1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Browser Hijacked with spyware

Discussion in 'Malware and Virus Removal Archive' started by CD82, 2007/01/09.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2007/01/11
    CD82

    CD82 Inactive Thread Starter

    Joined:
    2007/01/09
    Messages:
    17
    Likes Received:
    0
    CD - 07-01-10 22:27:05.92 Service Pack 2
    ComboFix 06.11.27 - Running from: "C:\Documents and Settings\CD\Desktop "

    ((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 ))))))))))))))))))))))))))))))))))


    2007-01-10 07:15 <DIR> d-------- C:\WINDOWS\WBEM
    2007-01-10 07:15 <DIR> d-------- C:\WINDOWS\system32\en-US
    2007-01-10 07:14 <DIR> d--h-c--- C:\WINDOWS\ie7
    2007-01-10 07:13 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-01-10 07:13 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2007-01-10 07:13 <DIR> d--h----- C:\WINDOWS\$hf_mig$
    2007-01-10 02:48 <DIR> d-------- C:\!KillBox
    2007-01-09 19:01 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
    2007-01-09 19:01 <DIR> d-------- C:\Program Files\SkypeUSBPhoneDriver
    2007-01-09 18:58 <DIR> d-------- C:\Program Files\Skype
    2007-01-09 18:58 <DIR> d-------- C:\Program Files\Common Files\Skype
    2007-01-09 18:58 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Skype
    2007-01-09 18:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2007-01-09 16:13 <DIR> d-------- C:\Documents and Settings\CD\VSWebCache
    2007-01-09 15:53 <DIR> d-------- C:\Program Files\Microsoft.NET
    2007-01-09 15:53 <DIR> d-------- C:\Program Files\Microsoft Office
    2007-01-09 15:53 <DIR> d-------- C:\Program Files\Common Files\Merge Modules
    2007-01-09 15:53 <DIR> d-------- C:\Program Files\Common Files\Crystal Decisions
    2007-01-09 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-01-09 15:52 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
    2007-01-09 13:38 <DIR> d-------- C:\Program Files\Web Publish
    2007-01-09 13:37 <DIR> d-------- C:\Program Files\Microsoft Visual Studio
    2007-01-09 13:37 <DIR> d-------- C:\Program Files\Common Files\designer
    2007-01-09 13:33 <DIR> d-------- C:\WINDOWS\pss
    2007-01-09 13:29 843,024 --a------ C:\WINDOWS\system32\msjava.dll
    2007-01-09 13:29 73,728 --a------ C:\WINDOWS\system32\msjdbc10.dll
    2007-01-09 13:29 44,544 --a------ C:\WINDOWS\clspack.exe
    2007-01-09 13:29 42,496 --a------ C:\WINDOWS\setdebug.exe
    2007-01-09 13:29 361,744 --a------ C:\WINDOWS\system32\javart.dll
    2007-01-09 13:29 32,528 --a------ C:\WINDOWS\system32\javaprxy.dll
    2007-01-09 13:29 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
    2007-01-09 13:29 209,168 --a------ C:\WINDOWS\system32\javacypt.dll
    2007-01-09 13:29 207,872 --a------ C:\WINDOWS\system32\vmhelper.dll
    2007-01-09 13:29 155,920 --a------ C:\WINDOWS\system32\msawt.dll
    2007-01-09 13:29 154,112 --a------ C:\WINDOWS\jview.exe
    2007-01-09 13:29 147,456 --a------ C:\WINDOWS\wjview.exe
    2007-01-09 13:29 140,048 --a------ C:\WINDOWS\system32\jit.dll
    2007-01-09 13:29 14,848 --a------ C:\WINDOWS\system32\jdbgmgr.exe
    2007-01-09 13:29 135,168 --a------ C:\WINDOWS\system32\javaee.dll
    2007-01-09 13:29 113 --a------ C:\WINDOWS\system32\zonedon.reg
    2007-01-09 13:29 113 --a------ C:\WINDOWS\system32\zonedoff.reg
    2007-01-09 13:29 103,424 --a------ C:\WINDOWS\extrac32.exe
    2007-01-09 10:01 <DIR> d-------- C:\HJT
    2007-01-08 19:55 57,344 --a------ C:\WINDOWS\Unwash6.exe
    2007-01-08 19:55 487,936 --a------ C:\WINDOWS\system32\wwSecure.exe
    2007-01-08 19:55 <DIR> d-------- C:\Program Files\Webroot
    2007-01-08 19:55 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
    2007-01-08 19:55 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Webroot
    2007-01-08 19:32 <DIR> d-------- C:\Documents and Settings\CD\.housecall6.6
    2007-01-08 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    2007-01-08 18:57 <DIR> d-------- C:\VundoFix Backups
    2007-01-08 16:06 <DIR> d-------- C:\4ceaf2717e9926c4f79108a2d5
    2007-01-08 15:12 <DIR> d-------- C:\Program Files\VSAdd-in
    2007-01-08 15:12 <DIR> d-------- C:\Documents and Settings\CD\Application Data\SearchToolbarCorp
    2007-01-08 14:44 <DIR> d-------- C:\Program Files\Alcohol Soft
    2007-01-08 14:37 <DIR> d-------- C:\Program Files\PowerISO
    2007-01-08 14:04 768,000 --a------ C:\WINDOWS\system32\exec1.exe
    2007-01-08 13:04 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2007-01-07 23:19 <DIR> d-------- C:\Program Files\SafeNet Sentinel
    2007-01-07 23:19 <DIR> d-------- C:\Program Files\Common Files\SafeNet Sentinel
    2007-01-07 23:18 1,228,499 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe
    2007-01-07 23:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
    2007-01-07 23:18 <DIR> d-------- C:\Program Files\NewTek
    2007-01-07 13:49 <DIR> d-------- C:\WINDOWS\system32\AGEIA
    2007-01-07 13:49 <DIR> d-------- C:\Program Files\AGEIA Technologies
    2007-01-07 13:48 <DIR> d-------- C:\Program Files\Kuma Games
    2007-01-06 17:13 <DIR> d-------- C:\Program Files\GFI
    2007-01-06 17:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-01-04 22:34 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
    2007-01-04 22:34 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
    2007-01-04 22:34 <DIR> d-------- C:\Program Files\Datel
    2007-01-04 22:31 <DIR> d-------- C:\Program Files\Max Media Creator
    2007-01-03 14:48 <DIR> d-------- C:\Program Files\SC4Tool
    2007-01-02 11:03 <DIR> d-------- C:\gmax
