Jump to content


Photo

A whole lotta Boom Boom in my registry and stuff.


  • This topic is locked This topic is locked
15 replies to this topic

#1 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 22 May 2007 - 05:59 PM

Hi, after I formatted my hardisk and made a clean reinstall of XP two weeks ago I have been suffering from bad internet connection and popups and other annoying things. For example my computer doesnt always find the connection when I startup. But as one also can see, when reading the reports, the system seem to be full of ugly stuff.
Here is two virusscan logs followed up by a Hijackthis log.Even Adaware and Spybot have been used. So if you think that you can help me get my computer back in business please let me know what to do. Any help is
appretiated. :blink:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 22, 2007 8:59:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 22/05/2007
Kaspersky Anti-Virus database records: 326545
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\WINDOWS
C:\DOCUME~1\*\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 21108
Number of viruses found: 7
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 00:15:49

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\DATAFLESH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4E77F08C-31B5-4388-97A2-7EE566388BBD}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\iifgdbx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\jnftupew.dll Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\system32\kcmigcja.dll Infected: Packed.Win32.Klone.j skipped
C:\WINDOWS\system32\mlljk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\system32\nnnolji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\opnmkjh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\opnnkhf.dll Object is locked skipped
C:\WINDOWS\system32\ssqqqqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\uqfiqeio.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\system32\urqronm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wintfj32.dll Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\Perflib_Perfdata_730.dat Object is locked skipped
C:\WINDOWS\Temp\win40B2.tmp.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\WINDOWS\Temp\win40B6.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\win40BA.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\winC8.tmp.exe Infected: Trojan.Win32.Agent.qt skipped
C:\WINDOWS\Temp\winCD.tmp Object is locked skipped
C:\WINDOWS\Temp\ZLT02f0e.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT02f12.TMP Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\*\LOCALS~1\Temp\~DFF76C.tmp Object is locked skipped
Scan process completed.
-----------------------------------------------------------------------------------------------------------------------------

BitDefender Online Scanner

Scan report generated at: Tue, May 22, 2007 - 21:59:59
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
00:55:29
Files
403805
Folders
4209
Boot Sectors
3
Archives
3189
Packed Files
17901
Results
Identified Viruses
12
Infected Files
37
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
48
Engines Info
Virus Definitions
507808
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4VSDAZAZ\bugcheck[1].htm
Infected with: Generic.Malware.dld!!.16D584BC
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4VSDAZAZ\bugcheck[1].htm
Disinfection failed
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4VSDAZAZ\bugcheck[1].htm
Deleted

C:\Documents and Settings\*\.housecall6.6\Quarantine\antzom[1].exe.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Agent.AUJ
C:\Documents and Settings\*\.housecall6.6\Quarantine\antzom[1].exe.bac_a02456=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\antzom[1].exe.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\inlw.exe.bac_a00292=>(Quarantine-4)
Infected with: Dropped:Trojan.Clicker.Agent.IS
C:\Documents and Settings\*\.housecall6.6\Quarantine\inlw.exe.bac_a00292=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\inlw.exe.bac_a00292=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\kiuijdkk.dll.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Spy.VBStat.B
C:\Documents and Settings\*\.housecall6.6\Quarantine\kiuijdkk.dll.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\kulkgtvh.dll.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Spy.VBStat.B
C:\Documents and Settings\*\.housecall6.6\Quarantine\kulkgtvh.dll.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\ntttvmir.dll.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Spy.VBStat.B
C:\Documents and Settings\*\.housecall6.6\Quarantine\ntttvmir.dll.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\tufrwxvb.dll.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Spy.VBStat.B
C:\Documents and Settings\*\.housecall6.6\Quarantine\tufrwxvb.dll.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\vwjrmrmur[1].htm.bac_a00292=>(Quarantine-4)
Infected with: Dropped:Trojan.Clicker.Agent.IS
C:\Documents and Settings\*\.housecall6.6\Quarantine\vwjrmrmur[1].htm.bac_a00292=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\vwjrmrmur[1].htm.bac_a00292=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\wbgrsota.dll.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Spy.VBStat.B
C:\Documents and Settings\*\.housecall6.6\Quarantine\wbgrsota.dll.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\win23.tmp.exe.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Agent.AUJ
C:\Documents and Settings\*\.housecall6.6\Quarantine\win23.tmp.exe.bac_a02456=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\win23.tmp.exe.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\win43.tmp.exe.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Agent.AUJ
C:\Documents and Settings\*\.housecall6.6\Quarantine\win43.tmp.exe.bac_a02456=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\win43.tmp.exe.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\wintfj32.dll.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Agent.AAAN
C:\Documents and Settings\*\.housecall6.6\Quarantine\wintfj32.dll.bac_a02456=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\wintfj32.dll.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13D.tmp.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Agent.AAAN
C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13D.tmp.bac_a02456=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13D.tmp.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13F.tmp.bac_a02456=>(Quarantine-4)
Infected with: Trojan.Agent.AAAN
C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13F.tmp.bac_a02456=>(Quarantine-4)
Disinfection failed
C:\Documents and Settings\*\.housecall6.6\Quarantine\wnd13F.tmp.bac_a02456=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\.housecall6.6\Quarantine\xkpgojx[1].htm.bac_a00292=>(Quarantine-4)
Infected with: Trojan.Downloader.Porndials.A
C:\Documents and Settings\*\.housecall6.6\Quarantine\xkpgojx[1].htm.bac_a00292=>(Quarantine-4)
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)
Infected with: Win32.Worm.Stration.FC.m
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe
Infected with: Win32.Warezov.GQ@mm
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)=>Update-KB6140-x86.zip
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 10:31:26 +0200]=>(MIME part)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 548)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Infected with: Win32.Worm.Stration.FC.m
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Infected with: Win32.Worm.Stration.FC.m
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe
Infected with: Win32.Warezov.GQ@mm
C:\Documents and Settings\*Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip=>Update-KB6140-x86.exe
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)=>Update-KB6140-x86.zip
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)=>[Subject: ***SPAM*** Mail server report.][Date: \F, 21 D 2007 10:37:09 +0200]=>(MIME part)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 549)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)
Infected with: Win32.Worm.Stration.FC.m
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)[/color]
Infected with: Win32.Worm.Stration.FC.m
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip=>Update-KB1378-x86.exe
Infected with: Win32.Warezov.GQ@mm
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip=>Update-KB1378-x86.exe
Disinfection failed
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip=>Update-KB1378-x86.exe
Deleted
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)=>Update-KB1378-x86.zip
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)=>[Subject: ***SPAM*** Mail server report.][Date: , 21  2007 11:35:02 +0300]=>(MIME part)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox=>(message 550)
Updated
C:\Documents and Settings\*\Application Data\Thunderbird\Profiles\9etm0fd7.default\Mail\Local Folders\Inbox
Updated
C:\Documents and Settings\*\Local Settings\Temporary Internet Files\Content.IE5\NGDMM38M\antzom[1].exe
Infected with: Trojan.Agent.AUJ
C:\Documents and Settings\*\Local Settings\Temporary Internet Files\Content.IE5\NGDMM38M\antzom[1].exe
Disinfection failed
C:\Documents and Settings\*\Local Settings\Temporary Internet Files\Content.IE5\NGDMM38M\antzom[1].exe
Deleted
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000760.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000760.dll
Deleted
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000761.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000761.dll
Deleted
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000762.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000762.dll
Deleted
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000763.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000763.dll
Deleted
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000764.dll
Infected with: Trojan.Spy.VBStat.B
C:\System Volume Information\_restore{874DF18C-F454-465C-82C7-648C64F3380D}\RP6\A0000764.dll
Deleted
C:\WINDOWS\system32\iifgdbx.dll
Infected with: MemScan:Trojan.Vundo.DLO
C:\WINDOWS\system32\iifgdbx.dll
Disinfection failed
C:\WINDOWS\system32\iifgdbx.dll
Deleted
C:\WINDOWS\system32\jnftupew.dll
Infected with: MemScan:Trojan.BHO.BG
C:\WINDOWS\system32\jnftupew.dll
Disinfection failed
C:\WINDOWS\system32\jnftupew.dll
Delete failed
C:\WINDOWS\system32\kcmigcja.dll
Infected with: Trojan.BHO.AR
C:\WINDOWS\system32\kcmigcja.dll
Disinfection failed
C:\WINDOWS\system32\kcmigcja.dll
Delete failed
C:\WINDOWS\system32\wintfj32.dll
Infected with: Trojan.Agent.AAAN
C:\WINDOWS\system32\wintfj32.dll
Disinfection failed
C:\WINDOWS\system32\wintfj32.dll
Delete failed
C:\WINDOWS\Temp\47D2BAEC.exe
Infected with: Generic.Malware.dld!!.16D584BC
C:\WINDOWS\Temp\47D2BAEC.exe
Disinfection failed
C:\WINDOWS\Temp\47D2BAEC.exe
Deleted
C:\WINDOWS\Temp\win40B6.tmp.exe
Infected with: Trojan.Agent.AUJ
C:\WINDOWS\Temp\win40B6.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win40B6.tmp.exe
Deleted
C:\WINDOWS\Temp\win40BA.tmp.exe
Infected with: Trojan.Agent.QT
C:\WINDOWS\Temp\win40BA.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\win40BA.tmp.exe
Deleted
C:\WINDOWS\Temp\winC8.tmp.exe
Infected with: Trojan.Agent.AUJ[color=#FF0000]
C:\WINDOWS\Temp\winC8.tmp.exe
Disinfection failed
C:\WINDOWS\Temp\winC8.tmp.exe
Deleted

