Need Help with 4 infected files!!

[duss12]

hello everyone first time poster and first time in distress!!

I have everything 1 should need to be safe, including spybot, adaware, firewall antiv

but I have 4 infected that I cannot deal with (I am not a very techie person)

so here it is


trojan horse downloader.agent.aog
trojan horse downloader.generic2.jvp
trojan horse downloader.generic2.jvq

in there


C:\Documents and Settings\Jean-Francois\Local Settings\Temporary Internet Files\Content.IE5\SOBU9N23\ds-444444[1].exe,"Trojan horse Downloader.Agent.AOG","Infected"
C:\Program Files\Fichiers communs\{64B9B9A6-0702-1036-1007-020603020002}\services.dll,"Trojan horse Downloader.Generic2.JVP","Infected"
C:\System Volume Information\_restore{89118A06-6713-42FD-8805-6C619FFEC8D4}\RP282\A0040304.exe,"Trojan horse Downloader.Generic2.JVQ","Infected"
C:\System Volume Information\_restore{89118A06-6713-42FD-8805-6C619FFEC8D4}\RP285\A0043543.exe,"Trojan horse Downloader.Agent.AOG","Infected"



thanks for any help you guys can provide!

 

[tashi]

Hello, please follow the instructions in our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps

Then a helper will advise you as soon as available to do so.

 

[duss12]

Hello, please follow the instructions in our 'sticky' topic:
BEFORE you post and who will advise you. Preliminary Steps

Then a helper will advise you as soon as available to do so.

:bow:

thanks... working on all these steps will be posting in when steps are done!

 

[duss12]

Ok I got all my stuff together so here it is all the required tests were done please see below for Hijack this and panda reports

Panda's report



Incident Status Location

Virus:W32/Gaobot.NZO.worm Disinfected C:\WINDOWS\system32\syshost.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\system32\bk.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\ping.dll
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\mwm52b8c.dll
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\system32\tsuninst.exe
Adware:Adware/Mirar Not disinfected C:\WINDOWS\system32\WinNB58.dll
Spyware:Spyware/SurfSideKick Not disinfected C:\WINDOWS\system32\repairs303169590.dll
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\Downloaded Program Files\speedtest2.dll
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\ms3.exe
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\webhdll.dll_tobedeleted
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\keyboard1.dat
Adware:Adware/EliteBar Not disinfected C:\WINDOWS\unstall.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SmVhbi1GcmFuY29pcw\mAp1v2Y3wAIRsZ6DwT.vbs
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Virus:W32/Gaobot.NZO.worm Disinfected C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wincbr.exe



Hijack this

Logfile of HijackThis v1.99.1
Scan saved at 18:33:11, on 2006-08-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
C:\Documents and Settings\Jean-Francois\Bureau\Nouveau dossier\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [keyboard] C:\\kybrdfg_7.exe
O4 - HKLM\..\Run: [xxcukntA] C:\WINDOWS\xxcukntA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [mwm52b8c] RUNDLL32.EXE w79b77c1.dll,n 00252b8a0000000a79b77c1
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [Microsoft Windows System] syshost.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wincbr.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.ca/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155531098847
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\kgdsg.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe


thanks

 

[LonnyRJones]

Welcome duss12
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

 

[duss12]

Jean-Francois - 06-09-01 7:17:16,61
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Jean-Francois\Bureau\download

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{236B362E-1D45-4B6D-B398-366031E5753D}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


Granting sedebugprivilege to Administrateurs ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskknwrd.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskcwrd.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskdmns.dll
C:\Documents and Settings\Jean-Francois\Application Data\Sskuknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll
C:\Program Files\surfsidekick 3\Ssk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat
C:\WINDOWS\system32\ping.dll
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Fichiers communs\{64B9B9A6-0702-1036-1007-020603020002}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Jean-Francois\Application Data\CURITY~1


((((((((((((((((((((((((((((((( Files Created from 2006-08-01 to 2006-09-01 ))))))))))))))))))))))))))))))))))


