Someone has control of my computer

All those are related to AVG, no worries there, carry on.

 

You are absolultly AWESOME.......

I will drop the kaparsky results at the bottom of this post. I ran the chkdsk, it came back ok. Did the protected files check and when it finished it just closed itself ------ but it fixed things

I can now right click in IExplorer, I can download, I can even access the Add/Remove Programs file and took care of things there. However, that weather bug thing from MyWebSearch is still there and when I tried to remove it I got an error that a .DLL file in its parent directory could not be found (that's because it isn't there

I was able to download the ServicePak4 from Microsoft and get it installed - but it errored out when trying to download the security patches because it thought the time on my computer was wrong....I will try later.

I got a Firewall (Sygate) and installed it and have Search and Destroy back in residence.

I'm so tickled I don't know what to do. I bought this machine used for $25 (Pentium II, 400mhz w/128mb ram, no sound card [onboard sound has no daughter cable]. So, I'm happy.

I want to thank you for taking so much time to help me, folks like you are rare.

Just take a look at this result and tell me what else I need to do

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 05, 2006 10:37:39 PM
Operating System: Microsoft Windows 2000 Professional, (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 6/12/2006
Kaspersky Anti-Virus database records: 234377
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 9941
Number of viruses found: 1
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:44:25

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006120520061206\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\SDFix\backups\backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\SDFix\backups\backups.zip ZIP: infected - 1 skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\eraseme_61312.exe Object is locked skipped
C:\WINNT\eraseme_66756.exe Object is locked skipped
C:\WINNT\eraseme_80661.exe Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\dta.exe Object is locked skipped
C:\WINNT\system32\eraseme_01628.exe Object is locked skipped
C:\WINNT\system32\fzz.exe Object is locked skipped
C:\WINNT\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINNT\system32\maw.exe Object is locked skipped
C:\WINNT\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINNT\system32\own.exe Object is locked skipped
C:\WINNT\system32\setup_12005.exe Object is locked skipped
C:\WINNT\system32\setup_15646.exe Object is locked skipped
C:\WINNT\system32\setup_72147.exe Object is locked skipped
C:\WINNT\system32\vci.exe Object is locked skipped
C:\WINNT\system32\zhv.exe Object is locked skipped

Scan process completed.


Please be aware I forgot to disable the AVG so it was working during the scan,, sorry. But I did scan the hard drive again with AVG, Search & Destroy, and Adaware and all came back clean. Let's hope it stays that way.

Thanks again

Mitchell

 

Ok, glad to hear all is working better.

Still have a few to delete tho, that the KAV scan picked up.

Download the Killbox from here and save it to the desktop.

• Double-click the KillBox icon on your desktop to open it
• Select "Delete on Reboot "
• Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINNT\system32\zhv.exe
C:\WINNT\system32\vci.exe
C:\WINNT\system32\setup_72147.exe
C:\WINNT\system32\setup_15646.exe
C:\WINNT\system32\setup_12005.exe
C:\WINNT\system32\own.exe
C:\WINNT\system32\o
C:\WINNT\system32\maw.exe
C:\WINNT\system32\i
C:\WINNT\system32\fzz.exe
C:\WINNT\CSC\00000001

Return to Killbox

• Go to the File menu, and choose "Paste from Clipboard ".
• Click the red-and-white [Delete File] button.
• Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

Reboot the system.

I want to run some addition scans to see what else is floating around.

With all those infections, better to be safe than sorry.

First:
Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Second:
Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run.
Silent Runners will ask if you want to skip the supplementary search.
Please select 'No' to include them.
Then select 'Yes' to confirm the search.
When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

Third:
Please download RootKitRevealer from here

Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire log file back into this thread for me to view.


And for what you paid for that lil machine, not bad at all. Is this the only box you have? Or is this some sort of project you're doing?

 

I downloaded killbox but it would not run (deleted it and downloaded it again with same result) and gave the following error:

"Component "mscomctl" or one of its dependencies not currently registered: a file is missing or invalid "

I have tried to post the results of the scans but they are too long even by themselves except for silent runners. Is there a way to attach files or do you want me to break them up into manageable pieces?

Silent Runners:

"Silent Runners.vbs ", revision 49, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" [ "GRISOFT, s.r.o."]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" [ "Sygate Technologies, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" [ "Hilgraeve, Inc."]
"{06712C80-5BDC-11D4-B8EE-B5DE61CA987B}" = "Exte "
-> {HKLM...CLSID} = "Exte "
\InProcServer32\(Default) = "C:\Program Files\Muzip\MuzipExt.dll" [file not found]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension "
-> {HKLM...CLSID} = "AVG7 Find Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
Muzip\(Default) = "{06712C80-5BDC-11D4-B8EE-B5DE61CA987B} "
-> {HKLM...CLSID} = "Exte "
\InProcServer32\(Default) = "C:\Program Files\Muzip\MuzipExt.dll" [file not found]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Muzip\(Default) = "{06712C80-5BDC-11D4-B8EE-B5DE61CA987B} "
-> {HKLM...CLSID} = "Exte "
\InProcServer32\(Default) = "C:\Program Files\Muzip\MuzipExt.dll" [file not found]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "(None) "

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "My Current Home Page "
"Source" = "About:Home "
"SubscribedURL" = "About:Home "


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [ "GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" [ "GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [ "GRISOFT, s.r.o."]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" [ "Sygate Technologies, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 28 seconds.
---------- (total run time: 184 seconds)

 

