 19:52 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys

2007-05-09 19:52 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys

2007-05-09 19:52 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys

2007-05-09 19:52 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-05-09 19:52 51,200 --a------ C:\WINDOWS\system32\sfman32.dll

2007-05-09 19:52 495,616 --a------ C:\WINDOWS\system32\sblfx.dll

2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ksuser.dll

2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll

2007-05-09 19:52 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys

2007-05-09 19:52 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys

2007-05-09 19:52 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys

2007-05-09 19:52 256,512 --a------ C:\WINDOWS\system32\devcon32.dll

2007-05-09 19:52 24,064 --a------ C:\WINDOWS\system32\devldr32.exe

2007-05-09 19:52 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys

2007-05-09 19:52 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys

2007-05-09 19:52 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys

2007-05-09 19:52 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2007-05-09 19:51 <DIR> d-------- C:\Program Files\Common Files\ODBC

2007-05-09 19:50 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL

2007-05-09 19:50 9,008 --a------ C:\WINDOWS\system\VER.DLL

2007-05-09 19:50 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll

2007-05-09 19:50 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL

2007-05-09 19:50 8,704 --a------ C:\WINDOWS\system32\batt.dll

2007-05-09 19:50 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll

2007-05-09 19:50 74,752 --a------ C:\WINDOWS\system32\storprop.dll

2007-05-09 19:50 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll

2007-05-09 19:50 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL

2007-05-09 19:50 69,120 --a------ C:\WINDOWS\notepad.exe

2007-05-09 19:50 68,768 --a------ C:\WINDOWS\system\mmsystem.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll

2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll

2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll

2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll

2007-05-09 19:50 5,120 --a------ C:\WINDOWS\system\SHELL.DLL

2007-05-09 19:50 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL

2007-05-09 19:50 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll

2007-05-09 19:50 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL

2007-05-09 19:50 19,200 --a------ C:\WINDOWS\system\TAPI.DLL

2007-05-09 19:50 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll

2007-05-09 19:50 15,360 --a------ C:\WINDOWS\TASKMAN.EXE

2007-05-09 19:50 13,312 --a------ C:\WINDOWS\system32\irclass.dll

2007-05-09 19:50 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL

2007-05-09 19:50 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys

2007-05-09 19:50 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL

2007-05-09 19:50 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll

2007-05-09 19:50 <DIR> dr------- C:\Program Files

2007-05-09 19:50 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents

2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2

2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot

2007-05-09 19:50 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines

2007-05-09 19:49 <DIR> d-------- C:\Documents and Settings

2007-05-09 19:44 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache

2007-05-09 19:44 <DIR> dr--s---- C:\WINDOWS\Fonts

2007-05-09 19:44 <DIR> dr------- C:\WINDOWS\Web

2007-05-09 19:44 <DIR> d-a------ C:\WINDOWS\system32

2007-05-09 19:44 <DIR> d--h----- C:\WINDOWS\inf

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\WinSxS

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\twain_32

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wins

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wbem

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\usmt

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\spool

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ShellExt

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\Setup

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ras

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\oobe

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\npp

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\mui

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\inetsrv

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\IME

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\icsxml

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ias

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\export

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\etc

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\dhcp

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\config

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3com_dmi

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3076

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\2052

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1054

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1042

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1041

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1037

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1033

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1031

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1028

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1025

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\security

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Resources

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\repair

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\mui

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msapps

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msagent

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Media

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\ime

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Help

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Driver Cache

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Debug

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Cursors

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Connection Wizard

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Config

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\AppPatch

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\addins

2007-05-09 19:44 <DIR> d-------- C:\WINDOWS

2007-05-09 18:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-05-09 18:29 <DIR> d-------- C:\HEMSIDA 2007

