View Full Version : Need Help with 4 infected files!!
hello everyone first time poster and first time in distress!!
I have everything 1 should need to be safe, including spybot, adaware, firewall antiv
but I have 4 infected that I cannot deal with (I am not a very techie person)
so here it is
trojan horse downloader.agent.aog
trojan horse downloader.generic2.jvp
trojan horse downloader.generic2.jvq
in there
C:\Documents and Settings\Jean-Francois\Local Settings\Temporary Internet Files\Content.IE5\SOBU9N23\ds-444444[1].exe,"Trojan horse Downloader.Agent.AOG","Infected"
C:\Program Files\Fichiers communs\{64B9B9A6-0702-1036-1007-020603020002}\services.dll,"Trojan horse Downloader.Generic2.JVP","Infected"
C:\System Volume Information\_restore{89118A06-6713-42FD-8805-6C619FFEC8D4}\RP282\A0040304.exe,"Trojan horse Downloader.Generic2.JVQ","Infected"
C:\System Volume Information\_restore{89118A06-6713-42FD-8805-6C619FFEC8D4}\RP285\A0043543.exe,"Trojan horse Downloader.Agent.AOG","Infected"
thanks for any help you guys can provide!
Hello, please follow the instructions in our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Then a helper will advise you as soon as available to do so. :)
Hello, please follow the instructions in our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
Then a helper will advise you as soon as available to do so. :)
:bow:
thanks... working on all these steps will be posting in when steps are done!
Ok I got all my stuff together so here it is all the required tests were done please see below for Hijack this and panda reports
Panda's report
Incident Status Location
Virus:W32/Gaobot.NZO.worm Disinfected C:\WINDOWS\system32\syshost.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\system32\bk.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\ping.dll
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\mwm52b8c.dll
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\system32\WinNB58.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\system32\repairs303169590.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Downloaded Program Files\speedtest2.dll
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\ms3.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\webhdll.dll_tobedeleted
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard1.dat
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\unstall.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SmVhbi1GcmFuY29pcw\mAp1v2Y3wAIRsZ6DwT.vbs
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Virus:W32/Gaobot.NZO.worm Disinfected C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wincbr.exe
Hijack this
Logfile of HijackThis v1.99.1
Scan saved at 18:33:11, on 2006-08-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
C:\Documents and Settings\Jean-Francois\Bureau\Nouveau dossier\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [keyboard] C:\\kybrdfg_7.exe
O4 - HKLM\..\Run: [xxcukntA] C:\WINDOWS\xxcukntA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [mwm52b8c] RUNDLL32.EXE w79b77c1.dll,n 00252b8a0000000a79b77c1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wincbr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.ca/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155531098847
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\kgdsg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
thanks
LonnyRJones
2006-09-01, 13:00
Welcome duss12
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
Jean-Francois - 06-09-01 7:17:16,61
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Jean-Francois\Bureau\download
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Granting sedebugprivilege to Administrateurs ... successful
((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskknwrd.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskcwrd.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskdmns.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskuknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll
C:\Program Files\surfsidekick 3\Ssk.exe
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\ping.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Fichiers communs\{64B9B9A6-0702-1036-1007-020603020002}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Documents and Settings\Jean-Francois\Application Data\CURITY~1
((((((((((((((((((((((((((((((( Files Created from 2006-08-01 to 2006-09-01 ))))))))))))))))))))))))))))))))))
2006-08-15 00:42 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-14 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-14 17:30 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2006-08-14 17:28 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-14 17:27 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll
2006-08-14 17:27 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-08-14 17:27 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2006-08-14 17:27 185,344 --a------ C:\WINDOWS\system32\xpob2res.dll
2006-08-14 17:27 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2006-08-14 17:27 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-08-14 17:27 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-08-14 17:27 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-08-14 17:27 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-08-14 17:26 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-08-14 17:26 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-08-14 17:26 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-14 17:26 360,960 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-14 17:26 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-14 17:26 27,136 --a------ C:\WINDOWS\system32\pidgen.dll
2006-08-14 17:26 117,248 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-08-14 17:25 995,384 --a------ C:\WINDOWS\system32\mfc42u.dll
2006-08-14 17:25 995,383 --a------ C:\WINDOWS\system32\mfc42.dll
2006-08-14 17:25 99,840 --a------ C:\WINDOWS\system32\iexpress.exe
2006-08-14 17:25 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-08-14 17:25 98,304 --a------ C:\WINDOWS\system32\odbcint.dll
2006-08-14 17:25 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2006-08-14 17:25 978,944 --a------ C:\WINDOWS\system32\msgina.dll
2006-08-14 17:25 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-14 17:25 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-08-14 17:25 96,768 --a------ C:\WINDOWS\system32\imm32.dll
2006-08-14 17:25 94,720 --a------ C:\WINDOWS\system32\loadperf.dll
2006-08-14 17:25 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-08-14 17:25 93,184 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-14 17:25 92,544 --a------ C:\WINDOWS\system32\krnl386.exe
2006-08-14 17:25 91,136 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-08-14 17:25 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-14 17:25 90,624 --a------ C:\WINDOWS\system32\cscdll.dll
2006-08-14 17:25 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-14 17:25 9,728 --a------ C:\WINDOWS\system32\msrle32.dll
2006-08-14 17:25 89,088 --a------ C:\WINDOWS\system32\mydocs.dll
2006-08-14 17:25 88,576 --a------ C:\WINDOWS\system32\occache.dll
2006-08-14 17:25 867,840 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-08-14 17:25 86,016 --a------ C:\WINDOWS\system32\dskquota.dll
2006-08-14 17:25 851,968 --a------ C:\WINDOWS\system32\comres.dll
2006-08-14 17:25 85,504 --a------ C:\WINDOWS\system32\netsh.exe