2006-08-15 00:42 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2006-08-14 17:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-08-14 17:30 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2006-08-14 17:28 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-14 17:27 755,200 --a------ C:\WINDOWS\system32\ir50_32.dll
2006-08-14 17:27 338,432 --a------ C:\WINDOWS\system32\ir41_qcx.dll
2006-08-14 17:27 200,192 --a------ C:\WINDOWS\system32\ir50_qc.dll
2006-08-14 17:27 185,344 --a------ C:\WINDOWS\system32\xpob2res.dll
2006-08-14 17:27 183,808 --a------ C:\WINDOWS\system32\ir50_qcx.dll
2006-08-14 17:27 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2006-08-14 17:27 120,320 --a------ C:\WINDOWS\system32\ir41_qc.dll
2006-08-14 17:27 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-08-14 17:27 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-08-14 17:26 7,680 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-08-14 17:26 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-08-14 17:26 4,096 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-08-14 17:26 360,960 --a------ C:\WINDOWS\system32\qmgr.dll
2006-08-14 17:26 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2006-08-14 17:26 27,136 --a------ C:\WINDOWS\system32\pidgen.dll
2006-08-14 17:26 117,248 --a------ C:\WINDOWS\system32\dpcdll.dll
2006-08-14 17:25 995,384 --a------ C:\WINDOWS\system32\mfc42u.dll
2006-08-14 17:25 995,383 --a------ C:\WINDOWS\system32\mfc42.dll
2006-08-14 17:25 99,840 --a------ C:\WINDOWS\system32\iexpress.exe
2006-08-14 17:25 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2006-08-14 17:25 98,304 --a------ C:\WINDOWS\system32\odbcint.dll
2006-08-14 17:25 98,304 --a------ C:\WINDOWS\system32\actxprxy.dll
2006-08-14 17:25 978,944 --a------ C:\WINDOWS\system32\msgina.dll
2006-08-14 17:25 977,920 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-08-14 17:25 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-08-14 17:25 96,768 --a------ C:\WINDOWS\system32\imm32.dll
2006-08-14 17:25 94,720 --a------ C:\WINDOWS\system32\loadperf.dll
2006-08-14 17:25 94,208 --a------ C:\WINDOWS\system32\odbccp32.dll
2006-08-14 17:25 93,184 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-14 17:25 92,544 --a------ C:\WINDOWS\system32\krnl386.exe
2006-08-14 17:25 91,136 --a------ C:\WINDOWS\system32\nlhtml.dll
2006-08-14 17:25 90,624 --a------ C:\WINDOWS\system32\msoert2.dll
2006-08-14 17:25 90,624 --a------ C:\WINDOWS\system32\cscdll.dll
2006-08-14 17:25 9,728 --a------ C:\WINDOWS\system32\mstinit.exe
2006-08-14 17:25 9,728 --a------ C:\WINDOWS\system32\msrle32.dll
2006-08-14 17:25 89,088 --a------ C:\WINDOWS\system32\mydocs.dll
2006-08-14 17:25 88,576 --a------ C:\WINDOWS\system32\occache.dll
2006-08-14 17:25 867,840 --a------ C:\WINDOWS\system32\netplwiz.dll
2006-08-14 17:25 86,016 --a------ C:\WINDOWS\system32\dskquota.dll
2006-08-14 17:25 851,968 --a------ C:\WINDOWS\system32\comres.dll
2006-08-14 17:25 85,504 --a------ C:\WINDOWS\system32\netsh.exe
2006-08-14 17:25 85,504 --a------ C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 17:25 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-08-14 17:25 84,992 --a------ C:\WINDOWS\system32\ahui.exe
2006-08-14 17:25 831,562 --a------ C:\WINDOWS\system32\mswdat10.dll
2006-08-14 17:25 82,432 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-08-14 17:25 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-08-14 17:25 81,408 --a------ C:\WINDOWS\system32\mciavi32.dll
2006-08-14 17:25 81,408 --a------ C:\WINDOWS\system32\cabview.dll
2006-08-14 17:25 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2006-08-14 17:25 80,640 --a------ C:\WINDOWS\system32\msapsspc.dll
2006-08-14 17:25 8,832 --a------ C:\WINDOWS\system32\framebuf.dll
2006-08-14 17:25 8,704 --a------ C:\WINDOWS\system32\lprhelp.dll
2006-08-14 17:25 8,704 --a------ C:\WINDOWS\system32\icaapi.dll
2006-08-14 17:25 8,192 --a------ C:\WINDOWS\system32\igmpagnt.dll
2006-08-14 17:25 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2006-08-14 17:25 8,192 --a------ C:\WINDOWS\system32\autolfn.exe
2006-08-14 17:25 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\mprapi.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\makecab.exe
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\irmon.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-08-14 17:25 79,360 --a------ C:\WINDOWS\system32\diantz.exe
2006-08-14 17:25 775,168 --a------ C:\WINDOWS\system32\mmc.exe
2006-08-14 17:25 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2006-08-14 17:25 77,824 --a------ C:\WINDOWS\system32\asycfilt.dll
2006-08-14 17:25 77,312 --a------ C:\WINDOWS\system32\netui0.dll
2006-08-14 17:25 76,830 --a------ C:\WINDOWS\system32\drmstor.dll
2006-08-14 17:25 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2006-08-14 17:25 76,800 --a------ C:\WINDOWS\system32\avifil32.dll
2006-08-14 17:25 75,776 --a------ C:\WINDOWS\system32\mmcbase.dll
2006-08-14 17:25 74,802 --a------ C:\WINDOWS\system32\atl.dll
2006-08-14 17:25 73,728 --a------ C:\WINDOWS\system32\ils.dll
2006-08-14 17:25 73,216 --a------ C:\WINDOWS\system32\dfrgfat.exe
2006-08-14 17:25 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2006-08-14 17:25 71,680 --a------ C:\WINDOWS\system32\browsewm.dll
2006-08-14 17:25 71,168 --a------ C:\WINDOWS\system32\cryptdlg.dll
2006-08-14 17:25 70,848 --a------ C:\WINDOWS\system32\mmsystem.dll
2006-08-14 17:25 7,680 --a------ C:\WINDOWS\system32\dciman32.dll
2006-08-14 17:25 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2006-08-14 17:25 69,632 --a------ C:\WINDOWS\system32\browselc.dll
2006-08-14 17:25 688,667 --a------ C:\WINDOWS\system32\msxml2.dll
2006-08-14 17:25 685,568 --a------ C:\WINDOWS\system32\opengl32.dll
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\mscms.dll
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\magnify.exe
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\inetpp.dll
2006-08-14 17:25 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2006-08-14 17:25 67,584 --a------ C:\WINDOWS\system32\notepad.exe
2006-08-14 17:25 67,584 --a------ C:\WINDOWS\notepad.exe
2006-08-14 17:25 67,072 --a------ C:\WINDOWS\system32\msacm32.dll
2006-08-14 17:25 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2006-08-14 17:25 66,048 --a------ C:\WINDOWS\system32\msw3prt.dll
2006-08-14 17:25 65,536 --a------ C:\WINDOWS\system32\msctfp.dll
2006-08-14 17:25 65,536 --a------ C:\WINDOWS\system32\msconf.dll
2006-08-14 17:25 65,536 --a------ C:\WINDOWS\system32\dbnetlib.dll
2006-08-14 17:25 65,024 --a------ C:\WINDOWS\system32\msvcrt40.dll
2006-08-14 17:25 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\ntdsapi.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\mtxclu.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\colbact.dll
2006-08-14 17:25 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2006-08-14 17:25 62,976 --a------ C:\WINDOWS\system32\cleanmgr.exe
2006-08-14 17:25 62,976 --a------ C:\WINDOWS\system32\ciodm.dll
2006-08-14 17:25 62,464 --a------ C:\WINDOWS\system32\faultrep.dll
2006-08-14 17:25 62,464 --a------ C:\WINDOWS\system32\adsmsext.dll
2006-08-14 17:25 614,672 --a------ C:\WINDOWS\system32\mswstr10.dll
2006-08-14 17:25 61,712 --a------ C:\WINDOWS\system32\odbcji32.dll
2006-08-14 17:25 61,440 --a------ C:\WINDOWS\system32\odbccu32.dll
2006-08-14 17:25 61,440 --a------ C:\WINDOWS\system32\odbccr32.dll
2006-08-14 17:25 61,440 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-08-14 17:25 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2006-08-14 17:25 60,416 --a------ C:\WINDOWS\system32\ipv6.exe
2006-08-14 17:25 60,416 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-14 17:25 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-08-14 17:25 6,656 --a------ C:\WINDOWS\system32\batt.dll
2006-08-14 17:25 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-08-14 17:25 596,480 --a------ C:\WINDOWS\system32\netcfgx.dll
2006-08-14 17:25 596,480 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-08-14 17:25 594,944 --a------ C:\WINDOWS\system32\autofmt.exe
2006-08-14 17:25 593,920 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-08-14 17:25 593,408 --a------ C:\WINDOWS\system32\h323msp.dll
2006-08-14 17:25 589,824 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-08-14 17:25 58,880 --a------ C:\WINDOWS\system32\cabinet.dll
2006-08-14 17:25 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2006-08-14 17:25 577,024 --a------ C:\WINDOWS\system32\mlang.dll
2006-08-14 17:25 57,344 --a------ C:\WINDOWS\system32\licwmi.dll
2006-08-14 17:25 57,344 --a------ C:\WINDOWS\system32\dmutil.dll
2006-08-14 17:25 57,344 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-14 17:25 56,832 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-14 17:25 56,832 --a------ C:\WINDOWS\system32\cmstp.exe
2006-08-14 17:25 56,320 --a------ C:\WINDOWS\system32\miglibnt.dll
2006-08-14 17:25 553,034 --a------ C:\WINDOWS\system32\msrepl40.dll
2006-08-14 17:25 551,424 --a------ C:\WINDOWS\system32\crypt32.dll
2006-08-14 17:25 55,808 --a------ C:\WINDOWS\system32\mpr.dll
2006-08-14 17:25 55,808 --a------ C:\WINDOWS\system32\digest.dll
2006-08-14 17:25 54,784 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-08-14 17:25 54,080 --a------ C:\WINDOWS\system32\dosx.exe
2006-08-14 17:25 53,322 --a------ C:\WINDOWS\system32\msjter40.dll
2006-08-14 17:25 53,248 --a------ C:\WINDOWS\system32\odbcconf.exe
2006-08-14 17:25 53,248 --a------ C:\WINDOWS\system32\cryptnet.dll
2006-08-14 17:25 53,248 --a------ C:\WINDOWS\system32\clusapi.dll
2006-08-14 17:25 52,736 --a------ C:\WINDOWS\system32\narrator.exe
2006-08-14 17:25 52,736 --a------ C:\WINDOWS\system32\dataclen.dll
2006-08-14 17:25 52,224 --a------ C:\WINDOWS\system32\ipconfig.exe
2006-08-14 17:25 512,074 --a------ C:\WINDOWS\system32\msexch40.dll
2006-08-14 17:25 51,712 --a------ C:\WINDOWS\system32\msasn1.dll
2006-08-14 17:25 51,200 --a------ C:\WINDOWS\system32\cryptsvc.dll
2006-08-14 17:25 51,200 --a------ C:\WINDOWS\system32\authz.dll
2006-08-14 17:25 505,344 --a------ C:\WINDOWS\system32\logonui.exe
2006-08-14 17:25 503,296 --a------ C:\WINDOWS\system32\mstscax.dll
2006-08-14 17:25 500,496 --a------ C:\WINDOWS\system32\dxmasf.dll
2006-08-14 17:25 50,688 --a------ C:\WINDOWS\system32\msvcirt.dll
2006-08-14 17:25 50,176 --a------ C:\WINDOWS\system32\inetres.dll
2006-08-14 17:25 5,120 --a------ C:\WINDOWS\system32\msidle.dll
2006-08-14 17:25 5,120 --a------ C:\WINDOWS\system32\cisvc.exe
2006-08-14 17:25 5,120 --a------ C:\WINDOWS\system32\asferror.dll
2006-08-14 17:25 499,712 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-08-14 17:25 499,200 --a------ C:\WINDOWS\system32\comuid.dll
2006-08-14 17:25 495,376 --a------ C:\WINDOWS\system32\msxml.dll
2006-08-14 17:25 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll

 

[duss12]

