Pop-ups, Active X, and Flash problems

[amabrey]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:29:51 AM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\qcqvysdd.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TightVNC125\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\RACLE~1\smss.exe
C:\Program Files\?dobe\??xplore.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\internet explorer\iexplore.exe
C:\AntiSpyWare\HiJackThis_v2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2CA42C85-DDCF-46C9-AABD-E3D06CEBF09E} - (no file)
O2 - BHO: (no name) - {301013FD-F51B-FFC8-1C17-F88DB02282B8} - C:\WINDOWS\system32\ljblj.dll
O2 - BHO: (no name) - {3C3AED4D-AC67-4071-B5FE-197471207219} - C:\WINDOWS\system32\vtsqo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\kklfqppk.dll
O2 - BHO: (no name) - {694D13AE-F61D-FFCF-1817-F88DB023D0BC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\pmnljjk.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC125\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mdzsadjA] C:\WINDOWS\mdzsadjA.exe
O4 - HKLM\..\Run: [{1D-DC-CA-AC-ZN}] C:\windows\system32\nodsregs.exe SKY003
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\swssjghw.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Tair] "C:\WINDOWS\RACLE~1\smss.exe" -vt ndrv
O4 - HKCU\..\Run: [Awatuui] "C:\Program Files\?dobe\??xplore.exe"
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: pmnljjk - C:\WINDOWS\SYSTEM32\pmnljjk.dll
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\qcqvysdd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC125\WinVNC.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtekefsev.html
--
End of file - 12772 bytes




The online scan would not work. Thanks!

 

[Blade81]

Hi

1. Download this file -
combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your
next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause
it to stall

 

[amabrey]

"Kluesner Construct" - 2007-07-16 9:39:23 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Kluesner Construct\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\geedb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-16 ))))))))))))))))))))))))))))))))))


2007-07-16 07:39 124,436 --a------ C:\WINDOWS\SYSTEM32\tbnncvvu.dll
2007-07-16 07:36 66,580 --a------ C:\WINDOWS\SYSTEM32\fxxwxllx.dll
2007-07-16 07:36 66,068 --a------ C:\WINDOWS\SYSTEM32\fyxjmwdg.exe
2007-07-15 13:09 60,928 --a------ C:\WINDOWS\SYSTEM32\tqpccjfa.dll
2007-07-15 07:42 66,580 --a------ C:\WINDOWS\SYSTEM32\reerwmca.dll
2007-07-15 07:36 66,068 --a------ C:\WINDOWS\SYSTEM32\skvgwqxw.exe
2007-07-14 07:42 66,580 --a------ C:\WINDOWS\SYSTEM32\hqtvwmye.dll
2007-07-14 07:36 66,068 --a------ C:\WINDOWS\SYSTEM32\tqtxkjtq.exe
2007-07-13 07:39 66,580 --a------ C:\WINDOWS\SYSTEM32\nisvodam.dll
2007-07-13 07:36 66,068 --a------ C:\WINDOWS\SYSTEM32\koeggrtk.exe
2007-07-12 07:39 66,580 --a------ C:\WINDOWS\SYSTEM32\frkbspja.dll
2007-07-12 07:36 66,068 --a------ C:\WINDOWS\SYSTEM32\kqsoiffw.exe
2007-07-11 07:38 124,436 --a------ C:\WINDOWS\SYSTEM32\jbqsedqh.dll
2007-07-11 07:35 66,068 --a------ C:\WINDOWS\SYSTEM32\kordjiuf.exe
2007-07-10 07:38 66,068 --a------ C:\WINDOWS\SYSTEM32\beigwvxt.exe
2007-07-10 07:36 192,612 --a------ C:\WINDOWS\SYSTEM32\rwinpodt.exe
2007-07-09 13:02 31,254 --a------ C:\WINDOWS\SYSTEM32\mljgebc.dll
2007-07-09 13:02 31,254 --a------ C:\WINDOWS\SYSTEM32\hggfdaa.dll
2007-07-06 13:22 <DIR> d-------- C:\DOCUME~1\KLUESN~1\APPLIC~1\WinTouch
2007-07-06 13:07 <DIR> d-------- C:\Program Files\WinPop
2007-07-06 12:45 50,708 --a------ C:\WINDOWS\SYSTEM32\qbenvgpp.exe
2007-07-05 12:45 124,436 --a------ C:\WINDOWS\SYSTEM32\bqkiuwrh.dll
2007-07-05 12:44 62,516 --a------ C:\WINDOWS\SYSTEM32\kklfqppk.dll
2007-07-05 12:44 50,708 --a------ C:\WINDOWS\SYSTEM32\qcqvysdd.exe
2007-07-05 12:35 135,168 --a------ C:\WINDOWS\tk58.exe
2007-07-05 12:33 46,592 --a------ C:\WINDOWS\mdzsadj.exe
2007-07-05 12:33 31,254 --a------ C:\WINDOWS\SYSTEM32\pmnoolk.dll
2007-07-05 12:33 31,254 --a------ C:\WINDOWS\SYSTEM32\pmnljjk.dll
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X9
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X4
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X3
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X2
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X1
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\win
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\o02PrEz
2007-07-05 12:33 <DIR> d-------- C:\Temp\iee
2007-07-05 12:33 <DIR> d-------- C:\Temp\0b9
2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-16 14:41:53 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-16 14:41:53 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-12 18:55:38 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-11 13:10:31 -------- d-----w C:\Program Files\Windows NT
2007-07-11 12:45:55 -------- d-----w C:\Program Files\RegScrubXP
2007-06-14 08:08:18 -------- d-----w C:\Program Files\Google
2007-06-12 20:30:40 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-12 20:30:35 -------- d-----w C:\Program Files\Yahoo!
2007-06-12 20:24:02 -------- d-----w C:\Program Files\2 Pic
2007-06-12 19:31:17 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\AdobeUM
2007-05-30 16:54:19 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-30 16:54:16 -------- d-----w C:\Program Files\Common Files\Real
2007-05-29 16:56:30 -------- d-----w C:\Program Files\Viewpoint
2007-05-24 19:34:38 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Google
2007-05-18 17:58:40 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Yahoo!
2007-05-18 15:40:08 0 ----a-w C:\WINDOWS\system32\SBRC.dat
2007-05-18 15:40:08 0 ----a-w C:\WINDOWS\system32\SBFC.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 14:30:33 -------- d-----w C:\Program Files\Cps
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-05-30 16:18]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}=C:\WINDOWS\system32\kklfqppk.dll [2007-07-05 12:45]
{671A1FAF-A616-AECF-1E17-F88DB02281BE}=C:\WINDOWS\system32\tqpccjfa.dll [2007-06-20 09:49]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{DC192567-65F9-4AB6-ADB7-E13575F81726}=C:\WINDOWS\system32\pmnljjk.dll [2007-07-05 12:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 22:10]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 10:30]
"WinVNC"="C:\Program Files\TightVNC125\WinVNC.exe" [2002-08-10 16:43]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 15:52]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 12:30]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 08:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"mdzsadjA"="C:\WINDOWS\mdzsadjA.exe" []
"{1D-DC-CA-AC-ZN}"="C:\windows\system32\nodsregs.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]
"WinTouch"="C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe" [2007-07-06 13:22]
"Tair"="C:\WINDOWS\RACLE~1\smss.exe" []
"Awatuui"="C:\Program Files\?dobe\??xplore.exe" []
"Kpuzox"="C:\Documents and Settings\Kluesner Construct\Application Data\s?curity\c?rss.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Windows NT\rtekefsev.html

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DC192567-65F9-4AB6-ADB7-E13575F81726}"="C:\WINDOWS\system32\pmnljjk.dll" [2007-07-05 12:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljjk]
pmnljjk.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f909c-90b8-11d9-8c35-0011115b87dc}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-07-14 02:00:00 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
2007-07-16 11:45:12 C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-16 09:42:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-07-16 9:44:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-16 09:44
C:\ComboFix2.txt ... 2007-07-16 09:38
C:\ComboFix3.txt ... 2007-05-29 11:39

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\geedb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 07/1-01-07 to 07/16/2007 ))))))))))))))))))))))))))))))))))


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\geedb.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 07/1-01-07 to 07/16/2007 ))))))))))))))))))))))))))))))))))

 

[Blade81]

Hi

Download and run the following PurityScan uninstaller from on of the two below links:

PurityScan Uninstaller Link 1

PurityScan Uninstaller Link 2


1. Save the Uninstaller to your desktop.
2. Double click on the OiUninstaller.exe icon on your desktop.
3. Click on
Run
.
4. Enter the four digit code that is displayed and click on
Uninstall
.
5. Click on
Ok
and reboot your computer.

For more explicit instructions with snapshots of some windows from the uninstall tool, see the below link:

OuterInfo Uninstaller Snapshots




Start hjt, click do a system scan only, check (if found):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {2CA42C85-DDCF-46C9-AABD-E3D06CEBF09E} - (no file)
O2 - BHO: (no name) - {301013FD-F51B-FFC8-1C17-F88DB02282B8} - C:\WINDOWS\system32\ljblj.dll
O2 - BHO: (no name) - {3C3AED4D-AC67-4071-B5FE-197471207219} - C:\WINDOWS\system32\vtsqo.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\kklfqppk.dll
O2 - BHO: (no name) - {694D13AE-F61D-FFCF-1817-F88DB023D0BC} - (no file)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\pmnljjk.dll
O4 - HKLM\..\Run: [mdzsadjA] C:\WINDOWS\mdzsadjA.exe
O4 - HKLM\..\Run: [{1D-DC-CA-AC-ZN}] C:\windows\system32\nodsregs.exe SKY003
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\swssjghw.dll",realset
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O20 - Winlogon Notify: pmnljjk - C:\WINDOWS\SYSTEM32\pmnljjk.dll
O20 - Winlogon Notify: vtsqo - C:\WINDOWS\system32\vtsqo.dll

Close browsers and other windows. Click fix checked.