2006-08-14 17:25 85,504 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 17:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-14 17:25 84,992 --a------ C:\WINDOWS\system32\ahui.exe
2006-08-14 17:25 831,562 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-08-14 17:25 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-14 17:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-14 17:25 81,408 --a------ C:\WINDOWS\system32\mciavi32.dll
2006-08-14 17:25 81,408 --a------ C:\WINDOWS\system32\cabview.dll
2006-08-14 17:25 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-08-14 17:25 80,640 --a------ C:\WINDOWS\system32\msapsspc.dll
2006-08-14 17:25 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-08-14 17:25 8,704 --a------ C:\WINDOWS\system32\lprhelp.dll
2006-08-14 17:25 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-14 17:25 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2006-08-14 17:25 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-08-14 17:25 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-08-14 17:25 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\mprapi.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\makecab.exe
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\irmon.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\diantz.exe
2006-08-14 17:25 775,168 --a------ C:\WINDOWS\system32\mmc.exe
2006-08-14 17:25 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-08-14 17:25 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll
2006-08-14 17:25 77,312 --a------ C:\WINDOWS\system32\netui0.dll
2006-08-14 17:25 76,830 --a------ C:\WINDOWS\system32\drmstor.dll
2006-08-14 17:25 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-08-14 17:25 76,800 --a------ C:\WINDOWS\system32\avifil32.dll
2006-08-14 17:25 75,776 --a------ C:\WINDOWS\system32\mmcbase.dll
2006-08-14 17:25 74,802 --a------ C:\WINDOWS\system32\atl.dll
2006-08-14 17:25 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-08-14 17:25 73,216 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-08-14 17:25 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-08-14 17:25 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-08-14 17:25 71,168 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-08-14 17:25 70,848 --a------ C:\WINDOWS\system32\mmsystem.dll
2006-08-14 17:25 7,680 --a------ C:\WINDOWS\system32\dciman32.dll
2006-08-14 17:25 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-14 17:25 69,632 --a------ C:\WINDOWS\system32\browselc.dll
2006-08-14 17:25 688,667 --a------ C:\WINDOWS\system32\msxml2.dll
2006-08-14 17:25 685,568 --a------ C:\WINDOWS\system32\opengl32.dll
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\magnify.exe
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\inetpp.dll
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-08-14 17:25 67,584 --a------ C:\WINDOWS\system32\notepad.exe
2006-08-14 17:25 67,584 --a------ C:\WINDOWS\notepad.exe
2006-08-14 17:25 67,072 --a------ C:\WINDOWS\system32\msacm32.dll
2006-08-14 17:25 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2006-08-14 17:25 66,048 --a------ C:\WINDOWS\system32\msw3prt.dll
2006-08-14 17:25 65,536 --a------ C:\WINDOWS\system32\msctfp.dll
2006-08-14 17:25 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-14 17:25 65,536 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-08-14 17:25 65,024 --a------ C:\WINDOWS\system32\msvcrt40.dll
2006-08-14 17:25 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\ntdsapi.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-08-14 17:25 62,976 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-08-14 17:25 62,976 --a------ C:\WINDOWS\system32\ciodm.dll
2006-08-14 17:25 62,464 --a------ C:\WINDOWS\system32\faultrep.dll
2006-08-14 17:25 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-08-14 17:25 614,672 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-08-14 17:25 61,712 --a------ C:\WINDOWS\system32\odbcji32.dll
2006-08-14 17:25 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-08-14 17:25 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-08-14 17:25 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-14 17:25 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-08-14 17:25 60,416 --a------ C:\WINDOWS\system32\ipv6.exe
2006-08-14 17:25 60,416 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-14 17:25 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-08-14 17:25 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-08-14 17:25 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-14 17:25 596,480 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-08-14 17:25 596,480 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-08-14 17:25 594,944 --a------ C:\WINDOWS\system32\autofmt.exe
2006-08-14 17:25 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-14 17:25 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-14 17:25 589,824 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-14 17:25 58,880 --a------ C:\WINDOWS\system32\cabinet.dll
2006-08-14 17:25 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-08-14 17:25 577,024 --a------ C:\WINDOWS\system32\mlang.dll
2006-08-14 17:25 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-14 17:25 57,344 --a------ C:\WINDOWS\system32\dmutil.dll
2006-08-14 17:25 57,344 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-14 17:25 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-14 17:25 56,832 --a------ C:\WINDOWS\system32\cmstp.exe
2006-08-14 17:25 56,320 --a------ C:\WINDOWS\system32\miglibnt.dll
2006-08-14 17:25 553,034 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-08-14 17:25 551,424 --a------ C:\WINDOWS\system32\crypt32.dll
2006-08-14 17:25 55,808 --a------ C:\WINDOWS\system32\mpr.dll
2006-08-14 17:25 55,808 --a------ C:\WINDOWS\system32\digest.dll
2006-08-14 17:25 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-14 17:25 54,080 --a------ C:\WINDOWS\system32\dosx.exe
2006-08-14 17:25 53,322 --a------ C:\WINDOWS\system32\msjter40.dll
2006-08-14 17:25 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-08-14 17:25 53,248 --a------ C:\WINDOWS\system32\cryptnet.dll
2006-08-14 17:25 53,248 --a------ C:\WINDOWS\system32\clusapi.dll
2006-08-14 17:25 52,736 --a------ C:\WINDOWS\system32\narrator.exe
2006-08-14 17:25 52,736 --a------ C:\WINDOWS\system32\dataclen.dll
2006-08-14 17:25 52,224 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-08-14 17:25 512,074 --a------ C:\WINDOWS\system32\msexch40.dll
2006-08-14 17:25 51,712 --a------ C:\WINDOWS\system32\msasn1.dll
2006-08-14 17:25 51,200 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-08-14 17:25 51,200 --a------ C:\WINDOWS\system32\authz.dll
2006-08-14 17:25 505,344 --a------ C:\WINDOWS\system32\logonui.exe
2006-08-14 17:25 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-14 17:25 500,496 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-08-14 17:25 50,688 --a------ C:\WINDOWS\system32\msvcirt.dll
2006-08-14 17:25 50,176 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-14 17:25 5,120 --a------ C:\WINDOWS\system32\msidle.dll
2006-08-14 17:25 5,120 --a------ C:\WINDOWS\system32\cisvc.exe
2006-08-14 17:25 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-14 17:25 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-14 17:25 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-14 17:25 495,376 --a------ C:\WINDOWS\system32\msxml.dll