2006-08-14 17:25 49,664 --a------ C:\WINDOWS\system32\npptools.dll
2006-08-14 17:25 49,664 --a------ C:\WINDOWS\system32\ixsso.dll
2006-08-14 17:25 49,664 --a------ C:\WINDOWS\system32\cryptext.dll
2006-08-14 17:25 49,152 --a------ C:\WINDOWS\system32\cnbjmon.dll
2006-08-14 17:25 487,936 --a------ C:\WINDOWS\system32\cryptui.dll
2006-08-14 17:25 486,400 --a------ C:\WINDOWS\system32\dbghelp.dll
2006-08-14 17:25 48,640 --a------ C:\WINDOWS\system32\dssec.dll
2006-08-14 17:25 48,640 --a------ C:\WINDOWS\system32\browser.dll
2006-08-14 17:25 47,616 --a------ C:\WINDOWS\system32\eventlog.dll
2006-08-14 17:25 468,480 --a------ C:\WINDOWS\system32\ntmsmgr.dll
2006-08-14 17:25 46,592 --a------ C:\WINDOWS\twain_32.dll
2006-08-14 17:25 46,592 --a------ C:\WINDOWS\system32\mslbui.dll
2006-08-14 17:25 46,592 --a------ C:\WINDOWS\system32\mmcshext.dll
2006-08-14 17:25 456,192 --a------ C:\WINDOWS\system32\ipnathlp.dll
2006-08-14 17:25 45,632 --a------ C:\WINDOWS\system32\cliconfg.exe
2006-08-14 17:25 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-08-14 17:25 45,568 --a------ C:\WINDOWS\system32\docprop2.dll
2006-08-14 17:25 45,056 --a------ C:\WINDOWS\system32\msprivs.dll
2006-08-14 17:25 45,056 --a------ C:\WINDOWS\system32\camocx.dll
2006-08-14 17:25 45,056 --a------ C:\WINDOWS\system32\basesrv.dll
2006-08-14 17:25 446,976 --a------ C:\WINDOWS\system32\certmgr.dll
2006-08-14 17:25 44,160 --a------ C:\WINDOWS\system32\kd1394.dll
2006-08-14 17:25 44,032 --a------ C:\WINDOWS\system32\msident.dll
2006-08-14 17:25 44,032 --a------ C:\WINDOWS\system32\dnsrslvr.dll
2006-08-14 17:25 421,962 --a------ C:\WINDOWS\system32\msrd2x40.dll
2006-08-14 17:25 42,537 --a------ C:\WINDOWS\system32\keyboard.sys
2006-08-14 17:25 42,496 --a------ C:\WINDOWS\system32\ncobjapi.dll
2006-08-14 17:25 42,496 --a------ C:\WINDOWS\system32\dfrgsnap.dll
2006-08-14 17:25 41,472 --a------ C:\WINDOWS\system32\cmdl32.exe
2006-08-14 17:25 401,462 --a------ C:\WINDOWS\system32\msvcp60.dll
2006-08-14 17:25 40,960 --a------ C:\WINDOWS\system32\htui.dll
2006-08-14 17:25 40,960 --a------ C:\WINDOWS\system32\extrac32.exe
2006-08-14 17:25 40,960 --a------ C:\WINDOWS\system32\alg.exe
2006-08-14 17:25 4,608 --a------ C:\WINDOWS\system32\msimg32.dll
2006-08-14 17:25 4,126 --a------ C:\WINDOWS\system32\msdxmlc.dll
2006-08-14 17:25 4,096 --a------ C:\WINDOWS\system32\nddeapir.exe
2006-08-14 17:25 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-08-14 17:25 4,096 --a------ C:\WINDOWS\system32\actmovie.exe
2006-08-14 17:25 397,824 --a------ C:\WINDOWS\system32\netlogon.dll
2006-08-14 17:25 395,264 --a------ C:\WINDOWS\system32\ntmssvc.dll
2006-08-14 17:25 390,144 --a------ C:\WINDOWS\system32\mstsc.exe
2006-08-14 17:25 39,424 --a------ C:\WINDOWS\system32\net.exe
2006-08-14 17:25 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-08-14 17:25 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2006-08-14 17:25 381,440 --a------ C:\WINDOWS\system32\lmrt.dll
2006-08-14 17:25 38,400 --a------ C:\WINDOWS\system32\ntlanman.dll
2006-08-14 17:25 379,152 --a------ C:\WINDOWS\system32\expsrv.dll
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\grpconv.exe
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\cmutil.dll
2006-08-14 17:25 37,888 --a------ C:\WINDOWS\system32\audiosrv.dll
2006-08-14 17:25 37,376 --a------ C:\WINDOWS\system32\ntmsapi.dll
2006-08-14 17:25 368,128 --a------ C:\WINDOWS\system32\ipsmsnap.dll
2006-08-14 17:25 365,568 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-08-14 17:25 365,056 --a------ C:\WINDOWS\system32\fontext.dll
2006-08-14 17:25 36,921 --a------ C:\WINDOWS\system32\imeshare.dll
2006-08-14 17:25 36,864 --a------ C:\WINDOWS\system32\mscpxl32.dll
2006-08-14 17:25 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2006-08-14 17:25 35,840 --a------ C:\WINDOWS\system32\cmmon32.exe
2006-08-14 17:25 35,840 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-14 17:25 35,632 --a------ C:\WINDOWS\system32\ntio411.sys
2006-08-14 17:25 35,392 --a------ C:\WINDOWS\system32\ntio412.sys
2006-08-14 17:25 348,238 --a------ C:\WINDOWS\system32\msjetoledb40.dll
2006-08-14 17:25 348,234 --a------ C:\WINDOWS\system32\mspbde40.dll
2006-08-14 17:25 344,576 --a------ C:\WINDOWS\system32\mspaint.exe
2006-08-14 17:25 344,576 --a------ C:\WINDOWS\system32\ipsecsnp.dll
2006-08-14 17:25 344,576 --a------ C:\WINDOWS\system32\ippromon.dll
2006-08-14 17:25 344,138 --a------ C:\WINDOWS\system32\msxbde40.dll
2006-08-14 17:25 34,528 --a------ C:\WINDOWS\system32\ntio804.sys
2006-08-14 17:25 34,528 --a------ C:\WINDOWS\system32\ntio404.sys
2006-08-14 17:25 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2006-08-14 17:25 333,312 --a------ C:\WINDOWS\system32\filemgmt.dll
2006-08-14 17:25 33,968 --a------ C:\WINDOWS\system32\ntio.sys
2006-08-14 17:25 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2006-08-14 17:25 33,280 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-08-14 17:25 329,728 --a------ C:\WINDOWS\system32\netsetup.exe
2006-08-14 17:25 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2006-08-14 17:25 324,096 --a------ C:\WINDOWS\system32\cmdial32.dll
2006-08-14 17:25 322,560 --a------ C:\WINDOWS\system32\msvcrt.dll
2006-08-14 17:25 321,536 --a------ C:\WINDOWS\system32\hnetwiz.dll
2006-08-14 17:25 32,768 --a------ C:\WINDOWS\system32\odbcad32.exe
2006-08-14 17:25 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-08-14 17:25 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2006-08-14 17:25 32,384 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-08-14 17:25 319,562 --a------ C:\WINDOWS\system32\msexcl40.dll
2006-08-14 17:25 316,416 --a------ C:\WINDOWS\system32\cscui.dll
2006-08-14 17:25 315,466 --a------ C:\WINDOWS\system32\msrd3x40.dll
2006-08-14 17:25 31,744 --a------ C:\WINDOWS\system32\netstat.exe
2006-08-14 17:25 31,232 --a------ C:\WINDOWS\system32\inetmib1.dll
2006-08-14 17:25 309,760 --a------ C:\WINDOWS\system32\licdll.dll
2006-08-14 17:25 30,720 --a------ C:\WINDOWS\system32\clipsrv.exe
2006-08-14 17:25 30,208 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-14 17:25 30,208 --a------ C:\WINDOWS\system32\dumprep.exe
2006-08-14 17:25 3,584 --a------ C:\WINDOWS\system32\msafd.dll
2006-08-14 17:25 3,072 --a------ C:\WINDOWS\system32\icmp.dll
2006-08-14 17:25 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2006-08-14 17:25 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2006-08-14 17:25 294,912 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-14 17:25 293,888 --a------ C:\WINDOWS\system32\msctf.dll
2006-08-14 17:25 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-08-14 17:25 29,184 --a------ C:\WINDOWS\system32\cryptdll.dll
2006-08-14 17:25 28,672 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-08-14 17:25 28,672 --a------ C:\WINDOWS\system32\ddeshare.exe
2006-08-14 17:25 28,672 --a------ C:\WINDOWS\system32\dbnmpntw.dll