rootkit revealer part one

Root Kit Revealer Part One:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS\StateIndex 12/6/2006 1:48 PM 4 bytes Data mismatch between Windows API and raw hive data.
C:\WINNT\KB893756.log 12/6/2006 2:01 PM 4.35 KB Hidden from Windows API.
C:\WINNT\KB917953.log 12/6/2006 2:02 PM 4.37 KB Hidden from Windows API.
C:\WINNT\KB920958.log 12/6/2006 2:04 PM 4.38 KB Hidden from Windows API.
C:\WINNT\KB921398.log 12/6/2006 2:05 PM 4.37 KB Hidden from Windows API.
C:\WINNT\KB922616.log 12/6/2006 2:03 PM 4.37 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\DataStore\Logs\edb00028.log 12/6/2006 6:15 AM 128.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\DataStore\Logs\edb0002A.log 12/6/2006 2:08 PM 128.00 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\DataStore\Logs\edb0002B.log 12/6/2006 2:10 PM 128.00 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\_file_to_execute_.txt 12/6/2006 2:09 PM 17 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\_unpacked_.state 12/6/2006 2:09 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\empty.cat 12/6/2006 2:09 PM 5.03 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\rpcrt4.dll 12/6/2006 2:09 PM 426.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\spmsg.dll 12/6/2006 2:09 PM 13.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\spuninst.exe 12/6/2006 2:09 PM 208.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\susdl.rq0 12/6/2006 2:09 PM 171 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update 12/6/2006 2:09 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\eula.txt 12/6/2006 2:09 PM 804 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\KB917736.cat 12/6/2006 2:09 PM 7.66 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\spcustom.dll 12/6/2006 2:09 PM 22.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\update.exe 12/6/2006 2:09 PM 699.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\update.inf 12/6/2006 2:09 PM 39.55 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\update.url 12/6/2006 2:09 PM 5.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\update.ver 12/6/2006 2:09 PM 87 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\update\updspapi.dll 12/6/2006 2:09 PM 362.72 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\Windows2000-KB917736-x86-ENU.psm 12/6/2006 2:09 PM 367 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\1345c14a4288d67e2f8d6d4519345fed\Windows2000-KB917736-x86-Express-ENU.EXE 6/2/2006 4:15 PM 476.80 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\Download\3120639e5485cf19f50894301e648d3e 12/6/2006 2:02 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\3120639e5485cf19f50894301e648d3e\_downloadprogress_.state 12/6/2006 2:02 PM 4 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\3120639e5485cf19f50894301e648d3e\_usedelta_.state 12/6/2006 2:02 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\3120639e5485cf19f50894301e648d3e\Windows2000-KB922616-x86-Express-ENU.EXE 12/6/2006 2:02 PM 477.30 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\_file_to_execute_.txt 12/6/2006 2:10 PM 17 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\_unpacked_.state 12/6/2006 2:10 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\empty.cat 12/6/2006 2:10 PM 5.03 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\ipsec.sys 12/6/2006 2:10 PM 78.95 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\ipsecmon.exe 12/6/2006 2:10 PM 28.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\oakley.dll 12/6/2006 2:10 PM 407.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\polagent.dll 12/6/2006 2:10 PM 94.27 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\polstore.dll 12/6/2006 2:10 PM 134.27 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\rasmans.dll 12/6/2006 2:10 PM 157.27 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\spmsg.dll 12/6/2006 2:10 PM 13.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\spuninst.exe 12/6/2006 2:10 PM 208.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\susdl.rq0 12/6/2006 2:10 PM 572 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update 12/6/2006 2:10 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\eula.txt 12/6/2006 2:10 PM 804 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\KB911280.cat 12/6/2006 2:10 PM 9.40 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\spcustom.dll 12/6/2006 2:10 PM 22.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\update.exe 12/6/2006 2:10 PM 699.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\update.inf 12/6/2006 2:10 PM 39.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\update.url 12/6/2006 2:10 PM 5.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\update.ver 12/6/2006 2:10 PM 505 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\update\updspapi.dll 12/6/2006 2:10 PM 362.72 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\Windows2000-KB911280-v2-x86-ENU.psm 12/6/2006 2:10 PM 1.70 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\360675579500dc331661420999c217ee\Windows2000-KB911280-v2-x86-Express-ENU.EXE 6/22/2006 1:39 PM 478.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\Download\4a40ef84ff8a21c0cd0053b64c2893b0 12/6/2006 2:11 PM 0 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\4a40ef84ff8a21c0cd0053b64c2893b0\_downloadprogress_.state 12/6/2006 5:47 AM 4 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\4a40ef84ff8a21c0cd0053b64c2893b0\_useselfcontained_.state 12/6/2006 5:47 AM 50 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\4a40ef84ff8a21c0cd0053b64c2893b0\IE6.0sp1-KB922760-Windows2000-x86-ENU.exe 11/4/2006 1:24 AM 3.99 MB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\589a9ef5d2b4f7c50b3583a80b2736ef 12/6/2006 2:00 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\589a9ef5d2b4f7c50b3583a80b2736ef\_downloadprogress_.state 12/6/2006 5:49 AM 4 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\589a9ef5d2b4f7c50b3583a80b2736ef\_usedelta_.state 12/6/2006 5:49 AM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\589a9ef5d2b4f7c50b3583a80b2736ef\Windows2000-KB893756-x86-Express-ENU.EXE 8/5/2005 3:01 PM 468.73 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\6907c7aa03a64219b2d9d337d7410cc3 12/6/2006 2:03 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\6907c7aa03a64219b2d9d337d7410cc3\_downloadprogress_.state 12/6/2006 2:03 PM 4 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\6907c7aa03a64219b2d9d337d7410cc3\_usedelta_.state 12/6/2006 2:03 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\6907c7aa03a64219b2d9d337d7410cc3\Windows2000-KB920958-v2-x86-Express-ENU.EXE 12/6/2006 2:03 PM 478.30 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\_file_to_execute_.txt 12/6/2006 2:06 PM 17 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\_unpacked_.state 12/6/2006 2:06 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\empty.cat 12/6/2006 2:06 PM 5.03 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\query.dll 12/6/2006 2:06 PM 1.36 MB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\spmsg.dll 12/6/2006 2:06 PM 13.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\spuninst.exe 12/6/2006 2:06 PM 208.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\susdl.rq0 12/6/2006 2:06 PM 167 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update 12/6/2006 2:06 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\eula.txt 12/6/2006 2:06 PM 804 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\KB920685.cat 12/6/2006 2:06 PM 7.66 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\spcustom.dll 12/6/2006 2:06 PM 22.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\update.exe 12/6/2006 2:06 PM 699.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\update.inf 12/6/2006 2:06 PM 39.27 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\update.url 12/6/2006 2:06 PM 5.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\update.ver 12/6/2006 2:06 PM 87 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\update\updspapi.dll 12/6/2006 2:06 PM 362.72 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\Windows2000-KB920685-x86-ENU.psm 12/6/2006 2:06 PM 149 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\976f5415cd2c7d32d682e6dd8ed648a9\Windows2000-KB920685-x86-Express-ENU.EXE 9/1/2006 5:51 PM 477.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\Download\aee5e72d40ed1303cee0fa5c8098907c 12/6/2006 2:05 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\aee5e72d40ed1303cee0fa5c8098907c\_downloadprogress_.state 12/6/2006 2:05 PM 4 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\aee5e72d40ed1303cee0fa5c8098907c\_usedelta_.state 12/6/2006 2:05 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\aee5e72d40ed1303cee0fa5c8098907c\Windows2000-KB921398-x86-Express-ENU.EXE 12/6/2006 2:05 PM 477.30 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\_file_to_execute_.txt 12/6/2006 2:10 PM 17 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\_unpacked_.state 12/6/2006 2:10 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\agentdp2.dll 8/24/2006 2:07 AM 40.77 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\agentdpv.dll 8/24/2006 2:07 AM 51.77 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\agentsvr.exe 8/22/2006 10:18 PM 236.77 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\backup 12/6/2006 2:10 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\backup\agentdp2.dll 12/6/2006 2:10 PM 37.27 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\backup\agentdpv.dll 12/6/2006 2:10 PM 50.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\backup\agentsvr.exe 12/6/2006 2:10 PM 236.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\backup\sp3res.dll 12/6/2006 2:10 PM 3.82 MB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\download 12/6/2006 2:10 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\download\Windows2000-KB920213-x86-ENU.psf.blob 12/6/2006 2:10 PM 205.71 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\empty.cat 12/6/2006 2:10 PM 5.03 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\sp3res.dll 5/3/2006 12:57 AM 6.10 MB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\spmsg.dll 12/6/2006 2:10 PM 13.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\spuninst.exe 12/6/2006 2:10 PM 208.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\susdl.req 12/6/2006 2:10 PM 409 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\susdl.rq0 12/6/2006 5:58 AM 409 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update 12/6/2006 2:10 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\eula.txt 12/6/2006 2:10 PM 804 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\KB920213.cat 12/6/2006 2:10 PM 8.53 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\spcustom.dll 12/6/2006 2:10 PM 22.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\update.exe 12/6/2006 2:10 PM 699.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\update.inf 12/6/2006 2:10 PM 39.88 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\update.url 12/6/2006 2:10 PM 5.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\update.ver 12/6/2006 2:10 PM 299 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\update\updspapi.dll 12/6/2006 2:10 PM 362.72 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\Windows2000-KB920213-x86-ENU.psm 12/6/2006 2:10 PM 559 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\b197b3a30a45071926d040ae93be109a\Windows2000-KB920213-x86-Express-ENU.EXE 9/22/2006 6:33 PM 477.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\_file_to_execute_.txt 12/6/2006 2:08 PM 17 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\_unpacked_.state 12/6/2006 2:08 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\empty.cat 12/6/2006 2:08 PM 5.03 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\shell32.dll 12/6/2006 2:08 PM 2.25 MB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\spmsg.dll 12/6/2006 2:08 PM 13.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\spuninst.exe 12/6/2006 2:08 PM 208.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\susdl.rq0 12/6/2006 2:08 PM 239 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update 12/6/2006 2:08 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\eula.txt 12/6/2006 2:08 PM 804 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\KB908531.cat 12/6/2006 2:08 PM 7.95 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\spcustom.dll 12/6/2006 2:08 PM 22.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\update.exe 12/6/2006 2:08 PM 699.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\update.inf 12/6/2006 2:08 PM 41.21 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\update.url 12/6/2006 2:08 PM 5.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\update.ver 12/6/2006 2:08 PM 159 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\update\updspapi.dll 12/6/2006 2:08 PM 362.72 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\verclsid.exe 12/6/2006 2:08 PM 20.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\Windows2000-KB908531-v2-x86-ENU.psm 12/6/2006 2:08 PM 488 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c016d8460b785d1be14fdddb2cc1ae3a\Windows2000-KB908531-v2-x86-Express-ENU.exe 4/22/2006 1:59 PM 477.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\_file_to_execute_.txt 12/6/2006 2:08 PM 17 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\_unpacked_.state 12/6/2006 2:08 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\dhcpcsvc.dll 12/6/2006 2:08 PM 87.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\dnsapi.dll 12/6/2006 2:08 PM 133.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\empty.cat 12/6/2006 2:08 PM 5.03 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\iphlpapi.dll 12/6/2006 2:08 PM 66.77 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\spmsg.dll 12/6/2006 2:08 PM 13.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\spuninst.exe 12/6/2006 2:08 PM 208.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\susdl.rq0 12/6/2006 2:08 PM 331 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update 12/6/2006 2:08 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\eula.txt 12/6/2006 2:08 PM 804 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\KB914388.cat 12/6/2006 2:08 PM 8.24 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\spcustom.dll 12/6/2006 2:08 PM 22.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\update.exe 12/6/2006 2:08 PM 699.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\update.inf 12/6/2006 2:08 PM 39.52 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\update.url 12/6/2006 2:08 PM 5.22 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\update.ver 12/6/2006 2:08 PM 227 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\update\updspapi.dll 12/6/2006 2:08 PM 362.72 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\Windows2000-KB914388-x86-ENU.psm 12/6/2006 2:08 PM 654 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c154492104752bb7c1d45fb510fae387\Windows2000-KB914388-x86-Express-ENU.EXE 6/2/2006 3:54 PM 477.30 KB Visible in Windows API, but not in MFT or directory index.
C:\WINNT\SoftwareDistribution\Download\c9489fbf48dc5cadef2303015a63b511 12/6/2006 2:01 PM 0 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c9489fbf48dc5cadef2303015a63b511\_downloadprogress_.state 12/6/2006 2:01 PM 4 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c9489fbf48dc5cadef2303015a63b511\_usedelta_.state 12/6/2006 2:01 PM 34 bytes Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\c9489fbf48dc5cadef2303015a63b511\Windows2000-KB917953-x86-Express-ENU.EXE 12/6/2006 2:01 PM 476.80 KB Hidden from Windows API.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\_file_to_execute_.txt 12/6/2006 2:12 PM 17 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\_sfx_.dll 6/7/2003 10:00 AM 25.50 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\_sfx_manifest_ 10/18/2006 1:35 PM 2.04 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\BITCC.tmp 12/6/2006 6:08 AM 3.99 MB Visible in Windows API, MFT, but not in directory index.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\danim.dll._p 10/18/2006 1:34 PM 36 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\dxtmsft.dll._p 10/18/2006 1:34 PM 4.32 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\dxtrans.dll._p 10/18/2006 1:34 PM 2.28 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\empty.cat 11/15/2001 4:27 PM 5.03 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\IE6.0sp1-KB922760-Windows2000-x86-ENU.exe 11/4/2006 1:24 AM 3.99 MB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\iecustom.dll 10/13/2006 4:50 PM 42.95 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\iecustom.dll 10/13/2006 4:50 PM 42.95 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\iepeers.dll._p 10/18/2006 1:34 PM 4.51 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\inseng.dll._p 10/18/2006 1:34 PM 872 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\jsproxy.dll._p 10/18/2006 1:34 PM 127 bytes Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\mshtml.dll._p 10/18/2006 1:35 PM 49.63 KB Visible in directory index, but not Windows API or MFT.
C:\WINNT\SoftwareDistribution\Download\S-1-5-18\30c1a3ca1b18f664c553a283643f5d96\msrating.dll._p 10/18/2006 1:35 PM 36 bytes Visible in directory index, but not Windows API or MFT.

 

OK, nothing to worry about in RKR log, all normal.

For Killbox:
Click here to download and run missingfilesetup.exe. Then try Killbox again.

Btw, Silent Runners looks as tho you didn't select to run additional search, please re-reun.

 

There's more to come, had to put out a fire in the middle of what I was doing.

BTW, do you know how to access the blacklist in Spybot? I clicked incorrectly on the teatimer and now when it is running resident it constantly bombards me with "registry change ....IT Bar layout denied.." and I can't get it to stop. I try to run help but get "Spybot...generated errors...shutdown... "

Results of comfix part one:

Administrator - Wed 12/06/2006 13:37:19.26 Service Pack 4
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Administrator\Desktop "