    2007-01-02 10:42 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
    2007-01-02 10:42 <DIR> d-------- C:\Program Files\Autodesk
    2007-01-02 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
    2007-01-01 19:26 <DIR> d-------- C:\Program Files\SynapticEffect
    2007-01-01 19:24 <DIR> dr--s---- C:\WINDOWS\assembly
    2007-01-01 19:24 <DIR> d-------- C:\WINDOWS\system32\URTTemp
    2007-01-01 19:24 <DIR> d-------- C:\WINDOWS\Microsoft.NET
    2007-01-01 13:04 <DIR> d-------- C:\Program Files\BearFlix
    2007-01-01 13:04 <DIR> d-------- C:\My Downloads
    2007-01-01 12:46 <DIR> d-------- C:\Theme
    2007-01-01 00:51 <DIR> d-------- C:\Program Files\LimeWire
    2007-01-01 00:51 <DIR> d-------- C:\Documents and Settings\CD\Incomplete
    2007-01-01 00:51 <DIR> d-------- C:\Documents and Settings\CD\Application Data\LimeWire
    2006-12-30 20:35 <DIR> d-------- C:\Program Files\ArtMoney
    2006-12-30 17:58 <DIR> d-------- C:\Program Files\Maxis
    2006-12-30 17:55 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
    2006-12-30 17:55 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
    2006-12-30 17:55 <DIR> d-------- C:\Program Files\Cheat Engine
    2006-12-30 16:45 299,520 --a------ C:\WINDOWS\uninst.exe
    2006-12-29 23:37 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
    2006-12-29 15:09 <DIR> d-------- C:\Program Files\Infogrames
    2006-12-27 20:17 <DIR> d-------- C:\Program Files\Hunting Unlimited 4
    2006-12-27 19:10 <DIR> d-------- C:\Program Files\YahELite
    2006-12-27 17:31 39,680 --a------ C:\WINDOWS\system\LGACCSS1.DLL
    2006-12-27 17:31 355,136 --a------ C:\WINDOWS\system\SETUPX.DLL
    2006-12-27 17:31 33,808 --a------ C:\WINDOWS\system\QRZDLL.DLL
    2006-12-27 17:31 17,004 --a------ C:\WINDOWS\system\HAMCALL.DLL
    2006-12-27 13:32 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Help
    2006-12-27 13:28 <DIR> d-------- C:\WINDOWS\RLZRUN20
    2006-12-27 13:20 <DIR> d-------- C:\Documents and Settings\CD\Application Data\AdobeUM
    2006-12-27 13:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
    2006-12-27 13:19 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Adobe
    2006-12-26 20:38 <DIR> d-------- C:\Program Files\Adobe
    2006-12-26 20:38 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Leadertech
    2006-12-26 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
    2006-12-26 20:34 <DIR> d-------- C:\Program Files\Atari
    2006-12-26 19:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
    2006-12-26 19:49 <DIR> d-------- C:\Program Files\Electronic Arts
    2006-12-26 04:11 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2006-12-26 04:10 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
    2006-12-26 04:10 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
    2006-12-26 04:10 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
    2006-12-26 02:55 94,208 --a------ C:\WINDOWS\DIIUnin.exe
    2006-12-26 02:55 2,829 --a------ C:\WINDOWS\DIIUnin.pif
    2006-12-26 02:47 <DIR> d-------- C:\Program Files\Diablo II
    2006-12-25 19:57 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
    2006-12-25 19:57 249,856 --------- C:\WINDOWS\Setup1.exe
    2006-12-25 19:57 <DIR> d-------- C:\Program Files\Hero Editor
    2006-12-25 14:46 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Logitech
    2006-12-25 05:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
    2006-12-25 05:23 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
    2006-12-25 05:23 71,936 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
    2006-12-25 05:23 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
    2006-12-25 05:23 55,936 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
    2006-12-25 05:23 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
    2006-12-25 05:23 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
    2006-12-25 05:23 27,136 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
    2006-12-25 05:23 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
    2006-12-25 05:23 131,072 --a------ C:\WINDOWS\system32\KemUtil.dll
    2006-12-25 05:23 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
    2006-12-25 05:23 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
    2006-12-25 05:23 <DIR> d-------- C:\Program Files\Logitech
    2006-12-25 05:23 <DIR> d-------- C:\Program Files\Common Files\Logitech
    2006-12-23 03:41 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2006-12-23 03:41 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2006-12-23 03:41 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2006-12-23 03:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2006-12-23 03:41 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
    2006-12-23 03:41 <DIR> d-------- C:\Program Files\Winamp
    2006-12-22 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
    2006-12-22 03:13 <DIR> d-------- C:\Program Files\RhinoSoft.com
    2006-12-22 03:07 <DIR> d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
    2006-12-22 03:07 <DIR> d-------- C:\Program Files\SmartFTP Client 2.0
    2006-12-22 03:07 <DIR> d-------- C:\Documents and Settings\CD\Application Data\SmartFTP
    2006-12-22 02:34 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
    2006-12-22 02:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
    2006-12-22 02:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
    2006-12-22 02:34 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
    2006-12-22 02:34 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