2006-08-14 17:25 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2006-08-14 17:25 49,664 --a------ C:\WINDOWS\system32\npptools.dll
2006-08-14 17:25 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-08-14 17:25 49,664 --a------ C:\WINDOWS\system32\cryptext.dll
2006-08-14 17:25 49,152 --a------ C:\WINDOWS\system32\cnbjmon.dll
2006-08-14 17:25 487,936 --a------ C:\WINDOWS\system32\cryptui.dll
2006-08-14 17:25 486,400 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-08-14 17:25 48,640 --a------ C:\WINDOWS\system32\dssec.dll
2006-08-14 17:25 48,640 --a------ C:\WINDOWS\system32\browser.dll
2006-08-14 17:25 47,616 --a------ C:\WINDOWS\system32\eventlog.dll
2006-08-14 17:25 468,480 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2006-08-14 17:25 46,592 --a------ C:\WINDOWS\twain_32.dll
2006-08-14 17:25 46,592 --a------ C:\WINDOWS\system32\mslbui.dll
2006-08-14 17:25 46,592 --a------ C:\WINDOWS\system32\mmcshext.dll
2006-08-14 17:25 456,192 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-14 17:25 45,632 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-08-14 17:25 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-08-14 17:25 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-08-14 17:25 45,056 --a------ C:\WINDOWS\system32\msprivs.dll
2006-08-14 17:25 45,056 --a------ C:\WINDOWS\system32\camocx.dll
2006-08-14 17:25 45,056 --a------ C:\WINDOWS\system32\basesrv.dll
2006-08-14 17:25 446,976 --a------ C:\WINDOWS\system32\certmgr.dll
2006-08-14 17:25 44,160 --a------ C:\WINDOWS\system32\kd1394.dll
2006-08-14 17:25 44,032 --a------ C:\WINDOWS\system32\msident.dll
2006-08-14 17:25 44,032 --a------ C:\WINDOWS\system32\dnsrslvr.dll
2006-08-14 17:25 421,962 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-08-14 17:25 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-08-14 17:25 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-08-14 17:25 42,496 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-08-14 17:25 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-08-14 17:25 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-08-14 17:25 40,960 --a------ C:\WINDOWS\system32\htui.dll
2006-08-14 17:25 40,960 --a------ C:\WINDOWS\system32\extrac32.exe
2006-08-14 17:25 40,960 --a------ C:\WINDOWS\system32\alg.exe
2006-08-14 17:25 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-08-14 17:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-08-14 17:25 4,096 --a------ C:\WINDOWS\system32\nddeapir.exe
2006-08-14 17:25 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-14 17:25 4,096 --a------ C:\WINDOWS\system32\actmovie.exe
2006-08-14 17:25 397,824 --a------ C:\WINDOWS\system32\netlogon.dll
2006-08-14 17:25 395,264 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-08-14 17:25 390,144 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-14 17:25 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-08-14 17:25 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-08-14 17:25 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-08-14 17:25 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-08-14 17:25 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-08-14 17:25 379,152 --a------ C:\WINDOWS\system32\expsrv.dll
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\grpconv.exe
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\cmutil.dll
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-08-14 17:25 37,376 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-08-14 17:25 368,128 --a------ C:\WINDOWS\system32\ipsmsnap.dll
2006-08-14 17:25 365,568 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-08-14 17:25 365,056 --a------ C:\WINDOWS\system32\fontext.dll
2006-08-14 17:25 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2006-08-14 17:25 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dll
2006-08-14 17:25 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-14 17:25 35,840 --a------ C:\WINDOWS\system32\cmmon32.exe
2006-08-14 17:25 35,840 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-14 17:25 35,632 --a------ C:\WINDOWS\system32\ntio411.sys
2006-08-14 17:25 35,392 --a------ C:\WINDOWS\system32\ntio412.sys
2006-08-14 17:25 348,238 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-08-14 17:25 348,234 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-08-14 17:25 344,576 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-14 17:25 344,576 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2006-08-14 17:25 344,576 --a------ C:\WINDOWS\system32\ippromon.dll
2006-08-14 17:25 344,138 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-08-14 17:25 34,528 --a------ C:\WINDOWS\system32\ntio804.sys
2006-08-14 17:25 34,528 --a------ C:\WINDOWS\system32\ntio404.sys
2006-08-14 17:25 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-08-14 17:25 333,312 --a------ C:\WINDOWS\system32\filemgmt.dll
2006-08-14 17:25 33,968 --a------ C:\WINDOWS\system32\ntio.sys
2006-08-14 17:25 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-08-14 17:25 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-14 17:25 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2006-08-14 17:25 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-08-14 17:25 324,096 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-08-14 17:25 322,560 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-08-14 17:25 321,536 --a------ C:\WINDOWS\system32\hnetwiz.dll
2006-08-14 17:25 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-08-14 17:25 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-14 17:25 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-08-14 17:25 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-14 17:25 319,562 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-08-14 17:25 316,416 --a------ C:\WINDOWS\system32\cscui.dll
2006-08-14 17:25 315,466 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-08-14 17:25 31,744 --a------ C:\WINDOWS\system32\netstat.exe
2006-08-14 17:25 31,232 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-08-14 17:25 309,760 --a------ C:\WINDOWS\system32\licdll.dll
2006-08-14 17:25 30,720 --a------ C:\WINDOWS\system32\clipsrv.exe
2006-08-14 17:25 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-14 17:25 30,208 --a------ C:\WINDOWS\system32\dumprep.exe
2006-08-14 17:25 3,584 --a------ C:\WINDOWS\system32\msafd.dll
2006-08-14 17:25 3,072 --a------ C:\WINDOWS\system32\icmp.dll
2006-08-14 17:25 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-08-14 17:25 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-08-14 17:25 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-14 17:25 293,888 --a------ C:\WINDOWS\system32\msctf.dll
2006-08-14 17:25 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-08-14 17:25 29,184 --a------ C:\WINDOWS\system32\cryptdll.dll
2006-08-14 17:25 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-14 17:25 28,672 --a------ C:\WINDOWS\system32\ddeshare.exe
2006-08-14 17:25 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-08-14 17:25 28,160 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-14 17:25 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-08-14 17:25 274,432 --a------ C:\WINDOWS\system32\objsel.dll
2006-08-14 17:25 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-14 17:25 272,768 --a------ C:\WINDOWS\system32\atmfd.dll
2006-08-14 17:25 271,872 --a------ C:\WINDOWS\system32\devmgr.dll
2006-08-14 17:25 271,360 --a------ C:\WINDOWS\winhlp32.exe