((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


2006-12-06 05:25 <DIR> d-------- C:\WINNT\system32\BITS
2006-12-06 05:07 465,176 --a------ C:\WINNT\system32\wuapi.dll
2006-12-06 05:07 41,240 --a------ C:\WINNT\system32\wups.dll
2006-12-06 05:07 194,328 --a------ C:\WINNT\system32\wuaueng1.dll
2006-12-06 05:07 18,200 --a------ C:\WINNT\system32\wups2.dll
2006-12-06 05:07 172,312 --a------ C:\WINNT\system32\wuauclt1.exe
2006-12-06 05:07 127,256 --a------ C:\WINNT\system32\wucltui.dll
2006-12-06 04:49 <DIR> d-------- C:\WINNT\ime
2006-12-06 04:30 <DIR> d-------- C:\WINNT\system32\ie_de
2006-12-06 04:30 <DIR> d-------- C:\WINNT\system32\CertSrv
2006-12-06 04:30 <DIR> d-------- C:\WINNT\ServicePackFiles
2006-12-06 04:22 3,856 --------- C:\WINNT\system32\SVCPACK1.DLL
2006-12-06 04:14 92,432 --a------ C:\WINNT\system32\xactsrv.dll
2006-12-06 04:14 8,464 --a------ C:\WINNT\system32\wshirda.dll
2006-12-06 04:14 79,120 --a------ C:\WINNT\system32\winscard.dll
2006-12-06 04:14 74,512 --a------ C:\WINNT\system32\wmicore.dll
2006-12-06 04:14 69,904 --a------ C:\WINNT\system32\ws2_32.dll
2006-12-06 04:14 59,152 --a------ C:\WINNT\system32\winfax.dll
2006-12-06 04:14 57,616 --a------ C:\WINNT\system32\wlnotify.dll
2006-12-06 04:14 42,768 --a------ C:\WINNT\system32\webhits.dll
2006-12-06 04:14 4,368 --a------ C:\WINNT\system32\winver.exe
2006-12-06 04:14 39,696 --a------ C:\WINNT\system32\wsnmp32.dll
2006-12-06 04:14 39,184 --a------ C:\WINNT\system32\winsta.dll
2006-12-06 04:14 29,968 --a------ C:\WINNT\system32\wpnpinst.exe
2006-12-06 04:14 28,400 --a------ C:\WINNT\system32\wupdinfo.dll
2006-12-06 04:14 270,608 --a------ C:\WINNT\winhlp32.exe
2006-12-06 04:14 240,912 --a------ C:\WINNT\system32\wow32.dll
2006-12-06 04:14 239,376 --a------ C:\WINNT\system32\winsmon.dll
2006-12-06 04:14 21,776 --a------ C:\WINNT\system32\wsock32.dll
2006-12-06 04:14 193,296 --a------ C:\WINNT\winrep.exe
2006-12-06 04:14 181,008 --a------ C:\WINNT\system32\WINLOGON.EXE
2006-12-06 04:14 172,664 --a------ C:\WINNT\system32\XENROLL.DLL
2006-12-06 04:14 17,680 --a------ C:\WINNT\system32\wshtcpip.dll
2006-12-06 04:14 166,160 --a------ C:\WINNT\system32\WINTRUST.DLL
2006-12-06 04:14 162,064 --a------ C:\WINNT\system32\WLDAP32.DLL
2006-12-06 04:14 10,000 --a------ C:\WINNT\system32\wshatm.dll
2006-12-06 04:12 155,920 --a------ C:\WINNT\system32\wavemsp.dll
2006-12-06 04:11 977,680 --a------ C:\WINNT\system32\vfpodbc.dll
2006-12-06 04:11 83,888 --a------ C:\WINNT\system32\vga.dll
2006-12-06 04:11 57,104 --a------ C:\WINNT\system32\w32tm.exe
2006-12-06 04:11 51,472 --a------ C:\WINNT\system32\w32time.dll
2006-12-06 04:11 51,472 --a------ C:\WINNT\system32\vfwwdm32.dll
2006-12-06 04:11 49,776 --------- C:\WINNT\system32\drivers\usbhub20.sys
2006-12-06 04:11 403,216 --a------ C:\WINNT\system32\USER32.DLL
2006-12-06 04:11 389,904 --a------ C:\WINNT\system32\USERENV.DLL
2006-12-06 04:11 315,664 --a------ C:\WINNT\system32\usp10.dll
2006-12-06 04:11 30,749 --a------ C:\WINNT\system32\vbajet32.dll
2006-12-06 04:11 26,384 --a------ C:\WINNT\system32\utildll.dll
2006-12-06 04:11 24,848 --a------ C:\WINNT\system32\spdwnw2k.exe
2006-12-06 04:11 22,800 --a------ C:\WINNT\system32\utilman.exe
2006-12-06 04:11 21,776 --------- C:\WINNT\system32\spupdw2k.exe
2006-12-06 04:11 19,728 --------- C:\WINNT\system32\drivers\usbehci.sys
2006-12-06 04:11 16,144 --a------ C:\WINNT\system32\version.dll
2006-12-06 04:11 15,872 --------- C:\WINNT\system32\spupdsvc.exe
2006-12-06 04:11 138,288 --------- C:\WINNT\system32\drivers\usbport.sys
2006-12-06 04:11 11,536 --a------ C:\WINNT\system32\usbmon.dll
2006-12-06 04:10 68,368 --a------ C:\WINNT\system32\unimdmat.dll
2006-12-06 04:10 14,608 --a------ C:\WINNT\system32\uniplat.dll
2006-12-06 04:05 397,584 --a------ C:\WINNT\system32\txfaux.dll
2006-12-06 04:05 27,920 --a------ C:\WINNT\system32\umandlg.dll
2006-12-06 04:02 90,384 --a------ C:\WINNT\system32\trkwks.dll
2006-12-06 04:02 80,144 --a------ C:\WINNT\system32\telnet.exe
2006-12-06 04:02 55,056 --a------ C:\WINNT\system32\tlntsess.exe
2006-12-06 04:02 31,504 --a------ C:\WINNT\system32\traffic.dll
2006-12-06 04:02 187,664 --a------ C:\WINNT\system32\thumbvw.dll
2006-12-06 04:02 186,128 --a------ C:\WINNT\system32\tlntsvr.exe
2006-12-06 04:02 17,680 --a------ C:\WINNT\system32\tftp.exe
2006-12-06 04:01 87,312 --a------ C:\WINNT\system32\TASKMGR.EXE
2006-12-06 04:01 81,168 --a------ C:\WINNT\system32\stobject.dll
2006-12-06 04:01 7,952 --a------ C:\WINNT\system32\snmptrap.exe
2006-12-06 04:01 7,440 --a------ C:\WINNT\system32\svcpack.dll
2006-12-06 04:01 62,736 --------- C:\WINNT\system32\sstext3d.scr
2006-12-06 04:01 61,712 --a------ C:\WINNT\system32\stisvc.exe
2006-12-06 04:01 524,560 --------- C:\WINNT\system32\sqlsrv32.dll
2006-12-06 04:01 49,424 --------- C:\WINNT\system32\sqlwoa.dll

 

Result of Combofix Part Two:

2006-12-06 04:01 47,888 --------- C:\WINNT\system32\ssbezier.scr
2006-12-06 04:01 419,600 --------- C:\WINNT\system32\ssmaze.scr
2006-12-06 04:01 41,744 --a------ C:\WINNT\system32\tcpmon.dll
2006-12-06 04:01 41,744 --a------ C:\WINNT\system32\sti.dll
2006-12-06 04:01 41,744 --------- C:\WINNT\system32\ssflwbox.scr
2006-12-06 04:01 38,672 --------- C:\WINNT\system32\ssmarque.scr
2006-12-06 04:01 375,568 --a------ C:\WINNT\system32\tapi3.dll
2006-12-06 04:01 36,624 --------- C:\WINNT\system32\ssmyst.scr
2006-12-06 04:01 35,600 --a------ C:\WINNT\system32\storprop.dll
2006-12-06 04:01 33,040 --------- C:\WINNT\system32\ssstars.scr
2006-12-06 04:01 246,544 --a------ C:\WINNT\system32\strmdll.dll
2006-12-06 04:01 24,848 --------- C:\WINNT\system32\sqlwid.dll
2006-12-06 04:01 214,288 --a------ C:\WINNT\system32\snmpsnap.dll
2006-12-06 04:01 21,264 --a------ C:\WINNT\system32\stimon.exe
2006-12-06 04:01 187,024 --a------ C:\WINNT\system32\spcmdcon.sys
2006-12-06 04:01 173,328 --a------ C:\WINNT\system32\tapisrv.dll
2006-12-06 04:01 17,680 --a------ C:\WINNT\system32\SNMPAPI.DLL
2006-12-06 04:01 138,000 --------- C:\WINNT\system32\ss3dfo.scr
2006-12-06 04:01 13,072 --a------ C:\WINNT\system32\tcpmib.dll
2006-12-06 04:01 126,736 --a------ C:\WINNT\system32\TAPI32.DLL
2006-12-06 04:01 119,056 --------- C:\WINNT\system32\sqlstr.dll
2006-12-06 04:01 107,792 --a------ C:\WINNT\system32\sndrec32.exe
2006-12-06 04:01 102,160 --------- C:\WINNT\system32\sspipes.scr
2006-12-06 04:00 85,776 --a------ C:\WINNT\system32\smlogsvc.exe
2006-12-06 04:00 69,392 --a------ C:\WINNT\system32\shim.dll
2006-12-06 04:00 6,928 --a------ C:\WINNT\system32\skdll.dll
2006-12-06 04:00 45,840 --a------ C:\WINNT\system32\skeys.exe
2006-12-06 04:00 33,552 --a------ C:\WINNT\system32\shmgrate.exe
2006-12-06 04:00 285,456 --a------ C:\WINNT\system32\smlogcfg.dll
2006-12-06 04:00 15,120 --a------ C:\WINNT\system32\sisbkup.dll
2006-12-06 03:59 971,024 --a------ C:\WINNT\system32\sfcfiles.dll
2006-12-06 03:59 95,024 --a------ C:\WINNT\system32\sfc.dll
2006-12-06 03:59 7,440 --a------ C:\WINNT\system32\sensapi.dll
2006-12-06 03:59 65,601 --a------ C:\WINNT\system32\servdeps.dll
2006-12-06 03:59 48,912 --a------ C:\WINNT\system32\secur32.dll
2006-12-06 03:59 38,160 --a------ C:\WINNT\system32\sens.dll
2006-12-06 03:59 17,168 --a------ C:\WINNT\system32\seclogon.dll
2006-12-06 03:59 17,168 --a------ C:\WINNT\system32\secedit.exe
2006-12-06 03:58 97,040 --a------ C:\WINNT\system32\rtm.dll
2006-12-06 03:58 77,584 --a------ C:\WINNT\system32\scripto.dll
2006-12-06 03:58 77,072 --a------ C:\WINNT\system32\rsvpsp.dll
2006-12-06 03:58 73,488 --a------ C:\WINNT\regedit.exe
2006-12-06 03:58 68,368 --a------ C:\WINNT\system32\regsvc.exe
2006-12-06 03:58 63,248 --a------ C:\WINNT\system32\RASSCRPT.DLL
2006-12-06 03:58 60,688 --a------ C:\WINNT\system32\RASCHAP.DLL
2006-12-06 03:58 48,200 --------- C:\WINNT\system32\scrdx86.dll
2006-12-06 03:58 48,200 --------- C:\WINNT\system32\scrdenrl.dll
2006-12-06 03:58 454,416 --a------ C:\WINNT\system32\rpcrt4.dll
2006-12-06 03:58 44,816 --a------ C:\WINNT\system32\rsm.exe
2006-12-06 03:58 431,888 --a------ C:\WINNT\system32\riched20.dll
2006-12-06 03:58 40,720 --a------ C:\WINNT\system32\RESUTILS.DLL
2006-12-06 03:58 36,624 --a------ C:\WINNT\system32\RNR20.DLL
2006-12-06 03:58 36,112 --a------ C:\WINNT\system32\regapi.dll
2006-12-06 03:58 28,432 --------- C:\WINNT\system32\scrnsave.scr
2006-12-06 03:58 254,736 --a------ C:\WINNT\system32\scesrv.dll
2006-12-06 03:58 25,360 --a------ C:\WINNT\system32\rsfsaps.dll
2006-12-06 03:58 25,360 --a------ C:\WINNT\system32\rapilib.dll
2006-12-06 03:58 24,336 --a------ C:\WINNT\system32\rpcns4.dll
2006-12-06 03:58 239,376 --a------ C:\WINNT\system32\rpcss.dll
2006-12-06 03:58 22,800 --a------ C:\WINNT\system32\routeext.dll
2006-12-06 03:58 20,752 --a------ C:\WINNT\system32\sclgntfy.dll
2006-12-06 03:58 198,928 --a------ C:\WINNT\system32\rasppp.dll
2006-12-06 03:58 176,912 --a------ C:\WINNT\system32\rsvp.exe
2006-12-06 03:58 154,896 --a------ C:\WINNT\system32\rasmontr.dll
2006-12-06 03:58 14,608 --a------ C:\WINNT\system32\RASSAPI.DLL
2006-12-06 03:58 14,096 --a------ C:\WINNT\system32\rsh.exe
2006-12-06 03:58 139,536 --a------ C:\WINNT\system32\regedt32.exe
2006-12-06 03:58 132,368 --a------ C:\WINNT\system32\RSABASE.DLL
2006-12-06 03:58 114,448 --a------ C:\WINNT\system32\scecli.dll
2006-12-06 03:58 11,024 --a------ C:\WINNT\system32\REGSVR32.EXE
2006-12-06 03:58 108,304 --a------ C:\WINNT\system32\rsnotify.exe
2006-12-06 03:58 105,232 --a------ C:\WINNT\system32\rend.dll
2006-12-06 03:58 100,624 --a------ C:\WINNT\system32\rastls.dll
2006-12-06 03:58 10,000 --a------ C:\WINNT\system32\runas.exe
2006-12-06 03:58 1,427,216 --a------ C:\WINNT\system32\query.dll
2006-12-06 03:57 70,928 --a------ C:\WINNT\system32\olethk32.dll
2006-12-06 03:57 692,496 --a------ C:\WINNT\system32\OPENGL32.DLL
2006-12-06 03:57 53,008 --a------ C:\WINNT\system32\packager.exe
2006-12-06 03:57 29,968 --a------ C:\WINNT\system32\profmap.dll
2006-12-06 03:57 29,456 --a------ C:\WINNT\system32\perfproc.dll
2006-12-06 03:57 24,848 --a------ C:\WINNT\system32\perfdisk.dll
2006-12-06 03:57 221,456 --a------ C:\WINNT\system32\osk.exe
2006-12-06 03:57 164,112 --a------ C:\WINNT\system32\OLEPRO32.DLL
2006-12-06 03:57 151,824 --a------ C:\WINNT\system32\pdh.dll
2006-12-06 03:57 146,192 --a------ C:\WINNT\system32\polstore.dll