    2006-12-22 02:34 <DIR> d-------- C:\Program Files\Ipswitch
    2006-12-22 02:34 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Ipswitch
    2006-12-22 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
    2006-12-21 17:50 41,984 --------- C:\WINDOWS\Ctregrun.exe
    2006-12-21 17:48 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2006-12-21 17:48 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2006-12-21 17:47 90,112 --------- C:\WINDOWS\Updreg.EXE
    2006-12-21 17:46 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
    2006-12-21 17:46 <DIR> d-------- C:\Program Files\OpenAL
    2006-12-21 17:42 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll
    2006-12-21 17:40 <DIR> d-------- C:\WINDOWS\RegisteredPackages
    2006-12-21 17:25 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2006-12-21 12:35 <DIR> d-------- C:\Documents and Settings\CD\Application Data\F-Secure
    2006-12-21 12:33 <DIR> d-------- C:\Program Files\Creative
    2006-12-21 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
    2006-12-21 12:32 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2006-12-21 12:32 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
    2006-12-21 12:32 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
    2006-12-21 12:32 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
    2006-12-21 12:32 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
    2006-12-21 12:32 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
    2006-12-21 12:32 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
    2006-12-21 12:32 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2006-12-21 12:32 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
    2006-12-21 12:32 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
    2006-12-21 12:32 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
    2006-12-21 12:32 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
    2006-12-21 12:32 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
    2006-12-21 12:32 11,776 --a------ C:\WINDOWS\INRES.DLL
    2006-12-21 12:32 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
    2006-12-21 12:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
    2006-12-21 12:32 <DIR> d-------- C:\WINDOWS\system32\Data
    2006-12-21 12:32 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Creative
    2006-12-21 12:30 70,960 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2006-12-21 12:30 33,552 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2006-12-21 12:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
    2006-12-21 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2006-12-21 12:28 <DIR> d-------- C:\Program Files\F-Secure
    2006-12-21 05:10 <DIR> d---s---- C:\Documents and Settings\CD\UserData
    2006-12-21 03:48 <DIR> d-------- C:\WINDOWS\Sun
    2006-12-21 03:48 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Sun
    2006-12-21 03:48 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Azureus
    2006-12-21 03:47 <DIR> d-------- C:\Program Files\Java
    2006-12-21 03:47 <DIR> d-------- C:\Program Files\Common Files\Java
    2006-12-21 03:46 <DIR> d-------- C:\Program Files\Azureus
    2006-12-21 01:52 7,040 -ra------ C:\WINDOWS\system32\ntsim.sys
    2006-12-21 01:52 44,544 -ra------ C:\WINDOWS\system32\drivers\getnd5b.sys
    2006-12-21 01:50 306,688 --a------ C:\WINDOWS\IsUninst.exe
    2006-12-21 01:50 <DIR> d-------- C:\Documents and Settings\CD\WINDOWS
    2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\SendTo
    2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\Recent
    2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\Application Data\.
    2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\Application Data
    2006-12-21 01:46 <DIR> dr------- C:\Documents and Settings\CD\Start Menu
    2006-12-21 01:46 <DIR> dr------- C:\Documents and Settings\CD\My Documents
    2006-12-21 01:46 <DIR> d--hs---- C:\Documents and Settings\CD\Cookies
    2006-12-21 01:46 <DIR> d--h----- C:\Program Files\Uninstall Information
    2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\Templates
    2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\PrintHood
    2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\NetHood
    2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\Local Settings
    2006-12-21 01:46 <DIR> d---s---- C:\Documents and Settings\CD\Application Data\Microsoft
    2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\Desktop
    2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Identities
    2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\Application Data\..
    2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\..
    2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\.
    2006-12-21 01:44 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
    2006-12-21 01:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
    2006-12-21 01:44 <DIR> d-------- C:\WINDOWS\Prefetch
    2006-12-21 01:40 0 -rahs---- C:\MSDOS.SYS
    2006-12-21 01:40 0 -rahs---- C:\IO.SYS
    2006-12-21 01:40 0 --a------ C:\CONFIG.SYS
    2006-12-21 01:40 0 --a------ C:\AUTOEXEC.BAT
    2006-12-21 01:40 <DIR> d-------- C:\WINDOWS\system32\xircom
    2006-12-21 01:40 <DIR> d-------- C:\Program Files\xerox
    2006-12-21 01:40 <DIR> d-------- C:\Program Files\microsoft frontpage
    2006-12-21 01:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
    2006-12-21 01:39 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
    2006-12-21 01:38 11,264 --a------ C:\WINDOWS\system32\atrace.dll
     