2006-08-14 17:25 28,160 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-14 17:25 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2006-08-14 17:25 274,432 --a------ C:\WINDOWS\system32\objsel.dll
2006-08-14 17:25 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-08-14 17:25 272,768 --a------ C:\WINDOWS\system32\atmfd.dll
2006-08-14 17:25 271,872 --a------ C:\WINDOWS\system32\devmgr.dll
2006-08-14 17:25 271,360 --a------ C:\WINDOWS\winhlp32.exe
2006-08-14 17:25 270,365 --a------ C:\WINDOWS\system32\odbcjt32.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\mspatcha.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\findstr.exe
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\batmeter.dll
2006-08-14 17:25 27,136 --a------ C:\WINDOWS\system32\atmlib.dll
2006-08-14 17:25 265,216 --a------ C:\WINDOWS\system32\kerberos.dll
2006-08-14 17:25 261,120 --a------ C:\WINDOWS\system32\duser.dll
2006-08-14 17:25 258,048 --a------ C:\WINDOWS\system32\drmclien.dll
2006-08-14 17:25 256,000 --a------ C:\WINDOWS\system32\mstask.dll
2006-08-14 17:25 254,026 --a------ C:\WINDOWS\system32\mstext40.dll
2006-08-14 17:25 25,088 --a------ C:\WINDOWS\system32\dfsshlex.dll
2006-08-14 17:25 245,760 --a------ C:\WINDOWS\system32\msscp.dll
2006-08-14 17:25 243,712 --a------ C:\WINDOWS\system32\hnetcfg.dll
2006-08-14 17:25 241,695 --a------ C:\WINDOWS\system32\msjtes40.dll
2006-08-14 17:25 241,664 --a------ C:\WINDOWS\system32\gdi32.dll
2006-08-14 17:25 241,152 --a------ C:\WINDOWS\system32\newdev.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\odbcbcp.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\msorc32r.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\logagent.exe
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\dbmsrpcn.dll
2006-08-14 17:25 24,576 --a------ C:\WINDOWS\system32\conime.exe
2006-08-14 17:25 24,064 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-14 17:25 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2006-08-14 17:25 239,616 --a------ C:\WINDOWS\system32\adsnt.dll
2006-08-14 17:25 239,104 --a------ C:\WINDOWS\system32\compatUI.dll
2006-08-14 17:25 236,032 --a------ C:\WINDOWS\system32\msieftp.dll
2006-08-14 17:25 236,032 --a------ C:\WINDOWS\system32\icm32.dll
2006-08-14 17:25 233,472 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-08-14 17:25 230,912 --a------ C:\WINDOWS\system32\mswsock.dll
2006-08-14 17:25 230,400 --a------ C:\WINDOWS\system32\netui1.dll
2006-08-14 17:25 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-08-14 17:25 23,552 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-14 17:25 23,040 --a------ C:\WINDOWS\system32\ipxroute.exe
2006-08-14 17:25 229,376 --a------ C:\WINDOWS\system32\dsquery.dll
2006-08-14 17:25 228,864 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-08-14 17:25 226,816 --a------ C:\WINDOWS\system32\es.dll
2006-08-14 17:25 225,280 --a------ C:\WINDOWS\system32\catsrv.dll
2006-08-14 17:25 223,744 --a------ C:\WINDOWS\system32\compstui.dll
2006-08-14 17:25 220,672 --a------ C:\WINDOWS\system32\logon.scr
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\hid.dll
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\dmserver.dll
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\davclnt.dll
2006-08-14 17:25 22,528 --a------ C:\WINDOWS\system32\at.exe
2006-08-14 17:25 22,016 --a------ C:\WINDOWS\system32\mciwave.dll
2006-08-14 17:25 213,066 --a------ C:\WINDOWS\system32\msltus40.dll
2006-08-14 17:25 211,456 --a------ C:\WINDOWS\system32\oakley.dll
2006-08-14 17:25 210,432 --a------ C:\WINDOWS\system32\msutb.dll
2006-08-14 17:25 209,408 --a------ C:\WINDOWS\system32\localsec.dll
2006-08-14 17:25 208,896 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-14 17:25 205,312 --a------ C:\WINDOWS\system32\dmadmin.exe
2006-08-14 17:25 204,800 --a------ C:\WINDOWS\system32\blackbox.dll
2006-08-14 17:25 200,704 --a------ C:\WINDOWS\system32\odbc32.dll
2006-08-14 17:25 20,992 --a------ C:\WINDOWS\system32\mfcsubs.dll
2006-08-14 17:25 20,992 --a------ C:\WINDOWS\system32\mciseq.dll
2006-08-14 17:25 20,554 --a------ C:\WINDOWS\system32\odtext32.dll
2006-08-14 17:25 20,554 --a------ C:\WINDOWS\system32\oddbse32.dll
2006-08-14 17:25 20,553 --a------ C:\WINDOWS\system32\odpdx32.dll
2006-08-14 17:25 20,553 --a------ C:\WINDOWS\system32\odfox32.dll
2006-08-14 17:25 20,553 --a------ C:\WINDOWS\system32\odexl32.dll
2006-08-14 17:25 2,028,032 --a------ C:\WINDOWS\system32\cdosys.dll
2006-08-14 17:25 199,168 --a------ C:\WINDOWS\system32\mobsync.dll
2006-08-14 17:25 19,968 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-14 17:25 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2006-08-14 17:25 19,456 --a------ C:\WINDOWS\system32\fontview.exe
2006-08-14 17:25 189,952 --a------ C:\WINDOWS\system32\certcli.dll
2006-08-14 17:25 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2006-08-14 17:25 185,344 --a------ C:\WINDOWS\system32\moricons.dll
2006-08-14 17:25 185,344 --a------ C:\WINDOWS\system32\accwiz.exe
2006-08-14 17:25 184,592 --a------ C:\WINDOWS\system32\msjint40.dll
2006-08-14 17:25 184,320 --a------ C:\WINDOWS\system32\dmdskmgr.dll
2006-08-14 17:25 181,760 --a------ C:\WINDOWS\system32\activeds.dll
2006-08-14 17:25 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-08-14 17:25 180,736 --a------ C:\WINDOWS\system32\eudcedit.exe
2006-08-14 17:25 180,736 --a------ C:\WINDOWS\system32\cmprops.dll
2006-08-14 17:25 18,944 --a------ C:\WINDOWS\system32\lpk.dll
2006-08-14 17:25 18,432 --a------ C:\WINDOWS\system32\feclient.dll
2006-08-14 17:25 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2006-08-14 17:25 179,712 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-08-14 17:25 177,664 --a------ C:\WINDOWS\system32\els.dll
2006-08-14 17:25 175,104 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-08-14 17:25 174,592 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-08-14 17:25 17,920 --a------ C:\WINDOWS\system32\midimap.dll
2006-08-14 17:25 17,408 --a------ C:\WINDOWS\system32\ersvc.dll
2006-08-14 17:25 167,936 --a------ C:\WINDOWS\system32\ntmsdba.dll
2006-08-14 17:25 163,840 --a------ C:\WINDOWS\system32\credui.dll
2006-08-14 17:25 162,128 --a------ C:\WINDOWS\system32\dwwin.exe
2006-08-14 17:25 160,768 --a------ C:\WINDOWS\system32\adsldp.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\nddenb32.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2006-08-14 17:25 16,896 --a------ C:\WINDOWS\system32\cfgmgr32.dll
2006-08-14 17:25 16,384 --a------ C:\WINDOWS\system32\odbc32gt.dll
2006-08-14 17:25 16,384 --a------ C:\WINDOWS\system32\ds32gt.dll
2006-08-14 17:25 156,672 --a------ C:\WINDOWS\system32\msimtf.dll
2006-08-14 17:25 155,648 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-08-14 17:25 154,112 --a------ C:\WINDOWS\system32\ipsecsvc.dll
2006-08-14 17:25 153,088 --a------ C:\WINDOWS\system32\keymgr.dll
2006-08-14 17:25 150,528 --a------ C:\WINDOWS\system32\msdtcuiu.dll