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\tbnncvvu.dll
C:\WINDOWS\SYSTEM32\fxxwxllx.dll
C:\WINDOWS\SYSTEM32\fyxjmwdg.exe
C:\WINDOWS\SYSTEM32\tqpccjfa.dll
C:\WINDOWS\SYSTEM32\reerwmca.dll
C:\WINDOWS\SYSTEM32\skvgwqxw.exe
C:\WINDOWS\SYSTEM32\hqtvwmye.dll
C:\WINDOWS\SYSTEM32\tqtxkjtq.exe
C:\WINDOWS\SYSTEM32\nisvodam.dll
C:\WINDOWS\SYSTEM32\koeggrtk.exe
C:\WINDOWS\SYSTEM32\frkbspja.dll
C:\WINDOWS\SYSTEM32\kqsoiffw.exe
C:\WINDOWS\SYSTEM32\jbqsedqh.dll
C:\WINDOWS\SYSTEM32\kordjiuf.exe
C:\WINDOWS\SYSTEM32\beigwvxt.exe
C:\WINDOWS\SYSTEM32\rwinpodt.exe
C:\WINDOWS\SYSTEM32\mljgebc.dll
C:\WINDOWS\SYSTEM32\hggfdaa.dll
C:\WINDOWS\SYSTEM32\qbenvgpp.exe
C:\WINDOWS\SYSTEM32\bqkiuwrh.dll
C:\WINDOWS\SYSTEM32\kklfqppk.dll
C:\WINDOWS\SYSTEM32\qcqvysdd.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\mdzsadj.exe
C:\WINDOWS\SYSTEM32\pmnoolk.dll
C:\WINDOWS\SYSTEM32\pmnljjk.dll
C:\WINDOWS\b138.exe
C:\WINDOWS\system32\SBRC.dat
C:\WINDOWS\system32\SBFC.dat

Folder::
C:\WINDOWS\SYSTEM32\X9
C:\WINDOWS\SYSTEM32\X4
C:\WINDOWS\SYSTEM32\X3
C:\WINDOWS\SYSTEM32\X2
C:\WINDOWS\SYSTEM32\X1
C:\WINDOWS\SYSTEM32\win
C:\WINDOWS\SYSTEM32\o02PrEz
C:\Temp\iee
C:\Temp\0b9

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log and a fresh hjt log after doing steps below.


Show hidden files
-----------------
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.


Delete following files if found (in safe mode if needed):
C:\WINDOWS\system32\ljblj.dll
C:\WINDOWS\system32\vtsqo.dll
C:\WINDOWS\mdzsadjA.exe
C:\windows\system32\nodsregs.exe
C:\WINDOWS\system32\swssjghw.dll

 

[amabrey]

The PurityScan cannot downlaod because of my security settings...how do I change that?

 

[amabrey]

I bought a internet security software, ran that, re ran Spybot, and here is the new HJ Log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:06:27 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC125\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\AntiSpyWare\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2CA42C85-DDCF-46C9-AABD-E3D06CEBF09E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {694D13AE-F61D-FFCF-1817-F88DB023D0BC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {9AA5BD90-12A3-4906-9364-BC0263583500} - C:\WINDOWS\system32\awtsp.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC125\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ifplmpsl.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll
O20 - Winlogon Notify: pmnljjk - pmnljjk.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC125\WinVNC.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtekefsev.html

--
End of file - 12814 bytes

 

[Blade81]

Hi

Could you re-run Combofix and post its log, please? Post also a fresh hjt log after Combofix run.

 

[amabrey]

"Kluesner Construct" - 2007-07-19 7:47:04 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Kluesner Construct\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pstwa.bak1
C:\WINDOWS\system32\pstwa.bak2
C:\WINDOWS\system32\pstwa.ini
C:\WINDOWS\system32\pstwa.ini2
C:\WINDOWS\system32\pstwa.tmp
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.ini2
C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\SYSTEM32\pstwa.bak1
C:\WINDOWS\SYSTEM32\pstwa.bak2
C:\WINDOWS\SYSTEM32\pstwa.ini
C:\WINDOWS\SYSTEM32\pstwa.ini2
C:\WINDOWS\SYSTEM32\pstwa.tmp
C:\WINDOWS\system32\awtsp.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-19 ))))))))))))))))))))))))))))))))))


2007-07-19 00:40 126,785 --a------ C:\WINDOWS\SYSTEM32\fufrqaoq.dll
2007-07-19 00:34 66,066 --a------ C:\WINDOWS\SYSTEM32\pfhrcfkx.dll
2007-07-18 12:37 126,785 --a------ C:\WINDOWS\SYSTEM32\ruttwwuq.dll
2007-07-18 12:31 66,066 --a------ C:\WINDOWS\SYSTEM32\xpdmuaho.dll
2007-07-18 07:46 66,066 --a------ C:\WINDOWS\SYSTEM32\bmbkdcac.dll
2007-07-17 22:58 42,606 --a------ C:\WINDOWS\SYSTEM32\bpynveuo.dll
2007-07-17 14:04 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-17 13:34 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-16 07:36 66,580 --a------ C:\WINDOWS\SYSTEM32\fxxwxllx.dll
2007-07-15 07:42 66,580 --a------ C:\WINDOWS\SYSTEM32\reerwmca.dll
2007-07-14 07:42 66,580 --a------ C:\WINDOWS\SYSTEM32\hqtvwmye.dll
2007-07-13 07:39 66,580 --a------ C:\WINDOWS\SYSTEM32\nisvodam.dll
2007-07-12 07:39 66,580 --a------ C:\WINDOWS\SYSTEM32\frkbspja.dll
2007-07-06 13:22 <DIR> d-------- C:\DOCUME~1\KLUESN~1\APPLIC~1\WinTouch
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X9
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X4
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X3
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X2
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X1
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\win
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\o02PrEz
2007-07-05 12:33 <DIR> d-------- C:\Temp\iee
2007-07-05 12:33 <DIR> d-------- C:\Temp\0b9
2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-18 20:02:03 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-18 13:30:24 -------- d-----w C:\Program Files\RegScrubXP
2007-07-17 18:36:51 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-17 18:36:51 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-17 18:36:51 -------- d-----w C:\Program Files\Symantec
2007-07-17 18:28:25 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-17 18:24:18 -------- d-----w C:\Program Files\Yahoo!
2007-07-11 13:10:31 -------- d-----w C:\Program Files\Windows NT
2007-06-14 08:08:18 -------- d-----w C:\Program Files\Google
2007-06-12 20:30:40 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-12 20:24:02 -------- d-----w C:\Program Files\2 Pic
2007-06-12 19:31:17 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\AdobeUM
2007-05-30 16:54:19 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-30 16:54:16 -------- d-----w C:\Program Files\Common Files\Real
2007-05-29 16:56:30 -------- d-----w C:\Program Files\Viewpoint
2007-05-24 19:34:38 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Google
2007-05-18 17:58:40 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 14:30:33 -------- d-----w C:\Program Files\Cps
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-05-30 16:18]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 02:04]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 22:10]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 10:30]
"WinVNC"="C:\Program Files\TightVNC125\WinVNC.exe" [2002-08-10 16:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 08:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]
"WinTouch"="C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe" [2007-07-06 13:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Windows NT\rtekefsev.html

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnljjk]
pmnljjk.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f909c-90b8-11d9-8c35-0011115b87dc}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-07-14 02:00:00 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
2007-07-17 18:47:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Kluesner Construct.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 07:53:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-07-19 7:56:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-19 07:56
C:\ComboFix2.txt ... 2007-07-16 09:45
C:\ComboFix3.txt ... 2007-07-16 09:38

--- E O F ---

 

[amabrey]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:59:55 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC125\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\AntiSpyWare\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {2CA42C85-DDCF-46C9-AABD-E3D06CEBF09E} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {694D13AE-F61D-FFCF-1817-F88DB023D0BC} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC125\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - Winlogon Notify: pmnljjk - pmnljjk.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC125\WinVNC.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtekefsev.html

--
End of file - 12749 bytes

 

[Blade81]

Hi

Start hjt, click do a system scan only, check (if found):
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {2CA42C85-DDCF-46C9-AABD-E3D06CEBF09E} - (no file)
O2 - BHO: (no name) - {694D13AE-F61D-FFCF-1817-F88DB023D0BC} - (no file)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - (no file)
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - (no file)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab
O20 - Winlogon Notify: pmnljjk - pmnljjk.dll (file missing)
Close browsers and other windows. Click fix checked.


Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\SYSTEM32\fufrqaoq.dll
C:\WINDOWS\SYSTEM32\pfhrcfkx.dll
C:\WINDOWS\SYSTEM32\ruttwwuq.dll
C:\WINDOWS\SYSTEM32\xpdmuaho.dll
C:\WINDOWS\SYSTEM32\bmbkdcac.dll
C:\WINDOWS\SYSTEM32\bpynveuo.dll
C:\WINDOWS\SYSTEM32\fxxwxllx.dll
C:\WINDOWS\SYSTEM32\reerwmca.dll
C:\WINDOWS\SYSTEM32\hqtvwmye.dll
C:\WINDOWS\SYSTEM32\nisvodam.dll
C:\WINDOWS\SYSTEM32\frkbspja.dll
C:\WINDOWS\b138.exe

Folder::
C:\WINDOWS\SYSTEM32\X9
C:\WINDOWS\SYSTEM32\X4
C:\WINDOWS\SYSTEM32\X3
C:\WINDOWS\SYSTEM32\X2
C:\WINDOWS\SYSTEM32\X1
C:\WINDOWS\SYSTEM32\win
C:\WINDOWS\SYSTEM32\o02PrEz
C:\Temp\iee
C:\Temp\0b9

Save this as
CFScript

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.