    CD82,
    #21
  2. 2007/01/11
    CD82

    CD82 Inactive Thread Starter

    Joined:
    2007/01/09
    Messages:
    17
    Likes Received:
    0
    2006-12-21 01:38 <DIR> dr------- C:\WINDOWS\Offline Web Pages
    2006-12-21 01:38 <DIR> d--h----- C:\Program Files\WindowsUpdate
    2006-12-21 01:38 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
    2006-12-21 01:38 <DIR> d-------- C:\WINDOWS\system32\DirectX
    2006-12-21 01:37 81,920 --a------ C:\WINDOWS\system32\isign32.dll
    2006-12-21 01:37 81,920 --a------ C:\WINDOWS\system32\ils.dll
    2006-12-21 01:37 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
    2006-12-21 01:37 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
    2006-12-21 01:37 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
    2006-12-21 01:37 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
    2006-12-21 01:37 69,632 --a------ C:\WINDOWS\system32\msconf.dll
    2006-12-21 01:37 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-12-21 01:37 67,584 --a------ C:\WINDOWS\system32\srclient.dll
    2006-12-21 01:37 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
    2006-12-21 01:37 64,512 --a------ C:\WINDOWS\system32\acctres.dll
    2006-12-21 01:37 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
    2006-12-21 01:37 48,128 --a------ C:\WINDOWS\system32\inetres.dll
    2006-12-21 01:37 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
    2006-12-21 01:37 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
    2006-12-21 01:37 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
    2006-12-21 01:37 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
    2006-12-21 01:37 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
    2006-12-21 01:37 36,864 --a------ C:\WINDOWS\system32\wups.dll
    2006-12-21 01:37 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
    2006-12-21 01:37 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
    2006-12-21 01:37 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
    2006-12-21 01:37 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
    2006-12-21 01:37 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
    2006-12-21 01:37 274,944 --a------ C:\WINDOWS\system32\mstask.dll
    2006-12-21 01:37 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
    2006-12-21 01:37 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
    2006-12-21 01:37 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
    2006-12-21 01:37 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
    2006-12-21 01:37 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
    2006-12-21 01:37 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
    2006-12-21 01:37 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
    2006-12-21 01:37 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
    2006-12-21 01:37 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
    2006-12-21 01:37 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
    2006-12-21 01:37 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
    2006-12-21 01:37 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
    2006-12-21 01:37 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
    2006-12-21 01:37 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
    2006-12-21 01:37 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
    2006-12-21 01:37 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
    2006-12-21 01:37 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
    2006-12-21 01:37 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
    2006-12-21 01:37 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
    2006-12-21 01:37 <DIR> d---s---- C:\WINDOWS\Tasks
    2006-12-21 01:37 <DIR> d-------- C:\WINDOWS\system32\Restore
    2006-12-21 01:37 <DIR> d-------- C:\WINDOWS\system32\Macromed
    2006-12-21 01:37 <DIR> d-------- C:\WINDOWS\srchasst
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\Outlook Express
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\NetMeeting
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\Movie Maker
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\Internet Explorer
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\Common Files\System
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\Common Files\Services
    2006-12-21 01:37 <DIR> d-------- C:\Program Files\Common Files\MSSoap
    2006-12-21 01:36 73,216 --a------ C:\WINDOWS\system32\avwav.dll
    2006-12-21 01:36 5,632 --a------ C:\WINDOWS\system32\write.exe
    2006-12-21 01:36 44,544 --a------ C:\WINDOWS\system32\hticons.dll
    2006-12-21 01:36 35,328 --a------ C:\WINDOWS\system32\winchat.exe
    2006-12-21 01:36 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
    2006-12-21 01:36 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
    2006-12-21 01:36 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
    2006-12-21 01:36 <DIR> d-------- C:\WINDOWS\Registration
    2006-12-21 01:36 <DIR> d-------- C:\Program Files\Windows Media Player
    2006-12-21 01:36 <DIR> d-------- C:\Program Files\Online Services
    2006-12-21 01:36 <DIR> d-------- C:\Program Files\MSN Gaming Zone
    2006-12-21 01:36 <DIR> d-------- C:\Program Files\Messenger
    2006-12-21 01:36 <DIR> d-------- C:\Program Files\ComPlus Applications
    2006-12-21 01:35 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
    2006-12-21 01:35 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
    2006-12-21 01:35 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
    2006-12-21 01:35 9,728 --a------ C:\WINDOWS\system32\reset.exe
    2006-12-21 01:35 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
    2006-12-21 01:35 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
    2006-12-21 01:35 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
    2006-12-21 01:35 80,384 --a------ C:\WINDOWS\system32\charmap.exe
    2006-12-21 01:35 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
    2006-12-21 01:35 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
    2006-12-21 01:35 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
    2006-12-21 01:35 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
    2006-12-21 01:35 62,464 --a------ C:\WINDOWS\system32\colbact.dll
    2006-12-21 01:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll
    2006-12-21 01:35 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
    2006-12-21 01:35 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
    2006-12-21 01:35 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
    2006-12-21 01:35 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
    2006-12-21 01:35 56,832 --a------ C:\WINDOWS\system32\sol.exe
    2006-12-21 01:35 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
    2006-12-21 01:35 55,296 --a------ C:\WINDOWS\system32\freecell.exe
    2006-12-21 01:35 540,160 --a------ C:\WINDOWS\system32\comuid.dll
    2006-12-21 01:35 54,272 --a------ C:\WINDOWS\system32\stclient.dll
    2006-12-21 01:35 538,624 --a------ C:\WINDOWS\system32\spider.exe
    2006-12-21 01:35 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