 

Combofix part Three:

2006-12-06 03:57 13,584 --a------ C:\WINNT\system32\powrprof.dll
2006-12-06 03:57 115,472 --a------ C:\WINNT\system32\PSBASE.DLL
2006-12-06 03:57 111,888 --a------ C:\WINNT\system32\polagent.dll
2006-12-06 03:57 106,256 --a------ C:\WINNT\system32\oleprn.dll
2006-12-06 03:56 996,112 --a------ C:\WINNT\system32\OLE32.DLL
2006-12-06 03:56 90,112 --a------ C:\WINNT\system32\odbcint.dll
2006-12-06 03:56 85,776 --a------ C:\WINNT\system32\ntsdexts.dll
2006-12-06 03:56 57,104 --a------ C:\WINNT\system32\ocmanage.dll
2006-12-06 03:56 53,520 --a------ C:\WINNT\system32\odbcji32.dll
2006-12-06 03:56 53,520 --a------ C:\WINNT\system32\ntmsapi.dll
2006-12-06 03:56 446,224 --a------ C:\WINNT\system32\oakley.dll
2006-12-06 03:56 444,176 --------- C:\WINNT\system32\oieng400.dll
2006-12-06 03:56 41,232 --a------ C:\WINNT\system32\odbcconf.exe
2006-12-06 03:56 41,232 --a------ C:\WINNT\system32\odbcconf.dll
2006-12-06 03:56 401,168 --a------ C:\WINNT\system32\ntmssvc.dll
2006-12-06 03:56 37,136 --a------ C:\WINNT\system32\ODBCAD32.exe
2006-12-06 03:56 35,648 --a------ C:\WINNT\system32\ntio411.sys
2006-12-06 03:56 35,408 --a------ C:\WINNT\system32\ntio412.sys
2006-12-06 03:56 34,544 --a------ C:\WINNT\system32\ntio804.sys
2006-12-06 03:56 34,544 --a------ C:\WINNT\system32\ntio404.sys
2006-12-06 03:56 33,824 --a------ C:\WINNT\system32\NTIO.SYS
2006-12-06 03:56 270,608 --a------ C:\WINNT\system32\odbcjt32.dll
2006-12-06 03:56 24,848 --a------ C:\WINNT\system32\ODBC32GT.dll
2006-12-06 03:56 24,848 --------- C:\WINNT\system32\odbcbcp.dll
2006-12-06 03:56 217,360 --a------ C:\WINNT\system32\ODBC32.dll
2006-12-06 03:56 214,800 --a------ C:\WINNT\system32\objsel.dll
2006-12-06 03:56 200,976 --a------ C:\WINNT\system32\odbccu32.dll
2006-12-06 03:56 20,752 --a------ C:\WINNT\system32\odtext32.dll
2006-12-06 03:56 20,752 --a------ C:\WINNT\system32\odpdx32.dll
2006-12-06 03:56 20,752 --a------ C:\WINNT\system32\odfox32.dll
2006-12-06 03:56 20,752 --a------ C:\WINNT\system32\odexl32.dll
2006-12-06 03:56 20,752 --a------ C:\WINNT\system32\oddbse32.dll
2006-12-06 03:56 196,880 --a------ C:\WINNT\system32\odbccr32.dll
2006-12-06 03:56 173,328 --a------ C:\WINNT\system32\ntmsdba.dll
2006-12-06 03:56 155,920 --a------ C:\WINNT\system32\ODBCTRAC.dll
2006-12-06 03:56 110,080 --a------ C:\WINNT\system32\offfilt.dll
2006-12-06 03:56 102,672 --a------ C:\WINNT\system32\odbccp32.dll
2006-12-06 03:56 102,672 --a------ C:\WINNT\system32\NTMARTA.DLL
2006-12-06 03:55 9,216 --------- C:\WINNT\system32\wuauserv.dll
2006-12-06 03:55 89,600 --a------ C:\WINNT\system32\nlhtml.dll
2006-12-06 03:55 79,632 --a------ C:\WINNT\system32\ntdskcc.dll
2006-12-06 03:55 67,344 --a------ C:\WINNT\system32\ntdsetup.dll
2006-12-06 03:55 57,616 --a------ C:\WINNT\system32\ntdsapi.dll
2006-12-06 03:55 52,496 --------- C:\WINNT\system32\wzcdlg.dll
2006-12-06 03:55 34,576 --------- C:\WINNT\system32\wzcsetup.exe
2006-12-06 03:55 32,016 --a------ C:\WINNT\system32\ntdsatq.dll
2006-12-06 03:55 29,968 --a------ C:\WINNT\system32\ntdsbsrv.dll
2006-12-06 03:55 29,968 --------- C:\WINNT\system32\wzcsapi.dll
2006-12-06 03:55 28,432 --a------ C:\WINNT\system32\ntdsbcli.dll
2006-12-06 03:55 195,856 --------- C:\WINNT\system32\wzcsvc.dll
2006-12-06 03:55 165,136 --a------ C:\WINNT\system32\ntdsutil.exe
2006-12-06 03:55 124,184 --a------ C:\WINNT\system32\wuauclt.exe
2006-12-06 03:55 113,936 --a------ C:\WINNT\system32\newdev.dll
2006-12-06 03:55 1,343,768 --a------ C:\WINNT\system32\wuaueng.dll
2006-12-06 03:55 1,040,656 --a------ C:\WINNT\system32\ntdsa.dll
2006-12-06 03:54 72,192 --------- C:\WINNT\system32\sdbapiu.dll
2006-12-06 03:54 6,928 --------- C:\WINNT\system32\perfvd.exe
2006-12-06 03:54 45,840 --------- C:\WINNT\system32\msmqprop.exe
2006-12-06 03:54 4,010,496 --------- C:\WINNT\system32\sp3res.dll
2006-12-06 03:54 362,496 --------- C:\WINNT\system32\qmgr.dll
2006-12-06 03:54 34,816 --------- C:\WINNT\system32\msiregmv.exe
2006-12-06 03:54 26,624 --------- C:\WINNT\system32\msxmlr.dll
2006-12-06 03:54 20,208 --------- C:\WINNT\system32\drivers\msircomm.sys
2006-12-06 03:54 18,192 --------- C:\WINNT\system32\sp4iis.exe
2006-12-06 03:54 15,360 --------- C:\WINNT\system32\msisip.dll
2006-12-06 03:54 134,928 --------- C:\WINNT\system32\rsaenh.dll
2006-12-06 03:54 13,072 --------- C:\WINNT\system32\spiisupd.exe
2006-12-06 03:54 11,984 --------- C:\WINNT\system32\drivers\ndisuio.sys
2006-12-06 03:54 11,536 --------- C:\WINNT\system32\sptsupd.exe
2006-12-06 03:53 95,504 --a------ C:\WINNT\system32\netman.dll
2006-12-06 03:53 831,760 --a------ C:\WINNT\system32\mswdat10.dll
2006-12-06 03:53 76,560 --a------ C:\WINNT\system32\msw3prt.dll
2006-12-06 03:53 71,952 --a------ C:\WINNT\system32\netui0.dll
2006-12-06 03:53 64,272 --a------ C:\WINNT\system32\mswsock.dll
2006-12-06 03:53 614,672 --a------ C:\WINNT\system32\mswstr10.dll
2006-12-06 03:53 57,104 --a------ C:\WINNT\system32\mydocs.dll
2006-12-06 03:53 55,056 --------- C:\WINNT\system32\authz.dll
2006-12-06 03:53 547,600 --a------ C:\WINNT\system32\netcfgx.dll
2006-12-06 03:53 52,496 --a------ C:\WINNT\system32\mtxclu.dll
2006-12-06 03:53 514,320 --a------ C:\WINNT\system32\msxml.dll
2006-12-06 03:53 477,456 --a------ C:\WINNT\system32\netshell.dll
2006-12-06 03:53 4,880 --a------ C:\WINNT\system32\NDDEAPIR.EXE
2006-12-06 03:53 371,984 --a------ C:\WINNT\system32\NETLOGON.DLL
2006-12-06 03:53 348,432 --a------ C:\WINNT\system32\msxbde40.dll
2006-12-06 03:53 33,616 --------- C:\WINNT\system32\drivers\fips.sys
2006-12-06 03:53 286,773 --a------ C:\WINNT\system32\msvcrt.dll
2006-12-06 03:53 26,896 --a------ C:\WINNT\system32\NETSTAT.EXE
2006-12-06 03:53 24,848 --a------ C:\WINNT\system32\narrator.exe
2006-12-06 03:53 24,336 --------- C:\WINNT\system32\ftpqfe.exe
2006-12-06 03:53 23,312 --a------ C:\WINNT\system32\mtxdm.dll
2006-12-06 03:53 173,840 --a------ C:\WINNT\system32\netplwiz.dll
2006-12-06 03:53 16,144 --a------ C:\WINNT\system32\NDDEAPI.DLL
2006-12-06 03:53 147,216 --------- C:\WINNT\system32\dssenh.dll
2006-12-06 03:53 131,344 --a------ C:\WINNT\system32\netid.dll
2006-12-06 03:53 124,176 --a------ C:\WINNT\system32\net1.exe
2006-12-06 03:53 116,496 --a------ C:\WINNT\system32\msvfw32.dll
2006-12-06 03:53 110,352 --a------ C:\WINNT\system32\mycomput.dll
2006-12-06 03:53 108,816 --a------ C:\WINNT\system32\NETDDE.EXE
2006-12-06 03:53 105,744 --a------ C:\WINNT\system32\mtxoci.dll
2006-12-06 03:53 10,288 --------- C:\WINNT\system32\drivers\irenum.sys
2006-12-06 03:53 1,385,744 --a------ C:\WINNT\system32\MSVBVM60.DLL
2006-12-06 03:52 7,440 --a------ C:\WINNT\system32\msswchx.exe
2006-12-06 03:52 553,232 --a------ C:\WINNT\system32\msrepl40.dll
2006-12-06 03:52 47,104 --a------ C:\WINNT\system32\MSPRIVS.DLL
2006-12-06 03:52 422,160 --a------ C:\WINNT\system32\msrd2x40.dll
2006-12-06 03:52 35,088 --a------ C:\WINNT\system32\MSSIGN32.DLL
2006-12-06 03:52 348,432 --a------ C:\WINNT\system32\mspbde40.dll
2006-12-06 03:52 315,664 --a------ C:\WINNT\system32\msrd3x40.dll
2006-12-06 03:52 27,136 --a------ C:\WINNT\system32\mspatcha.dll
2006-12-06 03:52 258,320 --a------ C:\WINNT\system32\mstext40.dll
2006-12-06 03:52 216,848 --a------ C:\WINNT\system32\mstask.dll
2006-12-06 03:52 155,920 --a------ C:\WINNT\system32\msorcl32.dll
2006-12-06 03:52 14,608 --a------ C:\WINNT\system32\msswch.dll
2006-12-06 03:52 119,568 --a------ C:\WINNT\system32\mstask.exe
2006-12-06 03:52 11,024 --a------ C:\WINNT\system32\msrle32.dll
2006-12-06 03:51 53,520 --a------ C:\WINNT\system32\msjter40.dll
2006-12-06 03:51 348,432 --a------ C:\WINNT\system32\msjetoledb40.dll
2006-12-06 03:51 241,936 --a------ C:\WINNT\system32\msjtes40.dll
2006-12-06 03:51 213,264 --a------ C:\WINNT\system32\msltus40.dll
2006-12-06 03:51 151,824 --a------ C:\WINNT\system32\msjint40.dll
2006-12-06 03:51 1,507,600 --a------ C:\WINNT\system32\msjet40.dll
2006-12-06 03:50 884,736 --a------ C:\WINNT\system32\msimsg.dll
2006-12-06 03:50 78,848 --a------ C:\WINNT\system32\msiexec.exe
2006-12-06 03:50 271,360 --a------ C:\WINNT\system32\msihnd.dll
2006-12-06 03:50 2,890,240 --a------ C:\WINNT\system32\msi.dll
2006-12-06 03:49 88,848 --a------ C:\WINNT\system32\msdtclog.dll
2006-12-06 03:49 707,344 --a------ C:\WINNT\system32\msdtcprx.dll
2006-12-06 03:49 512,272 --a------ C:\WINNT\system32\msexch40.dll
2006-12-06 03:49 4,126 --a------ C:\WINNT\system32\msdxmlc.dll
2006-12-06 03:49 334,096 --a------ C:\WINNT\system32\MSGINA.DLL
2006-12-06 03:49 319,760 --a------ C:\WINNT\system32\msexcl40.dll
2006-12-06 03:49 24,848 --a------ C:\WINNT\system32\msdart32.dll
2006-12-06 03:49 146,192 --a------ C:\WINNT\system32\msdtcui.dll
2006-12-06 03:49 1,131,280 --a------ C:\WINNT\system32\msdtctm.dll
2006-12-06 03:48 236,304 --a------ C:\WINNT\system32\msclus.dll
2006-12-06 03:48 13,824 --a------ C:\WINNT\system32\mscpxl32.dLL
2006-12-06 03:48 108,816 --a------ C:\WINNT\system32\msafd.dll
2006-12-06 03:47 99,088 --a------ C:\WINNT\system32\modemui.dll
2006-12-06 03:47 835,856 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-12-06 03:47 69,904 --a------ C:\WINNT\system32\mprddm.dll
2006-12-06 03:47 603,408 --a------ C:\WINNT\system32\mmc.exe
2006-12-06 03:47 56,080 --a------ C:\WINNT\system32\mprui.dll
2006-12-06 03:47 55,056 --a------ C:\WINNT\system32\mpr.dll
2006-12-06 03:47 47,376 --a------ C:\WINNT\system32\mprdim.dll
2006-12-06 03:47 19,728 --a------ C:\WINNT\system32\mimefilt.dll
2006-12-06 03:47 169,232 --a------ C:\WINNT\system32\mobsync.dll
2006-12-06 03:47 111,376 --a------ C:\WINNT\system32\mobsync.exe
2006-12-06 03:47 1,015,859 --a------ C:\WINNT\system32\mfc42.dll
2006-12-06 03:47 1,011,764 --a------ C:\WINNT\system32\mfc42u.dll
2006-12-06 03:46 76,048 --a------ C:\WINNT\system32\mdhcp.dll
2006-12-06 03:46 66,320 --a------ C:\WINNT\system32\LOADPERF.DLL
2006-12-06 03:46 48,400 --a------ C:\WINNT\system32\loghours.dll