 

[duss12]

2006-08-14 17:25 150,016 --a------ C:\WINDOWS\system32\diskpart.exe
2006-08-14 17:25 15,872 --a------ C:\WINDOWS\system32\nddeapi.dll
2006-08-14 17:25 15,872 --a------ C:\WINDOWS\system32\dvdupgrd.exe
2006-08-14 17:25 15,872 --a------ C:\WINDOWS\system32\alrsvc.dll
2006-08-14 17:25 15,360 --a------ C:\WINDOWS\system32\linkinfo.dll
2006-08-14 17:25 147,968 --a------ C:\WINDOWS\system32\netman.dll
2006-08-14 17:25 147,968 --a------ C:\WINDOWS\system32\modemui.dll
2006-08-14 17:25 147,456 --a------ C:\WINDOWS\system32\odbctrac.dll
2006-08-14 17:25 144,896 --a------ C:\WINDOWS\system32\initpki.dll
2006-08-14 17:25 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2006-08-14 17:25 140,800 --a------ C:\WINDOWS\regedit.exe
2006-08-14 17:25 140,288 --a------ C:\WINDOWS\system32\netid.dll
2006-08-14 17:25 14,877 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-14 17:25 14,848 --a------ C:\WINDOWS\system32\inetppui.dll
2006-08-14 17:25 14,848 --a------ C:\WINDOWS\system32\bidispl.dll
2006-08-14 17:25 14,336 --a------ C:\WINDOWS\system32\dmremote.exe
2006-08-14 17:25 139,264 --a------ C:\WINDOWS\system32\ntshrui.dll
2006-08-14 17:25 139,264 --a------ C:\WINDOWS\system32\hotplug.dll
2006-08-14 17:25 139,264 --a------ C:\WINDOWS\system32\adsldpc.dll
2006-08-14 17:25 136,192 --a------ C:\WINDOWS\system32\mobsync.exe
2006-08-14 17:25 134,144 --a------ C:\WINDOWS\system32\dsprop.dll
2006-08-14 17:25 133,120 --a------ C:\WINDOWS\system32\ifmon.dll
2006-08-14 17:25 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2006-08-14 17:25 131,072 --a------ C:\WINDOWS\system32\msorcl32.dll
2006-08-14 17:25 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2006-08-14 17:25 13,312 --a------ C:\WINDOWS\system32\ctfmon.exe
2006-08-14 17:25 127,552 --a------ C:\WINDOWS\system32\cliconfg.dll
2006-08-14 17:25 126,976 --a------ C:\WINDOWS\system32\msdart.dll
2006-08-14 17:25 126,976 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-14 17:25 126,464 --a------ C:\WINDOWS\system32\ipv6mon.dll
2006-08-14 17:25 124,928 --a------ C:\WINDOWS\system32\dfrgui.dll
2006-08-14 17:25 122,880 --a------ C:\WINDOWS\system32\odbcconf.dll
2006-08-14 17:25 122,880 --a------ C:\WINDOWS\system32\dssenh.dll
2006-08-14 17:25 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-08-14 17:25 122,368 --a------ C:\WINDOWS\system32\itss.dll
2006-08-14 17:25 12,800 --a------ C:\WINDOWS\system32\mcastmib.dll
2006-08-14 17:25 12,288 --a------ C:\WINDOWS\system32\odbcp32r.dll
2006-08-14 17:25 12,288 --a------ C:\WINDOWS\system32\mscpx32r.dll
2006-08-14 17:25 12,288 --a------ C:\WINDOWS\system32\cmcfg32.dll
2006-08-14 17:25 118,784 --a------ C:\WINDOWS\system32\imapi.exe
2006-08-14 17:25 118,272 --a------ C:\WINDOWS\system32\mplay32.exe
2006-08-14 17:25 117,760 --a------ C:\WINDOWS\system32\glu32.dll
2006-08-14 17:25 116,784 --a------ C:\WINDOWS\system32\msnsspc.dll
2006-08-14 17:25 116,224 --a------ C:\WINDOWS\system32\iasrad.dll
2006-08-14 17:25 115,200 -r-hs---- C:\WINDOWS\system32\syshost.exe
2006-08-14 17:25 115,200 --a------ C:\WINDOWS\system32\net1.exe
2006-08-14 17:25 114,176 --a------ C:\WINDOWS\system32\msvfw32.dll
2006-08-14 17:25 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2006-08-14 17:25 111,616 --a------ C:\WINDOWS\system32\idq.dll
2006-08-14 17:25 111,616 --a------ C:\WINDOWS\system32\aclui.dll
2006-08-14 17:25 111,104 --a------ C:\WINDOWS\system32\ntmarta.dll
2006-08-14 17:25 110,592 --a------ C:\WINDOWS\system32\mdminst.dll
2006-08-14 17:25 110,592 --a------ C:\WINDOWS\system32\iccvid.dll
2006-08-14 17:25 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-08-14 17:25 11,776 --a------ C:\WINDOWS\system32\lsass.exe
2006-08-14 17:25 11,776 --a------ C:\WINDOWS\system32\drprov.dll
2006-08-14 17:25 109,568 --a------ C:\WINDOWS\system32\defrag.exe
2006-08-14 17:25 109,056 --a------ C:\WINDOWS\system32\netdde.exe
2006-08-14 17:25 107,520 --a------ C:\WINDOWS\system32\input.dll
2006-08-14 17:25 107,520 --a------ C:\WINDOWS\system32\dgnet.dll
2006-08-14 17:25 107,008 --a------ C:\WINDOWS\system32\dsuiext.dll
2006-08-14 17:25 106,496 --a------ C:\WINDOWS\system32\olepro32.dll
2006-08-14 17:25 104,448 --a------ C:\WINDOWS\system32\apphelp.dll
2006-08-14 17:25 103,936 --a------ C:\WINDOWS\system32\mstlsapi.dll
2006-08-14 17:25 102,450 --a------ C:\WINDOWS\system32\cscript.exe
2006-08-14 17:25 102,400 --a------ C:\WINDOWS\system32\offfilt.dll
2006-08-14 17:25 101,888 --a------ C:\WINDOWS\system32\oleprn.dll
2006-08-14 17:25 100,864 --a------ C:\WINDOWS\system32\irftp.exe
2006-08-14 17:25 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2006-08-14 17:25 100,352 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-08-14 17:25 10,752 --a------ C:\WINDOWS\system32\netrap.dll
2006-08-14 17:25 10,752 --a------ C:\WINDOWS\hh.exe
2006-08-14 17:25 10,240 --a------ C:\WINDOWS\system32\localui.dll
2006-08-14 17:25 10,240 --a------ C:\WINDOWS\system32\gpkrsrc.dll
2006-08-14 17:25 10,240 --a------ C:\WINDOWS\system32\atmadm.exe
2006-08-14 17:25 1,634,816 --a------ C:\WINDOWS\system32\netshell.dll
2006-08-14 17:25 1,503,260 --a------ C:\WINDOWS\system32\msjet40.dll
2006-08-14 17:25 1,388,544 --a------ C:\WINDOWS\system32\msvbvm60.dll
2006-08-14 17:25 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2006-08-14 17:25 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-08-14 17:25 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-08-14 17:25 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2006-08-14 17:25 1,177,088 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-08-14 17:25 1,141,248 --a------ C:\WINDOWS\system32\mmcndmgr.dll
2006-08-14 17:25 1,129,472 --a------ C:\WINDOWS\system32\msxml3.dll
2006-08-14 17:25 1,105,408 --a------ C:\WINDOWS\system32\ole32.dll
2006-08-14 17:25 1,034,240 --a------ C:\WINDOWS\system32\esent.dll
2006-08-14 17:25 1,005,056 --a------ C:\WINDOWS\explorer.exe
2006-08-14 17:24 97,792 --a------ C:\WINDOWS\system32\scardsvr.exe
2006-08-14 17:24 97,280 --a------ C:\WINDOWS\system32\txflog.dll
2006-08-14 17:24 96,768 --a------ C:\WINDOWS\system32\rcbdyctl.dll
2006-08-14 17:24 95,744 --a------ C:\WINDOWS\system32\win32spl.dll
2006-08-14 17:24 947,712 --a------ C:\WINDOWS\system32\syssetup.dll
2006-08-14 17:24 942,592 --a------ C:\WINDOWS\system32\setupapi.dll
2006-08-14 17:24 94,208 --a------ C:\WINDOWS\system32\winscard.dll
2006-08-14 17:24 9,728 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-08-14 17:24 89,600 --a------ C:\WINDOWS\system32\smlogsvc.exe
2006-08-14 17:24 89,600 --a------ C:\WINDOWS\system32\slbiop.dll