2007-05-09 18:28 <DIR> d-------- C:\HEMSIDA2

2007-05-09 18:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll

2007-05-09 18:21 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll

2007-05-09 18:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

2007-05-09 18:18 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Talkback

2007-05-09 18:15 <DIR> d-------- C:\Program Files\Skype

2007-05-09 18:15 <DIR> d-------- C:\Program Files\Common Files\Skype

2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Skype

2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype

2007-05-09 18:14 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\ICQ

2007-05-09 18:13 <DIR> d-------- C:\Program Files\ICQ6

2007-05-09 18:11 <DIR> d--hs---- C:\RECYCLER

2007-05-09 17:52 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution

2007-05-09 17:50 0 --a------ C:\WINDOWS\nsreg.dat

2007-05-09 17:47 75,512 --a------ C:\WINDOWS\zllsputility.exe

2007-05-09 17:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat

2007-05-09 17:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll

2007-05-09 17:47 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll

2007-05-09 17:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs

2007-05-09 17:45 <DIR> d-------- C:\WINDOWS\Internet Logs

2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\SoftwareDistribution

2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\Prefetch

2007-05-09 17:35 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys

2007-05-09 17:35 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe

2007-05-09 17:35 88,064 --a------ C:\WINDOWS\system32\p2pnetsh.dll

2007-05-09 17:35 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll

2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll

2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll

2007-05-09 17:35 81,920 --a------ C:\WINDOWS\system32\ieencode.dll

2007-05-09 17:35 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll

2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\smbinst.exe

2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll

2007-05-09 17:35 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys

2007-05-09 17:35 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll

2007-05-09 17:35 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll

2007-05-09 17:35 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll

2007-05-09 17:35 73,796 --a------ C:\WINDOWS\system32\slserv.exe

2007-05-09 17:35 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys

2007-05-09 17:35 71,680 --a------ C:\WINDOWS\system32\blastcln.exe

2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsno.dll

2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsfi.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdukx.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdno1.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdfi1.dll

2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll

2007-05-09 17:35 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys

2007-05-09 17:35 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys

2007-05-09 17:35 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys

2007-05-09 17:35 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys

2007-05-09 17:35 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll

2007-05-09 17:35 60,416 --a------ C:\WINDOWS\system32\fwcfg.dll

2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinmal.dll

2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinben.dll

2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt48.dll

2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt47.dll

2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdinbe1.dll

2007-05-09 17:35 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys

2007-05-09 17:35 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys

2007-05-09 17:35 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys

2007-05-09 17:35 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys

2007-05-09 17:35 549,720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-05-09 17:35 526,848 --a------ C:\WINDOWS\system32\p2psvc.dll

2007-05-09 17:35 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys

2007-05-09 17:35 50,688 --a------ C:\WINDOWS\system32\btpanui.dll

2007-05-09 17:35 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll

2007-05-09 17:35 5,632 --a------ C:\WINDOWS\system32\kbdmaori.dll

2007-05-09 17:35 49,152 --a------ C:\WINDOWS\system32\powercfg.exe

2007-05-09 17:35 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll

2007-05-09 17:35 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys

2007-05-09 17:35 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys

2007-05-09 17:35 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys

2007-05-09 17:35 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys

2007-05-09 17:35 44,032 --a------ C:\WINDOWS\system32\twext.dll

2007-05-09 17:35 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll

2007-05-09 17:35 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys

2007-05-09 17:35 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys

2007-05-09 17:35 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys

2007-05-09 17:35 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys

2007-05-09 17:35 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys

2007-05-09 17:35 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys

2007-05-09 17:35 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys

2007-05-09 17:35 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-05-09 17:35 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll

2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll

2007-05-09 17:35 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll

2007-05-09 17:35 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys

2007-05-09 17:35 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll

2007-05-09 17:35 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys

2007-05-09 17:35 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys

2007-05-09 17:35 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys

2007-05-09 17:35 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys

2007-05-09 17:35 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll

2007-05-09 17:35 33,624 --a------ C:\WINDOWS\system32\wups.dll

2007-05-09 17:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys

2007-05-09 17:35 325,976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-05-09 17:35 32,866 --a------ C:\WINDOWS\system32\slrundll.exe