2006-08-14 17:25 270,365 --a------ C:\WINDOWS\system32\odbcjt32.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\mspatcha.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\findstr.exe
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\batmeter.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\atmlib.dll
2006-08-14 17:25 265,216 --a------ C:\WINDOWS\system32\kerberos.dll
2006-08-14 17:25 261,120 --a------ C:\WINDOWS\system32\duser.dll
2006-08-14 17:25 258,048 --a------ C:\WINDOWS\system32\drmclien.dll
2006-08-14 17:25 256,000 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-14 17:25 254,026 --a------ C:\WINDOWS\system32\mstext40.dll
2006-08-14 17:25 25,088 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-08-14 17:25 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-14 17:25 243,712 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-08-14 17:25 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-08-14 17:25 241,664 --a------ C:\WINDOWS\system32\gdi32.dll
2006-08-14 17:25 241,152 --a------ C:\WINDOWS\system32\newdev.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\msorc32r.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-08-14 17:25 24,064 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-14 17:25 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-08-14 17:25 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-08-14 17:25 239,104 --a------ C:\WINDOWS\system32\compatUI.dll
2006-08-14 17:25 236,032 --a------ C:\WINDOWS\system32\msieftp.dll
2006-08-14 17:25 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-08-14 17:25 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-08-14 17:25 230,912 --a------ C:\WINDOWS\system32\mswsock.dll
2006-08-14 17:25 230,400 --a------ C:\WINDOWS\system32\netui1.dll
2006-08-14 17:25 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-08-14 17:25 23,552 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-14 17:25 23,040 --a------ C:\WINDOWS\system32\ipxroute.exe
2006-08-14 17:25 229,376 --a------ C:\WINDOWS\system32\dsquery.dll
2006-08-14 17:25 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-14 17:25 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-08-14 17:25 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-14 17:25 223,744 --a------ C:\WINDOWS\system32\compstui.dll
2006-08-14 17:25 220,672 --a------ C:\WINDOWS\system32\logon.scr
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\hid.dll
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\dmserver.dll
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\davclnt.dll
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-08-14 17:25 22,016 --a------ C:\WINDOWS\system32\mciwave.dll
2006-08-14 17:25 213,066 --a------ C:\WINDOWS\system32\msltus40.dll
2006-08-14 17:25 211,456 --a------ C:\WINDOWS\system32\oakley.dll
2006-08-14 17:25 210,432 --a------ C:\WINDOWS\system32\msutb.dll
2006-08-14 17:25 209,408 --a------ C:\WINDOWS\system32\localsec.dll
2006-08-14 17:25 208,896 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-14 17:25 205,312 --a------ C:\WINDOWS\system32\dmadmin.exe
2006-08-14 17:25 204,800 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-14 17:25 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-08-14 17:25 20,992 --a------ C:\WINDOWS\system32\mfcsubs.dll
2006-08-14 17:25 20,992 --a------ C:\WINDOWS\system32\mciseq.dll
2006-08-14 17:25 20,554 --a------ C:\WINDOWS\system32\odtext32.dll
2006-08-14 17:25 20,554 --a------ C:\WINDOWS\system32\oddbse32.dll
2006-08-14 17:25 20,553 --a------ C:\WINDOWS\system32\odpdx32.dll
2006-08-14 17:25 20,553 --a------ C:\WINDOWS\system32\odfox32.dll
2006-08-14 17:25 20,553 --a------ C:\WINDOWS\system32\odexl32.dll
2006-08-14 17:25 2,028,032 --a------ C:\WINDOWS\system32\cdosys.dll
2006-08-14 17:25 199,168 --a------ C:\WINDOWS\system32\mobsync.dll
2006-08-14 17:25 19,968 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-14 17:25 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-08-14 17:25 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-08-14 17:25 189,952 --a------ C:\WINDOWS\system32\certcli.dll
2006-08-14 17:25 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-08-14 17:25 185,344 --a------ C:\WINDOWS\system32\moricons.dll
2006-08-14 17:25 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-14 17:25 184,592 --a------ C:\WINDOWS\system32\msjint40.dll
2006-08-14 17:25 184,320 --a------ C:\WINDOWS\system32\dmdskmgr.dll
2006-08-14 17:25 181,760 --a------ C:\WINDOWS\system32\activeds.dll
2006-08-14 17:25 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-08-14 17:25 180,736 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-08-14 17:25 180,736 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-14 17:25 18,944 --a------ C:\WINDOWS\system32\lpk.dll
2006-08-14 17:25 18,432 --a------ C:\WINDOWS\system32\feclient.dll
2006-08-14 17:25 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-08-14 17:25 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-14 17:25 177,664 --a------ C:\WINDOWS\system32\els.dll
2006-08-14 17:25 175,104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-14 17:25 174,592 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-14 17:25 17,920 --a------ C:\WINDOWS\system32\midimap.dll
2006-08-14 17:25 17,408 --a------ C:\WINDOWS\system32\ersvc.dll
2006-08-14 17:25 167,936 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-08-14 17:25 163,840 --a------ C:\WINDOWS\system32\credui.dll
2006-08-14 17:25 162,128 --a------ C:\WINDOWS\system32\dwwin.exe
2006-08-14 17:25 160,768 --a------ C:\WINDOWS\system32\adsldp.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\cfgmgr32.dll
2006-08-14 17:25 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-08-14 17:25 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-08-14 17:25 156,672 --a------ C:\WINDOWS\system32\msimtf.dll
2006-08-14 17:25 155,648 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-14 17:25 154,112 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-08-14 17:25 153,088 --a------ C:\WINDOWS\system32\keymgr.dll
2006-08-14 17:25 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-08-14 17:25 150,016 --a------ C:\WINDOWS\system32\diskpart.exe
2006-08-14 17:25 15,872 --a------ C:\WINDOWS\system32\nddeapi.dll
2006-08-14 17:25 15,872 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2006-08-14 17:25 15,872 --a------ C:\WINDOWS\system32\alrsvc.dll
2006-08-14 17:25 15,360 --a------ C:\WINDOWS\system32\linkinfo.dll
2006-08-14 17:25 147,968 --a------ C:\WINDOWS\system32\netman.dll
2006-08-14 17:25 147,968 --a------ C:\WINDOWS\system32\modemui.dll
2006-08-14 17:25 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-08-14 17:25 144,896 --a------ C:\WINDOWS\system32\initpki.dll
2006-08-14 17:25 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-08-14 17:25 140,800 --a------ C:\WINDOWS\regedit.exe
2006-08-14 17:25 140,288 --a------ C:\WINDOWS\system32\netid.dll
2006-08-14 17:25 14,877 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-14 17:25 14,848 --a------ C:\WINDOWS\system32\inetppui.dll
2006-08-14 17:25 14,848 --a------ C:\WINDOWS\system32\bidispl.dll
2006-08-14 17:25 14,336 --a------ C:\WINDOWS\system32\dmremote.exe
2006-08-14 17:25 139,264 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-08-14 17:25 139,264 --a------ C:\WINDOWS\system32\hotplug.dll
2006-08-14 17:25 139,264 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-08-14 17:25 136,192 --a------ C:\WINDOWS\system32\mobsync.exe