    2006-12-21 01:35 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
    2006-12-21 01:35 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
    2006-12-21 01:35 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
    2006-12-21 01:35 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
    2006-12-21 01:35 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
    2006-12-21 01:35 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
    2006-12-21 01:35 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
    2006-12-21 01:35 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
    2006-12-21 01:35 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
    2006-12-21 01:35 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
    2006-12-21 01:35 33,792 --a------ C:\WINDOWS\system32\regini.exe
    2006-12-21 01:35 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
    2006-12-21 01:35 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
    2006-12-21 01:35 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
    2006-12-21 01:35 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
    2006-12-21 01:35 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
    2006-12-21 01:35 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
    2006-12-21 01:35 20,992 --a------ C:\WINDOWS\system32\msg.exe
    2006-12-21 01:35 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
    2006-12-21 01:35 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
    2006-12-21 01:35 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
    2006-12-21 01:35 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
    2006-12-21 01:35 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
    2006-12-21 01:35 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
    2006-12-21 01:35 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
    2006-12-21 01:35 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
    2006-12-21 01:35 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
    2006-12-21 01:35 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
    2006-12-21 01:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe
    2006-12-21 01:35 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
    2006-12-21 01:35 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
    2006-12-21 01:35 15,360 --a------ C:\WINDOWS\system32\logoff.exe
    2006-12-21 01:35 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
    2006-12-21 01:35 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
    2006-12-21 01:35 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
    2006-12-21 01:35 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
    2006-12-21 01:35 14,848 --a------ C:\WINDOWS\system32\tscon.exe
    2006-12-21 01:35 14,848 --a------ C:\WINDOWS\system32\shadow.exe
    2006-12-21 01:35 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
    2006-12-21 01:35 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
    2006-12-21 01:35 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
    2006-12-21 01:35 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
    2006-12-21 01:35 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
    2006-12-21 01:35 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
    2006-12-21 01:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe
    2006-12-21 01:35 114,688 --a------ C:\WINDOWS\system32\calc.exe
    2006-12-21 01:35 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
    2006-12-21 01:35 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
    2006-12-21 01:35 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
    2006-12-21 01:35 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
    2006-12-21 01:35 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
    2006-12-21 01:35 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
    2006-12-21 01:35 <DIR> d-------- C:\WINDOWS\system32\MsDtc
    2006-12-21 01:35 <DIR> d-------- C:\WINDOWS\system32\Com
    2006-12-21 01:35 <DIR> d-------- C:\Program Files\Windows NT
    2006-12-21 01:35 <DIR> d-------- C:\Program Files\MSN
    2006-12-21 00:38 <DIR> d-------- C:\Program Files\WinRAR
    2006-12-21 00:37 <DIR> d-------- C:\Program Files\Foxit Software
    2006-12-21 00:11 <DIR> d--hs---- C:\RECYCLER
    2006-12-21 00:09 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2006-12-21 00:09 <DIR> d-------- C:\WINDOWS\nview
    2006-12-21 00:08 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
    2006-12-21 00:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield
    2006-12-21 00:08 <DIR> d-------- C:\NVIDIA
    2006-12-20 23:56 <DIR> dr-h----- C:\Documents and Settings\CD\Application Data\yahoo!
    2006-12-20 23:55 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Macromedia
    2006-12-20 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2006-12-20 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
    2006-12-20 23:53 <DIR> d-------- C:\Program Files\Yahoo!
    2006-12-20 17:31 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
    2006-12-20 17:31 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
    2006-12-20 17:31 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
    2006-12-20 17:31 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
    2006-12-20 17:31 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
    2006-12-20 17:31 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
    2006-12-20 17:30 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2006-12-20 17:30 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
    2006-12-20 17:30 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2006-12-20 17:30 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
    2006-12-20 17:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
    2006-12-20 17:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
    2006-12-20 17:30 26,624 --a------ C:\WINDOWS\system32\Icam3EXT.dll
    2006-12-20 17:30 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2006-12-20 17:30 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
    2006-12-20 17:30 141,056 --a------ C:\WINDOWS\system32\drivers\Icam3.sys
    2006-12-20 17:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
    2006-12-20 17:29 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
    2006-12-20 17:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
    2006-12-20 17:29 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
    2006-12-20 17:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
    2006-12-20 17:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
    2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
    2006-12-20 17:28 <DIR> dr------- C:\Program Files\Common Files\..
    2006-12-20 17:28 <DIR> dr------- C:\Program Files\.
    2006-12-20 17:28 <DIR> dr------- C:\Program Files
    2006-12-20 17:28 <DIR> d--hs---- C:\WINDOWS\Installer
    2006-12-20 17:28 <DIR> d--hs---- C:\Program Files\..
    2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
    2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\ODBC
    2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