 

[amabrey]

"Kluesner Construct" - 2007-07-19 9:23:02 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Kluesner Construct\"
Command switches used :: ""C:\Documents and Settings\Kluesner Construct\Desktop\CFScript.txt""


((((((((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-19 ))))))))))))))))))))))))))))))))))


2007-07-19 00:40 126,785 --a------ C:\WINDOWS\SYSTEM32\fufrqaoq.dll
2007-07-19 00:34 66,066 --a------ C:\WINDOWS\SYSTEM32\pfhrcfkx.dll
2007-07-18 12:37 126,785 --a------ C:\WINDOWS\SYSTEM32\ruttwwuq.dll
2007-07-18 12:31 66,066 --a------ C:\WINDOWS\SYSTEM32\xpdmuaho.dll
2007-07-18 07:46 66,066 --a------ C:\WINDOWS\SYSTEM32\bmbkdcac.dll
2007-07-17 22:58 42,606 --a------ C:\WINDOWS\SYSTEM32\bpynveuo.dll
2007-07-17 14:04 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-17 13:34 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-16 07:36 66,580 --a------ C:\WINDOWS\SYSTEM32\fxxwxllx.dll
2007-07-15 07:42 66,580 --a------ C:\WINDOWS\SYSTEM32\reerwmca.dll
2007-07-14 07:42 66,580 --a------ C:\WINDOWS\SYSTEM32\hqtvwmye.dll
2007-07-13 07:39 66,580 --a------ C:\WINDOWS\SYSTEM32\nisvodam.dll
2007-07-12 07:39 66,580 --a------ C:\WINDOWS\SYSTEM32\frkbspja.dll
2007-07-06 13:22 <DIR> d-------- C:\DOCUME~1\KLUESN~1\APPLIC~1\WinTouch
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X9
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X4
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X3
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X2
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\X1
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\win
2007-07-05 12:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\o02PrEz
2007-07-05 12:33 <DIR> d-------- C:\Temp\iee
2007-07-05 12:33 <DIR> d-------- C:\Temp\0b9
2007-07-03 09:42 22,016 --a------ C:\WINDOWS\b138.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-18 20:02:03 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-18 13:30:24 -------- d-----w C:\Program Files\RegScrubXP
2007-07-17 18:36:51 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-17 18:36:51 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-17 18:36:51 -------- d-----w C:\Program Files\Symantec
2007-07-17 18:28:25 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-17 18:24:18 -------- d-----w C:\Program Files\Yahoo!
2007-07-11 13:10:31 -------- d-----w C:\Program Files\Windows NT
2007-06-14 08:08:18 -------- d-----w C:\Program Files\Google
2007-06-12 20:30:40 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-12 20:24:02 -------- d-----w C:\Program Files\2 Pic
2007-06-12 19:31:17 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\AdobeUM
2007-05-30 16:54:19 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-30 16:54:16 -------- d-----w C:\Program Files\Common Files\Real
2007-05-29 16:56:30 -------- d-----w C:\Program Files\Viewpoint
2007-05-24 19:34:38 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Google
2007-05-18 17:58:40 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 14:30:33 -------- d-----w C:\Program Files\Cps
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-05-30 16:18]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 02:04]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 22:10]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 10:30]
"WinVNC"="C:\Program Files\TightVNC125\WinVNC.exe" [2002-08-10 16:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 08:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]
"WinTouch"="C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe" [2007-07-06 13:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Windows NT\rtekefsev.html


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f909c-90b8-11d9-8c35-0011115b87dc}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-07-14 02:00:00 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
2007-07-17 18:47:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Kluesner Construct.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-19 09:26:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-07-19 9:27:39
C:\ComboFix-quarantined-files.txt ... 2007-07-19 09:27
C:\ComboFix3.txt ... 2007-07-16 09:45

--- E O F ---

 

[amabrey]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:29:23 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC125\WinVNC.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\AntiSpyWare\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC125\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_games/tikgames/cinematycoon/cinematycoon.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Program Files\TightVNC125\WinVNC.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows NT\rtekefsev.html

--
End of file - 11999 bytes

 

[Blade81]

* Download OTMoveIt.exe from here and place it on your desktop:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

* Open OTMoveIt.exe.
In the left pane where it says: "Paste List of Files/Folders to be Moved", copy and paste next part:

C:\WINDOWS\SYSTEM32\fufrqaoq.dll
C:\WINDOWS\SYSTEM32\pfhrcfkx.dll
C:\WINDOWS\SYSTEM32\ruttwwuq.dll
C:\WINDOWS\SYSTEM32\xpdmuaho.dll
C:\WINDOWS\SYSTEM32\bmbkdcac.dll
C:\WINDOWS\SYSTEM32\bpynveuo.dll
C:\WINDOWS\SYSTEM32\fxxwxllx.dll
C:\WINDOWS\SYSTEM32\reerwmca.dll
C:\WINDOWS\SYSTEM32\hqtvwmye.dll
C:\WINDOWS\SYSTEM32\nisvodam.dll
C:\WINDOWS\SYSTEM32\frkbspja.dll
C:\WINDOWS\b138.exe
C:\WINDOWS\SYSTEM32\X9
C:\WINDOWS\SYSTEM32\X4
C:\WINDOWS\SYSTEM32\X3
C:\WINDOWS\SYSTEM32\X2
C:\WINDOWS\SYSTEM32\X1
C:\WINDOWS\SYSTEM32\win
C:\WINDOWS\SYSTEM32\o02PrEz
C:\Temp\iee
C:\Temp\0b9

Then click the MoveIt button below.
In case you get a "Bad Image" error, just click OK at the promt. It will move the file anyway.
When done, it will create a log (********_******.log -- * stands for date and time) in next folder: C:\_OTMoveIt\MovedFiles.
Copy and paste this log in your next reply with a new hijackthis log.

 

[amabrey]

LoadLibrary failed for C:\WINDOWS\SYSTEM32\fufrqaoq.dll
C:\WINDOWS\SYSTEM32\fufrqaoq.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\fufrqaoq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\pfhrcfkx.dll
C:\WINDOWS\SYSTEM32\pfhrcfkx.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pfhrcfkx.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\ruttwwuq.dll
C:\WINDOWS\SYSTEM32\ruttwwuq.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\ruttwwuq.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\xpdmuaho.dll
C:\WINDOWS\SYSTEM32\xpdmuaho.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\xpdmuaho.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\bmbkdcac.dll
C:\WINDOWS\SYSTEM32\bmbkdcac.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\bmbkdcac.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\bpynveuo.dll
C:\WINDOWS\SYSTEM32\bpynveuo.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\bpynveuo.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\fxxwxllx.dll
C:\WINDOWS\SYSTEM32\fxxwxllx.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\fxxwxllx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\reerwmca.dll
C:\WINDOWS\SYSTEM32\reerwmca.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\reerwmca.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\hqtvwmye.dll
C:\WINDOWS\SYSTEM32\hqtvwmye.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\hqtvwmye.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\nisvodam.dll
C:\WINDOWS\SYSTEM32\nisvodam.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\nisvodam.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\frkbspja.dll
C:\WINDOWS\SYSTEM32\frkbspja.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\frkbspja.dll moved successfully.
C:\WINDOWS\b138.exe moved successfully.
C:\WINDOWS\SYSTEM32\X9 moved successfully.
C:\WINDOWS\SYSTEM32\X4 moved successfully.
C:\WINDOWS\SYSTEM32\X3 moved successfully.
C:\WINDOWS\SYSTEM32\X2 moved successfully.
C:\WINDOWS\SYSTEM32\X1 moved successfully.
C:\WINDOWS\SYSTEM32\win moved successfully.
C:\WINDOWS\SYSTEM32\o02PrEz moved successfully.
C:\Temp\iee moved successfully.
C:\Temp\0b9 moved successfully.

Created on 07/20/2007 08:11:45

 

[Blade81]

How about that fresh hjt log?

 

[amabrey]

"Kluesner Construct" - 2007-07-20 8:43:15 Service Pack 2
ComboFix 07-05.25.3V - Running from: "C:\Documents and Settings\Kluesner Construct\"
Command switches used :: ""C:\Documents and Settings\Kluesner Construct\Desktop\CFScript.txt""


((((((((((((((((((((((((((((((( Files Created from 2007-06-07 to 2007-07-20 ))))))))))))))))))))))))))))))))))


2007-07-19 12:05 <DIR> d-------- C:\WINDOWS\LastGood
2007-07-17 14:04 <DIR> d--h----- C:\WINDOWS\PIF
2007-07-17 13:34 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-07-06 13:22 <DIR> d-------- C:\DOCUME~1\KLUESN~1\APPLIC~1\WinTouch


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 17:05:28 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-18 13:30:24 -------- d-----w C:\Program Files\RegScrubXP
2007-07-17 18:36:51 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-17 18:36:51 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-17 18:36:51 -------- d-----w C:\Program Files\Symantec
2007-07-17 18:28:25 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-17 18:24:18 -------- d-----w C:\Program Files\Yahoo!
2007-07-11 13:10:31 -------- d-----w C:\Program Files\Windows NT
2007-06-14 08:08:18 -------- d-----w C:\Program Files\Google
2007-06-12 20:30:40 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-12 20:24:02 -------- d-----w C:\Program Files\2 Pic
2007-06-12 19:31:17 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\AdobeUM
2007-05-30 16:54:19 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-30 16:54:16 -------- d-----w C:\Program Files\Common Files\Real
2007-05-29 16:56:30 -------- d-----w C:\Program Files\Viewpoint
2007-05-24 19:34:38 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Google
2007-05-18 17:58:40 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 14:30:33 -------- d-----w C:\Program Files\Cps
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-05-30 16:18]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}=C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll [2007-01-12 02:04]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" []
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-14 22:10]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00]
"Dell Photo AIO Printer 922"="C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 10:30]
"WinVNC"="C:\Program Files\TightVNC125\WinVNC.exe" [2002-08-10 16:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-06 08:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2006-04-19 09:30]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-28 17:10]
"WinTouch"="C:\Documents and Settings\Kluesner Construct\Application Data\WinTouch\WinTouch.exe" [2007-07-06 13:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SRUUninstall"="C:\WINDOWS\system32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec NetDriver Warning"=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
C:\Program Files\Windows NT\rtekefsev.html


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b32f909c-90b8-11d9-8c35-0011115b87dc}]
AutoRun\command- E:\setupSNK.exe