------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:07:50, on 23.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\jnftupew.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7781C800-DC0C-44A1-8F67-724DC95C5B11} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\kcmigcja.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll
O2 - BHO: (no name) - {EDA72771-EEC5-493C-867D-3713DC90657E} - C:\WINDOWS\system32\opnnkhf.dll (file missing)
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O20 - Winlogon Notify: opnnkhf - opnnkhf.dll (file missing)
O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5097 bytes

#2 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 24 May 2007 - 08:03 AM

Hi again. Well I have run several cleaning programs and online antivirus stuff so now my log looks like this. The 02 and 020 entries in the list makes me suspect that it could be a virus called Vundo?

I have had some IE windows popping up now even if I always use firefox. And another thing that seems to happen now and then is that there is some randomly named program that want to contact internet. The name consist mainly of numbers. I do not give them permission to sneak out. This you cant see in the running programs list in the log file. Because it wasnt running at the moment when I did the scan.

Here is the latest log.
--------------------------------------------------------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:51:15, on 24.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O2 - BHO: (no name) - {8B27CF84-76C8-4895-818C-FD6CE418A328} - C:\WINDOWS\system32\mlljk.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4233 bytes

#3 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 25 May 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#4 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 29 May 2007 - 09:22 AM

Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#5 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 03:25 AM

Ok mikie. I followed your instructions and here are the results. :)

COMBOFIX


"*" - 2007-05-30 10:08:08 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\*\Desktop\"

Rootkit driver xpdt is present. ... attempting disinfection
xpdt ...... driver unloaded successfully.
ADS removed - system32: deleted 78580 bytes in 1 streams.

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\eqldurtv.dll
C:\WINDOWS\system32\gacvvqau.dll
C:\WINDOWS\system32\henvfiui.dll
C:\WINDOWS\system32\jphabrlj.dll
C:\WINDOWS\system32\myyetmwt.dll
C:\WINDOWS\system32\uqfiqeio.dll
C:\WINDOWS\system32\wagjxdkq.dll
C:\WINDOWS\system32\wuvujixc.dll
C:\WINDOWS\system32\xrqvrmkw.dll
C:\WINDOWS\system32\nnnolji.dll
C:\WINDOWS\system32\opnmkjh.dll
C:\WINDOWS\system32\ssqqqqo.dll
C:\WINDOWS\system32\vtrudlqe.ini
C:\WINDOWS\system32\uaqvvcag.ini
C:\WINDOWS\system32\iuifvneh.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\oieqifqu.ini
C:\WINDOWS\system32\cxijuvuw.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\urqronm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