    2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\.
    2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files
    2006-12-20 17:27 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
    2006-12-20 17:27 9,008 --a------ C:\WINDOWS\system\VER.DLL
    2006-12-20 17:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
    2006-12-20 17:27 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
    2006-12-20 17:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
    2006-12-20 17:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
    2006-12-20 17:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
    2006-12-20 17:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
    2006-12-20 17:27 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
    2006-12-20 17:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
    2006-12-20 17:27 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
    2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
    2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
    2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
    2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
    2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
    2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
    2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
    2006-12-20 17:27 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
    2006-12-20 17:27 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
    2006-12-20 17:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
    2006-12-20 17:27 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
    2006-12-20 17:27 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
    2006-12-20 17:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
    2006-12-20 17:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
    2006-12-20 17:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
    2006-12-20 17:27 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
    2006-12-20 17:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
    2006-12-20 17:27 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
    2006-12-20 17:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
    2006-12-20 17:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
    2006-12-20 17:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
    2006-12-20 17:27 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
    2006-12-20 17:27 <DIR> dr------- C:\Documents and Settings\All Users\Documents
    2006-12-20 17:27 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
    2006-12-20 17:27 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2006-12-20 17:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2006-12-20 17:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot
    2006-12-20 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
    2006-12-20 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
    2006-12-20 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
    2006-12-20 17:26 <DIR> d--hs---- C:\System Volume Information
    2006-12-20 17:26 <DIR> d-------- C:\Documents and Settings\All Users\..
    2006-12-20 17:26 <DIR> d-------- C:\Documents and Settings\All Users\.
    2006-12-20 17:26 <DIR> d-------- C:\Documents and Settings
    2006-12-20 17:19 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
    2006-12-20 17:19 <DIR> dr--s---- C:\WINDOWS\Fonts
    2006-12-20 17:19 <DIR> dr------- C:\WINDOWS\Web
    2006-12-20 17:19 <DIR> d--hs---- C:\WINDOWS\..
    2006-12-20 17:19 <DIR> d--h----- C:\WINDOWS\inf
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\WinSxS
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\twain_32
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Temp
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\wins
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\wbem
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\usmt
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\spool
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\ShellExt
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\Setup
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\ras
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\oobe
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\npp
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\mui
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\inetsrv
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\IME
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\icsxml
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\ias
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\export
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\..
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\.
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\dhcp
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\config
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\3076
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\2052
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1054
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1042
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1041
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1037
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1033
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1031
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1028
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1025
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\..
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\.
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system\..
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system\.
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\security
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Resources
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\repair
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Provisioning
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\PeerNet
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\pchealth
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\mui
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\msapps
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\msagent
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Media
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\java
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\ime
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Help
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\ehome
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Driver Cache
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Debug
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Cursors
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Connection Wizard
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Config
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\AppPatch
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\addins
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\.
    2006-12-20 17:19 <DIR> d-------- C:\WINDOWS