2006-08-14 17:25 134,144 --a------ C:\WINDOWS\system32\dsprop.dll
2006-08-14 17:25 133,120 --a------ C:\WINDOWS\system32\ifmon.dll
2006-08-14 17:25 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-08-14 17:25 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-08-14 17:25 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-08-14 17:25 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-08-14 17:25 127,552 --a------ C:\WINDOWS\system32\cliconfg.dll
2006-08-14 17:25 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-08-14 17:25 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-14 17:25 126,464 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-08-14 17:25 124,928 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-08-14 17:25 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-08-14 17:25 122,880 --a------ C:\WINDOWS\system32\dssenh.dll
2006-08-14 17:25 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-08-14 17:25 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-08-14 17:25 12,800 --a------ C:\WINDOWS\system32\mcastmib.dll
2006-08-14 17:25 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-08-14 17:25 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-08-14 17:25 12,288 --a------ C:\WINDOWS\system32\cmcfg32.dll
2006-08-14 17:25 118,784 --a------ C:\WINDOWS\system32\imapi.exe
2006-08-14 17:25 118,272 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-14 17:25 117,760 --a------ C:\WINDOWS\system32\glu32.dll
2006-08-14 17:25 116,784 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-08-14 17:25 116,224 --a------ C:\WINDOWS\system32\iasrad.dll
2006-08-14 17:25 115,200 -r-hs---- C:\WINDOWS\system32\syshost.exe
2006-08-14 17:25 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-08-14 17:25 114,176 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-08-14 17:25 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-08-14 17:25 111,616 --a------ C:\WINDOWS\system32\idq.dll
2006-08-14 17:25 111,616 --a------ C:\WINDOWS\system32\aclui.dll
2006-08-14 17:25 111,104 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-08-14 17:25 110,592 --a------ C:\WINDOWS\system32\mdminst.dll
2006-08-14 17:25 110,592 --a------ C:\WINDOWS\system32\iccvid.dll
2006-08-14 17:25 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-14 17:25 11,776 --a------ C:\WINDOWS\system32\lsass.exe
2006-08-14 17:25 11,776 --a------ C:\WINDOWS\system32\drprov.dll
2006-08-14 17:25 109,568 --a------ C:\WINDOWS\system32\defrag.exe
2006-08-14 17:25 109,056 --a------ C:\WINDOWS\system32\netdde.exe
2006-08-14 17:25 107,520 --a------ C:\WINDOWS\system32\input.dll
2006-08-14 17:25 107,520 --a------ C:\WINDOWS\system32\dgnet.dll
2006-08-14 17:25 107,008 --a------ C:\WINDOWS\system32\dsuiext.dll
2006-08-14 17:25 106,496 --a------ C:\WINDOWS\system32\olepro32.dll
2006-08-14 17:25 104,448 --a------ C:\WINDOWS\system32\apphelp.dll
2006-08-14 17:25 103,936 --a------ C:\WINDOWS\system32\mstlsapi.dll
2006-08-14 17:25 102,450 --a------ C:\WINDOWS\system32\cscript.exe
2006-08-14 17:25 102,400 --a------ C:\WINDOWS\system32\offfilt.dll
2006-08-14 17:25 101,888 --a------ C:\WINDOWS\system32\oleprn.dll
2006-08-14 17:25 100,864 --a------ C:\WINDOWS\system32\irftp.exe
2006-08-14 17:25 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-08-14 17:25 100,352 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-14 17:25 10,752 --a------ C:\WINDOWS\system32\netrap.dll
2006-08-14 17:25 10,752 --a------ C:\WINDOWS\hh.exe
2006-08-14 17:25 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-08-14 17:25 10,240 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2006-08-14 17:25 10,240 --a------ C:\WINDOWS\system32\atmadm.exe
2006-08-14 17:25 1,634,816 --a------ C:\WINDOWS\system32\netshell.dll
2006-08-14 17:25 1,503,260 --a------ C:\WINDOWS\system32\msjet40.dll
2006-08-14 17:25 1,388,544 --a------ C:\WINDOWS\system32\msvbvm60.dll
2006-08-14 17:25 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-08-14 17:25 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-08-14 17:25 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-08-14 17:25 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-08-14 17:25 1,177,088 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-08-14 17:25 1,141,248 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-08-14 17:25 1,129,472 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-14 17:25 1,105,408 --a------ C:\WINDOWS\system32\ole32.dll
2006-08-14 17:25 1,034,240 --a------ C:\WINDOWS\system32\esent.dll
2006-08-14 17:25 1,005,056 --a------ C:\WINDOWS\explorer.exe
2006-08-14 17:24 97,792 --a------ C:\WINDOWS\system32\scardsvr.exe
2006-08-14 17:24 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-08-14 17:24 96,768 --a------ C:\WINDOWS\system32\rcbdyctl.dll
2006-08-14 17:24 95,744 --a------ C:\WINDOWS\system32\win32spl.dll
2006-08-14 17:24 947,712 --a------ C:\WINDOWS\system32\syssetup.dll
2006-08-14 17:24 942,592 --a------ C:\WINDOWS\system32\setupapi.dll
2006-08-14 17:24 94,208 --a------ C:\WINDOWS\system32\winscard.dll
2006-08-14 17:24 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-14 17:24 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-08-14 17:24 89,600 --a------ C:\WINDOWS\system32\slbiop.dll
2006-08-14 17:24 89,088 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-14 17:24 88,576 --a------ C:\WINDOWS\system32\polstore.dll
2006-08-14 17:24 87,552 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-08-14 17:24 87,048 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-08-14 17:24 87,040 --a------ C:\WINDOWS\system32\srvsvc.dll
2006-08-14 17:24 85,504 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-08-14 17:24 84,992 --a------ C:\WINDOWS\system32\psbase.dll
2006-08-14 17:24 831,488 --a------ C:\WINDOWS\system32\tapi3.dll
2006-08-14 17:24 82,944 --a------ C:\WINDOWS\system32\rasauto.dll
2006-08-14 17:24 81,408 --a------ C:\WINDOWS\system32\ntprint.dll
2006-08-14 17:24 802,816 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-08-14 17:24 80,384 --a------ C:\WINDOWS\system32\trkwks.dll
2006-08-14 17:24 8,456 --a------ C:\WINDOWS\system32\tsddd.dll
2006-08-14 17:24 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-08-14 17:24 770,560 --a------ C:\WINDOWS\system32\winntbbu.dll
2006-08-14 17:24 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-14 17:24 75,776 --a------ C:\WINDOWS\system32\msdvdopt.dll
2006-08-14 17:24 75,264 --a------ C:\WINDOWS\system32\ws2_32.dll
2006-08-14 17:24 75,264 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-08-14 17:24 74,240 --a------ C:\WINDOWS\system32\nslookup.exe
2006-08-14 17:24 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-08-14 17:24 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-14 17:24 73,728 --a------ C:\WINDOWS\system32\unimdmat.dll
2006-08-14 17:24 72,704 --a------ C:\WINDOWS\system32\telnet.exe
2006-08-14 17:24 72,704 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-14 17:24 70,656 --a------ C:\WINDOWS\system32\wiascr.dll
2006-08-14 17:24 70,656 --a------ C:\WINDOWS\system32\shrpubw.exe
2006-08-14 17:24 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2006-08-14 17:24 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2006-08-14 17:24 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-08-14 17:24 68,096 --a------ C:\WINDOWS\system32\scarddlg.dll
2006-08-14 17:24 676,352 --a------ C:\WINDOWS\system32\ntdll.dll