2007-05-09 17:35 32,866 --------- C:\WINDOWS\slrundll.exe

2007-05-09 17:35 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll

2007-05-09 17:35 32,285 --a------ C:\WINDOWS\system32\hsfcisp2.dll

2007-05-09 17:35 314,880 --a------ C:\WINDOWS\system32\wmpdxm.dll

2007-05-09 17:35 312,320 --a------ C:\WINDOWS\system32\p2pgraph.dll

2007-05-09 17:35 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys

2007-05-09 17:35 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys

2007-05-09 17:35 30,208 --a------ C:\WINDOWS\system32\bthserv.dll

2007-05-09 17:35 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys

2007-05-09 17:35 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll

2007-05-09 17:35 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll

2007-05-09 17:35 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll

2007-05-09 17:35 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll

2007-05-09 17:35 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll

2007-05-09 17:35 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll

2007-05-09 17:35 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll

2007-05-09 17:35 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys

2007-05-09 17:35 29,184 --a------ C:\WINDOWS\system32\sdhcinst.dll

2007-05-09 17:35 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys

2007-05-09 17:35 286,792 --a------ C:\WINDOWS\system32\slextspk.dll

2007-05-09 17:35 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys

2007-05-09 17:35 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys

2007-05-09 17:35 27,136 --a------ C:\WINDOWS\system32\mspmsnsv.dll

2007-05-09 17:35 262,784 --------- C:\WINDOWS\system32\drivers\http.sys

2007-05-09 17:35 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys

2007-05-09 17:35 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys

2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys

2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll

2007-05-09 17:35 242,688 --a------ C:\WINDOWS\system32\wmpasf.dll

2007-05-09 17:35 24,576 --a------ C:\WINDOWS\system32\httpapi.dll

2007-05-09 17:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe

2007-05-09 17:35 227,328 --a------ C:\WINDOWS\system32\wmerror.dll

2007-05-09 17:35 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys

2007-05-09 17:35 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys

2007-05-09 17:35 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys

2007-05-09 17:35 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll

2007-05-09 17:35 203,096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-05-09 17:35 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll

2007-05-09 17:35 20,992 --a------ C:\WINDOWS\system32\bthci.dll

2007-05-09 17:35 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll

2007-05-09 17:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll

2007-05-09 17:35 193,024 --a------ C:\WINDOWS\system32\fsquirt.exe

2007-05-09 17:35 188,508 --a------ C:\WINDOWS\system32\slgen.dll

2007-05-09 17:35 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll

2007-05-09 17:35 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys

2007-05-09 17:35 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys

2007-05-09 17:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe

2007-05-09 17:35 17,408 --a------ C:\WINDOWS\system32\winshfhc.dll

2007-05-09 17:35 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll

2007-05-09 17:35 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys

2007-05-09 17:35 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys

2007-05-09 17:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll

2007-05-09 17:35 157,184 --a------ C:\WINDOWS\system32\wmidx.dll

2007-05-09 17:35 15,872 --a------ C:\WINDOWS\system32\w3ssl.dll

2007-05-09 17:35 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys

2007-05-09 17:35 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll

2007-05-09 17:35 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys

2007-05-09 17:35 14,336 --a------ C:\WINDOWS\system32\auditusr.exe

2007-05-09 17:35 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys

2007-05-09 17:35 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll

2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\wscntfy.exe

2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\cmsetacl.dll

2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys

2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys

2007-05-09 17:35 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys

2007-05-09 17:35 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys

2007-05-09 17:35 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys

2007-05-09 17:35 129,536 --a------ C:\WINDOWS\system32\xmlprov.dll

2007-05-09 17:35 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys

2007-05-09 17:35 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys

2007-05-09 17:35 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys

2007-05-09 17:35 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll

2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys

2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys

2007-05-09 17:35 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys

2007-05-09 17:35 118,784 --a------ C:\WINDOWS\system32\msdadiag.dll

2007-05-09 17:35 116,224 --a------ C:\WINDOWS\system32\p2p.dll

2007-05-09 17:35 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys

2007-05-09 17:35 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys

2007-05-09 17:35 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys

2007-05-09 17:35 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys

2007-05-09 17:35 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys

2007-05-09 17:35 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll

2007-05-09 17:35 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll

2007-05-09 17:35 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys

2007-05-09 17:35 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys

2007-05-09 17:35 108,032 --a------ C:\WINDOWS\system32\wshbth.dll

2007-05-09 17:35 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys

2007-05-09 17:35 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys

2007-05-09 17:35 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys

2007-05-09 17:35 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-05-09 17:35 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll

2007-05-09 17:35 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll

2007-05-09 17:35 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll

2007-05-09 17:35 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys

2007-05-09 17:35 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys

2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\provisioning

2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\peernet

2007-05-09 17:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2007-05-09 17:31 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll

2007-05-09 17:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups

2007-05-09 17:29 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe

2007-05-09 17:27 <DIR> d-------- C:\WINDOWS\EHome

2007-05-09 17:23 <DIR> d-------- C:\WINDOWS\system32\appmgmt

2007-05-09 17:19 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe

2007-05-09 17:19 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2007-05-09 17:19 <DIR> d-------- C:\Program Files\ATI Technologies