 

Combofix Part Four:

2006-12-06 03:46 43,792 --a------ C:\WINNT\system32\magnify.exe
2006-12-06 03:46 29,968 --a------ C:\WINNT\system32\LMMIB2.DLL
2006-12-06 03:46 25,872 --a------ C:\WINNT\system32\LODCTR.EXE
2006-12-06 03:46 246,032 --a------ C:\WINNT\system32\localsec.dll
2006-12-06 03:46 20,240 --a------ C:\WINNT\system32\lpk.dll
2006-12-06 03:46 18,192 --a------ C:\WINNT\system32\LPRMON.DLL
2006-12-06 03:46 130,832 --------- C:\WINNT\system32\logon.scr
2006-12-06 03:46 102,160 --a------ C:\WINNT\system32\mdminst.dll
2006-12-06 03:46 10,000 --a------ C:\WINNT\system32\lz32.dll
2006-12-06 03:37 92,032 --a------ C:\WINNT\system32\KRNL386.EXE
2006-12-06 03:37 6,928 --a------ C:\WINNT\system32\KBDCA.DLL
2006-12-06 03:37 42,809 --a------ C:\WINNT\system32\key01.sys
2006-12-06 03:37 42,537 --a------ C:\WINNT\system32\KEYBOARD.SYS
2006-12-06 03:37 212,752 --a------ C:\WINNT\system32\kerberos.dll
2006-12-06 03:36 73,488 --a------ C:\WINNT\system32\irmon.dll
2006-12-06 03:36 72,464 --a------ C:\WINNT\system32\isign32.dll
2006-12-06 03:36 57,296 --a------ C:\WINNT\system32\drivers\irda.sys
2006-12-06 03:36 49,936 --a------ C:\WINNT\system32\ixsso.dll
2006-12-06 03:36 441,616 --a------ C:\WINNT\system32\ipnathlp.dll
2006-12-06 03:36 4,368 --a------ C:\WINNT\system32\IPROP.DLL
2006-12-06 03:36 374,032 --a------ C:\WINNT\system32\JET500.DLL
2006-12-06 03:36 159,504 --a------ C:\WINNT\system32\iprtrmgr.dll
2006-12-06 03:36 143,872 --a------ C:\WINNT\system32\itircl.dll
2006-12-06 03:36 122,368 --a------ C:\WINNT\system32\itss.dll
2006-12-06 03:35 66,832 --a------ C:\WINNT\system32\inetpp.dll
2006-12-06 03:35 29,456 --a------ C:\WINNT\system32\INETMIB1.DLL
2006-12-06 03:35 206,096 --a------ C:\WINNT\system32\infosoft.dll
2006-12-06 03:35 138,000 --a------ C:\WINNT\system32\INITPKI.DLL
2006-12-06 03:34 97,040 --a------ C:\WINNT\system32\iasrad.dll
2006-12-06 03:34 96,528 --a------ C:\WINNT\system32\imm32.dll
2006-12-06 03:34 81,978 --a------ C:\WINNT\system32\hlink.dll
2006-12-06 03:34 76,560 --a------ C:\WINNT\system32\hotplug.dll
2006-12-06 03:34 75,536 --a------ C:\WINNT\system32\iasads.dll
2006-12-06 03:34 60,176 --a------ C:\WINNT\system32\iassvcs.dll
2006-12-06 03:34 60,176 --a------ C:\WINNT\system32\iasnap.dll
2006-12-06 03:34 6,416 --------- C:\WINNT\system32\hccoin.dll
2006-12-06 03:34 37,888 --a------ C:\WINNT\system32\hhsetup.dll
2006-12-06 03:34 37,648 --a------ C:\WINNT\system32\hostmib.dll
2006-12-06 03:34 28,944 --a------ C:\WINNT\system32\iasacct.dll
2006-12-06 03:34 269,584 --a------ C:\WINNT\system32\iassdo.dll
2006-12-06 03:34 245,008 --a------ C:\WINNT\system32\icm32.dll
2006-12-06 03:34 21,776 --------- C:\WINNT\system32\HTICONS.DLL
2006-12-06 03:34 20,752 --a------ C:\WINNT\system32\iasperf.dll
2006-12-06 03:34 18,192 --a------ C:\WINNT\system32\hid.dll
2006-12-06 03:34 122,128 --a------ C:\WINNT\system32\idq.dll
2006-12-06 03:34 100,624 --a------ C:\WINNT\system32\iassam.dll
2006-12-06 03:34 10,752 --a------ C:\WINNT\hh.exe
2006-12-06 03:33 77,584 --------- C:\WINNT\system32\gpresult.exe
2006-12-06 03:33 305,424 --a------ C:\WINNT\system32\gpedit.dll
2006-12-06 03:33 233,744 --a------ C:\WINNT\system32\GDI32.DLL
2006-12-06 03:33 163,088 --a------ C:\WINNT\system32\h323msp.dll
2006-12-06 03:33 118,544 --a------ C:\WINNT\system32\gptext.dll
2006-12-06 03:32 98,576 --a------ C:\WINNT\system32\evntagnt.dll
2006-12-06 03:32 94,992 --a------ C:\WINNT\system32\FAXSVC.EXE
2006-12-06 03:32 92,944 --a------ C:\WINNT\system32\faxadmin.dll
2006-12-06 03:32 90,384 --a------ C:\WINNT\system32\evntwin.exe
2006-12-06 03:32 80,144 --a------ C:\WINNT\system32\faxcom.dll
2006-12-06 03:32 55,568 --a------ C:\WINNT\system32\esentutl.exe
2006-12-06 03:32 50,448 --a------ C:\WINNT\system32\fdeploy.dll
2006-12-06 03:32 498,205 --a------ C:\WINNT\system32\dxmasf.dll
2006-12-06 03:32 47,888 --a------ C:\WINNT\system32\EVENTLOG.DLL
2006-12-06 03:32 380,957 --a------ C:\WINNT\system32\expsrv.dll
2006-12-06 03:32 294,672 --a------ C:\WINNT\system32\filemgmt.dll
2006-12-06 03:32 265,488 --a------ C:\WINNT\system32\dxmrtp.dll
2006-12-06 03:32 25,872 --a------ C:\WINNT\system32\findstr.exe
2006-12-06 03:32 243,472 --a------ C:\WINNT\explorer.exe
2006-12-06 03:32 233,232 --a------ C:\WINNT\system32\es.dll
2006-12-06 03:32 200,976 --a------ C:\WINNT\system32\FONTEXT.DLL
2006-12-06 03:32 187,152 --a------ C:\WINNT\system32\eudcedit.exe
2006-12-06 03:32 185,616 --a------ C:\WINNT\system32\faxt30.dll
2006-12-06 03:32 157,968 --a------ C:\WINNT\system32\els.dll
2006-12-06 03:32 15,120 --a------ C:\WINNT\system32\faxdrv.dll
2006-12-06 03:32 138,000 --a------ C:\WINNT\system32\faxui.dll
2006-12-06 03:32 1,785,160 -ra------ C:\WINNT\system32\dtcsetup.exe
2006-12-06 03:32 1,135,376 --a------ C:\WINNT\system32\esent.dll
2006-12-06 03:30 92,944 --a------ C:\WINNT\system32\dskquota.dll
2006-12-06 03:30 92,432 --a------ C:\WINNT\system32\dnsrslvr.dll
2006-12-06 03:30 90,384 --a------ C:\WINNT\system32\CRYPTDLG.DLL
2006-12-06 03:30 76,048 --a------ C:\WINNT\system32\cryptsvc.dll
2006-12-06 03:30 74,512 --a------ C:\WINNT\system32\dsauth.dll
2006-12-06 03:30 7,440 --a------ C:\WINNT\system32\control.exe
2006-12-06 03:30 625,936 --a------ C:\WINNT\system32\comuid.dll
2006-12-06 03:30 62,224 --a------ C:\WINNT\system32\dfrgfat.exe
2006-12-06 03:30 5,904 --a------ C:\WINNT\system32\dllhst3g.exe
2006-12-06 03:30 479,504 --a------ C:\WINNT\system32\CRYPT32.DLL
2006-12-06 03:30 443,664 --a------ C:\WINNT\system32\CRYPTUI.DLL
2006-12-06 03:30 44,304 --a------ C:\WINNT\system32\cryptdll.dll
2006-12-06 03:30 43,280 --a------ C:\WINNT\system32\dmutil.dll
2006-12-06 03:30 43,280 --a------ C:\WINNT\system32\CRYPTNET.DLL
2006-12-06 03:30 42,768 --a------ C:\WINNT\system32\dfrgsnap.dll
2006-12-06 03:30 41,744 --a------ C:\WINNT\system32\dsfolder.dll
2006-12-06 03:30 33,040 --------- C:\WINNT\system32\dbnmpntw.dll
2006-12-06 03:30 33,040 --------- C:\WINNT\system32\dbmsspxn.dll
2006-12-06 03:30 33,040 --------- C:\WINNT\system32\dbmsadsn.dll
2006-12-06 03:30 316,176 --a------ C:\WINNT\system32\dmconfig.dll
2006-12-06 03:30 306,448 --a------ C:\WINNT\system32\dhcpmon.dll
2006-12-06 03:30 299,792 --a------ C:\WINNT\system32\dsprop.dll
2006-12-06 03:30 28,944 --a------ C:\WINNT\system32\dssec.dll
2006-12-06 03:30 28,944 --------- C:\WINNT\system32\dbmsvinn.dLL
2006-12-06 03:30 28,944 --------- C:\WINNT\system32\dbmsrpcn.dll
2006-12-06 03:30 27,097 --a------ C:\WINNT\system32\country.sys
2006-12-06 03:30 25,872 --a------ C:\WINNT\system32\conime.exe
2006-12-06 03:30 242,960 --a------ C:\WINNT\system32\cscui.dll
2006-12-06 03:30 24,848 --a------ C:\WINNT\system32\ds32gt.dll
2006-12-06 03:30 221,968 --a------ C:\WINNT\system32\devmgr.dll
2006-12-06 03:30 22,800 --a------ C:\WINNT\system32\dfsshlex.dll
2006-12-06 03:30 219,920 --a------ C:\WINNT\system32\confmsp.dll
2006-12-06 03:30 174,864 --a------ C:\WINNT\system32\dmdlgs.dll
2006-12-06 03:30 163,600 --a------ C:\WINNT\system32\dmdskmgr.dll
2006-12-06 03:30 163,088 --a------ C:\WINNT\system32\dbghelp.dll
2006-12-06 03:30 16,144 --a------ C:\WINNT\system32\diskcopy.dll
2006-12-06 03:30 157,456 --a------ C:\WINNT\system32\dsquery.dll
2006-12-06 03:30 147,728 --a------ C:\WINNT\system32\dmadmin.exe
2006-12-06 03:30 146,192 --a------ C:\WINNT\system32\dskquoui.dll
2006-12-06 03:30 145,680 --a------ C:\WINNT\system32\DSSBASE.DLL
2006-12-06 03:30 14,096 --a------ C:\WINNT\system32\diskperf.exe
2006-12-06 03:30 13,072 --a------ C:\WINNT\system32\dmintf.dll
2006-12-06 03:30 122,368 --a------ C:\WINNT\system32\dmdskres.dll
2006-12-06 03:30 12,048 --a------ C:\WINNT\system32\dmserver.dll
2006-12-06 03:30 113,936 --a------ C:\WINNT\system32\DCOMCNFG.EXE
2006-12-06 03:30 110,864 --a------ C:\WINNT\system32\dsuiext.dll
2006-12-06 03:30 101,136 --a------ C:\WINNT\system32\cscdll.dll
2006-12-06 03:30 10,512 --a------ C:\WINNT\system32\dmremote.exe

 

Combofix Part 5:

2006-12-06 03:29 96,016 --a------ C:\WINNT\system32\clbcatex.dll
2006-12-06 03:29 89,360 --a------ C:\WINNT\system32\comrepl.dll
2006-12-06 03:29 82,704 --a------ C:\WINNT\system32\cmnquery.dll
2006-12-06 03:29 61,712 --------- C:\WINNT\system32\cliconfg.dll
2006-12-06 03:29 55,568 --a------ C:\WINNT\system32\CLUSAPI.DLL
2006-12-06 03:29 510,224 --a------ C:\WINNT\system32\clbcatq.dll
2006-12-06 03:29 50,620 --------- C:\WINNT\system32\command.com
2006-12-06 03:29 45,328 --a------ C:\WINNT\system32\cmstp.exe
2006-12-06 03:29 37,648 --a------ C:\WINNT\system32\colbact.dll
2006-12-06 03:29 37,136 --------- C:\WINNT\system32\cliconfg.exe
2006-12-06 03:29 36,112 --a------ C:\WINNT\system32\cipher.exe
2006-12-06 03:29 3,856 --a------ C:\WINNT\system32\COMCAT.DLL
2006-12-06 03:29 236,304 --a------ C:\WINNT\system32\CMD.EXE
2006-12-06 03:29 22,288 --a------ C:\WINNT\system32\cmutil.dll
2006-12-06 03:29 193,808 --a------ C:\WINNT\system32\cmdial32.dll
2006-12-06 03:29 159,807 --a------ C:\WINNT\system32\cmprops.dll
2006-12-06 03:29 156,944 --a------ C:\WINNT\system32\ciadmin.dll
2006-12-06 03:29 130,832 --a------ C:\WINNT\system32\CLUSTER.EXE
2006-12-06 03:29 13,072 --a------ C:\WINNT\system32\CHKNTFS.EXE
2006-12-06 03:29 1,448,208 --a------ C:\WINNT\system32\comsvcs.dll
2006-12-06 03:28 8,976 --a------ C:\WINNT\system32\autolfn.exe
2006-12-06 03:28 78,608 --a------ C:\WINNT\system32\avifil32.dll
2006-12-06 03:28 75,544 --a------ C:\WINNT\system32\cdm.dll
2006-12-06 03:28 7,440 --a------ C:\WINNT\system32\c_is2022.dll
2006-12-06 03:28 68,880 --a------ C:\WINNT\system32\browser.dll
2006-12-06 03:28 591,120 --a------ C:\WINNT\system32\catsrvut.dll
2006-12-06 03:28 568,592 --a------ C:\WINNT\system32\autofmt.exe
2006-12-06 03:28 422,160 --a------ C:\WINNT\system32\certmgr.dll
2006-12-06 03:28 42,256 --a------ C:\WINNT\system32\BASESRV.DLL
2006-12-06 03:28 402,704 --a------ C:\WINNT\system32\cdonts.dll
2006-12-06 03:28 31,504 --a------ C:\WINNT\system32\atmlib.dll
2006-12-06 03:28 291,888 --a------ C:\WINNT\system32\atmfd.dll
2006-12-06 03:28 226,576 --a------ C:\WINNT\system32\avtapi.dll
2006-12-06 03:28 20,752 --a------ C:\WINNT\system32\batmeter.dll
2006-12-06 03:28 2,531,088 --a------ C:\WINNT\system32\cdosys.dll
2006-12-06 03:28 166,160 --a------ C:\WINNT\system32\catsrv.dll
2006-12-06 03:28 135,440 --a------ C:\WINNT\system32\certcli.dll
2006-12-06 03:28 127,760 --a------ C:\WINNT\system32\capesnpn.dll
2006-12-06 03:27 78,096 --a------ C:\WINNT\system32\aclui.dll
2006-12-06 03:27 74,810 --a------ C:\WINNT\system32\atl.dll
2006-12-06 03:27 62,736 --a------ C:\WINNT\system32\adsmsext.dll
2006-12-06 03:27 23,824 --a------ C:\WINNT\system32\at.exe
2006-12-06 03:27 224,016 --a------ C:\WINNT\system32\appmgr.dll
2006-12-06 03:27 201,488 --a------ C:\WINNT\system32\adsnt.dll
2006-12-06 03:27 182,032 --a------ C:\WINNT\system32\activeds.dll
2006-12-06 03:27 164,112 --a------ C:\WINNT\system32\adsnds.dll
2006-12-06 03:27 150,800 --a------ C:\WINNT\system32\accwiz.exe
2006-12-06 03:27 143,632 --a------ C:\WINNT\system32\ASYCFILT.DLL
2006-12-06 03:27 14,096 --a------ C:\WINNT\system32\atkctrs.dll
2006-12-06 03:27 133,904 --a------ C:\WINNT\system32\adsldpc.dll
2006-12-06 03:27 125,712 --a------ C:\WINNT\system32\adsldp.dll
2006-12-06 03:27 120,592 --a------ C:\WINNT\system32\appmgmts.dll
2006-12-06 03:27 112,400 --a------ C:\WINNT\system32\adsnw.dll
2006-12-06 02:39 83,096 --a------ C:\WINNT\system32\SSSensor.dll
2006-12-06 02:39 60,496 --a------ C:\WINNT\system32\drivers\Teefer.sys
2006-12-06 02:39 21,075 --a------ C:\WINNT\system32\drivers\wpsdrvnt.sys
2006-12-06 02:39 14,568 --a------ C:\WINNT\system32\drivers\wg6n.sys
2006-12-06 02:39 14,568 --a------ C:\WINNT\system32\drivers\wg5n.sys
2006-12-06 02:39 14,568 --a------ C:\WINNT\system32\drivers\wg4n.sys
2006-12-06 02:39 14,568 --a------ C:\WINNT\system32\drivers\wg3n.sys
2006-12-06 02:38 <DIR> d-------- C:\Program Files\Sygate
2006-12-05 23:58 2,855 --a------ C:\WINNT\system32\eraseme_01628.PIF
2006-12-05 20:13 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2006-12-05 18:59 0 --a------ C:\WINNT\system32\aegent.exe
2006-12-05 16:42 0 --a------ C:\WINNT\system32\ygl.exe
2006-12-05 07:33 <DIR> d-------- C:\eGames
2006-12-05 06:07 1,306,347 --a------ C:\popupkiller229.exe
2006-12-05 05:05 6,416 --a------ C:\WINNT\system32\kbd101a.dll
2006-12-05 05:00 8,464 --a------ C:\WINNT\system32\kbdkor.dll
2006-12-05 05:00 6,928 --a------ C:\WINNT\system32\kbd101c.dll
2006-12-05 05:00 6,416 --a------ C:\WINNT\system32\kbd103.dll
2006-12-05 05:00 6,416 --a------ C:\WINNT\system32\kbd101b.dll
2006-12-05 04:40 <DIR> d-ah----- C:\Program Files\WindowsUpdate
2006-12-05 03:56 <DIR> d-------- C:\Program Files\windows media player
2006-12-05 03:54 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-12-05 03:46 <DIR> d-------- C:\SDFix
2006-12-05 03:45 682,428 --a------ C:\SDFix.exe
2006-12-04 15:38 <DIR> d-------- C:\hjt
2006-12-04 15:09 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-04 15:09 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-12-04 15:02 2,855,080 --a------ C:\aawsepersonal_1.06.exe
2006-12-04 07:51 <DIR> d-------- C:\Program Files\WinZip
2006-12-04 06:40 1,803,464 --a------ C:\winzip81.exe
2006-12-04 05:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-04 05:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-04 05:15 5,037,072 --a------ C:\spybotsd14.exe
2006-12-04 04:48 <DIR> d-------- C:\New Folder (2)
2006-12-03 18:52 <DIR> d-------- C:\cdwinntsetup
2006-12-03 03:07 <DIR> d-------- C:\WINNT\system32\ActiveScan
2006-12-02 15:34 <DIR> dr-h----- C:\$VAULT$.AVG
2006-12-02 14:22 <DIR> d--hs---- C:\Folder Settings
2006-12-01 04:15 68,608 --------- C:\WINNT\system32\logagent.exe
2006-12-01 04:15 28,160 --------- C:\WINNT\system32\laprxy.dll
2006-11-30 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Help
2006-11-30 17:45 <DIR> d-------- C:\temp
2006-11-30 15:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-11-30 15:27 <DIR> d-------- C:\Program Files\Common Files\Real
2006-11-30 15:26 304,128 --------- C:\WINNT\IsUninst.exe
2006-11-30 14:32 39,696 --a------ C:\WINNT\system32\FTP.EXE
2006-11-29 19:53 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2006-11-29 02:03 <DIR> d-------- C:\WINNT\RegisteredPackages
2006-11-29 01:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-11-29 00:39 499,712 --------- C:\WINNT\system32\msvcp71.dll
2006-11-29 00:39 4,960 --------- C:\WINNT\system32\drivers\avgtdi.sys
2006-11-29 00:39 4,224 --------- C:\WINNT\system32\drivers\avg7rsw.sys
2006-11-29 00:39 348,160 --------- C:\WINNT\system32\msvcr71.dll
2006-11-29 00:39 3,968 --------- C:\WINNT\system32\drivers\avgclean.sys
2006-11-29 00:39 28,416 --------- C:\WINNT\system32\drivers\avg7rsxp.sys
2006-11-29 00:39 26,880 --------- C:\WINNT\system32\drivers\avg7rsnt.sys
2006-11-29 00:39 18,240 --------- C:\WINNT\system32\drivers\avgmfx86.sys
2006-11-29 00:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2006-11-29 00:38 816,672 --------- C:\WINNT\system32\drivers\avg7core.sys
2006-11-29 00:38 <DIR> d-------- C:\Program Files\Grisoft
2006-11-29 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2006-11-29 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-11-29 00:02 <DIR> dr-h----- C:\Documents and Settings\Administrator\Recent
2006-11-29 00:02 <DIR> dr------- C:\Documents and Settings\Administrator\Favorites
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Templates
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\SendTo
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\PrintHood
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\NetHood
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Local Settings
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\.
2006-11-29 00:02 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data
2006-11-29 00:02 <DIR> d---s---- C:\Documents and Settings\Administrator\Cookies
2006-11-29 00:02 <DIR> d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Start Menu
2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\My Documents
2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Desktop
2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\..
2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\..

 

ComboFix part Six:

2006-11-29 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\.
2006-11-28 23:19 <DIR> d-------- C:\WINNT\system32\Macromed
2006-11-28 21:53 <DIR> d--h----- C:\WINNT\msdownld.tmp
2006-11-28 21:53 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-11-28 21:52 <DIR> d-a------ C:\WUTemp
2006-11-28 17:17 <DIR> d-------- C:\WINNT\system32\Microsoft
2006-11-28 16:21 30,480 --a------ C:\WINNT\system32\SNMP.EXE
2006-11-28 16:10 21,776 --a------ C:\WINNT\system32\LPDSVC.DLL
2006-11-28 15:42 <DIR> d-------- C:\WINNT\SoftwareDistribution
2006-11-21 23:34 <DIR> d-------- C:\WINNT\system32\DirectX
2006-11-21 23:33 98,816 --------- C:\WINNT\system32\dpnmodem.dll
2006-11-21 23:33 961,024 --a------ C:\WINNT\system32\quartz.dll
2006-11-21 23:33 93,696 --a------ C:\WINNT\system32\dmusic.dll
2006-11-21 23:33 90,112 --a------ C:\WINNT\system32\d3dref.dll
2006-11-21 23:33 89,600 --------- C:\WINNT\system32\dpnlobby.dll
2006-11-21 23:33 785,408 --a------ C:\WINNT\system32\d3dim700.dll
2006-11-21 23:33 78,848 --------- C:\WINNT\system32\dmscript.dll
2006-11-21 23:33 77,824 --------- C:\WINNT\system32\dpvacm.dll
2006-11-21 23:33 77,824 --------- C:\WINNT\system32\dpnaddr.dll
2006-11-21 23:33 734,208 --------- C:\WINNT\system32\qedwipes.dll
2006-11-21 23:33 7,680 --------- C:\WINNT\system32\d3d8thk.dll
2006-11-21 23:33 66,560 --------- C:\WINNT\system32\dsdmoprp.dll
2006-11-21 23:33 65,536 --a------ C:\WINNT\system32\dpwsockx.dll
2006-11-21 23:33 62,976 --a------ C:\WINNT\system32\amstream.dll
2006-11-21 23:33 601,088 --a------ C:\WINNT\system32\dx7vb.dll
2006-11-21 23:33 60,928 --------- C:\WINNT\system32\dpnsvr.exe
2006-11-21 23:33 6,400 --a------ C:\WINNT\system32\drivers\mskssrv.sys
2006-11-21 23:33 591,120 --a------ C:\WINNT\system32\d3dramp.dll
2006-11-21 23:33 59,904 --a------ C:\WINNT\system32\dmcompos.dll
2006-11-21 23:33 59,392 --a------ C:\WINNT\system32\gcdef.dll
2006-11-21 23:33 53,520 --a------ C:\WINNT\system32\dpserial.dll
2006-11-21 23:33 515,584 --------- C:\WINNT\system32\qedit.dll
2006-11-21 23:33 50,688 --a------ C:\WINNT\system32\devenum.dll
2006-11-21 23:33 49,424 --a------ C:\WINNT\system32\d3dxof.dll
2006-11-21 23:33 45,056 --------- C:\WINNT\system32\dimap.dll
2006-11-21 23:33 446,224 --a------ C:\WINNT\system32\d3dim.dll
2006-11-21 23:33 42,768 --a------ C:\WINNT\system32\dpwsock.dll
2006-11-21 23:33 41,792 --a------ C:\WINNT\system32\drivers\stream.sys
2006-11-21 23:33 4,896 --a------ C:\WINNT\system32\drivers\mstee.sys
2006-11-21 23:33 4,800 --a------ C:\WINNT\system32\drivers\mspclock.sys
2006-11-21 23:33 4,096 --a------ C:\WINNT\system32\ksuser.dll
2006-11-21 23:33 37,648 --a------ C:\WINNT\system32\d3dpmesh.dll
2006-11-21 23:33 364,816 --a------ C:\WINNT\system32\d3drm.dll
2006-11-21 23:33 36,864 --a------ C:\WINNT\system32\dplaysvr.exe
2006-11-21 23:33 346,624 --a------ C:\WINNT\system32\qdvd.dll
2006-11-21 23:33 330,752 --a------ C:\WINNT\system32\dsound.dll
2006-11-21 23:33 33,792 --a------ C:\WINNT\system32\mciqtz32.dll
2006-11-21 23:33 33,040 --a------ C:\WINNT\system32\dplay.dll
2006-11-21 23:33 31,232 --a------ C:\WINNT\system32\dmloader.dll
2006-11-21 23:33 306,176 --------- C:\WINNT\system32\diactfrm.dll
2006-11-21 23:33 3,456 --a------ C:\WINNT\system32\drivers\swenum.sys
2006-11-21 23:33 29,184 --a------ C:\WINNT\system32\pid.dll
2006-11-21 23:33 271,872 --------- C:\WINNT\system32\dpvoice.dll
2006-11-21 23:33 26,112 --a------ C:\WINNT\system32\dmband.dll
2006-11-21 23:33 256,000 --a------ C:\WINNT\system32\ddraw.dll
2006-11-21 23:33 244,224 --------- C:\WINNT\system32\mswebdvd.dll
2006-11-21 23:33 231,936 --a------ C:\WINNT\system32\dplayx.dll
2006-11-21 23:33 229,888 --a------ C:\WINNT\system32\qdv.dll
2006-11-21 23:33 225,792 --------- C:\WINNT\system32\dpnet.dll
2006-11-21 23:33 21,504 --a------ C:\WINNT\system32\dpmodemx.dll
2006-11-21 23:33 181,760 --------- C:\WINNT\system32\d3dref8.dll
2006-11-21 23:33 176,128 --------- C:\WINNT\system32\dsdmo.dll
2006-11-21 23:33 175,616 --------- C:\WINNT\system32\dpvvox.dll
2006-11-21 23:33 169,472 --a------ C:\WINNT\system32\dmime.dll
2006-11-21 23:33 167,424 --a------ C:\WINNT\system32\qcap.dll
2006-11-21 23:33 162,816 --------- C:\WINNT\system32\dinput8.dll
2006-11-21 23:33 15,872 --------- C:\WINNT\system32\dswave.dll
2006-11-21 23:33 146,432 --------- C:\WINNT\system32\qasf.dll
2006-11-21 23:33 143,872 --a------ C:\WINNT\system32\dinput.dll
2006-11-21 23:33 130,560 --a------ C:\WINNT\system32\dmsynth.dll
2006-11-21 23:33 121,344 --a------ C:\WINNT\system32\drivers\ks.sys
2006-11-21 23:33 116,224 --------- C:\WINNT\system32\dpvsetup.exe
2006-11-21 23:33 111,616 --------- C:\WINNT\system32\dpnwsock.dll
2006-11-21 23:33 110,592 --a------ C:\WINNT\system32\dmstyle.dll
2006-11-21 23:33 11,264 --------- C:\WINNT\system32\msdmo.dll
2006-11-21 23:33 10,064 --a------ C:\WINNT\system32\drivers\dxapi.sys
2006-11-21 23:33 1,769,472 --a------ C:\WINNT\system32\dxdiag.exe
2006-11-21 23:33 1,294,336 --a------ C:\WINNT\system32\dsound3d.dll
2006-11-21 23:33 1,069,056 --------- C:\WINNT\system32\dx8vb.dll
2006-11-21 23:33 1,036,288 --------- C:\WINNT\system32\d3d8.dll
2006-11-21 23:33 <DIR> d-------- C:\Program Files\directx
2006-11-19 13:11 72,704 -r------- C:\WINNT\system32\cmedia32.dll
2006-11-19 13:11 54,816 -r------- C:\WINNT\system32\drivers\cmedia.sys
2006-11-19 03:56 212,480 --------- C:\WINNT\PCDLIB32.DLL
2006-11-19 03:56 163,840 --------- C:\WINNT\system32\PhotoImpression Screen Saver.scr
2006-11-19 03:53 <DIR> d-------- C:\Program Files\ArcSoft
2006-11-15 15:45 13,232 --a------ C:\WINNT\system32\drivers\ccdecode.sys
2006-11-15 15:39 73,728 --------- C:\WINNT\system32\mr310ipc.dll
2006-11-15 15:39 36,864 --------- C:\WINNT\system32\mr310exv.dll
2006-11-15 15:39 352,256 --------- C:\WINNT\system32\ijl15.dll
2006-11-15 15:39 28,672 --------- C:\WINNT\system32\mr310exd.dll
2006-11-15 15:39 127,574 --------- C:\WINNT\system32\drivers\MR97310c.sys
2006-11-15 15:39 102,400 --------- C:\WINNT\system32\mr310ifc.dll
2006-11-15 15:39 <DIR> d-------- C:\Program Files\MARS
2006-11-15 12:58 <DIR> d-------- C:\Program Files\Encore
2006-11-15 12:37 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-11-15 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-11-15 12:30 29,696 --a------ C:\WINNT\system32\Addon2VB.dll
2006-11-13 15:59 44,816 --a------ C:\WINNT\system32\cnbjmon.dll
2006-11-07 20:18 16,144 --a------ C:\WINNT\system32\drivers\modemcsa.sys
2006-11-07 20:01 <DIR> d-------- C:\WINNT\Minidump
2006-11-07 19:56 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-11-07 19:56 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-11-07 19:55 73,872 --a------ C:\WINNT\system32\drivers\wdmaud.sys
2006-11-07 19:55 53,552 --a------ C:\WINNT\system32\drivers\swmidi.sys
2006-11-07 19:55 51,152 --a------ C:\WINNT\system32\drivers\dmusic.sys
2006-11-07 19:55 47,568 --a------ C:\WINNT\system32\drivers\sysaudio.sys
2006-11-07 19:55 2,832 --a------ C:\WINNT\system32\drivers\msmpu401.sys
2006-11-07 19:55 148,304 --a------ C:\WINNT\system32\drivers\kmixer.sys
2006-11-07 19:54 148,208 --a------ C:\WINNT\system32\drivers\portcls.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-06 04:38 -------- d-------- C:\Program Files\Windows NT