2007-05-28 14:51 124,436 --a------ C:\WINDOWS\system32\cofkynos.dll
2007-05-24 17:53 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Media Player Classic
2007-05-23 23:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-23 22:25 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Lavasoft
2007-05-23 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-22 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-22 20:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-22 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-22 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-22 16:44 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-22 14:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-21 18:04 <DIR> d---s---- C:\Documents and Settings\*\UserData
2007-05-21 18:04 <DIR> d---s---- C:\DOCUME~1\*\UserData
2007-05-21 13:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-21 13:00 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-05-21 13:00 <DIR> d-------- C:\Program Files\Winamp
2007-05-18 13:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-17 12:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Azureus
2007-05-17 12:05 <DIR> d-------- C:\Program Files\Azureus
2007-05-16 22:07 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-05-16 22:07 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-05-16 18:20 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-16 18:15 <DIR> d-------- C:\Documents and Settings\*\.housecall6.6
2007-05-16 18:15 <DIR> d-------- C:\DOCUME~1\*\.housecall6.6
2007-05-16 18:10 614,191 --a------ C:\WINDOWS\system32\RegistryCleanerSetup.exe
2007-05-16 18:10 <DIR> d-------- C:\Program Files\RegistryCleaner
2007-05-16 18:08 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-05-16 18:08 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-05-16 16:39 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\muvee Technologies
2007-05-16 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
2007-05-16 00:44 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Ahead
2007-05-16 00:43 <DIR> d-------- C:\Program Files\Nero
2007-05-16 00:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-15 16:35 <DIR> d-------- C:\Program Files\Alex Feinman
2007-05-15 16:28 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2007-05-15 14:57 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-05-15 14:55 <DIR> d-------- C:\WINDOWS\Adobe Illustrator CS
2007-05-15 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-15 14:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-15 13:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-15 13:51 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-15 13:48 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-14 18:28 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\HP
2007-05-14 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-05-14 18:21 <DIR> d-------- C:\Program Files\Common Files\HP
2007-05-14 18:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-14 18:18 430,080 -ra------ C:\WINDOWS\system32\hp3800co.dll
2007-05-14 18:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-14 18:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-14 18:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-05-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-05-14 18:16 <DIR> d-------- C:\Program Files\HP
2007-05-14 18:14 173 --------- C:\WINDOWS\hpgmdl13.dat
2007-05-14 18:14 101,822 --a------ C:\WINDOWS\hpgins13.dat
2007-05-14 16:51 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-05-14 16:51 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-05-14 16:51 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-05-14 16:51 54,784 -ra------ C:\WINDOWS\system32\RedEye.dll
2007-05-14 16:51 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll
2007-05-14 16:51 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-14 16:51 48,128 -ra------ C:\WINDOWS\system32\picn20.dll
2007-05-14 16:51 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-05-14 16:51 2,867,200 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll
2007-05-14 16:51 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2007-05-14 16:51 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll
2007-05-14 16:51 176,128 -ra------ C:\WINDOWS\system32\Strato4.dll
2007-05-14 16:51 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll
2007-05-14 16:51 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll
2007-05-14 16:51 106,496 --a------ C:\WINDOWS\system32\ATL71.DLL
2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-05-14 16:51 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Nikon
2007-05-14 16:50 73,728 --a------ C:\WINDOWS\system32\LFFAX12N.DLL
2007-05-14 16:50 60,416 --a------ C:\WINDOWS\system32\LFPCT12N.DLL
2007-05-14 16:50 434,176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL
2007-05-14 16:50 406,016 --a------ C:\WINDOWS\system32\LTKRN12N.DLL
2007-05-14 16:50 36,864 --a------ C:\WINDOWS\system32\LFPSD12N.DLL
2007-05-14 16:50 358,912 --a------ C:\WINDOWS\system32\LFCMP12N.DLL
2007-05-14 16:50 30,720 --a------ C:\WINDOWS\system32\LFBMP12N.DLL
2007-05-14 16:50 26,112 --a------ C:\WINDOWS\system32\LFPCX12N.DLL
2007-05-14 16:50 259,072 --a------ C:\WINDOWS\system32\LTDIS12N.DLL
2007-05-14 16:50 230,400 --a------ C:\WINDOWS\system32\DC265.DLL
2007-05-14 16:50 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2007-05-14 16:50 207,872 --a------ C:\WINDOWS\system32\LTEFX12N.DLL
2007-05-14 16:50 19,968 --a------ C:\WINDOWS\system32\LFPCD12N.DLL
2007-05-14 16:50 181,248 --a------ C:\WINDOWS\system32\LFPNG12N.DLL
2007-05-14 16:50 164,864 --a------ C:\WINDOWS\system32\LTIMG12N.DLL
2007-05-14 16:50 141,312 --a------ C:\WINDOWS\system32\LFTIF12N.DLL
2007-05-14 16:50 131,072 --a------ C:\WINDOWS\system32\LTFIL12N.DLL
2007-05-14 16:50 <DIR> d-------- C:\Program Files\Nikon
2007-05-14 16:49 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-05-14 16:49 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-05-14 16:49 <DIR> d-------- C:\Program Files\QuickTime
2007-05-14 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-05-12 10:41 <DIR> d-------- C:\WINDOWS\pss
2007-05-11 13:38 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-11 13:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-11 13:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-11 13:38 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-11 13:38 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-11 13:38 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-11 13:37 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-11 13:37 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-11 13:37 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-11 13:37 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-11 08:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-11 01:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-10 18:20 <DIR> d-------- C:\Program Files\Shareaza
2007-05-10 18:20 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Shareaza
2007-05-10 13:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-10 13:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-10 09:35 <DIR> d-------- C:\Program Files\Gspot
2007-05-09 22:50 1,286 --a------ C:\WINDOWS\mozver.dat
2007-05-09 20:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-05-09 20:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Thunderbird
2007-05-09 19:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-09 19:53 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-09 19:53 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-09 19:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-09 19:53 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-09 19:53 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-05-09 19:53 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-09 19:53 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-09 19:53 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-09 19:53 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-09 19:53 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-09 19:53 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-09 19:52 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-09 19:52 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-09 19:52 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
2007-05-09 19:52 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-05-09 19:52 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-09 19:52 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2007-05-09 19:52 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2007-05-09 19:52 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
2007-05-09 19:52 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-05-09 19:52 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
2007-05-09 19:52 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2007-05-09 19:52 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2007-05-09 19:52 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2007-05-09 19:52 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-05-09 19:52 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-09 19:52 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-05-09 19:51 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-09 19:50 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-09 19:50 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-09 19:50 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-09 19:50 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-09 19:50 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-09 19:50 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-09 19:50 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-09 19:50 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-09 19:50 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-09 19:50 69,120 --a------ C:\WINDOWS\notepad.exe
2007-05-09 19:50 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-09 19:50 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-09 19:50 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-09 19:50 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-09 19:50 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-09 19:50 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-09 19:50 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-09 19:50 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-09 19:50 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-09 19:50 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-09 19:50 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-09 19:50 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-09 19:50 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-09 19:50 <DIR> dr------- C:\Program Files
2007-05-09 19:50 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-09 19:50 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-09 19:49 <DIR> d-------- C:\Documents and Settings
2007-05-09 19:44 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-09 19:44 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-09 19:44 <DIR> dr------- C:\WINDOWS\Web
2007-05-09 19:44 <DIR> d-a------ C:\WINDOWS\system32
2007-05-09 19:44 <DIR> d--h----- C:\WINDOWS\inf
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\security
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Resources
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\repair
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\mui
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msapps
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msagent
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Media
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\ime
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Help
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Debug
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Config
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\addins
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS
2007-05-09 18:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-05-09 18:29 <DIR> d-------- C:\HEMSIDA 2007
2007-05-09 18:28 <DIR> d-------- C:\HEMSIDA2
2007-05-09 18:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-09 18:21 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-09 18:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-09 18:18 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Talkback
2007-05-09 18:15 <DIR> d-------- C:\Program Files\Skype
2007-05-09 18:15 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Skype
2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-05-09 18:14 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\ICQ
2007-05-09 18:13 <DIR> d-------- C:\Program Files\ICQ6
2007-05-09 18:11 <DIR> d--hs---- C:\RECYCLER
2007-05-09 17:52 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-09 17:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-09 17:47 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-09 17:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-05-09 17:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-09 17:47 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-09 17:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-09 17:45 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-09 17:35 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-05-09 17:35 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe
2007-05-09 17:35 88,064 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-05-09 17:35 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-05-09 17:35 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2007-05-09 17:35 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\smbinst.exe
2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-09 17:35 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-05-09 17:35 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll
2007-05-09 17:35 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-05-09 17:35 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll
2007-05-09 17:35 73,796 --a------ C:\WINDOWS\system32\slserv.exe
2007-05-09 17:35 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-05-09 17:35 71,680 --a------ C:\WINDOWS\system32\blastcln.exe
2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsno.dll
2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsfi.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdukx.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdno1.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdfi1.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-09 17:35 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-05-09 17:35 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-05-09 17:35 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-05-09 17:35 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-05-09 17:35 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-05-09 17:35 60,416 --a------ C:\WINDOWS\system32\fwcfg.dll
2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinmal.dll
2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinben.dll
2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt48.dll
2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt47.dll
2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdinbe1.dll
2007-05-09 17:35 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-05-09 17:35 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-09 17:35 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-05-09 17:35 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-05-09 17:35 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-09 17:35 526,848 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-05-09 17:35 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-05-09 17:35 50,688 --a------ C:\WINDOWS\system32\btpanui.dll
2007-05-09 17:35 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll
2007-05-09 17:35 5,632 --a------ C:\WINDOWS\system32\kbdmaori.dll
2007-05-09 17:35 49,152 --a------ C:\WINDOWS\system32\powercfg.exe
2007-05-09 17:35 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-05-09 17:35 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-05-09 17:35 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-05-09 17:35 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-05-09 17:35 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-05-09 17:35 44,032 --a------ C:\WINDOWS\system32\twext.dll
2007-05-09 17:35 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-05-09 17:35 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-05-09 17:35 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-05-09 17:35 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-05-09 17:35 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-05-09 17:35 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-05-09 17:35 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-05-09 17:35 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-05-09 17:35 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-05-09 17:35 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-05-09 17:35 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll
2007-05-09 17:35 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-05-09 17:35 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll
2007-05-09 17:35 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-05-09 17:35 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-05-09 17:35 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-05-09 17:35 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-05-09 17:35 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2007-05-09 17:35 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-09 17:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-05-09 17:35 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-09 17:35 32,866 --a------ C:\WINDOWS\system32\slrundll.exe
2007-05-09 17:35 32,866 --------- C:\WINDOWS\slrundll.exe
2007-05-09 17:35 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2007-05-09 17:35 32,285 --a------ C:\WINDOWS\system32\hsfcisp2.dll
2007-05-09 17:35 314,880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-05-09 17:35 312,320 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-05-09 17:35 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-05-09 17:35 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-05-09 17:35 30,208 --a------ C:\WINDOWS\system32\bthserv.dll
2007-05-09 17:35 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-05-09 17:35 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-05-09 17:35 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-05-09 17:35 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-05-09 17:35 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-05-09 17:35 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-05-09 17:35 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-05-09 17:35 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-05-09 17:35 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-05-09 17:35 29,184 --a------ C:\WINDOWS\system32\sdhcinst.dll
2007-05-09 17:35 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-05-09 17:35 286,792 --a------ C:\WINDOWS\system32\slextspk.dll
2007-05-09 17:35 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-05-09 17:35 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-05-09 17:35 27,136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-05-09 17:35 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-05-09 17:35 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-05-09 17:35 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-05-09 17:35 242,688 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-05-09 17:35 24,576 --a------ C:\WINDOWS\system32\httpapi.dll
2007-05-09 17:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-09 17:35 227,328 --a------ C:\WINDOWS\system32\wmerror.dll
2007-05-09 17:35 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-05-09 17:35 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-05-09 17:35 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-05-09 17:35 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-05-09 17:35 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-09 17:35 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2007-05-09 17:35 20,992 --a------ C:\WINDOWS\system32\bthci.dll
2007-05-09 17:35 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-05-09 17:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-09 17:35 193,024 --a------ C:\WINDOWS\system32\fsquirt.exe
2007-05-09 17:35 188,508 --a------ C:\WINDOWS\system32\slgen.dll
2007-05-09 17:35 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2007-05-09 17:35 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-05-09 17:35 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-05-09 17:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-09 17:35 17,408 --a------ C:\WINDOWS\system32\winshfhc.dll
2007-05-09 17:35 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-05-09 17:35 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-05-09 17:35 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-05-09 17:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-09 17:35 157,184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-05-09 17:35 15,872 --a------ C:\WINDOWS\system32\w3ssl.dll
2007-05-09 17:35 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-09 17:35 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-05-09 17:35 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-05-09 17:35 14,336 --a------ C:\WINDOWS\system32\auditusr.exe
2007-05-09 17:35 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-05-09 17:35 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\wscntfy.exe
2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\cmsetacl.dll
2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-05-09 17:35 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-05-09 17:35 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-05-09 17:35 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-05-09 17:35 129,536 --a------ C:\WINDOWS\system32\xmlprov.dll
2007-05-09 17:35 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-05-09 17:35 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-09 17:35 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-05-09 17:35 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-05-09 17:35 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-05-09 17:35 118,784 --a------ C:\WINDOWS\system32\msdadiag.dll
2007-05-09 17:35 116,224 --a------ C:\WINDOWS\system32\p2p.dll
2007-05-09 17:35 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-05-09 17:35 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-05-09 17:35 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-05-09 17:35 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-05-09 17:35 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-05-09 17:35 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-05-09 17:35 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-05-09 17:35 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-05-09 17:35 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-05-09 17:35 108,032 --a------ C:\WINDOWS\system32\wshbth.dll
2007-05-09 17:35 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-05-09 17:35 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-05-09 17:35 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-05-09 17:35 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-05-09 17:35 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2007-05-09 17:35 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-05-09 17:35 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-05-09 17:35 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-05-09 17:35 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\provisioning
2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\peernet
2007-05-09 17:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-05-09 17:31 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-05-09 17:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-09 17:29 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-09 17:27 <DIR> d-------- C:\WINDOWS\EHome
2007-05-09 17:23 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-09 17:19 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-05-09 17:19 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-09 17:19 <DIR> d-------- C:\Program Files\ATI Technologies
2007-05-09 17:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-09 17:18 <DIR> d-------- C:\ATI
2007-05-09 17:14 2,883,584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2007-05-09 17:14 2,883,584 --ah----- C:\DOCUME~1\*\NTUSER.DAT
2007-05-09 17:14 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-09 17:12 <DIR> d--hs---- C:\System Volume Information
2007-05-09 17:09 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-09 17:09 0 -rahs---- C:\MSDOS.SYS
2007-05-09 17:09 0 -rahs---- C:\IO.SYS
2007-05-09 17:09 0 --a------ C:\CONFIG.SYS
2007-05-09 17:09 0 --a------ C:\AUTOEXEC.BAT
2007-05-09 17:09 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-09 17:09 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-09 17:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-09 17:08 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-09 17:08 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-09 17:08 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-09 17:07 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-09 17:07 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-09 17:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-09 17:07 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-09 17:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-09 17:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-09 17:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-09 17:06 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-09 17:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-09 17:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-09 17:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-09 17:06 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-09 17:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-09 17:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-09 17:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-09 17:06 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-09 17:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-09 17:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-09 17:06 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-09 17:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-09 17:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-09 17:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-09 17:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-09 17:06 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-09 17:06 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\PCHealth
2007-05-09 17:06 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-09 17:06 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-09 17:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-09 17:05 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-09 17:05 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-09 17:05 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-09 17:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-09 17:05 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-09 17:05 <DIR> d-------- C:\WINDOWS\Registration
2007-05-09 17:05 <DIR> d-------- C:\Program Files\Online Services
2007-05-09 17:05 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-09 17:05 <DIR> d-------- C:\Program Files\Messenger
2007-05-09 17:04 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-09 17:04 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-09 17:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-09 17:04 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-09 17:04 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-09 17:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-09 17:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-09 17:04 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-09 17:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-09 17:04 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-09 17:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-09 17:04 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-09 17:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-09 17:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-09 17:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-09 17:04 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-09 17:04 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-09 17:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-09 17:04 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-09 17:04 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-09 17:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-09 17:04 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-09 17:04 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-09 17:04 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-09 17:04 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-09 17:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-09 17:04 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-09 17:04 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-09 17:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-09 17:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-09 17:04 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-09 17:04 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-09 17:04 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-09 17:04 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-09 17:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-09 17:04 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-09 17:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-09 17:04 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-09 17:04 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-09 17:04 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-09 17:04 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-09 17:04 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-09 17:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-09 17:04 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-09 17:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-09 17:04 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-09 17:04 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-09 17:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-09 17:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-09 17:04 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-09 17:04 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-09 17:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-09 17:04 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-09 17:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-09 17:04 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-09 17:04 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-09 17:04 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-09 17:04 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-09 17:04 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-09 17:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-09 17:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-09 17:04 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-09 17:04 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-05-09 17:04 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-09 17:04 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{8157994B-3E01-4937-B478-0E218A35D8F4}=C:\WINDOWS\system32\cofkynos.dll [2007-05-28 14:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Snabbstart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Snabbstart.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
E:\Skanner\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_