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Yahoo! Pager "= "\ "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet "
    "Creative Detector "= "\ "C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R "
    "Window Washer "= "C:\\Program Files\\Webroot\\Washer\\wwDisp.exe "
    "ctfmon.exe "= "C:\\WINDOWS\\system32\\ctfmon.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
    "nwiz "= "nwiz.exe /install "
    "NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
    "SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
    "F-Secure Manager "= "\ "C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash "
    "F-Secure TNB "= "\ "C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW "
    "CTHelper "= "CTHELPER.EXE "
    "CTxfiHlp "= "CTXFIHLP.EXE "
    "CTDVDDET "= "\ "C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\" "
    "RCSystem "= "\ "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup "
    "AudioDrvEmulator "= "\ "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \ "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\" "
    "VolPanel "= "\ "C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r "
    "UpdReg "= "C:\\WINDOWS\\UpdReg.EXE "
    "Logitech Hardware Abstraction Layer "= "\ "C:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE\" "
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE "
    "Launch LCDMon "= "\ "C:\\Program Files\\Common Files\\Logitech\\LCD Manager\\lcdmon.exe\" "
    "Launch LGDCore "= "\ "C:\\Program Files\\Common Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE "
    "Skype@phone "= "C:\\Program Files\\SkypeUSBPhoneDriver\\Skype@phone.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed "= "1 "
    "NoChange "= "1 "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed "= "1 "

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion "=dword:00000110
    "DeskHtmlMinorVersion "=dword:00000005
    "Settings "=dword:00000001
    "GeneralFlags "=dword:00000005

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source "= "About:Home "
    "SubscribedURL "= "About:Home "
    "FriendlyName "= "My Current Home Page "
    "Flags "=dword:00000002
    "Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState "=hex:04,00,00,40
    "OriginalStateInfo "=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
    00,00,04,00,00,40
    "RestoredStateInfo "=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
    00,00,01,00,00,00

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
    "{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername "=dword:00000000
    "legalnoticecaption "=" "
    "legalnoticetext "=" "
    "shutdownwithoutlogon "=dword:00000001
    "undockwithoutlogon "=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun "=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
    "CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
    "WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
    "SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "=" "
    "hkey "= "HKLM "
    "command "=" "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "aswasuqk "
    "hkey "= "HKLM "
    "command "= "rundll32.exe \ "C:\\WINDOWS\\system32\\aswasuqk.dll\ ",setvm "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
    "item "= "msmsgs "
    "hkey "= "HKCU "
    "command "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "
    "inimapping "= "0 "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

    Completion time: 07-01-10 22:29:16.79
    C:\ComboFix.txt ... 07-01-10 22:29
    C:\ComboFix2.txt ... 07-01-09 11:31
     
    CD82,
    #22


  3. to hide this advert.