2006-12-06 04:30 -------- d-------- C:\Program Files\NetMeeting
2006-12-06 04:29 -------- d-------- C:\Program Files\Outlook Express
2006-12-06 00:38 -------- d-------- C:\Program Files\Internet Explorer
2006-12-01 16:16 -------- d-------- C:\Program Files\Common Files
2006-12-01 04:15 -------- d-------- C:\Program Files\Common Files\System
2006-12-01 04:15 -------- d-------- C:\Program Files\Common Files\Services
2006-12-01 04:14 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-03 20:41 -------- d-------- C:\Program Files\AllInHoldEm
2006-10-26 16:20 0 --------- C:\AUTOEXEC.BAT
2006-10-23 14:21 0 --------- C:\MSDOS.SYS
2006-10-23 14:21 0 --------- C:\IO.SYS
2006-10-23 14:21 0 --------- C:\CONFIG.SYS
2006-10-23 14:17 271 --------- C:\Program Files\desktop.ini
2006-10-23 14:17 21952 --------- C:\Program Files\folder.htt
2006-10-23 14:15 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-23 09:12 -------- d-------- C:\Program Files\Accessories
2006-10-23 08:58 -------- d-------- C:\Program Files\Common Files\ODBC


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager "= "mobsync.exe /logon "
"AVG7_CC "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP "
"SmcService "= "C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000003
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00002002
"Position "=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3c,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo "=hex:18,00,00,00,68,02,00,00,1f,00,00,00,a8,00,00,00,9e,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run "= "C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop "= "C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000095

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray "= "{7007ACCF-3202-11D1-AAD2-00805FC1270E} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061205-131353-875
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
backup-20061205-131353-668
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program Files\TimeSink\AdGateway\TSAdBot.exe "
backup-20061205-125303-448
O23 - Service: Windows System Controller - Unknown owner - C:\WINNT\System.exe (file missing)
backup-20061205-125303-144
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
backup-20061205-125303-252
O23 - Service: User Mode Driver-Manager - Unknown owner - C:\WINNT\wdfmgrr.exe (file missing)
backup-20061205-125303-289
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
backup-20061205-125302-415
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
backup-20061205-125302-276
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
backup-20061205-125302-880
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
backup-20061205-125302-897
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
backup-20061205-125302-980
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL (file missing)
Completion time: Wed 2006-12-06 13:38:18.52
C:\ComboFix.txt ... 06-12-06 13:38

 

Results For Silent Runners are here; I was careful to ensure I ran the supplementary scan.

Tried the missing file load for kill box but it will only allow me to put 2 files in the dropdown box.... I am sure I am not doing something right but I did ensure "all files" was selected and "delete on reboot" as well.

Silent Runners:

"Silent Runners.vbs ", revision 49, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" [ "GRISOFT, s.r.o."]
"SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" [ "Sygate Technologies, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" [ "Hilgraeve, Inc."]
"{06712C80-5BDC-11D4-B8EE-B5DE61CA987B}" = "Exte "
-> {HKLM...CLSID} = "Exte "
\InProcServer32\(Default) = "C:\Program Files\Muzip\MuzipExt.dll" [file not found]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension "
-> {HKLM...CLSID} = "AVG7 Find Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
Muzip\(Default) = "{06712C80-5BDC-11D4-B8EE-B5DE61CA987B} "
-> {HKLM...CLSID} = "Exte "
\InProcServer32\(Default) = "C:\Program Files\Muzip\MuzipExt.dll" [file not found]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
Muzip\(Default) = "{06712C80-5BDC-11D4-B8EE-B5DE61CA987B} "
-> {HKLM...CLSID} = "Exte "
\InProcServer32\(Default) = "C:\Program Files\Muzip\MuzipExt.dll" [file not found]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "
-> {HKLM...CLSID} = "AVG7 Shell Extension Class "
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" [ "GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "(None) "

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "My Current Home Page "
"Source" = "About:Home "
"SubscribedURL" = "About:Home "


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" [ "GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" [ "GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" [ "GRISOFT, s.r.o."]
Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" [ "Sygate Technologies, Inc."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 45 seconds.
---------- (total run time: 300 seconds)

 

Holy long ComboFix log Batman!!

I'll get to this later tonite, when the house is quite.

OK, lets disable TeaTimer for now.

• Run Spybot-S&D
• Go to the Mode menu, and make sure Advanced Mode is selected
• On the left hand side, choose Tools -> Resident
• Uncheck Resident TeaTimer and OK any prompts

You can reenable TeaTimer once your system is clean.

Then go and wipe out all the recent settings so next time we enable it, it will have a 'clean' point to start from.

• Browse to:C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots
• Delete all the files inside the folder Snapshots.

The Tea timer will take a fresh snapshot and recreate these files when it is restarted.

 

Ok, after much Googling I have found a few more files which are suspiscious enough to warrant deletion.

Btw, next time remind me to advise users on holding off from hitting Windows update. It makes for one helluva long ComboFix log.

Fire up Killbox again and use it on the following files:
C:\popupkiller229.exe
C:\WINNT\system32\ygl.exe
C:\WINNT\system32\aegent.exe
C:\WINNT\system32\eraseme_01628.PIF

I also have one question about something called 'MuZip'? It appears to perhaps be some sort of compression tool??

If you're not aware of what it is, just uninstall it.


Then lets get another HJT log file and a report on how the machine is behaving.

 

Ok. I think you're right, load as little software as possible before you run that monster.....

I am still having a little trouble with killbox. It seems to be only allowing me to past two files in the list box, I have selected "all Files" but it just isn't working....so two at a time then....

It's worth the time.

Be back soon

Mitchell

 

Well, where ever you go...there you are.

Got the kill box thing done. I wasn't sure it did anything but it must have because those files are gone.

Here is the HJT File:

Logfile of HijackThis v1.99.1
Scan saved at 2:26:19 AM, on 12/7/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\hjt\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164750140072
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Hope you had a good night's sleep and an easy day at work.

Mitchell