Edited by specksturm, 30 May 2007 - 03:42 AM.


#6 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 May 2007 - 03:34 AM

Hi,

Your log from Combofix got cut off, so look where it stopped and post the rest in your next reply.

Also, use another reply to post your HijackThislog, because I need to see this log as well.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 03:40 AM

sorry for that. I edited it so now it should be the whole thing.

Edited by specksturm, 30 May 2007 - 03:40 AM.


#8 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 03:44 AM

just a moment, well that didnt seem to work either. I dunno why the whole log can be pasted in?

#9 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 03:47 AM

This is how it continues...

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcpipmon]
tcpipmon.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070524-153815-723
O20 - Winlogon Notify: wintfj32 - wintfj32.dll (file missing)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32]
"Asynchronous"=dword:00000001
"DllName"="wintfj32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"



backup-20070524-153814-260
O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]
"Asynchronous"=dword:00000001
"DllName"="urqronm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"



backup-20070524-153814-443
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"



backup-20070524-153814-985
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

backup-20070524-153814-517
O2 - BHO: (no name) - {8B27CF84-76C8-4895-818C-FD6CE418A328} - C:\WINDOWS\system32\mlljk.dll

backup-20070524-153814-915
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\bxwgyhcy.dll

backup-20070523-233716-346
O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

backup-20070523-233716-305
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

backup-20070523-230626-391
O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

backup-20070523-230156-632
O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]
"Asynchronous"=dword:00000001
"DllName"="urqronm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"



backup-20070523-230156-983
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"



backup-20070523-230140-690
O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]
"Asynchronous"=dword:00000001
"DllName"="urqronm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"



backup-20070523-230139-826
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"



backup-20070523-230139-559
O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

backup-20070523-230139-737
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

backup-20070523-230112-139
O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

backup-20070523-230112-964
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\myyetmwt.dll

backup-20070523-230112-744
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

backup-20070523-225422-538
O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

backup-20070523-225422-672
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

backup-20070523-225421-895
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

backup-20070523-225133-995
O20 - Winlogon Notify: wintfj32 - C:\WINDOWS\SYSTEM32\wintfj32.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32]
"Asynchronous"=dword:00000001
"DllName"="wintfj32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"



backup-20070523-225133-784
O20 - Winlogon Notify: urqronm - C:\WINDOWS\SYSTEM32\urqronm.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqronm]
"Asynchronous"=dword:00000001
"DllName"="urqronm.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"



backup-20070523-225133-733
O20 - Winlogon Notify: opnnkhf - opnnkhf.dll (file missing)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnnkhf]
"Asynchronous"=dword:00000001
"DllName"="opnnkhf.dll"
"Impersonate"=dword:00000000
"Logon"="Logon"
"Logoff"="Logoff"



backup-20070523-225133-833
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mlljk]
"Asynchronous"=dword:00000001
"DllName"="C:\\WINDOWS\\system32\\mlljk.dll"
"Impersonate"=dword:00000000
"Startup"="RealLogon"
"Logoff"="RealLogoff"



backup-20070523-225132-333
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab


backup-20070523-225131-711
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab


backup-20070523-225131-312
O2 - BHO: (no name) - {EDA72771-EEC5-493C-867D-3713DC90657E} - C:\WINDOWS\system32\opnnkhf.dll (file missing)

backup-20070523-225131-514
O2 - BHO: (no name) - {CE3A943C-4B58-4D54-9898-7284790A2686} - C:\WINDOWS\system32\mlljk.dll

backup-20070523-225131-157
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urqronm.dll

backup-20070523-225131-343
O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\kcmigcja.dll (file missing)

backup-20070523-225131-354
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

backup-20070523-225131-126
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

backup-20070523-225131-574
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\jnftupew.dll (file missing)
********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 10:12:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-30 10:12:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-30 10:12

--- E O F ---
...........................................................................................................................................................
*****************************************************************************************

HIJACK THIS

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:21:50, on 30.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Hijackthis\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\cofkynos.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4003 bytes

The Combofix found something called Rostock rootkit but did it also delete it?