Contents of the 'Scheduled Tasks' folder
2007-07-14 02:00:00 C:\WINDOWS\tasks\Ad-Aware SE Personal.job
2007-07-17 18:47:40 C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Kluesner Construct.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 08:47:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-07-20 8:48:20
C:\ComboFix-quarantined-files.txt ... 2007-07-20 08:48
C:\ComboFix2.txt ... 2007-07-19 09:27

--- E O F ---
((((((((((((((((((((((((((((((( Files Created from 07/2-01-07 to 07/20/2007 ))))))))))))))))))))))))))))))))))


((((((((((((((((((((((((((((((( Files Created from 07/2-01-07 to 07/20/2007 ))))))))))))))))))))))))))))))))))


07/20/2007 08:43 AM C:\64 ComboFix.txt.bat
07/20/2007 08:43 AM C:\64 ComboFix.txt.bat
07/20/2007 08:11 AM C:\<DIR> _OTMoveIt
07/20/2007 08:11 AM C:\<DIR> _OTMoveIt
07/20/2006 12:24 PM C:\WINDOWS\SYSTEM32\516,832 capicom.dll
07/20/2006 12:24 PM C:\WINDOWS\SYSTEM32\516,832 capicom.dll




*****CONT. IN NEXT POST*****

 

[amabrey]

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-19 17:05:28 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-19 12:52:32 288 ----a-w C:\WINDOWS\system32\DVCState-{00000004-00000000-00000002-00001102-00000004-10031102}.dat
2007-07-18 13:30:24 -------- d-----w C:\Program Files\RegScrubXP
2007-07-17 18:36:51 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-17 18:36:51 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-17 18:36:51 -------- d-----w C:\Program Files\Symantec
2007-07-17 18:28:25 -------- d-----w C:\Program Files\Symantec AntiVirus
2007-07-17 18:24:18 -------- d-----w C:\Program Files\Yahoo!
2007-07-11 13:10:31 -------- d-----w C:\Program Files\Windows NT
2007-06-14 08:08:18 -------- d-----w C:\Program Files\Google
2007-06-12 20:30:40 -------- d-----w C:\Program Files\Common Files\Scanner
2007-06-12 20:24:02 -------- d-----w C:\Program Files\2 Pic
2007-06-12 19:31:17 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\AdobeUM
2007-05-30 16:54:19 -------- d-----w C:\Program Files\Common Files\xing shared
2007-05-30 16:54:16 -------- d-----w C:\Program Files\Common Files\Real
2007-05-29 16:56:30 -------- d-----w C:\Program Files\Viewpoint
2007-05-24 19:34:38 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Google
2007-05-18 17:58:40 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Yahoo!
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 14:30:33 -------- d-----w C:\Program Files\Cps
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 10:32:54 364,160 ----a-w C:\WINDOWS\system32\drivers\update.sys
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-20 20:24:48 -------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-16 14:09:47 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Viewpoint
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-16 15:35:03 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Snapfish
2007-02-09 11:10:35 574,464 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2007-01-30 16:59:56 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Leadertech
2007-01-12 16:41:37 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-01-12 02:22:20 276,792 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-01-12 02:22:18 25,400 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-01-12 02:22:14 247,608 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-01-10 02:47:37 624,784 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-01-10 02:47:37 242,320 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-01-09 22:32:13 40,120 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-01-09 22:32:13 38,200 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2007-01-09 22:32:13 35,256 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-01-09 22:32:13 27,576 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-01-09 22:32:13 191,544 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-01-09 22:32:13 145,976 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-01-09 22:32:13 12,984 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2006-12-22 17:28:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2006-12-06 13:34:47 -------- d-----w C:\Program Files\QuickTime
2006-11-15 13:54:49 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Intuit
2006-11-15 13:54:38 -------- d-----w C:\Program Files\Intuit
2006-11-15 13:54:31 -------- d-----w C:\Program Files\Common Files\supportsoft
2006-11-15 13:47:51 -------- d-----w C:\Program Files\Common Files\Intuit
2006-11-04 20:14:00 1,245,696 ----a-w C:\WINDOWS\system32\msxml4.dll
2006-11-01 19:17:45 927,504 ----a-w C:\WINDOWS\system32\mfc40u.dll
2006-10-27 16:54:49 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\AdobeAUM
2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs.dll
2006-10-16 16:15:00 122,880 ----a-w C:\WINDOWS\system32\oledlg.dll
2006-10-14 08:13:25 981,760 ----a-w C:\WINDOWS\system32\mfc42u.dll
2006-10-13 12:35:12 65,536 ----a-w C:\WINDOWS\system32\nwwks.dll
2006-10-13 12:35:12 64,000 ----a-w C:\WINDOWS\system32\nwapi32.dll
2006-10-13 12:35:12 142,336 ----a-w C:\WINDOWS\system32\nwprovau.dll
2006-10-13 10:23:15 163,584 ----a-w C:\WINDOWS\system32\drivers\nwrdr.sys
2006-10-05 02:42:42 2,560 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-10-05 02:42:42 2,432 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-27 21:53:22 36,560 ----a-w C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-09-13 18:52:06 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\MySpace
2006-09-13 05:01:56 1,084,416 ----a-w C:\WINDOWS\system32\msxml3.dll
2006-09-06 19:58:12 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\FileOpen
2006-09-06 00:54:28 1,721,952 ----a-w C:\WINDOWS\system32\InetClnt.dll
2006-08-25 15:45:58 617,472 ----a-w C:\WINDOWS\system32\comctl32.dll
2006-08-22 10:05:26 498,742 ----a-w C:\WINDOWS\system32\dxmasf.dll
2006-08-21 15:52:08 246,814 ----a-w C:\WINDOWS\system32\strmdll.dll
2006-08-21 12:21:06 16,896 ----a-w C:\WINDOWS\system32\fltlib.dll
2006-08-21 09:14:58 23,040 ----a-w C:\WINDOWS\system32\fltmc.exe
2006-08-21 09:14:58 128,896 ----a-w C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2006-08-17 12:28:27 132,096 ----a-w C:\WINDOWS\system32\wkssvc.dll
2006-08-16 11:58:05 100,352 ----a-w C:\WINDOWS\system32\6to4svc.dll
2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2006-08-14 10:34:41 332,928 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2006-08-11 20:25:00 -------- d-----w C:\Program Files\The Weather Channel FW
2006-07-24 06:38:26 49,152 ----a-w C:\WINDOWS\nircmd.exe
2006-07-21 08:24:43 72,704 ----a-w C:\WINDOWS\system32\hlink.dll
2006-07-13 08:48:58 202,240 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2006-07-12 19:57:28 -------- d-----w C:\Program Files\Kodak
2006-07-12 19:32:48 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Lavasoft
2006-07-12 19:32:32 -------- d-----w C:\Program Files\Lavasoft
2006-06-29 14:05:44 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2006-06-29 14:05:44 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2006-06-28 23:59:26 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2006-06-22 05:06:30 1,435,648 ----a-w C:\WINDOWS\system32\query.dll
2006-06-22 05:06:29 69,120 ----a-w C:\WINDOWS\system32\ciodm.dll
2006-06-14 09:00:45 82,944 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2006-06-14 08:47:46 6,400 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2006-06-14 08:47:45 172,416 ----a-w C:\WINDOWS\system32\drivers\kmixer.sys
2006-05-25 20:39:04 -------- d-----w C:\Program Files\IrfanView
2006-05-05 09:47:57 174,592 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2006-05-05 09:41:45 453,120 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2006-04-12 16:11:44 1,933,312 ----a-w C:\WINDOWS\system32\cdintf251.dll
2006-04-03 16:14:42 -------- d-----w C:\Program Files\GameHouse
2006-03-24 04:37:50 49,152 ----a-w C:\WINDOWS\system32\wdigest.dll
2006-03-17 00:38:01 28,672 ----a-w C:\WINDOWS\system32\verclsid.exe
2006-03-17 00:33:10 262,784 ----a-w C:\WINDOWS\system32\drivers\http.sys
2006-03-07 20:07:22 4 ---ha-w C:\WINDOWS\uccspecb.sys
2006-03-03 19:17:11 37,027 ----a-w C:\WINDOWS\atmoUn.exe
2006-03-01 19:42:42 956,416 ----a-w C:\WINDOWS\system32\msdtctm.dll
2006-03-01 19:42:42 91,136 ----a-w C:\WINDOWS\system32\mtxoci.dll
2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu.dll

 

[amabrey]