2007-05-09 17:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield

2007-05-09 17:18 <DIR> d-------- C:\ATI

2007-05-09 17:14 2,883,584 --ah----- C:\Documents and Settings\*\NTUSER.DAT

2007-05-09 17:14 2,883,584 --ah----- C:\DOCUME~1\*\NTUSER.DAT

2007-05-09 17:14 <DIR> d--hs---- C:\WINDOWS\Installer

2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT

2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT

2007-05-09 17:12 <DIR> d--hs---- C:\System Volume Information

2007-05-09 17:09 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT

2007-05-09 17:09 0 -rahs---- C:\MSDOS.SYS

2007-05-09 17:09 0 -rahs---- C:\IO.SYS

2007-05-09 17:09 0 --a------ C:\CONFIG.SYS

2007-05-09 17:09 0 --a------ C:\AUTOEXEC.BAT

2007-05-09 17:09 <DIR> d-------- C:\WINDOWS\system32\xircom

2007-05-09 17:09 <DIR> d-------- C:\Program Files\microsoft frontpage

2007-05-09 17:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll

2007-05-09 17:08 <DIR> dr------- C:\WINDOWS\Offline Web Pages

2007-05-09 17:08 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM

2007-05-09 17:08 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files

2007-05-09 17:07 45,568 --a------ C:\WINDOWS\system32\safrslv.dll

2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll

2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll

2007-05-09 17:07 29,696 --a------ C:\WINDOWS\system32\safrdm.dll

2007-05-09 17:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll

2007-05-09 17:07 <DIR> d-------- C:\WINDOWS\system32\DirectX

2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll

2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\ils.dll

2007-05-09 17:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll

2007-05-09 17:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys

2007-05-09 17:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll

2007-05-09 17:06 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll

2007-05-09 17:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll

2007-05-09 17:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll

2007-05-09 17:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll

2007-05-09 17:06 48,128 --a------ C:\WINDOWS\system32\inetres.dll

2007-05-09 17:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll

2007-05-09 17:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll

2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe

2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll

2007-05-09 17:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll

2007-05-09 17:06 274,944 --a------ C:\WINDOWS\system32\mstask.dll

2007-05-09 17:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll

2007-05-09 17:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll

2007-05-09 17:06 239,104 --a------ C:\WINDOWS\system32\srrstr.dll

2007-05-09 17:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll

2007-05-09 17:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll

2007-05-09 17:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll

2007-05-09 17:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll

2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll

2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe

2007-05-09 17:06 105,984 --a------ C:\WINDOWS\system32\msoert2.dll

2007-05-09 17:06 <DIR> d---s---- C:\WINDOWS\Tasks

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Restore

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Macromed

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\srchasst

2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\PCHealth

2007-05-09 17:06 <DIR> d-------- C:\Program Files\Movie Maker

2007-05-09 17:06 <DIR> d-------- C:\Program Files\Common Files\MSSoap

2007-05-09 17:05 5,632 --a------ C:\WINDOWS\system32\write.exe

2007-05-09 17:05 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat

2007-05-09 17:05 183,808 --a------ C:\WINDOWS\system32\accwiz.exe

2007-05-09 17:05 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe

2007-05-09 17:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe

2007-05-09 17:05 <DIR> d--h----- C:\Program Files\WindowsUpdate

2007-05-09 17:05 <DIR> d-------- C:\WINDOWS\Registration

2007-05-09 17:05 <DIR> d-------- C:\Program Files\Online Services

2007-05-09 17:05 <DIR> d-------- C:\Program Files\MSN Gaming Zone

2007-05-09 17:05 <DIR> d-------- C:\Program Files\Messenger

2007-05-09 17:04 97,792 --a------ C:\WINDOWS\system32\comrepl.dll

2007-05-09 17:04 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll

2007-05-09 17:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll

2007-05-09 17:04 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll

2007-05-09 17:04 9,728 --a------ C:\WINDOWS\system32\reset.exe

2007-05-09 17:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll

2007-05-09 17:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll

2007-05-09 17:04 80,384 --a------ C:\WINDOWS\system32\charmap.exe

2007-05-09 17:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll

2007-05-09 17:04 67,072 --a------ C:\WINDOWS\system32\rdshost.exe

2007-05-09 17:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll

2007-05-09 17:04 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll

2007-05-09 17:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe

2007-05-09 17:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll

2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\remotepg.dll

2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\colbact.dll

2007-05-09 17:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll

2007-05-09 17:04 6,144 --a------ C:\WINDOWS\system32\msdtc.exe

2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll

2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll

2007-05-09 17:04 56,832 --a------ C:\WINDOWS\system32\sol.exe

2007-05-09 17:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll

2007-05-09 17:04 55,296 --a------ C:\WINDOWS\system32\freecell.exe

2007-05-09 17:04 540,160 --a------ C:\WINDOWS\system32\comuid.dll

2007-05-09 17:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll

2007-05-09 17:04 538,624 --a------ C:\WINDOWS\system32\spider.exe

2007-05-09 17:04 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-05-09 17:04 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe

2007-05-09 17:04 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll

2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe

2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll

2007-05-09 17:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll

2007-05-09 17:04 407,552 --a------ C:\WINDOWS\system32\mstsc.exe

2007-05-09 17:04 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys

2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll

2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\mtxex.dll

2007-05-09 17:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll

2007-05-09 17:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe

2007-05-09 17:04 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll

2007-05-09 17:04 343,040 --a------ C:\WINDOWS\system32\mspaint.exe

2007-05-09 17:04 33,792 --a------ C:\WINDOWS\system32\regini.exe

2007-05-09 17:04 295,424 --a------ C:\WINDOWS\system32\termsrv.dll

2007-05-09 17:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll

2007-05-09 17:04 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll

2007-05-09 17:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll

2007-05-09 17:04 225,792 --a------ C:\WINDOWS\system32\catsrv.dll

2007-05-09 17:04 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe

2007-05-09 17:04 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys

2007-05-09 17:04 20,992 --a------ C:\WINDOWS\system32\msg.exe

2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\qprocess.exe

2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll

2007-05-09 17:04 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys

2007-05-09 17:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll

2007-05-09 17:04 185,344 --a------ C:\WINDOWS\system32\cmprops.dll

2007-05-09 17:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll

2007-05-09 17:04 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll

2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe

2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe

2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\tskill.exe

2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll

2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe

2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll

2007-05-09 17:04 15,360 --a------ C:\WINDOWS\system32\logoff.exe

2007-05-09 17:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll

2007-05-09 17:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll

2007-05-09 17:04 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe

2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe

2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tscon.exe

2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\shadow.exe

2007-05-09 17:04 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys

2007-05-09 17:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe

2007-05-09 17:04 126,976 --a------ C:\WINDOWS\system32\mshearts.exe

2007-05-09 17:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe

2007-05-09 17:04 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys

2007-05-09 17:04 119,808 --a------ C:\WINDOWS\system32\winmine.exe

2007-05-09 17:04 114,688 --a------ C:\WINDOWS\system32\calc.exe

2007-05-09 17:04 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll

2007-05-09 17:04 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll

2007-05-09 17:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll

2007-05-09 17:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe

2007-05-09 17:04 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-05-09 17:04 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll

2007-05-09 17:04 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd

2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\MsDtc

2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\Com

2007-05-09 17:04 <DIR> d-------- C:\Program Files\Windows NT

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll

2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat

2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll

2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll

2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll

2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll

2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll

2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Snabbstart.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Snabbstart.lnk

backup=C:\WINDOWS\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^Adobe Gamma.lnk]

path=C:\Documents and Settings\*\Start Menu\Programs\Startup\Adobe Gamma.lnk

backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

E:\Skanner\HP Software Update\HPWuSchd2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

"C:\Program Files\Messenger\msmsgs.exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\qttask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

 

 

********************************************************************

 

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-05-30 13:15:26

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

 

********************************************************************

 

Completion time: 2007-05-30 13:15:52

C:\ComboFix-quarantined-files.txt ... 2007-05-30 13:15

C:\ComboFix2.txt ... 2007-05-30 10:12

 

--- E O F ---

Share this post


Link to post
Share on other sites

and also the Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 13:16:58, on 30.5.2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\devldr32.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Hijackthis\HiJackThis_v2.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 3872 bytes

Share this post


Link to post
Share on other sites

Hi,

 

Well, the rootkit is gone as far as I can see.

 

This entry is still present which I asked you to fix previously:

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

 

But just leave it, it is set by combofix and by default, an about:blank entry shouldn't display in HijackThis since it is whitelisted. But I figured out that this version of HijackThis you are using doesn't whitelist that entry.

So no need to fix that entry in HijackThis anymore. :)

 

How are things now? Popups gone?

Share this post


Link to post
Share on other sites

I did check and fix the R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

but it is still showing up. But if it is Ok for you then it is OK for me too.:)

 

And aH! what a relief. The popups are nothing but history.

Also seem that my browser is stable and does neither hang or slow down.

My computer overall seem a whole lot less stressed.

 

So I thank you mikie for all your help. ^_^

*handing over a cinnamon bun and a glass of milk*

Share this post


Link to post
Share on other sites

Glad I could help. :)

 

Please read my Prevention page with lots of info and tips how to prevent this in the future.

And if you want to improve speed/system performance after malware removal, take a look here.

 

Happy Surfing again!

Share this post


Link to post
Share on other sites

Since this issue appears resolved ... this Topic is closed.

 

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here

This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0