2006-08-14 17:24 89,088 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-08-14 17:24 88,576 --a------ C:\WINDOWS\system32\polstore.dll
2006-08-14 17:24 87,552 --a------ C:\WINDOWS\system32\wlnotify.dll
2006-08-14 17:24 87,048 --a------ C:\WINDOWS\system32\rdpdd.dll
2006-08-14 17:24 87,040 --a------ C:\WINDOWS\system32\srvsvc.dll
2006-08-14 17:24 85,504 --a------ C:\WINDOWS\system32\xactsrv.dll
2006-08-14 17:24 84,992 --a------ C:\WINDOWS\system32\psbase.dll
2006-08-14 17:24 831,488 --a------ C:\WINDOWS\system32\tapi3.dll
2006-08-14 17:24 82,944 --a------ C:\WINDOWS\system32\rasauto.dll
2006-08-14 17:24 81,408 --a------ C:\WINDOWS\system32\ntprint.dll
2006-08-14 17:24 802,816 --a------ C:\WINDOWS\system32\dxmrtp.dll
2006-08-14 17:24 80,384 --a------ C:\WINDOWS\system32\trkwks.dll
2006-08-14 17:24 8,456 --a------ C:\WINDOWS\system32\tsddd.dll
2006-08-14 17:24 8,192 --a------ C:\WINDOWS\system32\scrnsave.scr
2006-08-14 17:24 770,560 --a------ C:\WINDOWS\system32\winntbbu.dll
2006-08-14 17:24 77,824 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-08-14 17:24 75,776 --a------ C:\WINDOWS\system32\msdvdopt.dll
2006-08-14 17:24 75,264 --a------ C:\WINDOWS\system32\ws2_32.dll
2006-08-14 17:24 75,264 --a------ C:\WINDOWS\system32\rtcshare.exe
2006-08-14 17:24 74,240 --a------ C:\WINDOWS\system32\nslookup.exe
2006-08-14 17:24 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2006-08-14 17:24 73,864 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-08-14 17:24 73,728 --a------ C:\WINDOWS\system32\unimdmat.dll
2006-08-14 17:24 72,704 --a------ C:\WINDOWS\system32\telnet.exe
2006-08-14 17:24 72,704 --a------ C:\WINDOWS\system32\storprop.dll
2006-08-14 17:24 70,656 --a------ C:\WINDOWS\system32\wiascr.dll
2006-08-14 17:24 70,656 --a------ C:\WINDOWS\system32\shrpubw.exe
2006-08-14 17:24 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2006-08-14 17:24 7,680 --a------ C:\WINDOWS\system32\wshirda.dll
2006-08-14 17:24 68,608 --a------ C:\WINDOWS\system32\locator.exe
2006-08-14 17:24 68,096 --a------ C:\WINDOWS\system32\scarddlg.dll
2006-08-14 17:24 676,352 --a------ C:\WINDOWS\system32\ntdll.dll
2006-08-14 17:24 671,744 --a------ C:\WINDOWS\system32\ss3dfo.scr
2006-08-14 17:24 67,072 --a------ C:\WINDOWS\system32\sigverif.exe
2006-08-14 17:24 665,088 --a------ C:\WINDOWS\system32\userenv.dll
2006-08-14 17:24 66,560 --a------ C:\WINDOWS\system32\spoolss.dll
2006-08-14 17:24 657,920 --a------ C:\WINDOWS\system32\rasdlg.dll
2006-08-14 17:24 654,848 --a------ C:\WINDOWS\system32\lsasrv.dll
2006-08-14 17:24 651,264 --a------ C:\WINDOWS\system32\sxs.dll
2006-08-14 17:24 65,585 --a------ C:\WINDOWS\system32\wshext.dll
2006-08-14 17:24 643,072 --a------ C:\WINDOWS\system32\sstext3d.scr
2006-08-14 17:24 62,464 --a------ C:\WINDOWS\system32\shgina.dll
2006-08-14 17:24 62,464 --a------ C:\WINDOWS\system32\osuninst.dll
2006-08-14 17:24 617,984 --a------ C:\WINDOWS\system32\advapi32.dll
2006-08-14 17:24 614,912 --a------ C:\WINDOWS\system32\autoconv.exe
2006-08-14 17:24 61,952 --a------ C:\WINDOWS\system32\wextract.exe
2006-08-14 17:24 61,952 --a------ C:\WINDOWS\system32\srclient.dll
2006-08-14 17:24 61,952 --a------ C:\WINDOWS\system32\rdshost.exe
2006-08-14 17:24 61,440 --a------ C:\WINDOWS\system32\webclnt.dll
2006-08-14 17:24 61,440 --a------ C:\WINDOWS\system32\sti.dll
2006-08-14 17:24 602,112 --a------ C:\WINDOWS\system32\autochk.exe
2006-08-14 17:24 60,416 --a------ C:\WINDOWS\system32\pautoenr.dll
2006-08-14 17:24 6,656 --a------ C:\WINDOWS\system32\ntlsapi.dll
2006-08-14 17:24 6,144 --a------ C:\WINDOWS\system32\sensapi.dll
2006-08-14 17:24 573,952 --a------ C:\WINDOWS\system32\wiashext.dll
2006-08-14 17:24 571,392 --a------ C:\WINDOWS\system32\shdoclc.dll
2006-08-14 17:24 57,856 --a------ C:\WINDOWS\system32\remotepg.dll
2006-08-14 17:24 569,344 --a------ C:\WINDOWS\system32\sspipes.scr
2006-08-14 17:24 569,344 --a------ C:\WINDOWS\system32\oleaut32.dll
2006-08-14 17:24 562,176 --a------ C:\WINDOWS\system32\user32.dll
2006-08-14 17:24 557,568 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-14 17:24 554,496 --a------ C:\WINDOWS\system32\rtcdll.dll
2006-08-14 17:24 55,808 --a------ C:\WINDOWS\system32\rasman.dll
2006-08-14 17:24 540,160 --a------ C:\WINDOWS\system32\printui.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\shimeng.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\samlib.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\resutils.dll
2006-08-14 17:24 54,784 --a------ C:\WINDOWS\system32\rasphone.exe
2006-08-14 17:24 534,528 --a------ C:\WINDOWS\system32\spider.exe
2006-08-14 17:24 53,760 --a------ C:\WINDOWS\system32\rastapi.dll
2006-08-14 17:24 53,760 --a------ C:\WINDOWS\system32\packager.exe
2006-08-14 17:24 53,248 --a------ C:\WINDOWS\system32\servdeps.dll
2006-08-14 17:24 53,248 --a------ C:\WINDOWS\system32\sendmail.dll
2006-08-14 17:24 53,248 --a------ C:\WINDOWS\system32\rastls.dll
2006-08-14 17:24 52,224 --a------ C:\WINDOWS\system32\secur32.dll
2006-08-14 17:24 51,712 --a------ C:\WINDOWS\system32\synceng.dll
2006-08-14 17:24 51,712 --a------ C:\WINDOWS\system32\regsvc.dll
2006-08-14 17:24 51,200 --a------ C:\WINDOWS\system32\spoolsv.exe
2006-08-14 17:24 51,200 --a------ C:\WINDOWS\system32\reg.exe
2006-08-14 17:24 5,632 --a------ C:\WINDOWS\system32\wmi.dll
2006-08-14 17:24 5,632 --a------ C:\WINDOWS\system32\security.dll
2006-08-14 17:24 497,152 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-08-14 17:24 48,640 --a------ C:\WINDOWS\system32\wzcdlg.dll
2006-08-14 17:24 48,640 --a------ C:\WINDOWS\system32\vdmredir.dll
2006-08-14 17:24 479,261 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-14 17:24 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-08-14 17:24 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-08-14 17:24 47,104 --a------ C:\WINDOWS\system32\winsta.dll
2006-08-14 17:24 47,104 --a------ C:\WINDOWS\system32\mspmspsv.dll
2006-08-14 17:24 46,592 --a------ C:\WINDOWS\system32\wdigest.dll
2006-08-14 17:24 46,592 --a------ C:\WINDOWS\system32\utilman.exe
2006-08-14 17:24 452,096 --a------ C:\WINDOWS\system32\wiadefui.dll
2006-08-14 17:24 45,568 --a------ C:\WINDOWS\system32\smss.exe
2006-08-14 17:24 45,568 --a------ C:\WINDOWS\system32\proquota.exe
2006-08-14 17:24 442,880 --a------ C:\WINDOWS\system32\rpcrt4.dll
2006-08-14 17:24 442,398 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-08-14 17:24 44,032 --a------ C:\WINDOWS\system32\regapi.dll
2006-08-14 17:24 44,032 --a------ C:\WINDOWS\system32\ftp.exe