2006-03-01 19:42:42 426,496 ----a-w C:\WINDOWS\system32\msdtcprx.dll
2006-03-01 19:42:42 161,280 ----a-w C:\WINDOWS\system32\msdtcuiu.dll
2006-03-01 19:42:42 11,776 ----a-w C:\WINDOWS\system32\xolehlp.dll
2006-02-15 00:22:26 142,464 ----a-w C:\WINDOWS\system32\drivers\aec.sys
2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt.dll
2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent.dll
2005-10-17 21:14:46 118,272 ----a-w C:\WINDOWS\system32\t2embed.dll
2005-10-17 21:14:45 80,896 ----a-w C:\WINDOWS\system32\fontsub.dll
2005-09-10 01:53:41 2,067,968 ----a-w C:\WINDOWS\system32\cdosys.dll
2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo.dll
2005-08-31 18:39:38 -------- d-----w C:\Program Files\MSN Apps
2005-08-31 18:20:03 -------- d-----w C:\Program Files\TightVNC125
2005-08-31 18:17:29 -------- d--h--w C:\Program Files\InstallShield Installation Information
2005-08-31 18:03:32 4 ----a-w C:\WINDOWS\RM_RESULT.DAT
2005-08-31 18:02:17 1,142,784 ----a-w C:\WINDOWS\TMUPDATE.DLL
2005-08-31 18:02:16 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2005-08-31 18:02:16 208,896 ----a-w C:\WINDOWS\PATCH.EXE
2005-08-31 01:36:35 35,184 ----a-w C:\WINDOWS\system32\68k57k0k.dat
2005-08-31 01:36:34 188,144 ----a-w C:\WINDOWS\system32\ireu41f2.dat
2005-08-31 01:36:28 4,240 ----a-w C:\WINDOWS\system32\plqba7h5.dat
2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr.dll
2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman.dll
2005-08-19 19:46:50 2,721 ----a-w C:\WINDOWS\system32\vf6ohdi8.dat
2005-08-01 15:57:14 0 ----a-w C:\WINDOWS\system32\c20heq1m.dat
2005-07-26 14:18:42 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Creative
2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss.dll
2005-07-26 04:39:49 37,888 ----a-w C:\WINDOWS\system32\olecnv32.dll
2005-07-26 04:39:49 101,376 ----a-w C:\WINDOWS\system32\txflog.dll
2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32.dll
2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32.dll
2005-07-26 04:39:45 540,160 ----a-w C:\WINDOWS\system32\comuid.dll
2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
2005-07-26 04:39:44 97,792 ----a-w C:\WINDOWS\system32\comrepl.dll
2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs.dll
2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut.dll
2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact.dll
2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq.dll
2005-07-26 04:39:43 110,080 ----a-w C:\WINDOWS\system32\clbcatex.dll
2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv.dll
2005-07-12 13:26:46 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Roxio
2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv.dll
2005-06-30 18:24:06 25,088 ----a-w C:\WINDOWS\system32\msxml3a.dll
2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2005-06-29 01:46:00 254,976 ----a-w C:\WINDOWS\system32\icm32.dll
2005-06-28 16:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos.dll
2005-06-10 23:53:32 57,856 ----a-w C:\WINDOWS\system32\spoolsv.exe
2005-06-10 04:09:46 139,528 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2005-05-27 02:04:27 41,472 ----a-w C:\WINDOWS\system32\hhsetup.dll
2005-05-27 02:04:27 155,136 ----a-w C:\WINDOWS\system32\itircl.dll
2005-05-27 02:04:27 137,216 ----a-w C:\WINDOWS\system32\itss.dll
2005-05-26 23:22:01 10,752 ----a-w C:\WINDOWS\hh.exe
2005-05-26 09:16:30 194,328 ----a-w C:\WINDOWS\system32\wuaueng1.dll
2005-05-26 09:16:30 172,312 ----a-w C:\WINDOWS\system32\wuauclt1.exe
2005-05-26 09:16:24 198,424 ----a-w C:\WINDOWS\system32\iuengine.dll
2005-05-10 23:45:48 75,776 ----a-w C:\WINDOWS\system32\telnet.exe
2005-05-03 16:45:56 102,470 ----a-w C:\WINDOWS\runtsckl.exe
2005-05-03 16:44:44 25,157 ----a-w C:\WINDOWS\RMAgentOutput.dll
2005-05-03 16:43:44 126,976 ----a-w C:\WINDOWS\dllTSCLIBMT.dll
2005-04-27 19:29:42 -------- d-----w C:\Program Files\Hexacto Games
2005-03-31 13:42:56 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Real
2005-03-31 13:39:46 -------- d-----w C:\Program Files\Real
2005-03-28 17:07:29 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Symantec
2005-03-23 15:22:07 167,936 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2005-03-23 14:32:07 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Help
2005-03-22 20:41:49 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Apple Computer
2005-03-21 20:00:22 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2005-03-21 20:00:22 78,848 ----a-w C:\WINDOWS\system32\msiexec.exe
2005-03-21 20:00:22 271,360 ----a-w C:\WINDOWS\system32\msihnd.dll
2005-03-21 20:00:22 15,360 ----a-w C:\WINDOWS\system32\msisip.dll
2005-03-09 13:51:47 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\CyberLink
2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz.dll
2005-02-18 23:40:14 1,044,560 ----a-w C:\WINDOWS\vsapi32.dll
2005-02-12 09:01:28 -------- d-----w C:\Program Files\Messenger
2005-02-04 17:01:31 -------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2005-01-28 19:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe
2005-01-28 19:44:28 96,768 ----a-w C:\WINDOWS\system32\drmstor.dll
2005-01-28 19:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
2005-01-28 19:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll
2005-01-28 19:44:28 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
2005-01-28 19:44:28 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
2005-01-28 19:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll
2005-01-28 19:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll
2005-01-28 19:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
2005-01-28 19:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll
2005-01-28 19:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
2005-01-28 19:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll
2005-01-28 19:44:28 484,352 ----a-w C:\WINDOWS\system32\Audiodev.dll
2005-01-28 19:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe
2005-01-28 19:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll
2005-01-28 19:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll
2005-01-28 19:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll
2005-01-28 19:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
2005-01-28 19:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll
2005-01-28 19:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll
2005-01-28 19:44:28 331,776 ----a-w C:\WINDOWS\system32\wpdmtpdr.dll
2005-01-28 19:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll
2005-01-28 19:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll
2005-01-28 19:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll
2005-01-28 19:44:28 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
2005-01-28 19:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll
2005-01-28 19:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll
2005-01-28 19:44:28 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
2005-01-28 19:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
2005-01-28 19:44:28 258,296 ----a-w C:\WINDOWS\system32\drmclien.dll
2005-01-28 19:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
2005-01-28 19:44:28 224,768 ----a-w C:\WINDOWS\system32\wmasf.dll
2005-01-28 19:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
2005-01-28 19:44:28 20,480 ----a-w C:\WINDOWS\system32\wmpui.dll
2005-01-28 19:44:28 20,480 ----a-w C:\WINDOWS\system32\wmpcore.dll
2005-01-28 19:44:28 20,480 ----a-w C:\WINDOWS\system32\wmpcd.dll
2005-01-28 19:44:28 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
2005-01-28 19:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
2005-01-28 19:44:28 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
2005-01-28 19:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll
2005-01-28 19:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll
2005-01-28 19:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
2005-01-28 19:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll
2005-01-28 19:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll
2005-01-28 19:44:28 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
2005-01-28 19:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll
2005-01-28 19:44:28 10,752 ----a-w C:\WINDOWS\system32\wpdtrace.dll
2005-01-28 19:44:28 1,594,880 ----a-w C:\WINDOWS\system32\wmpencen.dll
2005-01-28 19:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
2005-01-28 19:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll
2005-01-28 19:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
2005-01-28 19:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
2005-01-28 19:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
2005-01-10 21:17:24 170,053 ----a-w C:\WINDOWS\tsc.exe
2005-01-07 16:51:40 -------- d-----w C:\Program Files\Jasc Software Inc
2005-01-07 16:51:40 -------- d-----w C:\DOCUME~1\KLUESN~1\APPLIC~1\Jasc Software Inc
2005-01-07 16:51:16 -------- d-----w C:\Program Files\Dell Computer
2005-01-07 16:51:06 -------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint
2005-01-07 16:49:59 -------- d-----w C:\Program Files\Dell Photo AIO Printer 922
2004-12-07 19:32:34 96,768 ----a-w C:\WINDOWS\system32\srvsvc.dll
2004-11-21 20:26:57 -------- d-----w C:\Program Files\Common Files\L&H
2004-11-21 20:26:53 -------- d-----w C:\Program Files\Microsoft ActiveSync
2004-11-21 20:26:47 -------- d-----w C:\Program Files\Microsoft Works
2004-11-21 20:26:37 -------- d-----w C:\Program Files\Microsoft.NET
2004-11-21 20:26:26 -------- d-----w C:\Program Files\Dell
2004-11-21 20:25:36 -------- d-----w C:\Program Files\CyberLink
2004-11-21 20:24:04 -------- d-----w C:\Program Files\Creative
2004-11-21 20:23:36 184 ----a-w C:\WINDOWS\system32\e000001.dat
2004-11-21 20:23:05 -------- d-----w C:\Program Files\ATI Technologies
2004-11-21 20:22:54 -------- d-----w C:\Program Files\Broadcom
2004-11-21 20:22:31 -------- d-----w C:\Program Files\Intel
2004-11-21 20:22:23 -------- d-----w C:\Program Files\Logitech
2004-11-21 20:22:23 -------- d-----w C:\Program Files\Common Files\Logitech
2004-11-21 20:01:30 -------- d-----w C:\Program Files\microsoft frontpage
2004-11-21 20:01:28 -------- d-----w C:\Program Files\Online Services
2004-11-21 20:01:28 -------- d-----w C:\Program Files\Movie Maker
2004-11-21 20:01:26 -------- d-----w C:\Program Files\MSN Gaming Zone
2004-11-21 20:01:24 -------- d-----w C:\Program Files\Common Files\MSSoap
2004-11-21 20:01:22 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2004-11-17 17:41:24 347,136 ----a-w C:\WINDOWS\system32\hypertrm.dll
2004-09-29 22:28:37 134,912 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2004-09-15 01:41:00 294,912 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2004-09-15 01:25:10 151,552 ----a-w C:\WINDOWS\system32\ATIDEMGR.dll
2004-09-15 01:05:02 6,500,352 ----a-w C:\WINDOWS\system32\Atioglgl.dll
2004-09-15 00:37:04 209,408 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2004-09-15 00:36:48 789,504 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2004-09-15 00:35:36 126,976 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2004-09-15 00:35:30 102,400 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2004-09-15 00:35:26 65,536 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2004-09-15 00:35:24 30,720 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2004-09-15 00:35:22 86,016 ----a-w C:\WINDOWS\system32\ati2evxx.dll

 

[amabrey]