#10 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 May 2007 - 04:56 AM

Hi,

The Combofix found something called Rostock rootkit but did it also delete it?

Normally yes, but we'll see afterwards...

First of all, I see you have RegistryCleaner installed. This is a so called registry cleaning tool supported by malware and damages more than it fixes. So uninstall RegistryCleaner.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {8157994B-3E01-4937-B478-0E218A35D8F4} - C:\WINDOWS\system32\cofkynos.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot your computer.

After reboot,

Delete next files and folder:

C:\WINDOWS\system32\RegistryCleanerSetup.exe
C:\WINDOWS\system32\cofkynos.dll <== if still present
C:\Program Files\RegistryCleaner <== folder

Then, Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tcpipmon]

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

Rescan with Combofix and post the log in your next reply together with a new HijackThislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#11 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 05:21 AM

First the combofix log

"*" - 2007-05-30 13:14:17 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\*\Desktop\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-30 ))))))))))))))))))))))))))))))))))


2007-05-30 10:12 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-24 17:53 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Media Player Classic
2007-05-23 23:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-23 22:25 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Lavasoft
2007-05-23 22:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-22 21:02 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-05-22 20:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-22 20:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-05-22 17:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-22 16:44 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-22 14:34 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-05-21 18:04 <DIR> d---s---- C:\Documents and Settings\*\UserData
2007-05-21 18:04 <DIR> d---s---- C:\DOCUME~1\*\UserData
2007-05-21 13:54 <DIR> d-------- C:\Program Files\Lavasoft
2007-05-21 13:00 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-05-21 13:00 <DIR> d-------- C:\Program Files\Winamp
2007-05-18 13:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-05-18 13:13 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-05-17 12:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Azureus
2007-05-17 12:05 <DIR> d-------- C:\Program Files\Azureus
2007-05-16 22:07 109,568 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-05-16 22:07 108,544 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-05-16 18:20 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-16 18:15 <DIR> d-------- C:\Documents and Settings\*\.housecall6.6
2007-05-16 18:15 <DIR> d-------- C:\DOCUME~1\*\.housecall6.6
2007-05-16 18:08 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-05-16 18:08 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-05-16 16:39 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\muvee Technologies
2007-05-16 16:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
2007-05-16 00:44 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Ahead
2007-05-16 00:43 <DIR> d-------- C:\Program Files\Nero
2007-05-16 00:43 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-05-15 16:35 <DIR> d-------- C:\Program Files\Alex Feinman
2007-05-15 16:28 <DIR> d-------- C:\Program Files\WinZip Self-Extractor
2007-05-15 14:57 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-05-15 14:55 <DIR> d-------- C:\WINDOWS\Adobe Illustrator CS
2007-05-15 14:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-05-15 14:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-05-15 13:52 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-05-15 13:51 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-05-15 13:48 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-05-14 18:28 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\HP
2007-05-14 18:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-05-14 18:21 <DIR> d-------- C:\Program Files\Common Files\HP
2007-05-14 18:19 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-05-14 18:18 430,080 -ra------ C:\WINDOWS\system32\hp3800co.dll
2007-05-14 18:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-05-14 18:17 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-05-14 18:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-05-14 18:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-05-14 18:16 <DIR> d-------- C:\Program Files\HP
2007-05-14 18:14 173 --------- C:\WINDOWS\hpgmdl13.dat
2007-05-14 18:14 101,822 --a------ C:\WINDOWS\hpgins13.dat
2007-05-14 16:51 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
2007-05-14 16:51 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-05-14 16:51 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-05-14 16:51 54,784 -ra------ C:\WINDOWS\system32\RedEye.dll
2007-05-14 16:51 495,616 -ra------ C:\WINDOWS\system32\DRAGNKL1.dll
2007-05-14 16:51 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
2007-05-14 16:51 48,128 -ra------ C:\WINDOWS\system32\picn20.dll
2007-05-14 16:51 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2007-05-14 16:51 2,867,200 -ra------ C:\WINDOWS\system32\NkNEFPlugin.dll
2007-05-14 16:51 2,179,072 --a------ C:\WINDOWS\system32\mfc71d.dll
2007-05-14 16:51 180,224 -ra------ C:\WINDOWS\system32\picn1120.dll
2007-05-14 16:51 176,128 -ra------ C:\WINDOWS\system32\Strato4.dll
2007-05-14 16:51 155,648 -ra------ C:\WINDOWS\system32\picn1020.dll
2007-05-14 16:51 110,592 -ra------ C:\WINDOWS\system32\RCSigProc.dll
2007-05-14 16:51 106,496 --a------ C:\WINDOWS\system32\ATL71.DLL
2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\Nikon
2007-05-14 16:51 <DIR> d-------- C:\Program Files\Common Files\muvee Technologies
2007-05-14 16:51 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Nikon
2007-05-14 16:50 73,728 --a------ C:\WINDOWS\system32\LFFAX12N.DLL
2007-05-14 16:50 60,416 --a------ C:\WINDOWS\system32\LFPCT12N.DLL
2007-05-14 16:50 434,176 --a------ C:\WINDOWS\system32\DC120V15_32.DLL
2007-05-14 16:50 406,016 --a------ C:\WINDOWS\system32\LTKRN12N.DLL
2007-05-14 16:50 36,864 --a------ C:\WINDOWS\system32\LFPSD12N.DLL
2007-05-14 16:50 358,912 --a------ C:\WINDOWS\system32\LFCMP12N.DLL
2007-05-14 16:50 30,720 --a------ C:\WINDOWS\system32\LFBMP12N.DLL
2007-05-14 16:50 26,112 --a------ C:\WINDOWS\system32\LFPCX12N.DLL
2007-05-14 16:50 259,072 --a------ C:\WINDOWS\system32\LTDIS12N.DLL
2007-05-14 16:50 230,400 --a------ C:\WINDOWS\system32\DC265.DLL
2007-05-14 16:50 212,480 --a------ C:\WINDOWS\system32\PCDLIB32.DLL
2007-05-14 16:50 207,872 --a------ C:\WINDOWS\system32\LTEFX12N.DLL
2007-05-14 16:50 19,968 --a------ C:\WINDOWS\system32\LFPCD12N.DLL
2007-05-14 16:50 181,248 --a------ C:\WINDOWS\system32\LFPNG12N.DLL
2007-05-14 16:50 164,864 --a------ C:\WINDOWS\system32\LTIMG12N.DLL
2007-05-14 16:50 141,312 --a------ C:\WINDOWS\system32\LFTIF12N.DLL
2007-05-14 16:50 131,072 --a------ C:\WINDOWS\system32\LTFIL12N.DLL
2007-05-14 16:50 <DIR> d-------- C:\Program Files\Nikon
2007-05-14 16:49 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-05-14 16:49 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-05-14 16:49 <DIR> d-------- C:\Program Files\QuickTime
2007-05-14 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-05-12 10:41 <DIR> d-------- C:\WINDOWS\pss
2007-05-11 13:38 95,872 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-05-11 13:38 94,552 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-05-11 13:38 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-05-11 13:38 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-05-11 13:38 26,888 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-05-11 13:38 23,416 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-05-11 13:37 745,600 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-05-11 13:37 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-05-11 13:37 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-05-11 13:37 <DIR> d-------- C:\Program Files\Alwil Software
2007-05-11 08:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-11 01:45 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-05-10 18:20 <DIR> d-------- C:\Program Files\Shareaza
2007-05-10 18:20 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Shareaza
2007-05-10 13:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-05-10 13:04 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-05-10 09:35 <DIR> d-------- C:\Program Files\Gspot
2007-05-09 22:50 1,286 --a------ C:\WINDOWS\mozver.dat
2007-05-09 20:06 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-05-09 20:06 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Thunderbird
2007-05-09 19:53 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2007-05-09 19:53 7,552 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-05-09 19:53 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2007-05-09 19:53 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2007-05-09 19:53 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2007-05-09 19:53 52,864 --a------ C:\WINDOWS\system32\drivers\dmusic.sys
2007-05-09 19:53 5,376 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-05-09 19:53 4,992 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-05-09 19:53 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-05-09 19:53 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2007-05-09 19:53 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-05-09 19:53 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2007-05-09 19:52 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2007-05-09 19:52 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2007-05-09 19:52 6,912 --a------ C:\WINDOWS\system32\drivers\ctlfacem.sys
2007-05-09 19:52 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2007-05-09 19:52 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-05-09 19:52 51,200 --a------ C:\WINDOWS\system32\sfman32.dll
2007-05-09 19:52 495,616 --a------ C:\WINDOWS\system32\sblfx.dll
2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-05-09 19:52 4,096 --a------ C:\WINDOWS\system32\ctwdm32.dll
2007-05-09 19:52 36,480 --a------ C:\WINDOWS\system32\drivers\sfmanm.sys
2007-05-09 19:52 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys
2007-05-09 19:52 283,904 --a------ C:\WINDOWS\system32\drivers\emu10k1m.sys
2007-05-09 19:52 256,512 --a------ C:\WINDOWS\system32\devcon32.dll
2007-05-09 19:52 24,064 --a------ C:\WINDOWS\system32\devldr32.exe
2007-05-09 19:52 20,992 --a------ C:\WINDOWS\system32\drivers\rtl8139.sys
2007-05-09 19:52 2,944 --a------ C:\WINDOWS\system32\drivers\msmpu401.sys
2007-05-09 19:52 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2007-05-09 19:52 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-05-09 19:51 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-05-09 19:50 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-05-09 19:50 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-05-09 19:50 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-05-09 19:50 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-05-09 19:50 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-05-09 19:50 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-05-09 19:50 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-05-09 19:50 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-05-09 19:50 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-05-09 19:50 69,120 --a------ C:\WINDOWS\notepad.exe
2007-05-09 19:50 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-05-09 19:50 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-05-09 19:50 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-05-09 19:50 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-05-09 19:50 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-05-09 19:50 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-05-09 19:50 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-09 19:50 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-05-09 19:50 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-05-09 19:50 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-05-09 19:50 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-05-09 19:50 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-09 19:50 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-05-09 19:50 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-05-09 19:50 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-05-09 19:50 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2007-05-09 19:50 <DIR> dr------- C:\Program Files
2007-05-09 19:50 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-05-09 19:50 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2007-05-09 19:50 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-05-09 19:49 <DIR> d-------- C:\Documents and Settings
2007-05-09 19:44 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2007-05-09 19:44 <DIR> dr--s---- C:\WINDOWS\Fonts
2007-05-09 19:44 <DIR> dr------- C:\WINDOWS\Web
2007-05-09 19:44 <DIR> d-a------ C:\WINDOWS\system32
2007-05-09 19:44 <DIR> d--h----- C:\WINDOWS\inf
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\WinSxS
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\twain_32
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wins
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\wbem
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\usmt