2006-08-14 17:24 434,176 --a------ C:\WINDOWS\system32\winlogon.exe
2006-08-14 17:24 43,008 --a------ C:\WINDOWS\system32\ssmypics.scr
2006-08-14 17:24 426,496 --a------ C:\WINDOWS\system32\samsrv.dll
2006-08-14 17:24 426,496 --a------ C:\WINDOWS\system32\riched20.dll
2006-08-14 17:24 421,888 --a------ C:\WINDOWS\system32\shimgvw.dll
2006-08-14 17:24 42,496 --a------ C:\WINDOWS\system32\tcpmonui.dll
2006-08-14 17:24 419,840 --a------ C:\WINDOWS\system32\wiaacmgr.exe
2006-08-14 17:24 41,984 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-08-14 17:24 41,472 --a------ C:\WINDOWS\system32\tcpmon.dll
2006-08-14 17:24 41,472 --a------ C:\WINDOWS\system32\ssdpsrv.dll
2006-08-14 17:24 409,088 --a------ C:\WINDOWS\system32\vssapi.dll
2006-08-14 17:24 40,960 --a------ C:\WINDOWS\system32\safrslv.dll
2006-08-14 17:24 40,448 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-08-14 17:24 4,096 --a------ C:\WINDOWS\system32\winver.exe
2006-08-14 17:24 4,096 --a------ C:\WINDOWS\system32\sfc.dll
2006-08-14 17:24 396,800 --a------ C:\WINDOWS\system32\ntvdm.exe
2006-08-14 17:24 395,264 --a------ C:\WINDOWS\system32\regwizc.dll
2006-08-14 17:24 39,936 --a------ C:\WINDOWS\system32\rtutils.dll
2006-08-14 17:24 39,936 --a------ C:\WINDOWS\system32\perfctrs.dll
2006-08-14 17:24 39,424 --a------ C:\WINDOWS\system32\wsnmp32.dll
2006-08-14 17:24 39,424 --a------ C:\WINDOWS\system32\sdbinst.exe
2006-08-14 17:24 39,424 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-08-14 17:24 389,120 --a------ C:\WINDOWS\system32\themeui.dll
2006-08-14 17:24 388,096 --a------ C:\WINDOWS\system32\cmd.exe
2006-08-14 17:24 37,888 --a------ C:\WINDOWS\system32\pstorec.dll
2006-08-14 17:24 364,544 --a------ C:\WINDOWS\system32\ssflwbox.scr
2006-08-14 17:24 364,544 --a------ C:\WINDOWS\system32\mstvca.dll
2006-08-14 17:24 36,864 --a------ C:\WINDOWS\system32\rshx32.dll
2006-08-14 17:24 356,352 --a------ C:\WINDOWS\system32\sqlsrv32.dll
2006-08-14 17:24 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-08-14 17:24 35,840 --a------ C:\WINDOWS\system32\sens.dll
2006-08-14 17:24 346,624 --a------ C:\WINDOWS\system32\tourstart.exe
2006-08-14 17:24 344,064 --a------ C:\WINDOWS\system32\termmgr.dll
2006-08-14 17:24 34,304 --a------ C:\WINDOWS\system32\rcimlby.exe
2006-08-14 17:24 34,304 --a------ C:\WINDOWS\system32\raschap.dll
2006-08-14 17:24 34,304 --a------ C:\WINDOWS\system32\msgsvc.dll
2006-08-14 17:24 339,968 --a------ C:\WINDOWS\system32\smlogcfg.dll
2006-08-14 17:24 339,456 --a------ C:\WINDOWS\system32\usp10.dll
2006-08-14 17:24 33,792 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-08-14 17:24 33,280 --a------ C:\WINDOWS\system32\perfproc.dll
2006-08-14 17:24 32,768 --a------ C:\WINDOWS\system32\umandlg.dll
2006-08-14 17:24 32,256 --a------ C:\WINDOWS\system32\rundll32.exe
2006-08-14 17:24 319,488 --a------ C:\WINDOWS\system32\zipfldr.dll
2006-08-14 17:24 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-08-14 17:24 314,880 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-08-14 17:24 310,784 --a------ C:\WINDOWS\system32\scesrv.dll
2006-08-14 17:24 31,744 --a------ C:\WINDOWS\system32\pid.dll
2006-08-14 17:24 31,232 --a------ C:\WINDOWS\system32\wpabaln.exe
2006-08-14 17:24 308,736 --a------ C:\WINDOWS\system32\mstvgs.dll
2006-08-14 17:24 305,152 --a------ C:\WINDOWS\system32\ulib.dll
2006-08-14 17:24 302,080 --a------ C:\WINDOWS\system32\untfs.dll
2006-08-14 17:24 30,992 --a------ C:\WINDOWS\system32\vbajet32.dll
2006-08-14 17:24 30,208 --a------ C:\WINDOWS\system32\sethc.exe
2006-08-14 17:24 3,352 --a------ C:\WINDOWS\system32\redir.exe
2006-08-14 17:24 298,496 --a------ C:\WINDOWS\system32\wmstream.dll
2006-08-14 17:24 295,424 --a------ C:\WINDOWS\system32\localspl.dll
2006-08-14 17:24 294,912 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-08-14 17:24 29,696 --a------ C:\WINDOWS\system32\wpnpinst.exe
2006-08-14 17:24 29,696 --a------ C:\WINDOWS\system32\rtipxmib.dll
2006-08-14 17:24 29,184 --a------ C:\WINDOWS\system32\csrsrv.dll
2006-08-14 17:24 281,088 --a------ C:\WINDOWS\system32\vssvc.exe
2006-08-14 17:24 28,721 --a------ C:\WINDOWS\system32\wshcon.dll
2006-08-14 17:24 28,672 --a------ C:\WINDOWS\system32\profmap.dll
2006-08-14 17:24 28,160 --a------ C:\WINDOWS\system32\xcopy.exe
2006-08-14 17:24 276,480 --a------ C:\WINDOWS\system32\winsrv.dll
2006-08-14 17:24 276,480 --a------ C:\WINDOWS\system32\slbcsp.dll
2006-08-14 17:24 274,432 --a------ C:\WINDOWS\system32\wmasf.dll
2006-08-14 17:24 27,648 --a------ C:\WINDOWS\system32\sendcmsg.dll
2006-08-14 17:24 263,680 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-14 17:24 262,656 --a------ C:\WINDOWS\system32\comdlg32.dll
2006-08-14 17:24 26,624 --a------ C:\WINDOWS\system32\ssdpapi.dll
2006-08-14 17:24 26,624 --a------ C:\WINDOWS\system32\safrdm.dll
2006-08-14 17:24 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2006-08-14 17:24 253,952 --a------ C:\WINDOWS\system32\wmpcd.dll
2006-08-14 17:24 253,952 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-08-14 17:24 253,440 --a------ C:\WINDOWS\system32\pdh.dll
2006-08-14 17:24 25,600 --a------ C:\WINDOWS\system32\winipsec.dll
2006-08-14 17:24 25,600 --a------ C:\WINDOWS\system32\pstorsvc.dll
2006-08-14 17:24 248,832 --a------ C:\WINDOWS\system32\wow32.dll
2006-08-14 17:24 246,302 --a------ C:\WINDOWS\system32\strmdll.dll
2006-08-14 17:24 24,576 --a------ C:\WINDOWS\system32\perfos.dll
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\wsock32.dll
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\vdmdbg.dll
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\skeys.exe
2006-08-14 17:24 24,064 --a------ C:\WINDOWS\system32\perfdisk.dll
2006-08-14 17:24 233,984 --a------ C:\WINDOWS\system32\tapisrv.dll
2006-08-14 17:24 231,936 --a------ C:\WINDOWS\system32\upnpui.dll
2006-08-14 17:24 23,552 --a------ C:\WINDOWS\system32\shscrap.dll
2006-08-14 17:24 221,184 --a------ C:\WINDOWS\system32\srrstr.dll
2006-08-14 17:24 22,528 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-08-14 17:24 22,528 --a------ C:\WINDOWS\system32\slayerxp.dll
2006-08-14 17:24 22,528 --a------ C:\WINDOWS\system32\shfolder.dll
2006-08-14 17:24 22,016 --a------ C:\WINDOWS\system32\userinit.exe
2006-08-14 17:24 214,528 --a------ C:\WINDOWS\system32\rpcss.dll
2006-08-14 17:24 214,528 --a------ C:\WINDOWS\system32\rasapi32.dll
2006-08-14 17:24 213,504 --a------ C:\WINDOWS\system32\osk.exe
2006-08-14 17:24 21,504 --a------ C:\WINDOWS\system32\udhisapi.dll
2006-08-14 17:24 21,504 --a------ C:\WINDOWS\system32\shmgrate.exe