2006-08-14 17:24 671,744 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-08-14 17:24 67,072 --a------ C:\WINDOWS\system32\sigverif.exe
2006-08-14 17:24 665,088 --a------ C:\WINDOWS\system32\userenv.dll
2006-08-14 17:24 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-08-14 17:24 657,920 --a------ C:\WINDOWS\system32\rasdlg.dll
2006-08-14 17:24 654,848 --a------ C:\WINDOWS\system32\lsasrv.dll
2006-08-14 17:24 651,264 --a------ C:\WINDOWS\system32\sxs.dll
2006-08-14 17:24 65,585 --a------ C:\WINDOWS\system32\wshext.dll
2006-08-14 17:24 643,072 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-08-14 17:24 62,464 --a------ C:\WINDOWS\system32\shgina.dll
2006-08-14 17:24 62,464 --a------ C:\WINDOWS\system32\osuninst.dll
2006-08-14 17:24 617,984 --a------ C:\WINDOWS\system32\advapi32.dll
2006-08-14 17:24 614,912 --a------ C:\WINDOWS\system32\autoconv.exe
2006-08-14 17:24 61,952 --a------ C:\WINDOWS\system32\wextract.exe
2006-08-14 17:24 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-14 17:24 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-14 17:24 61,440 --a------ C:\WINDOWS\system32\webclnt.dll
2006-08-14 17:24 61,440 --a------ C:\WINDOWS\system32\sti.dll
2006-08-14 17:24 602,112 --a------ C:\WINDOWS\system32\autochk.exe
2006-08-14 17:24 60,416 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-08-14 17:24 6,656 --a------ C:\WINDOWS\system32\ntlsapi.dll
2006-08-14 17:24 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-08-14 17:24 573,952 --a------ C:\WINDOWS\system32\wiashext.dll
2006-08-14 17:24 571,392 --a------ C:\WINDOWS\system32\shdoclc.dll
2006-08-14 17:24 57,856 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-14 17:24 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-08-14 17:24 569,344 --a------ C:\WINDOWS\system32\oleaut32.dll
2006-08-14 17:24 562,176 --a------ C:\WINDOWS\system32\user32.dll
2006-08-14 17:24 557,568 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-14 17:24 554,496 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-08-14 17:24 55,808 --a------ C:\WINDOWS\system32\rasman.dll
2006-08-14 17:24 540,160 --a------ C:\WINDOWS\system32\printui.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\shimeng.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\samlib.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\resutils.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\rasphone.exe
2006-08-14 17:24 534,528 --a------ C:\WINDOWS\system32\spider.exe
2006-08-14 17:24 53,760 --a------ C:\WINDOWS\system32\rastapi.dll
2006-08-14 17:24 53,760 --a------ C:\WINDOWS\system32\packager.exe
2006-08-14 17:24 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-14 17:24 53,248 --a------ C:\WINDOWS\system32\sendmail.dll
2006-08-14 17:24 53,248 --a------ C:\WINDOWS\system32\rastls.dll
2006-08-14 17:24 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-08-14 17:24 51,712 --a------ C:\WINDOWS\system32\synceng.dll
2006-08-14 17:24 51,712 --a------ C:\WINDOWS\system32\regsvc.dll
2006-08-14 17:24 51,200 --a------ C:\WINDOWS\system32\spoolsv.exe
2006-08-14 17:24 51,200 --a------ C:\WINDOWS\system32\reg.exe
2006-08-14 17:24 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2006-08-14 17:24 5,632 --a------ C:\WINDOWS\system32\security.dll
2006-08-14 17:24 497,152 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-14 17:24 48,640 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-08-14 17:24 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-08-14 17:24 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-14 17:24 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-08-14 17:24 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-08-14 17:24 47,104 --a------ C:\WINDOWS\system32\winsta.dll
2006-08-14 17:24 47,104 --a------ C:\WINDOWS\system32\mspmspsv.dll
2006-08-14 17:24 46,592 --a------ C:\WINDOWS\system32\wdigest.dll
2006-08-14 17:24 46,592 --a------ C:\WINDOWS\system32\utilman.exe
2006-08-14 17:24 452,096 --a------ C:\WINDOWS\system32\wiadefui.dll
2006-08-14 17:24 45,568 --a------ C:\WINDOWS\system32\smss.exe
2006-08-14 17:24 45,568 --a------ C:\WINDOWS\system32\proquota.exe
2006-08-14 17:24 442,880 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-08-14 17:24 442,398 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-08-14 17:24 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-08-14 17:24 44,032 --a------ C:\WINDOWS\system32\ftp.exe
2006-08-14 17:24 434,176 --a------ C:\WINDOWS\system32\winlogon.exe
2006-08-14 17:24 43,008 --a------ C:\WINDOWS\system32\ssmypics.scr
2006-08-14 17:24 426,496 --a------ C:\WINDOWS\system32\samsrv.dll
2006-08-14 17:24 426,496 --a------ C:\WINDOWS\system32\riched20.dll
2006-08-14 17:24 421,888 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-08-14 17:24 42,496 --a------ C:\WINDOWS\system32\tcpmonui.dll
2006-08-14 17:24 419,840 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-08-14 17:24 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-14 17:24 41,472 --a------ C:\WINDOWS\system32\tcpmon.dll
2006-08-14 17:24 41,472 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-08-14 17:24 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-08-14 17:24 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-14 17:24 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-14 17:24 4,096 --a------ C:\WINDOWS\system32\winver.exe
2006-08-14 17:24 4,096 --a------ C:\WINDOWS\system32\sfc.dll
2006-08-14 17:24 396,800 --a------ C:\WINDOWS\system32\ntvdm.exe
2006-08-14 17:24 395,264 --a------ C:\WINDOWS\system32\regwizc.dll
2006-08-14 17:24 39,936 --a------ C:\WINDOWS\system32\rtutils.dll
2006-08-14 17:24 39,936 --a------ C:\WINDOWS\system32\perfctrs.dll
2006-08-14 17:24 39,424 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-08-14 17:24 39,424 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-08-14 17:24 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-14 17:24 389,120 --a------ C:\WINDOWS\system32\themeui.dll
2006-08-14 17:24 388,096 --a------ C:\WINDOWS\system32\cmd.exe
2006-08-14 17:24 37,888 --a------ C:\WINDOWS\system32\pstorec.dll
2006-08-14 17:24 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-08-14 17:24 364,544 --a------ C:\WINDOWS\system32\mstvca.dll
2006-08-14 17:24 36,864 --a------ C:\WINDOWS\system32\rshx32.dll
2006-08-14 17:24 356,352 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-08-14 17:24 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-08-14 17:24 35,840 --a------ C:\WINDOWS\system32\sens.dll
2006-08-14 17:24 346,624 --a------ C:\WINDOWS\system32\tourstart.exe
2006-08-14 17:24 344,064 --a------ C:\WINDOWS\system32\termmgr.dll
2006-08-14 17:24 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-08-14 17:24 34,304 --a------ C:\WINDOWS\system32\raschap.dll
2006-08-14 17:24 34,304 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-08-14 17:24 339,968 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-08-14 17:24 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-08-14 17:24 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-14 17:24 33,280 --a------ C:\WINDOWS\system32\perfproc.dll
2006-08-14 17:24 32,768 --a------ C:\WINDOWS\system32\umandlg.dll
2006-08-14 17:24 32,256 --a------ C:\WINDOWS\system32\rundll32.exe
2006-08-14 17:24 319,488 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-08-14 17:24 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-08-14 17:24 314,880 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-08-14 17:24 310,784 --a------ C:\WINDOWS\system32\scesrv.dll