  4. 2007/01/11
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Ok, looks like we have one orphan registry entry to remove and we're done.

    Click the 'Start' button, select 'Run', hit 'Enter'.

    When box appears, type 'regedit', hit 'Enter'.

    Navigate to the following key, by unticking the '+' next to each subkey:
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DllRunning

    In the left hand side of the window, look for:
    DllRunning

    Right-click it, and select 'Delete'.

    Close the registry editor.

    Let me know how that goes.
     
    TeMerc,
    #23
  5. 2007/01/11
    CD82

    CD82 Inactive Thread Starter

    Joined:
    2007/01/09
    Messages:
    17
    Likes Received:
    0
    im there ive double checeked my steps did them 2 tiems an thet isnt in there .

    however i did see this rundll32.exe "C:\WINDOWS\system32\aswasuqk.dll ",setvm

    and this

    aswasuqk


    that was some nastys from before do i remove that im guessing?
     
    CD82,
    #24
  6. 2007/01/11
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    If you saw that then the key is there to delete. Those are the details which showed in the ComboFix log:
     
    TeMerc,
    #25
  7. 2007/01/13
    CD82

    CD82 Inactive Thread Starter

    Joined:
    2007/01/09
    Messages:
    17
    Likes Received:
    0
    yeah they gone thanks for ur help man looks like there is alot of intresting things on this forum
     
    CD82,
    #26
  8. 2007/01/13
    TeMerc

    TeMerc Inactive Alumni

    Joined:
    2006/05/13
    Messages:
    3,226
    Likes Received:
    4
    Glad we could be of assistance.


    We have 3 more things to do, mostly maintenance and then our recommendations:

    Empty the TIF (Temporary Internet Files)
    Delete all the files in (and any subfolders of) the C:\Windows\Temp folder
    The app below will help with temp files.
    Index.dat Suite

    Also, delete all your cookies, and empty your recycle bin. But remember, by deleting your cookies, you will have to re-enter any passwords and log-in info for any sites you are usually required to do so with.

    This would also be a good time to set a new system restore point for your machine.
    Set New System Restore Point. Do not do this unless there are no other user accounts to be diagnosed.

    Also, as you are an XP user, if there are any other accounts on this machine, they too, must be cleaned with AdAware, Spybot S&D, then HJT. Not all infections are global, nor are all the HJT fixes global. You can post each user account here into this thread, but please, do only one at a time to avoid confusion.

    Here is a link which describes how security apps work with WIN XP machines.
    XP User Accts Security Apps Operation

    To further prevent the installation of ad/mal/spyware, DL the apps below, which are just as good the fight against ad/mal/spyware as AdAware & Spybot S&D:

    SpywareBlaster
    With SpywareBlaster v3.5.1 , just DL, install and check for updates, enable Internet Explorer protection, and your done! I don't recommend using IE restricted sites protection as it's not a very large database. Use IE-SPYADs below.

    To avoid known malware infested sites from loading in IE install IESPY ADS.
    And MVPS Hosts File will accomplish a similar tactic and provide another layer of protection.

    And to prevent unknown applications from being inserted to start up on your machine install WinPatrol v10.0.5.

    Another thing I would suggest, is to install SiteAdvisor. It gives sites a few different 'ratings' and while not fool proof, a good additional layer of information about many sites.

    Links for tutorials for all the apps I mentioned can be found on my site as well.

    Confused about which apps are good or not? Read about Rogue/Approved Anti Security apps

    And just because you have security apps installed, they are useless unless updated regularly. Keep track of updates for ALL your security needs here:
    Calendar of Updates

    Subscribe to update alerts for all the above security apps here.

    You can also see my own ongoing security testing with all the above apps proving how securely you can safe with them installed.
    TeMerc Test Box Forum

    Happy surfing!!
    Tom :D


    Due to resolution this topic is closed.

    If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.
     
    TeMerc,
    #27
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...