2004-09-15 00:35:18 389,120 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2004-09-15 00:35:00 81,920 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2004-09-15 00:34:26 2,239,360 ----a-w C:\WINDOWS\system32\ati3duag.dll
2004-09-15 00:25:24 476,928 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2004-09-15 00:22:56 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2004-09-15 00:21:20 237,568 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2004-08-11 23:15:00 0 ---ha-w C:\MSDOS.SYS
2004-08-11 23:15:00 0 ---ha-w C:\IO.SYS
2004-08-11 23:15:00 0 ----a-w C:\CONFIG.SYS
2004-08-11 23:12:16 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2004-08-11 16:31:24 4,627 ----a-w C:\WINDOWS\system32\OEMBIOS.DAT
2004-08-11 16:31:24 13,107,200 ----a-w C:\WINDOWS\system32\OEMBIOS.BIN
2004-08-10 03:27:16 114,688 ----a-w C:\WINDOWS\system32\wscript.exe
2004-08-10 03:27:08 98,304 ----a-w C:\WINDOWS\system32\cscript.exe
2004-08-10 03:27:06 65,536 ----a-w C:\WINDOWS\system32\wshext.dll
2004-08-10 03:27:06 438,272 ----a-w C:\WINDOWS\system32\vbscript.dll
2004-08-10 03:27:06 28,672 ----a-w C:\WINDOWS\system32\wshcon.dll
2004-08-10 03:27:04 151,552 ----a-w C:\WINDOWS\system32\scrrun.dll
2004-08-10 03:27:04 151,552 ----a-w C:\WINDOWS\system32\scrobj.dll
2004-08-10 03:27:00 28,672 ----a-w C:\WINDOWS\system32\dispex.dll
2004-08-04 11:00:00 994,304 ----a-w C:\WINDOWS\system32\MSGINA.DLL
2004-08-04 11:00:00 99,840 ----a-w C:\WINDOWS\system32\MPRMSG.DLL
2004-08-04 11:00:00 99,328 ----a-w C:\WINDOWS\system32\WINSCARD.DLL
2004-08-04 11:00:00 984,576 ----a-w C:\WINDOWS\system32\SYSSETUP.DLL
2004-08-04 11:00:00 983,552 ----a-w C:\WINDOWS\system32\SETUPAPI.DLL
2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\VERIFIER.EXE
2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\SLBIOP.DLL
2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\RTM.DLL
2004-08-04 11:00:00 98,304 ----a-w C:\WINDOWS\system32\AHUI.EXE
2004-08-04 11:00:00 97,965 ----a-w C:\WINDOWS\system32\eventquery.vbs
2004-08-04 11:00:00 97,280 ----a-w C:\WINDOWS\system32\LOADPERF.DLL
2004-08-04 11:00:00 96,768 ----a-w C:\WINDOWS\system32\PSBASE.DLL
2004-08-04 11:00:00 96,768 ----a-w C:\WINDOWS\system32\DPCDLL.DLL
2004-08-04 11:00:00 96,256 ----a-w C:\WINDOWS\system32\drivers\SCSIPORT.SYS
2004-08-04 11:00:00 95,744 ----a-w C:\WINDOWS\system32\SCARDSVR.EXE
2004-08-04 11:00:00 95,744 ----a-w C:\WINDOWS\system32\MQSEC.DLL
2004-08-04 11:00:00 94,784 ----a-w C:\WINDOWS\TWAIN.DLL
2004-08-04 11:00:00 94,282 ----a-w C:\WINDOWS\system32\MSENCODE.DLL
2004-08-04 11:00:00 94,208 ----a-w C:\WINDOWS\system32\ODBCINT.DLL
2004-08-04 11:00:00 937,984 ----a-w C:\WINDOWS\system32\WINBRAND.DLL
2004-08-04 11:00:00 93,696 ----a-w C:\WINDOWS\system32\TSCFGWMI.DLL
2004-08-04 11:00:00 924,432 ----a-w C:\WINDOWS\system32\MFC40.DLL
2004-08-04 11:00:00 92,672 ----a-w C:\WINDOWS\system32\WLNOTIFY.DLL
2004-08-04 11:00:00 92,672 ----a-w C:\WINDOWS\system32\DSKQUOTA.DLL
2004-08-04 11:00:00 92,224 ----a-w C:\WINDOWS\system32\KRNL386.EXE
2004-08-04 11:00:00 92,168 ----a-w C:\WINDOWS\system32\RDPDD.DLL
2004-08-04 11:00:00 92,032 ----a-w C:\WINDOWS\system32\drivers\KSECDD.SYS
2004-08-04 11:00:00 91,776 ----a-w C:\WINDOWS\system32\drivers\NDISWAN.SYS
2004-08-04 11:00:00 91,648 ----a-w C:\WINDOWS\system32\XACTSRV.DLL
2004-08-04 11:00:00 91,136 ----a-w C:\WINDOWS\system32\NTPRINT.DLL
2004-08-04 11:00:00 90,624 ----a-w C:\WINDOWS\system32\TRKWKS.DLL
2004-08-04 11:00:00 90,624 ----a-w C:\WINDOWS\system32\MYDOCS.DLL
2004-08-04 11:00:00 90,112 ----a-w C:\WINDOWS\system32\RSVPSP.DLL
2004-08-04 11:00:00 90,112 ----a-w C:\WINDOWS\system32\MYCOMPUT.DLL
2004-08-04 11:00:00 9,936 ----a-w C:\WINDOWS\system32\LZEXPAND.DLL
2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\SPRESTRT.EXE
2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\SFC.EXE
2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\RSVPPERF.DLL
2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\RESET.EXE
2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\LABEL.EXE
2004-08-04 11:00:00 9,728 ----a-w C:\WINDOWS\system32\GPKRSRC.DLL
2004-08-04 11:00:00 9,600 ----a-w C:\WINDOWS\system32\drivers\NDISTAPI.SYS
2004-08-04 11:00:00 9,344 ----a-w C:\WINDOWS\system32\VGA.DLL
2004-08-04 11:00:00 9,344 ----a-w C:\WINDOWS\system32\FRAMEBUF.DLL
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\WSHATM.DLL
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\WINFAX.DLL
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\WIFEMAN.DLL
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\SUBST.EXE
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\SCRNSAVE.SCR
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\PROXYCFG.EXE
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\PRINT.EXE
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\LPRMONUI.DLL
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\IISSUBA.DLL
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\FINGER.EXE
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\FIND.EXE
2004-08-04 11:00:00 9,216 ----a-w C:\WINDOWS\system32\DISKCOMP.COM
2004-08-04 11:00:00 9,029 ----a-w C:\WINDOWS\system32\ANSI.SYS
2004-08-04 11:00:00 9,008 ----a-w C:\WINDOWS\system32\VER.DLL
2004-08-04 11:00:00 89,600 ----a-w C:\WINDOWS\system32\SMLOGSVC.EXE
2004-08-04 11:00:00 89,600 ----a-w C:\WINDOWS\system32\LANGWRBK.DLL
2004-08-04 11:00:00 89,088 ----a-w C:\WINDOWS\system32\RASAUTO.DLL
2004-08-04 11:00:00 89,088 ----a-w C:\WINDOWS\system32\MQLOGMGR.DLL
2004-08-04 11:00:00 882 ----a-w C:\WINDOWS\system32\SHARE.EXE
2004-08-04 11:00:00 882 ----a-w C:\WINDOWS\system32\FASTOPEN.EXE
2004-08-04 11:00:00 88,448 ----a-w C:\WINDOWS\system32\drivers\NWLNKIPX.SYS
2004-08-04 11:00:00 88,064 ----a-w C:\WINDOWS\system32\P2PNETSH.DLL
2004-08-04 11:00:00 875,008 ----a-w C:\WINDOWS\system32\NETPLWIZ.DLL
2004-08-04 11:00:00 87,552 ----a-w C:\WINDOWS\system32\FLDRCLNR.DLL
2004-08-04 11:00:00 87,176 ----a-w C:\WINDOWS\system32\RDPWSX.DLL
2004-08-04 11:00:00 87,040 ----a-w C:\WINDOWS\system32\MPRAPI.DLL
2004-08-04 11:00:00 86,528 ----a-w C:\WINDOWS\system32\IASSAM.DLL
2004-08-04 11:00:00 86,073 ----a-w C:\WINDOWS\system32\USRFAXA.DLL
2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\P2PGASVC.DLL
2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\NETSH.EXE
2004-08-04 11:00:00 86,016 ----a-w C:\WINDOWS\system32\MSAPSSPC.DLL
2004-08-04 11:00:00 858,624 ----a-w C:\WINDOWS\system32\TAPI3.DLL
2004-08-04 11:00:00 85,504 ----a-w C:\WINDOWS\system32\MAKECAB.EXE
2004-08-04 11:00:00 85,504 ----a-w C:\WINDOWS\system32\DIANTZ.EXE
2004-08-04 11:00:00 85,504 ----a-w C:\WINDOWS\system32\CATSRVPS.DLL
2004-08-04 11:00:00 85,020 ----a-w C:\WINDOWS\system32\DGSETUP.DLL
2004-08-04 11:00:00 847,872 ----a-w C:\WINDOWS\system32\DBGENG.DLL
2004-08-04 11:00:00 84,992 ----a-w C:\WINDOWS\system32\AVIFIL32.DLL
2004-08-04 11:00:00 84,480 ----a-w C:\WINDOWS\system32\MCIAVI32.DLL
2004-08-04 11:00:00 84,480 ----a-w C:\WINDOWS\system32\CABVIEW.DLL
2004-08-04 11:00:00 831,519 ----a-w C:\WINDOWS\system32\MSWDAT10.DLL
2004-08-04 11:00:00 83,968 ----a-w C:\WINDOWS\system32\IPXMONTR.DLL
2004-08-04 11:00:00 83,456 ----a-w C:\WINDOWS\system32\OLEPRO32.DLL