2006-08-14 17:24 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-08-14 17:24 31,232 --a------ C:\WINDOWS\system32\wpabaln.exe
2006-08-14 17:24 308,736 --a------ C:\WINDOWS\system32\mstvgs.dll
2006-08-14 17:24 305,152 --a------ C:\WINDOWS\system32\ulib.dll
2006-08-14 17:24 302,080 --a------ C:\WINDOWS\system32\untfs.dll
2006-08-14 17:24 30,992 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-08-14 17:24 30,208 --a------ C:\WINDOWS\system32\sethc.exe
2006-08-14 17:24 3,352 --a------ C:\WINDOWS\system32\redir.exe
2006-08-14 17:24 298,496 --a------ C:\WINDOWS\system32\wmstream.dll
2006-08-14 17:24 295,424 --a------ C:\WINDOWS\system32\localspl.dll
2006-08-14 17:24 294,912 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-14 17:24 29,696 --a------ C:\WINDOWS\system32\wpnpinst.exe
2006-08-14 17:24 29,696 --a------ C:\WINDOWS\system32\rtipxmib.dll
2006-08-14 17:24 29,184 --a------ C:\WINDOWS\system32\csrsrv.dll
2006-08-14 17:24 281,088 --a------ C:\WINDOWS\system32\vssvc.exe
2006-08-14 17:24 28,721 --a------ C:\WINDOWS\system32\wshcon.dll
2006-08-14 17:24 28,672 --a------ C:\WINDOWS\system32\profmap.dll
2006-08-14 17:24 28,160 --a------ C:\WINDOWS\system32\xcopy.exe
2006-08-14 17:24 276,480 --a------ C:\WINDOWS\system32\winsrv.dll
2006-08-14 17:24 276,480 --a------ C:\WINDOWS\system32\slbcsp.dll
2006-08-14 17:24 274,432 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-14 17:24 27,648 --a------ C:\WINDOWS\system32\sendcmsg.dll
2006-08-14 17:24 263,680 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-14 17:24 262,656 --a------ C:\WINDOWS\system32\comdlg32.dll
2006-08-14 17:24 26,624 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-08-14 17:24 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-14 17:24 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-08-14 17:24 253,952 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-08-14 17:24 253,952 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-08-14 17:24 253,440 --a------ C:\WINDOWS\system32\pdh.dll
2006-08-14 17:24 25,600 --a------ C:\WINDOWS\system32\winipsec.dll
2006-08-14 17:24 25,600 --a------ C:\WINDOWS\system32\pstorsvc.dll
2006-08-14 17:24 248,832 --a------ C:\WINDOWS\system32\wow32.dll
2006-08-14 17:24 246,302 --a------ C:\WINDOWS\system32\strmdll.dll
2006-08-14 17:24 24,576 --a------ C:\WINDOWS\system32\perfos.dll
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\wsock32.dll
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\vdmdbg.dll
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\perfdisk.dll
2006-08-14 17:24 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-08-14 17:24 231,936 --a------ C:\WINDOWS\system32\upnpui.dll
2006-08-14 17:24 23,552 --a------ C:\WINDOWS\system32\shscrap.dll
2006-08-14 17:24 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-14 17:24 22,528 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-14 17:24 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-08-14 17:24 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-08-14 17:24 22,016 --a------ C:\WINDOWS\system32\userinit.exe
2006-08-14 17:24 214,528 --a------ C:\WINDOWS\system32\rpcss.dll
2006-08-14 17:24 214,528 --a------ C:\WINDOWS\system32\rasapi32.dll
2006-08-14 17:24 213,504 --a------ C:\WINDOWS\system32\osk.exe
2006-08-14 17:24 21,504 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-08-14 17:24 21,504 --a------ C:\WINDOWS\system32\shmgrate.exe
2006-08-14 17:24 208,896 --a------ C:\WINDOWS\system32\progman.exe
2006-08-14 17:24 203,776 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-08-14 17:24 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-08-14 17:24 20,992 --a------ C:\WINDOWS\system32\stimon.exe
2006-08-14 17:24 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-08-14 17:24 20,992 --a------ C:\WINDOWS\system32\seclogon.dll
2006-08-14 17:24 20,480 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-14 17:24 2,019,328 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-14 17:24 198,656 --a------ C:\WINDOWS\system32\t2embed.dll
2006-08-14 17:24 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-08-14 17:24 19,968 --a------ C:\WINDOWS\system32\sclgntfy.dll
2006-08-14 17:24 19,968 --a------ C:\WINDOWS\system32\savedump.exe
2006-08-14 17:24 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-08-14 17:24 19,456 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-14 17:24 188,928 --a------ C:\WINDOWS\system32\syncui.dll
2006-08-14 17:24 184,320 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-08-14 17:24 184,320 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-08-14 17:24 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll
2006-08-14 17:24 180,224 --a------ C:\WINDOWS\system32\scecli.dll
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\ws2help.dll
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\shutdown.exe
2006-08-14 17:24 18,432 --a------ C:\WINDOWS\system32\rsmps.dll
2006-08-14 17:24 175,104 --a------ C:\WINDOWS\system32\winmm.dll
2006-08-14 17:24 174,080 --a------ C:\WINDOWS\system32\snmpsnap.dll
2006-08-14 17:24 173,056 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-14 17:24 171,520 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\wshtcpip.dll
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-08-14 17:24 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-08-14 17:24 169,328 --a------ C:\WINDOWS\system32\xenroll.dll
2006-08-14 17:24 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-08-14 17:24 166,912 --a------ C:\WINDOWS\system32\wintrust.dll
2006-08-14 17:24 166,912 --a------ C:\WINDOWS\system32\photowiz.dll
2006-08-14 17:24 163,328 --a------ C:\WINDOWS\system32\upnphost.dll
2006-08-14 17:24 163,328 --a------ C:\WINDOWS\system32\tapi32.dll
2006-08-14 17:24 162,304 --a------ C:\WINDOWS\system32\w32time.dll
2006-08-14 17:24 160,768 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-14 17:24 16,896 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-08-14 17:24 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-08-14 17:24 16,384 --a------ C:\WINDOWS\system32\version.dll
2006-08-14 17:24 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-08-14 17:24 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-08-14 17:24 155,675 --a------ C:\WINDOWS\system32\scrobj.dll
2006-08-14 17:24 155,648 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-14 17:24 153,600 --a------ C:\WINDOWS\system32\wuv3is.dll
2006-08-14 17:24 147,483 --a------ C:\WINDOWS\system32\scrrun.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\winrnr.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\usbmon.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\powrprof.dll
2006-08-14 17:24 14,592 --a------ C:\WINDOWS\system32\watchdog.sys
2006-08-14 17:24 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-08-14 17:24 14,336 --a------ C:\WINDOWS\system32\rsh.exe
2006-08-14 17:24 14,336 --a------ C:\WINDOWS\system32\perfmon.exe
2006-08-14 17:24 137,216 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-08-14 17:24 136,704 --a------ C:\WINDOWS\system32\schannel.dll
2006-08-14 17:24 136,192 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-08-14 17:24 134,656 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-08-14 17:24 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-14 17:24 133,632 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-08-14 17:24 131,584 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-14 17:24 131,584 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-08-14 17:24 13,824 --a------ C:\WINDOWS\system32\wship6.dll