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\spool
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\Setup
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ras
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\oobe
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\npp
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\mui
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\IME
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\icsxml
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\ias
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\export
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\drivers
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\dhcp
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\config
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\3076
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\2052
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1054
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1042
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1041
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1037
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1033
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1031
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1028
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system32\1025
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\system
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\security
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Resources
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\repair
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\mui
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msapps
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\msagent
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Media
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\ime
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Help
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Driver Cache
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Debug
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Cursors
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Connection Wizard
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\Config
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\AppPatch
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS\addins
2007-05-09 19:44 <DIR> d-------- C:\WINDOWS
2007-05-09 18:45 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-05-09 18:29 <DIR> d-------- C:\HEMSIDA 2007
2007-05-09 18:28 <DIR> d-------- C:\HEMSIDA2
2007-05-09 18:21 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-05-09 18:21 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-09 18:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2007-05-09 18:18 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Talkback
2007-05-09 18:15 <DIR> d-------- C:\Program Files\Skype
2007-05-09 18:15 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\Skype
2007-05-09 18:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-05-09 18:14 <DIR> d-------- C:\DOCUME~1\*\APPLIC~1\ICQ
2007-05-09 18:13 <DIR> d-------- C:\Program Files\ICQ6
2007-05-09 18:11 <DIR> d--hs---- C:\RECYCLER
2007-05-09 17:52 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-05-09 17:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-09 17:47 75,512 --a------ C:\WINDOWS\zllsputility.exe
2007-05-09 17:47 4,212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2007-05-09 17:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-05-09 17:47 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-05-09 17:47 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-05-09 17:45 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-05-09 17:40 <DIR> d-------- C:\WINDOWS\Prefetch
2007-05-09 17:35 95,424 --------- C:\WINDOWS\system32\drivers\slnthal.sys
2007-05-09 17:35 9,728 --a------ C:\WINDOWS\system32\comsdupd.exe
2007-05-09 17:35 88,064 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2007-05-09 17:35 870,784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2007-05-09 17:35 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2007-05-09 17:35 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2007-05-09 17:35 81,408 --a------ C:\WINDOWS\system32\wscsvc.dll
2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\smbinst.exe
2007-05-09 17:35 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-05-09 17:35 78,464 --------- C:\WINDOWS\system32\drivers\usbvideo.sys
2007-05-09 17:35 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll
2007-05-09 17:35 75,776 --a------ C:\WINDOWS\system32\strmfilt.dll
2007-05-09 17:35 73,832 --a------ C:\WINDOWS\system32\slcoinst.dll
2007-05-09 17:35 73,796 --a------ C:\WINDOWS\system32\slserv.exe
2007-05-09 17:35 73,216 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-05-09 17:35 71,680 --a------ C:\WINDOWS\system32\blastcln.exe
2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsno.dll
2007-05-09 17:35 7,680 --a------ C:\WINDOWS\system32\kbdsmsfi.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdukx.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdno1.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\kbdfi1.dll
2007-05-09 17:35 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-05-09 17:35 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2007-05-09 17:35 67,584 --------- C:\WINDOWS\system32\drivers\sdbus.sys
2007-05-09 17:35 63,663 --------- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2007-05-09 17:35 63,488 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-05-09 17:35 603,648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2007-05-09 17:35 60,416 --a------ C:\WINDOWS\system32\fwcfg.dll
2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinmal.dll
2007-05-09 17:35 6,656 --a------ C:\WINDOWS\system32\kbdinben.dll
2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt48.dll
2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdmlt47.dll
2007-05-09 17:35 6,144 --a------ C:\WINDOWS\system32\kbdinbe1.dll
2007-05-09 17:35 6,016 --------- C:\WINDOWS\system32\drivers\smbali.sys
2007-05-09 17:35 59,648 --------- C:\WINDOWS\system32\drivers\rfcomm.sys
2007-05-09 17:35 57,856 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-05-09 17:35 56,623 --------- C:\WINDOWS\system32\drivers\ati1btxx.sys
2007-05-09 17:35 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-05-09 17:35 526,848 --a------ C:\WINDOWS\system32\p2psvc.dll
2007-05-09 17:35 52,224 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-05-09 17:35 50,688 --a------ C:\WINDOWS\system32\btpanui.dll
2007-05-09 17:35 50,176 --a------ C:\WINDOWS\system32\xmlprovi.dll
2007-05-09 17:35 5,632 --a------ C:\WINDOWS\system32\kbdmaori.dll
2007-05-09 17:35 49,152 --a------ C:\WINDOWS\system32\powercfg.exe
2007-05-09 17:35 48,640 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2007-05-09 17:35 46,464 --------- C:\WINDOWS\system32\drivers\gagp30kx.sys
2007-05-09 17:35 452,736 --------- C:\WINDOWS\system32\drivers\mtxparhm.sys
2007-05-09 17:35 44,928 --------- C:\WINDOWS\system32\drivers\agpcpq.sys
2007-05-09 17:35 44,672 --------- C:\WINDOWS\system32\drivers\uagp35.sys
2007-05-09 17:35 44,032 --a------ C:\WINDOWS\system32\twext.dll
2007-05-09 17:35 438,784 --a------ C:\WINDOWS\system32\xpob2res.dll
2007-05-09 17:35 43,008 --------- C:\WINDOWS\system32\drivers\amdagp.sys
2007-05-09 17:35 42,752 --------- C:\WINDOWS\system32\drivers\alim1541.sys
2007-05-09 17:35 42,368 --------- C:\WINDOWS\system32\drivers\agp440.sys
2007-05-09 17:35 42,240 --------- C:\WINDOWS\system32\drivers\viaagp.sys
2007-05-09 17:35 41,088 --------- C:\WINDOWS\system32\drivers\sisagp.sys
2007-05-09 17:35 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2007-05-09 17:35 40,832 --------- C:\WINDOWS\system32\drivers\irbus.sys
2007-05-09 17:35 4,274,816 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-05-09 17:35 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2007-05-09 17:35 4,096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2007-05-09 17:35 397,056 --a------ C:\WINDOWS\system32\s3gnb.dll
2007-05-09 17:35 38,016 --------- C:\WINDOWS\system32\drivers\bthmodem.sys
2007-05-09 17:35 377,984 --a------ C:\WINDOWS\system32\ati2dvaa.dll
2007-05-09 17:35 36,463 --------- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2007-05-09 17:35 36,096 --------- C:\WINDOWS\system32\drivers\intelppm.sys
2007-05-09 17:35 35,456 --------- C:\WINDOWS\system32\drivers\bthprint.sys
2007-05-09 17:35 34,735 --------- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2007-05-09 17:35 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2007-05-09 17:35 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-05-09 17:35 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-05-09 17:35 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-05-09 17:35 32,866 --a------ C:\WINDOWS\system32\slrundll.exe
2007-05-09 17:35 32,866 --------- C:\WINDOWS\slrundll.exe
2007-05-09 17:35 32,768 --a------ C:\WINDOWS\system32\ativtmxx.dll
2007-05-09 17:35 32,285 --a------ C:\WINDOWS\system32\hsfcisp2.dll
2007-05-09 17:35 314,880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2007-05-09 17:35 312,320 --a------ C:\WINDOWS\system32\p2pgraph.dll
2007-05-09 17:35 31,744 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-05-09 17:35 30,671 --------- C:\WINDOWS\system32\drivers\ati1raxx.sys
2007-05-09 17:35 30,208 --a------ C:\WINDOWS\system32\bthserv.dll
2007-05-09 17:35 30,080 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-05-09 17:35 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-05-09 17:35 3,901 --------- C:\WINDOWS\system32\drivers\siint5.dll
2007-05-09 17:35 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-05-09 17:35 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-05-09 17:35 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-05-09 17:35 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-05-09 17:35 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-05-09 17:35 29,455 --------- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2007-05-09 17:35 29,184 --a------ C:\WINDOWS\system32\sdhcinst.dll
2007-05-09 17:35 29,056 --------- C:\WINDOWS\system32\drivers\ip6fw.sys
2007-05-09 17:35 286,792 --a------ C:\WINDOWS\system32\slextspk.dll
2007-05-09 17:35 28,672 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-05-09 17:35 274,304 --------- C:\WINDOWS\system32\drivers\bthport.sys
2007-05-09 17:35 27,136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2007-05-09 17:35 262,784 --------- C:\WINDOWS\system32\drivers\http.sys
2007-05-09 17:35 26,367 --------- C:\WINDOWS\system32\drivers\ati1snxx.sys
2007-05-09 17:35 25,600 --------- C:\WINDOWS\system32\drivers\hidbth.sys
2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\watv10nt.sys
2007-05-09 17:35 25,471 --------- C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-05-09 17:35 242,688 --a------ C:\WINDOWS\system32\wmpasf.dll
2007-05-09 17:35 24,576 --a------ C:\WINDOWS\system32\httpapi.dll
2007-05-09 17:35 23,040 --a------ C:\WINDOWS\system32\fltmc.exe
2007-05-09 17:35 227,328 --a------ C:\WINDOWS\system32\wmerror.dll
2007-05-09 17:35 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2007-05-09 17:35 22,271 --------- C:\WINDOWS\system32\drivers\watv06nt.sys
2007-05-09 17:35 21,343 --------- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2007-05-09 17:35 21,183 --------- C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-05-09 17:35 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-05-09 17:35 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2007-05-09 17:35 20,992 --a------ C:\WINDOWS\system32\bthci.dll
2007-05-09 17:35 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-05-09 17:35 194,328 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-05-09 17:35 193,024 --a------ C:\WINDOWS\system32\fsquirt.exe
2007-05-09 17:35 188,508 --a------ C:\WINDOWS\system32\slgen.dll
2007-05-09 17:35 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2007-05-09 17:35 180,360 --------- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2007-05-09 17:35 18,944 --------- C:\WINDOWS\system32\drivers\bthusb.sys
2007-05-09 17:35 172,312 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-05-09 17:35 17,408 --a------ C:\WINDOWS\system32\winshfhc.dll
2007-05-09 17:35 17,279 --------- C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-05-09 17:35 17,024 --------- C:\WINDOWS\system32\drivers\bthenum.sys
2007-05-09 17:35 166,912 --------- C:\WINDOWS\system32\drivers\s3gnbm.sys
2007-05-09 17:35 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-05-09 17:35 157,184 --a------ C:\WINDOWS\system32\wmidx.dll
2007-05-09 17:35 15,872 --a------ C:\WINDOWS\system32\w3ssl.dll
2007-05-09 17:35 15,488 --------- C:\WINDOWS\system32\drivers\mssmbios.sys
2007-05-09 17:35 15,423 --------- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2007-05-09 17:35 15,104 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-05-09 17:35 14,336 --a------ C:\WINDOWS\system32\auditusr.exe
2007-05-09 17:35 14,336 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-05-09 17:35 14,143 --------- C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\wscntfy.exe
2007-05-09 17:35 13,824 --a------ C:\WINDOWS\system32\cmsetacl.dll
2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-05-09 17:35 13,824 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-05-09 17:35 13,776 --------- C:\WINDOWS\system32\drivers\recagent.sys
2007-05-09 17:35 13,568 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-05-09 17:35 13,240 --------- C:\WINDOWS\system32\drivers\slwdmsup.sys