2004-08-04 11:00:00 83,456 ----a-w C:\WINDOWS\system32\DPVSETUP.EXE
2004-08-04 11:00:00 825,344 ----a-w C:\WINDOWS\system32\D3DIM700.DLL
2004-08-04 11:00:00 82,944 ----a-w C:\WINDOWS\system32\WS2_32.DLL
2004-08-04 11:00:00 82,944 ----a-w C:\WINDOWS\system32\OLECLI.DLL
2004-08-04 11:00:00 82,432 ----a-w C:\WINDOWS\system32\UFAT.DLL
2004-08-04 11:00:00 82,432 ----a-w C:\WINDOWS\system32\DMSCRIPT.DLL
2004-08-04 11:00:00 82,432 ----a-w C:\WINDOWS\system32\DFRGFAT.EXE
2004-08-04 11:00:00 817 ----a-w C:\WINDOWS\system32\MSCDEXNT.EXE
2004-08-04 11:00:00 815,104 ----a-w C:\WINDOWS\system32\MMC.EXE
2004-08-04 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ISIGN32.DLL
2004-08-04 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ILS.DLL
2004-08-04 11:00:00 81,920 ----a-w C:\WINDOWS\system32\ieencode.dll
2004-08-04 11:00:00 81,408 ----a-w C:\WINDOWS\system32\WSCSVC.DLL
2004-08-04 11:00:00 81,408 ----a-w C:\WINDOWS\system32\FSUSD.DLL
2004-08-04 11:00:00 80,896 ----a-w C:\WINDOWS\system32\NETUI0.DLL
2004-08-04 11:00:00 80,384 ----a-w C:\WINDOWS\system32\ICCVID.DLL
2004-08-04 11:00:00 80,384 ----a-w C:\WINDOWS\system32\FAULTREP.DLL
2004-08-04 11:00:00 80,384 ----a-w C:\WINDOWS\system32\CHARMAP.EXE
2004-08-04 11:00:00 80,384 ----a-w C:\WINDOWS\system32\AUTODISC.DLL
2004-08-04 11:00:00 80,128 ----a-w C:\WINDOWS\system32\drivers\PARPORT.SYS
2004-08-04 11:00:00 8,832 ----a-w C:\WINDOWS\system32\drivers\RASACD.SYS
2004-08-04 11:00:00 8,704 ----a-w C:\WINDOWS\system32\FXSPERF.DLL
2004-08-04 11:00:00 8,704 ----a-w C:\WINDOWS\system32\EVENTVWR.EXE
2004-08-04 11:00:00 8,704 ----a-w C:\WINDOWS\system32\DCIMAN32.DLL
2004-08-04 11:00:00 8,704 ----a-w C:\WINDOWS\system32\BATT.DLL
2004-08-04 11:00:00 8,424 ----a-w C:\WINDOWS\system32\EXE2BIN.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\WINHLP32.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\TSBYUV.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\SMBINST.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\QOSNAME.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\PSNPPAGN.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\NTLSAPI.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\MQPERF.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\MOUNTVOL.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\MCIOLE16.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\MAG_HOOK.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\LPR.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\KBDHEPT.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\IGMPAGNT.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\D3D8THK.DLL
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\CONTROL.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\CIDAEMON.EXE
2004-08-04 11:00:00 8,192 ----a-w C:\WINDOWS\system32\BITSPRX2.DLL
2004-08-04 11:00:00 799,744 ----a-w C:\WINDOWS\system32\drivers\DMBOOT.SYS
2004-08-04 11:00:00 792,064 ----a-w C:\WINDOWS\system32\COMRES.DLL
2004-08-04 11:00:00 79,744 ----a-w C:\WINDOWS\system32\drivers\VIDEOPRT.SYS
2004-08-04 11:00:00 78,848 ----a-w C:\WINDOWS\system32\TAPIUI.DLL
2004-08-04 11:00:00 78,336 ----a-w C:\WINDOWS\system32\TLNTSESS.EXE
2004-08-04 11:00:00 78,336 ----a-w C:\WINDOWS\system32\BROWSEWM.DLL
2004-08-04 11:00:00 77,891 ----a-w C:\WINDOWS\system32\USRMLNKA.EXE
2004-08-04 11:00:00 77,890 ----a-w C:\WINDOWS\system32\USRDPA.DLL
2004-08-04 11:00:00 77,883 ----a-w C:\WINDOWS\system32\USRRTOSA.DLL
2004-08-04 11:00:00 77,824 ----a-w C:\WINDOWS\system32\SHRPUBW.EXE
2004-08-04 11:00:00 77,824 ----a-w C:\WINDOWS\system32\eventtriggers.exe
2004-08-04 11:00:00 77,824 ----a-w C:\WINDOWS\system32\CLICONFG.DLL
2004-08-04 11:00:00 77,312 ----a-w C:\WINDOWS\system32\SDBINST.EXE
2004-08-04 11:00:00 77,312 ----a-w C:\WINDOWS\system32\RTCSHARE.EXE
2004-08-04 11:00:00 77,312 ----a-w C:\WINDOWS\system32\BROWSER.DLL
2004-08-04 11:00:00 764,928 ----a-w C:\WINDOWS\system32\WINNTBBU.DLL
2004-08-04 11:00:00 76,800 ----a-w C:\WINDOWS\system32\NSLOOKUP.EXE
2004-08-04 11:00:00 76,800 ----a-w C:\WINDOWS\system32\GCDEF.DLL
2004-08-04 11:00:00 755,200 ----a-w C:\WINDOWS\system32\IR50_32.DLL
2004-08-04 11:00:00 75,776 ----a-w C:\WINDOWS\system32\WIASCR.DLL
2004-08-04 11:00:00 75,776 ----a-w C:\WINDOWS\system32\STRMFILT.DLL
2004-08-04 11:00:00 75,264 ----a-w C:\WINDOWS\system32\LOCATOR.EXE
2004-08-04 11:00:00 75,264 ----a-w C:\WINDOWS\system32\INETPP.DLL
2004-08-04 11:00:00 741 ----a-w C:\WINDOWS\system32\NOISE.DAT
2004-08-04 11:00:00 74,752 ----a-w C:\WINDOWS\system32\SPOOLSS.DLL
2004-08-04 11:00:00 74,752 ----a-w C:\WINDOWS\system32\drivers\IPSEC.SYS
2004-08-04 11:00:00 74,752 ----a-w C:\WINDOWS\system32\CRYPTDLG.DLL
2004-08-04 11:00:00 74,240 ----a-w C:\WINDOWS\system32\UNIMDMAT.DLL
2004-08-04 11:00:00 74,240 ----a-w C:\WINDOWS\system32\DHCPSAPI.DLL
2004-08-04 11:00:00 733,696 ----a-w C:\WINDOWS\system32\QEDWIPES.DLL
2004-08-04 11:00:00 73,802 ----a-w C:\WINDOWS\system32\MSRCLR40.DLL
2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\ICWDIAL.DLL
2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\FDEPLOY.DLL
2004-08-04 11:00:00 73,728 ----a-w C:\WINDOWS\system32\CSSEQCHK.DLL
2004-08-04 11:00:00 73,472 ----a-w C:\WINDOWS\system32\drivers\SR.SYS
2004-08-04 11:00:00 73,216 ----a-w C:\WINDOWS\system32\TLNTSVR.EXE
2004-08-04 11:00:00 73,216 ----a-w C:\WINDOWS\system32\AVWAV.DLL
2004-08-04 11:00:00 723,456 ----a-w C:\WINDOWS\system32\USERENV.DLL
2004-08-04 11:00:00 72,960 ----a-w C:\WINDOWS\system32\drivers\MQAC.SYS
2004-08-04 11:00:00 72,704 ----a-w C:\WINDOWS\system32\MSW3PRT.DLL
2004-08-04 11:00:00 72,704 ----a-w C:\WINDOWS\system32\MAGNIFY.EXE
2004-08-04 11:00:00 72,192 ----a-w C:\WINDOWS\system32\TASKLIST.EXE
2004-08-04 11:00:00 72,192 ----a-w C:\WINDOWS\system32\TASKKILL.EXE
2004-08-04 11:00:00 72,192 ----a-w C:\WINDOWS\system32\SPRIO800.DLL
2004-08-04 11:00:00 72,192 ----a-w C:\WINDOWS\system32\FXSCOM.DLL
2004-08-04 11:00:00 713,728 ----a-w C:\WINDOWS\system32\OPENGL32.DLL
2004-08-04 11:00:00 71,680 ----a-w C:\WINDOWS\system32\SSDPSRV.DLL
2004-08-04 11:00:00 71,680 ----a-w C:\WINDOWS\system32\MSACM32.DLL
2004-08-04 11:00:00 71,680 ----a-w C:\WINDOWS\system32\DSDMOPRP.DLL
2004-08-04 11:00:00 71,680 ----a-w C:\WINDOWS\system32\BLASTCLN.EXE
2004-08-04 11:00:00 71,552 ----a-w C:\WINDOWS\system32\drivers\BRIDGE.SYS
2004-08-04 11:00:00 71,040 ----a-w C:\WINDOWS\system32\drivers\DXG.SYS
2004-08-04 11:00:00 708,096 ----a-w C:\WINDOWS\system32\NTDLL.DLL
2004-08-04 11:00:00 707 ----a-w C:\WINDOWS\_DEFAULT.PIF
2004-08-04 11:00:00 704,512 ----a-w C:\WINDOWS\system32\SS3DFO.SCR
2004-08-04 11:00:00 701,440 ----a-w C:\WINDOWS\system32\MSXML2.DLL
2004-08-04 11:00:00 70,656 ----a-w C:\WINDOWS\system32\SPRIO600.DLL
2004-08-04 11:00:00 70,656 ----a-w C:\WINDOWS\system32\MMCBASE.DLL
2004-08-04 11:00:00 70,656 ----a-w C:\WINDOWS\system32\IFSUTIL.DLL
2004-08-04 11:00:00 70,656 ----a-w C:\WINDOWS\system32\AMSTREAM.DLL
2004-08-04 11:00:00 70,144 ----a-w C:\WINDOWS\system32\SIGVERIF.EXE
2004-08-04 11:00:00 7,936 ----a-w C:\WINDOWS\system32\drivers\FS_REC.SYS
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\VCDEX.DLL