 

[duss12]

2006-08-14 17:24 208,896 --a------ C:\WINDOWS\system32\progman.exe
2006-08-14 17:24 203,776 --a------ C:\WINDOWS\system32\uxtheme.dll
2006-08-14 17:24 200,192 --a------ C:\WINDOWS\system32\termsrv.dll
2006-08-14 17:24 20,992 --a------ C:\WINDOWS\system32\stimon.exe
2006-08-14 17:24 20,992 --a------ C:\WINDOWS\system32\setup.exe
2006-08-14 17:24 20,992 --a------ C:\WINDOWS\system32\seclogon.dll
2006-08-14 17:24 20,480 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-08-14 17:24 2,019,328 --a------ C:\WINDOWS\system32\wmploc.dll
2006-08-14 17:24 198,656 --a------ C:\WINDOWS\system32\t2embed.dll
2006-08-14 17:24 193,536 --a------ C:\WINDOWS\system32\rasppp.dll
2006-08-14 17:24 19,968 --a------ C:\WINDOWS\system32\sclgntfy.dll
2006-08-14 17:24 19,968 --a------ C:\WINDOWS\system32\savedump.exe
2006-08-14 17:24 19,456 --a------ C:\WINDOWS\system32\ssmarque.scr
2006-08-14 17:24 19,456 --a------ C:\WINDOWS\system32\qprocess.exe
2006-08-14 17:24 188,928 --a------ C:\WINDOWS\system32\syncui.dll
2006-08-14 17:24 184,320 --a------ C:\WINDOWS\system32\wzcsvc.dll
2006-08-14 17:24 184,320 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-08-14 17:24 180,800 --a------ C:\WINDOWS\system32\sqlunirl.dll
2006-08-14 17:24 180,224 --a------ C:\WINDOWS\system32\scecli.dll
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\wzcsapi.dll
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\ws2help.dll
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\ssbezier.scr
2006-08-14 17:24 18,944 --a------ C:\WINDOWS\system32\shutdown.exe
2006-08-14 17:24 18,432 --a------ C:\WINDOWS\system32\rsmps.dll
2006-08-14 17:24 175,104 --a------ C:\WINDOWS\system32\winmm.dll
2006-08-14 17:24 174,080 --a------ C:\WINDOWS\system32\snmpsnap.dll
2006-08-14 17:24 173,056 --a------ C:\WINDOWS\system32\qasf.dll
2006-08-14 17:24 171,520 --a------ C:\WINDOWS\system32\sccsccp.dll
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\wshtcpip.dll
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\ssmyst.scr
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-08-14 17:24 17,408 --a------ C:\WINDOWS\system32\psapi.dll
2006-08-14 17:24 169,984 --a------ C:\WINDOWS\system32\sccbase.dll
2006-08-14 17:24 169,328 --a------ C:\WINDOWS\system32\xenroll.dll
2006-08-14 17:24 168,448 --a------ C:\WINDOWS\system32\wldap32.dll
2006-08-14 17:24 166,912 --a------ C:\WINDOWS\system32\wintrust.dll
2006-08-14 17:24 166,912 --a------ C:\WINDOWS\system32\photowiz.dll
2006-08-14 17:24 163,328 --a------ C:\WINDOWS\system32\upnphost.dll
2006-08-14 17:24 163,328 --a------ C:\WINDOWS\system32\tapi32.dll
2006-08-14 17:24 162,304 --a------ C:\WINDOWS\system32\w32time.dll
2006-08-14 17:24 160,768 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-08-14 17:24 16,896 --a------ C:\WINDOWS\system32\wtsapi32.dll
2006-08-14 17:24 16,896 --a------ C:\WINDOWS\system32\snmpapi.dll
2006-08-14 17:24 16,384 --a------ C:\WINDOWS\system32\version.dll
2006-08-14 17:24 16,384 --a------ C:\WINDOWS\system32\ups.exe
2006-08-14 17:24 16,384 --a------ C:\WINDOWS\system32\ping.exe
2006-08-14 17:24 155,675 --a------ C:\WINDOWS\system32\scrobj.dll
2006-08-14 17:24 155,648 --a------ C:\WINDOWS\system32\srsvc.dll
2006-08-14 17:24 153,600 --a------ C:\WINDOWS\system32\wuv3is.dll
2006-08-14 17:24 147,483 --a------ C:\WINDOWS\system32\scrrun.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\winrnr.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\usbmon.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\upnpcont.exe
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-08-14 17:24 14,848 --a------ C:\WINDOWS\system32\powrprof.dll
2006-08-14 17:24 14,592 --a------ C:\WINDOWS\system32\watchdog.sys
2006-08-14 17:24 14,366 --a------ C:\WINDOWS\system32\asfsipc.dll
2006-08-14 17:24 14,336 --a------ C:\WINDOWS\system32\rsh.exe
2006-08-14 17:24 14,336 --a------ C:\WINDOWS\system32\perfmon.exe
2006-08-14 17:24 137,216 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-08-14 17:24 136,704 --a------ C:\WINDOWS\system32\schannel.dll
2006-08-14 17:24 136,192 --a------ C:\WINDOWS\system32\taskmgr.exe
2006-08-14 17:24 134,656 --a------ C:\WINDOWS\system32\sfc_os.dll
2006-08-14 17:24 134,656 --a------ C:\WINDOWS\system32\rdchost.dll
2006-08-14 17:24 133,632 --a------ C:\WINDOWS\system32\sti_ci.dll
2006-08-14 17:24 131,584 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-08-14 17:24 131,584 --a------ C:\WINDOWS\system32\rsaenh.dll
2006-08-14 17:24 13,824 --a------ C:\WINDOWS\system32\wship6.dll
2006-08-14 17:24 13,824 --a------ C:\WINDOWS\system32\uniplat.dll
2006-08-14 17:24 13,824 --a------ C:\WINDOWS\system32\rassapi.dll
2006-08-14 17:24 13,312 --a------ C:\WINDOWS\system32\wupdinfo.dll
2006-08-14 17:24 13,312 --a------ C:\WINDOWS\system32\tcpmib.dll
2006-08-14 17:24 13,312 --a------ C:\WINDOWS\system32\ssstars.scr
2006-08-14 17:24 127,488 --a------ C:\WINDOWS\system32\shmedia.dll
2006-08-14 17:24 126,976 --a------ C:\WINDOWS\system32\imagehlp.dll
2006-08-14 17:24 125,952 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-08-14 17:24 125,440 --a------ C:\WINDOWS\system32\webvw.dll
2006-08-14 17:24 120,832 --a------ C:\WINDOWS\system32\wkssvc.dll
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\svchost.exe
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\rexec.exe
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\pjlmon.dll
2006-08-14 17:24 12,800 --a------ C:\WINDOWS\system32\mgmtapi.dll
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\sigtab.dll
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\runonce.exe
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-08-14 17:24 12,288 --a------ C:\WINDOWS\system32\lmhsvc.dll
2006-08-14 17:24 119,808 --a------ C:\WINDOWS\system32\upnp.dll
2006-08-14 17:24 118,834 --a------ C:\WINDOWS\system32\wscript.exe
2006-08-14 17:24 118,784 --a------ C:\WINDOWS\system32\wmsdmoe.dll
2006-08-14 17:24 118,784 --a------ C:\WINDOWS\system32\wiadss.dll
2006-08-14 17:24 118,272 --a------ C:\WINDOWS\system32\stobject.dll
2006-08-14 17:24 115,200 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-08-14 17:24 111,104 --a------ C:\WINDOWS\system32\url.dll
2006-08-14 17:24 110,592 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-08-14 17:24 108,032 --a------ C:\WINDOWS\system32\msv1_0.dll
2006-08-14 17:24 107,008 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2006-08-14 17:24 104,960 --a------ C:\WINDOWS\system32\sysocmgr.exe
2006-08-14 17:24 104,448 --a------ C:\WINDOWS\system32\wiavideo.dll
2006-08-14 17:24 101,888 --a------ C:\WINDOWS\system32\services.exe
2006-08-14 17:24 100,720 --a------ C:\WINDOWS\system32\iuctl.dll
2006-08-14 17:24 10,752 --a------ C:\WINDOWS\system32\tracert.exe
2006-08-14 17:24 10,240 --a------ C:\WINDOWS\system32\WshRm.dll
2006-08-14 17:24 10,240 --a------ C:\WINDOWS\system32\regsvr32.exe
2006-08-14 17:24 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2006-08-14 17:24 1,901,440 --a------ C:\WINDOWS\system32\ntkrnlpa.exe
2006-08-14 17:24 1,879,168 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2006-08-14 17:24 1,799,808 --a------ C:\WINDOWS\system32\win32k.sys
2006-08-14 17:24 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2006-08-14 17:24 1,547,264 --a------ C:\WINDOWS\system32\sfcfiles.dll
2006-08-14 17:24 1,392,640 --a------ C:\WINDOWS\system32\wmpui.dll
2006-08-14 17:24 1,342,976 --a------ C:\WINDOWS\system32\query.dll
2006-08-14 17:24 1,302,528 --a------ C:\WINDOWS\system32\wmpcore.dll
2006-08-14 17:24 1,216,512 --a------ C:\WINDOWS\system32\wmvcore.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-08 08:23 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-08 08:23 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-31 18:28 -------- d-------- C:\Documents and Settings\Jean-Francois\Application Data\AVG7
2006-07-31 18:27 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-07-31 18:27 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-07-31 18:27 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-07-31 07:56 -------- d-------- C:\Program Files\Trisnap Technologies
2006-07-30 16:02 61440 --a------ C:\WINDOWS\system32\mwm52b8c.dll
2006-07-30 16:02 2 --a------ C:\WINDOWS\system32\wnsapisu.exe
2006-07-30 16:02 1064 --a------ C:\WINDOWS\system32\mwm52b8c.sys
2006-07-30 16:01 32768 --a------ C:\WINDOWS\unstall.exe
2006-07-30 16:01 232749 --a------ C:\WINDOWS\pf78.exe
2006-06-07 13:55 3626 --a------ C:\Program Files\Fichiers communs\mejeh.html


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /installquiet"
"SxgTkBar"="SxgTkBar.exe"
"00THotkey"="C:\\WINDOWS\\System32\\00THotkey.exe"
"000StTHK"="000StTHK.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"TouchED"="C:\\Program Files\\TOSHIBA\\TouchED\\TouchED.Exe"
"Tpwrtray"="TPWRTRAY.EXE"
"TFncKy"="TFncKy.exe /Type 20"
"NDSTray.exe"="NDSTray.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"Drag'n Drop CD"="C:\\Program Files\\Drag'n Drop CD\\BinFiles\\DragDrop.exe /StartUp"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"TFNF5"="TFNF5.exe"
"TosHKCW.exe"="C:\\Program Files\\TOSHIBA\\Wireless Hotkey\\TosHKCW.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"FRISK FP-Scheduler"="C:\\Program Files\\FSI\\F-Prot\\F-Sched.exe STARTUP"
"F-StopW"="C:\\Program Files\\FSI\\F-Prot\\F-StopW.EXE"
"xxcukntA"="C:\\WINDOWS\\xxcukntA.exe"
"mwm52b8c"="RUNDLL32.EXE w79b77c1.dll,n 00252b8a0000000a79b77c1"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Microsoft Windows System"="syshost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.4156\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices]
"Microsoft Windows System"="syshost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\MSN Gaming Zone\\polokikoj.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Fichiers communs\\mejeh.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,c0,02,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 2006-09-01 7:20:04.42
ComboFix.txt

 

[LonnyRJones]

Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.

REGEDIT4
;
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xxcukntA"=-
"mwm52b8c"=-
"Microsoft Windows System"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Windows System"=-
;

Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Restart your PC.

delete these two files
C:\Program Files\Fichiers communs\mejeh.html
C:\Program Files\MSN Gaming Zone\polokikoj.html


Post a fresh hijackthis log please, be sure to mention any current problems.

 

[duss12]

here is the fresh log

Logfile of HijackThis v1.99.1
Scan saved at 16:43:37, on 2006-09-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\FSI\F-Prot\fpavupdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\SxgTkBar.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jean-Francois\Bureau\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.ca/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!http://adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1155531098847
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I also got this surprise at reboot:


wincbr.exe
trojan horse irc/backdoor sdbot2.hki
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

thanks

 

[LonnyRJones]

I assume your antivirus deleted it ?

Why do you have more than one antivirus program installed ? Normal not a good idea.

Start Hijackthis and place a check next to these items If there.
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mca.chm::/speedtest2.dll

====================================
Hit fix checked and close Hijackthis.

 

[duss12]

I assume your antivirus deleted it ?

Why do you have more than one antivirus program installed ? Normal not a good idea.

Start Hijackthis and place a check next to these items If there.
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nesunee.mht!adsextend.net/zscript/yea.chm::/recife.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mma.chm::/joysavsht.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!adsextend.net/zscript/mca.chm::/speedtest2.dll

====================================
Hit fix checked and close Hijackthis.

Wow thanks, now I have pretty much a clean system, sp2 is installed antivirus are removed except for 1, and this machine is now working a lot better!!

thanks a bunch

 

[LonnyRJones]

Thats good to hear

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279

 

[tashi]

As the problem appears to be resolved this topic has been archived. :bigthumb:

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help.