2007-05-09 17:35 129,536 --a------ C:\WINDOWS\system32\xmlprov.dll
2007-05-09 17:35 129,535 --------- C:\WINDOWS\system32\drivers\slnt7554.sys
2007-05-09 17:35 128,896 --------- C:\WINDOWS\system32\drivers\fltmgr.sys
2007-05-09 17:35 126,686 --------- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2007-05-09 17:35 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-05-09 17:35 12,672 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-05-09 17:35 12,047 --------- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2007-05-09 17:35 118,784 --a------ C:\WINDOWS\system32\msdadiag.dll
2007-05-09 17:35 116,224 --a------ C:\WINDOWS\system32\p2p.dll
2007-05-09 17:35 11,935 --------- C:\WINDOWS\system32\drivers\wadv11nt.sys
2007-05-09 17:35 11,871 --------- C:\WINDOWS\system32\drivers\wadv09nt.sys
2007-05-09 17:35 11,868 --------- C:\WINDOWS\system32\drivers\mdmxsdk.sys
2007-05-09 17:35 11,807 --------- C:\WINDOWS\system32\drivers\wadv07nt.sys
2007-05-09 17:35 11,615 --------- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2007-05-09 17:35 11,359 --------- C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-05-09 17:35 11,325 --------- C:\WINDOWS\system32\drivers\vchnt5.dll
2007-05-09 17:35 11,295 --------- C:\WINDOWS\system32\drivers\wadv08nt.sys
2007-05-09 17:35 11,136 --------- C:\WINDOWS\system32\drivers\sffdisk.sys
2007-05-09 17:35 108,032 --a------ C:\WINDOWS\system32\wshbth.dll
2007-05-09 17:35 104,960 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-05-09 17:35 100,992 --------- C:\WINDOWS\system32\drivers\bthpan.sys
2007-05-09 17:35 10,240 --------- C:\WINDOWS\system32\drivers\sffp_sd.sys
2007-05-09 17:35 1,897,408 --------- C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-05-09 17:35 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2007-05-09 17:35 1,689,088 --a------ C:\WINDOWS\system32\d3d9.dll
2007-05-09 17:35 1,329,152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2007-05-09 17:35 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2007-05-09 17:35 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\provisioning
2007-05-09 17:35 <DIR> d-------- C:\WINDOWS\peernet
2007-05-09 17:32 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-05-09 17:31 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-05-09 17:30 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-05-09 17:29 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-05-09 17:27 <DIR> d-------- C:\WINDOWS\EHome
2007-05-09 17:23 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-05-09 17:19 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-05-09 17:19 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-05-09 17:19 <DIR> d-------- C:\Program Files\ATI Technologies
2007-05-09 17:18 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-05-09 17:18 <DIR> d-------- C:\ATI
2007-05-09 17:14 2,883,584 --ah----- C:\Documents and Settings\*\NTUSER.DAT
2007-05-09 17:14 2,883,584 --ah----- C:\DOCUME~1\*\NTUSER.DAT
2007-05-09 17:14 <DIR> d--hs---- C:\WINDOWS\Installer
2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-05-09 17:12 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-05-09 17:12 <DIR> d--hs---- C:\System Volume Information
2007-05-09 17:09 233,472 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-05-09 17:09 0 -rahs---- C:\MSDOS.SYS
2007-05-09 17:09 0 -rahs---- C:\IO.SYS
2007-05-09 17:09 0 --a------ C:\CONFIG.SYS
2007-05-09 17:09 0 --a------ C:\AUTOEXEC.BAT
2007-05-09 17:09 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-05-09 17:09 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-05-09 17:08 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-05-09 17:08 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-05-09 17:08 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-05-09 17:08 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-05-09 17:07 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-05-09 17:07 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-05-09 17:07 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-05-09 17:07 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-05-09 17:07 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-05-09 17:06 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-05-09 17:06 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2007-05-09 17:06 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-05-09 17:06 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-05-09 17:06 679,424 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-09 17:06 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-05-09 17:06 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-05-09 17:06 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-05-09 17:06 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-05-09 17:06 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2007-05-09 17:06 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-05-09 17:06 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-05-09 17:06 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-05-09 17:06 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2007-05-09 17:06 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-05-09 17:06 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-05-09 17:06 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-05-09 17:06 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-05-09 17:06 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-05-09 17:06 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-05-09 17:06 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-05-09 17:06 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-05-09 17:06 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-05-09 17:06 <DIR> d---s---- C:\WINDOWS\Tasks
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\srchasst
2007-05-09 17:06 <DIR> d-------- C:\WINDOWS\PCHealth
2007-05-09 17:06 <DIR> d-------- C:\Program Files\Movie Maker
2007-05-09 17:06 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-05-09 17:05 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-05-09 17:05 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-05-09 17:05 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-05-09 17:05 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-05-09 17:05 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-05-09 17:05 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-05-09 17:05 <DIR> d-------- C:\WINDOWS\Registration
2007-05-09 17:05 <DIR> d-------- C:\Program Files\Online Services
2007-05-09 17:05 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-05-09 17:05 <DIR> d-------- C:\Program Files\Messenger
2007-05-09 17:04 97,792 --a------ C:\WINDOWS\system32\comrepl.dll
2007-05-09 17:04 956,416 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-05-09 17:04 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-05-09 17:04 91,136 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-05-09 17:04 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-05-09 17:04 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-05-09 17:04 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-05-09 17:04 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-05-09 17:04 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-05-09 17:04 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-05-09 17:04 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-05-09 17:04 625,152 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-05-09 17:04 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-05-09 17:04 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2007-05-09 17:04 60,416 --a------ C:\WINDOWS\system32\colbact.dll
2007-05-09 17:04 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-05-09 17:04 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-05-09 17:04 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2007-05-09 17:04 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-05-09 17:04 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-05-09 17:04 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-05-09 17:04 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2007-05-09 17:04 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-05-09 17:04 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-05-09 17:04 53,080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-05-09 17:04 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-05-09 17:04 498,688 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-05-09 17:04 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-05-09 17:04 426,496 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-05-09 17:04 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-05-09 17:04 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-05-09 17:04 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-05-09 17:04 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-05-09 17:04 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-05-09 17:04 347,136 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-05-09 17:04 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-05-09 17:04 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-05-09 17:04 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2007-05-09 17:04 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-05-09 17:04 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-05-09 17:04 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-05-09 17:04 225,792 --a------ C:\WINDOWS\system32\catsrv.dll
2007-05-09 17:04 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-05-09 17:04 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-05-09 17:04 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-05-09 17:04 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-05-09 17:04 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-05-09 17:04 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-05-09 17:04 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2007-05-09 17:04 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-05-09 17:04 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-05-09 17:04 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-05-09 17:04 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-05-09 17:04 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-05-09 17:04 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-05-09 17:04 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-05-09 17:04 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-05-09 17:04 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-05-09 17:04 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-05-09 17:04 139,528 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-05-09 17:04 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-05-09 17:04 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-05-09 17:04 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-05-09 17:04 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-05-09 17:04 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-05-09 17:04 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-05-09 17:04 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-05-09 17:04 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-05-09 17:04 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-05-09 17:04 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-05-09 17:04 1,710,936 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-05-09 17:04 1,267,200 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-05-09 17:04 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-05-09 17:04 <DIR> d-------- C:\WINDOWS\system32\Com
2007-05-09 17:04 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 01:58:38 315,392 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-03-15 01:57:34 267,776 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-03-15 01:55:38 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-03-15 01:50:39 122,880 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-03-15 01:50:27 114,688 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-03-15 01:50:19 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-03-15 01:50:12 42,496 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-03-15 01:49:59 114,688 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-03-15 01:48:39 450,560 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-03-15 01:47:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-03-15 01:40:10 2,820,544 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-03-15 01:29:47 1,315,712 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-03-15 01:29:32 3,107,788 ----a-w C:\WINDOWS\system32\ativvaxx.dat
2007-03-15 01:19:32 5,402,624 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-03-15 01:16:14 258,048 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-03-15 01:14:43 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-03-15 01:10:28 356,352 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-06 22:04:53 143,676 ----a-w C:\WINDOWS\system32\atiicdxx.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Snabbstart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Snabbstart.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Snabbstart.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^*^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\*\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
E:\Skanner\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-30 13:15:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-30 13:15:52
C:\ComboFix-quarantined-files.txt ... 2007-05-30 13:15
C:\ComboFix2.txt ... 2007-05-30 10:12