 

[amabrey]

2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\NCXPNT.DLL
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\MLL_MTF.DLL
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\MCIOLE32.DLL
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\KBDSMSNO.DLL
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\KBDSMSFI.DLL
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\KBDCAN.DLL
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\HOSTNAME.EXE
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\drivers\MCD.SYS
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\CKCNV.EXE
2004-08-04 11:00:00 7,680 ----a-w C:\WINDOWS\system32\CHCP.COM
2004-08-04 11:00:00 7,424 ----a-w C:\WINDOWS\system32\KD1394.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\WSHNETBS.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\TLNTSVRP.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\RECOVER.EXE
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\MSR2CENU.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\MSCAT32.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\KBDUKX.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\KBDNO1.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\KBDNEC.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\KBDFI1.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\KBDCZ.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\HCCOIN.DLL
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\FORCEDOS.EXE
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\DISKCOPY.COM
2004-08-04 11:00:00 7,168 ----a-w C:\WINDOWS\system32\BITSPRX3.DLL
2004-08-04 11:00:00 7,052 ----a-w C:\WINDOWS\system32\NLSFUNC.EXE
2004-08-04 11:00:00 7,040 ----a-w C:\WINDOWS\system32\KDCOM.DLL
2004-08-04 11:00:00 69,886 ----a-w C:\WINDOWS\system32\EDIT.COM
2004-08-04 11:00:00 69,700 ----a-w C:\WINDOWS\system32\USRSHUTA.EXE
2004-08-04 11:00:00 69,699 ----a-w C:\WINDOWS\system32\USRCOINA.DLL
2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\SPNIKE.DLL
2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\SCARDDLG.DLL
2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\RASCHAP.DLL
2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\ODBCCONF.EXE
2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\MSR2C.DLL
2004-08-04 11:00:00 69,632 ----a-w C:\WINDOWS\system32\MSCONF.DLL
2004-08-04 11:00:00 69,584 ----a-w C:\WINDOWS\system32\AVICAP.DLL
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\OLETHK32.DLL
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\NOTEPAD.EXE
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\MSCTFP.DLL
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\MPRDDM.DLL
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\IPXPROMN.DLL
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\system32\drivers\PSCHED.SYS
2004-08-04 11:00:00 69,120 ----a-w C:\WINDOWS\NOTEPAD.EXE
2004-08-04 11:00:00 68,768 ----a-w C:\WINDOWS\system32\MMSYSTEM.DLL
2004-08-04 11:00:00 68,608 ----a-w C:\WINDOWS\system32\DIGEST.DLL
2004-08-04 11:00:00 68,096 ----a-w C:\WINDOWS\system32\systeminfo.exe
2004-08-04 11:00:00 68,096 ----a-w C:\WINDOWS\system32\SHGINA.DLL
2004-08-04 11:00:00 68,096 ----a-w C:\WINDOWS\system32\ADSMSEXT.DLL
2004-08-04 11:00:00 679,936 ----a-w C:\WINDOWS\system32\SSTEXT3D.SCR
2004-08-04 11:00:00 673,088 ----a-w C:\WINDOWS\system32\MLANG.DAT
2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\STI.DLL
2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\SRCLIENT.DLL
2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\OSUNINST.DLL
2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\openfiles.exe
2004-08-04 11:00:00 67,584 ----a-w C:\WINDOWS\system32\drivers\SDBUS.SYS
2004-08-04 11:00:00 67,072 ----a-w C:\WINDOWS\system32\RDSHOST.EXE
2004-08-04 11:00:00 67,072 ----a-w C:\WINDOWS\system32\NTDSAPI.DLL
2004-08-04 11:00:00 660,992 ----a-w C:\WINDOWS\system32\MQQM.DLL
2004-08-04 11:00:00 66,560 ----a-w C:\WINDOWS\system32\IPXSAP.DLL
2004-08-04 11:00:00 66,560 ----a-w C:\WINDOWS\system32\CONSOLE.DLL
2004-08-04 11:00:00 66,176 ----a-w C:\WINDOWS\system32\drivers\UDFS.SYS
2004-08-04 11:00:00 657,920 ----a-w C:\WINDOWS\system32\RASDLG.DLL
2004-08-04 11:00:00 655,360 ----a-w C:\WINDOWS\system32\MSTSCAX.DLL
2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\WEXTRACT.EXE
2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\SHIMENG.DLL
2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\ODBCCU32.DLL
2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\ODBCCR32.DLL
2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\JGSH400.DLL
2004-08-04 11:00:00 65,536 ----a-w C:\WINDOWS\system32\ICWPHBK.DLL
2004-08-04 11:00:00 65,024 ----a-w C:\WINDOWS\system32\MSAUDITE.DLL
2004-08-04 11:00:00 65,024 ----a-w C:\WINDOWS\system32\ASYCFILT.DLL
2004-08-04 11:00:00 640,000 ----a-w C:\WINDOWS\system32\DBGHELP.DLL
2004-08-04 11:00:00 64,896 ----a-w C:\WINDOWS\system32\drivers\SERIAL.SYS
2004-08-04 11:00:00 64,512 ----a-w C:\WINDOWS\system32\ACCTRES.DLL
2004-08-04 11:00:00 64,000 ----a-w C:\WINDOWS\system32\SAMLIB.DLL
2004-08-04 11:00:00 64,000 ----a-w C:\WINDOWS\system32\CLEANMGR.EXE
2004-08-04 11:00:00 64,000 ----a-w C:\WINDOWS\system32\AVICAP32.DLL
2004-08-04 11:00:00 63,744 ----a-w C:\WINDOWS\system32\drivers\MF.SYS
2004-08-04 11:00:00 63,744 ----a-w C:\WINDOWS\system32\drivers\CDFS.SYS
2004-08-04 11:00:00 63,488 ----a-w C:\WINDOWS\system32\CRYPTNET.DLL
2004-08-04 11:00:00 63,488 ----a-w C:\WINDOWS\system32\CMSTP.EXE
2004-08-04 11:00:00 63,488 ----a-w C:\WINDOWS\system32\BROWSELC.DLL
2004-08-04 11:00:00 63,232 ----a-w C:\WINDOWS\system32\drivers\NWLNKNB.SYS
2004-08-04 11:00:00 622,080 ----a-w C:\WINDOWS\system32\NETCFGX.DLL
2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\RSOPPROV.EXE
2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\PAUTOENR.DLL
2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\iesetup.dll
2004-08-04 11:00:00 62,976 ----a-w C:\WINDOWS\system32\DSAUTH.DLL
2004-08-04 11:00:00 62,464 ----a-w C:\WINDOWS\system32\RDPCLIP.EXE
2004-08-04 11:00:00 62,464 ----a-w C:\WINDOWS\system32\IASNAP.DLL
2004-08-04 11:00:00 62,464 ----a-w C:\WINDOWS\system32\DPNMODEM.DLL
2004-08-04 11:00:00 619,008 ----a-w C:\WINDOWS\system32\DX7VB.DLL
2004-08-04 11:00:00 616,960 ----a-w C:\WINDOWS\system32\ADVAPI32.DLL
2004-08-04 11:00:00 614,912 ----a-w C:\WINDOWS\system32\H323MSP.DLL
2004-08-04 11:00:00 614,429 ----a-w C:\WINDOWS\system32\MSWSTR10.DLL
2004-08-04 11:00:00 610,304 ----a-w C:\WINDOWS\system32\SSPIPES.SCR
2004-08-04 11:00:00 61,952 ----a-w C:\WINDOWS\system32\DPNWSOCK.DLL
2004-08-04 11:00:00 61,824 ----a-w C:\WINDOWS\system32\drivers\NIC1394.SYS
2004-08-04 11:00:00 61,508 ----a-w C:\WINDOWS\system32\USRPRBDA.EXE
2004-08-04 11:00:00 61,500 ----a-w C:\WINDOWS\system32\USRCNTRA.DLL
2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\TLNTADMN.EXE
2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\RASMAN.DLL
2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\MSVCRT40.DLL
2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\DMCOMPOS.DLL
2004-08-04 11:00:00 61,440 ----a-w C:\WINDOWS\system32\admparse.dll
2004-08-04 11:00:00 61,168 ----a-w C:\WINDOWS\system32\MSACM.DLL
2004-08-04 11:00:00 605,696 ----a-w C:\WINDOWS\system32\GETUNAME.DLL
2004-08-04 11:00:00 602,624 ----a-w C:\WINDOWS\system32\AUTOCONV.EXE
2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\OCMANAGE.DLL
2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\MQGENTR.DLL
2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\MIGLIBNT.DLL
2004-08-04 11:00:00 60,928 ----a-w C:\WINDOWS\system32\DPNHUPNP.DLL
2004-08-04 11:00:00 60,800 ----a-w C:\WINDOWS\system32\drivers\ARP1394.SYS
2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\REMOTEPG.DLL
2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\MSRATELC.DLL
2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\FWCFG.DLL
2004-08-04 11:00:00 60,416 ----a-w C:\WINDOWS\system32\CRYPTSVC.DLL
2004-08-04 11:00:00 6,784 ----a-w C:\WINDOWS\system32\drivers\PARVDM.SYS
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\WUAUSERV.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\SENSAPI.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\ROUTETAB.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\MSSWCHX.EXE
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\MSIDLE.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDYCL.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDSL1.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDSL.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDSG.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDPL.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDLA.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDINMAL.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDINBEN.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDHU.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDHELA3.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDCZ2.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDCZ1.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDCR.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\KBDAL.DLL
2004-08-04 11:00:00 6,656 ----a-w C:\WINDOWS\system32\FXSRES.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\SVCPACK.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\NWEVENT.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\MSDTC.EXE
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\LPQ.EXE
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDUSX.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDUSR.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDUSL.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDTUQ.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDTUF.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDSW.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDSP.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDSF.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDPO.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDNO.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDNE.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDMLT48.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDMLT47.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDMAC.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDLV1.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDLV.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDINBE1.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDIC.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDHELA2.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDGR1.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDGR.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDGKL.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDFR.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDFO.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDFI.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDFC.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDEST.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDES.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDDA.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDCA.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDBR.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDBENE.DLL
2004-08-04 11:00:00 6,144 ----a-w C:\WINDOWS\system32\KBDBE.DLL
2004-08-04 11:00:00 597,504 ----a-w C:\WINDOWS\system32\CRYPT32.DLL
2004-08-04 11:00:00 596,992 ----a-w C:\WINDOWS\system32\WSECEDIT.DLL
2004-08-04 11:00:00 590,336 ----a-w C:\WINDOWS\system32\D3DRAMP.DLL
2004-08-04 11:00:00 59,904 ----a-w C:\WINDOWS\system32\REGSVC.DLL
2004-08-04 11:00:00 59,904 ----a-w C:\WINDOWS\system32\MPR.DLL