2006-08-14 17:24 13,824 --a------ C:\WINDOWS\system32\uniplat.dll
2006-08-14 17:24 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-08-14 17:24 13,312 --a------ C:\WINDOWS\system32\wupdinfo.dll
2006-08-14 17:24 13,312 --a------ C:\WINDOWS\system32\tcpmib.dll
2006-08-14 17:24 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-08-14 17:24 127,488 --a------ C:\WINDOWS\system32\shmedia.dll
2006-08-14 17:24 126,976 --a------ C:\WINDOWS\system32\imagehlp.dll
2006-08-14 17:24 125,952 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-14 17:24 125,440 --a------ C:\WINDOWS\system32\webvw.dll
2006-08-14 17:24 120,832 --a------ C:\WINDOWS\system32\wkssvc.dll
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\svchost.exe
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\rexec.exe
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\pjlmon.dll
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\mgmtapi.dll
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\sigtab.dll
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\runonce.exe
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\lmhsvc.dll
2006-08-14 17:24 119,808 --a------ C:\WINDOWS\system32\upnp.dll
2006-08-14 17:24 118,834 --a------ C:\WINDOWS\system32\wscript.exe
2006-08-14 17:24 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-08-14 17:24 118,784 --a------ C:\WINDOWS\system32\wiadss.dll
2006-08-14 17:24 118,272 --a------ C:\WINDOWS\system32\stobject.dll
2006-08-14 17:24 115,200 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-08-14 17:24 111,104 --a------ C:\WINDOWS\system32\url.dll
2006-08-14 17:24 110,592 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-14 17:24 108,032 --a------ C:\WINDOWS\system32\msv1_0.dll
2006-08-14 17:24 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-08-14 17:24 104,960 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-08-14 17:24 104,448 --a------ C:\WINDOWS\system32\wiavideo.dll
2006-08-14 17:24 101,888 --a------ C:\WINDOWS\system32\services.exe
2006-08-14 17:24 100,720 --a------ C:\WINDOWS\system32\iuctl.dll
2006-08-14 17:24 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-08-14 17:24 10,240 --a------ C:\WINDOWS\system32\WshRm.dll
2006-08-14 17:24 10,240 --a------ C:\WINDOWS\system32\regsvr32.exe
2006-08-14 17:24 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-08-14 17:24 1,901,440 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2006-08-14 17:24 1,879,168 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2006-08-14 17:24 1,799,808 --a------ C:\WINDOWS\system32\win32k.sys
2006-08-14 17:24 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-08-14 17:24 1,547,264 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-08-14 17:24 1,392,640 --a------ C:\WINDOWS\system32\wmpui.dll
2006-08-14 17:24 1,342,976 --a------ C:\WINDOWS\system32\query.dll
2006-08-14 17:24 1,302,528 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-08-14 17:24 1,216,512 --a------ C:\WINDOWS\system32\wmvcore.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-08 08:23 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-08 08:23 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-31 18:28 -------- d-------- C:\Documents and Settings\Jean-Francois\Application Data\AVG7
2006-07-31 18:27 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-07-31 18:27 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-07-31 18:27 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-07-31 07:56 -------- d-------- C:\Program Files\Trisnap Technologies
2006-07-30 16:02 61440 --a------ C:\WINDOWS\system32\mwm52b8c.dll
2006-07-30 16:02 2 --a------ C:\WINDOWS\system32\wnsapisu.exe
2006-07-30 16:02 1064 --a------ C:\WINDOWS\system32\mwm52b8c.sys
2006-07-30 16:01 32768 --a------ C:\WINDOWS\unstall.exe
2006-07-30 16:01 232749 --a------ C:\WINDOWS\pf78.exe
2006-06-07 13:55 3626 --a------ C:\Program Files\Fichiers communs\mejeh.html
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /installquiet"
"SxgTkBar"="SxgTkBar.exe"
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TFncKy"="TFncKy.exe /Type 20"
"NDSTray.exe"="NDSTray.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Drag'n Drop CD"="C:\\Program Files\\Drag'n Drop CD\\BinFiles\\DragDrop.exe /StartUp"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"TFNF5"="TFNF5.exe"
"TosHKCW.exe"="C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"FRISK FP-Scheduler"="C:\\Program Files\\FSI\\F-Prot\\F-Sched.exe STARTUP"
"F-StopW"="C:\\Program Files\\FSI\\F-Prot\\F-StopW.EXE"
"xxcukntA"="C:\\WINDOWS\\xxcukntA.exe"
"mwm52b8c"="RUNDLL32.EXE w79b77c1.dll,n 00252b8a0000000a79b77c1"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Microsoft Windows System"="syshost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.4156\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Microsoft Windows System"="syshost.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\polokikoj.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Fichiers communs\\mejeh.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c0,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 2006-09-01 7:20:04.42
ComboFix.txt
LonnyRJones
2006-09-01, 16:00
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
REGEDIT4
;
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xxcukntA"=-
"mwm52b8c"=-
"Microsoft Windows System"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows System"=-
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.
Restart your PC.
delete these two files
C:\Program Files\Fichiers communs\mejeh.html
C:\Program Files\MSN Gaming Zone\polokikoj.html
Post a fresh hijackthis log please, be sure to mention any current problems.
here is the fresh log
Logfile of HijackThis v1.99.1
Scan saved at 16:43:37, on 2006-09-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\SxgTkBar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jean-Francois\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.ca/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155531098847
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
I also got this surprise at reboot:
wincbr.exe
trojan horse irc/backdoor sdbot2.hki
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
thanks
LonnyRJones
2006-09-02, 02:40
I assume your antivirus deleted it ?
Why do you have more than one antivirus program installed ? Normal not a good idea.
Start Hijackthis and place a check next to these items If there.
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mca.chm::/speedtest2.dll
====================================
Hit fix checked and close Hijackthis.
I assume your antivirus deleted it ?
Why do you have more than one antivirus program installed ? Normal not a good idea.
Start Hijackthis and place a check next to these items If there.
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mca.chm::/speedtest2.dll
====================================
Hit fix checked and close Hijackthis.
Wow thanks, now I have pretty much a clean system, sp2 is installed antivirus are removed except for 1, and this machine is now working a lot better!!
thanks a bunch
LonnyRJones
2006-09-02, 20:48
Thats good to hear
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
As the problem appears to be resolved this topic has been archived. :bigthumb:
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Glad we could help.