--- E O F ---

#12 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 05:23 AM

and also the Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:16:58, on 30.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3872 bytes

#13 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 May 2007 - 05:28 AM

Hi,

Well, the rootkit is gone as far as I can see.

This entry is still present which I asked you to fix previously:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

But just leave it, it is set by combofix and by default, an about:blank entry shouldn't display in HijackThis since it is whitelisted. But I figured out that this version of HijackThis you are using doesn't whitelist that entry.
So no need to fix that entry in HijackThis anymore. :)

How are things now? Popups gone?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#14 specksturm

specksturm

    Member

  • Full Member
  • Pip
  • 9 posts

Posted 30 May 2007 - 05:47 AM

I did check and fix the R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
but it is still showing up. But if it is Ok for you then it is OK for me too.:)

And aH! what a relief. The popups are nothing but history.
Also seem that my browser is stable and does neither hang or slow down.
My computer overall seem a whole lot less stressed.

So I thank you mikie for all your help. ^_^
*handing over a cinnamon bun and a glass of milk*

#15 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 30 May 2007 - 06:26 AM

Glad I could help. :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#16 miekiemoes

miekiemoes

    Malware Expert

  • Global Moderator
  • PipPipPipPipPip
  • 20,026 posts

Posted 02 June 2007 - 03:40 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened for continuations of existing problems, please tell the moderating team by replying here
This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button