Member Avatar for kevin wood

look at next post sorry.

  • 2 Contributors
  • 16 Replies
  • 135 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by crunchie

Recommended Answers

All 16 Replies

Member Avatar for kevin wood

I have ran Hijackthis, SDfix and Combofix. i now need someone to help with getting rid of the rest of the viruses infecting the computer. I will post all the report logs as replies to the thread any help is needed greatly i do not understand what the logs are telling me.

Member Avatar for kevin wood

SDFix: Version 1.196
Run by Admin on 24/06/2008 at 16:28

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
d130fa0b

Path :
\SystemRoot\System32\drivers\d130fa0b.sys

d130fa0b - Deleted

Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\geBtSJyy.dll - Deleted
C:\WINDOWS\system32\geBtSJyy.dll - Deleted
C:\WINDOWS\system32\jkcom32.dll - Deleted
C:\WINDOWS\system32\jzcom32.dll - Deleted
C:\WINDOWS\system32\sklh.dat - Deleted
C:\WINDOWS\system32\drivers\d130fa0b.sys - Deleted

Removing Temp Files

ADS Check :

C:\WINDOWS
:AFP_AfpInfo 60
Total size: 60 bytes.
WINDOWS: deleted 60 bytes in 1 streams.

Checking for remaining Streams

C:\WINDOWS
No streams found.

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 17:13:04
Windows 5.1.2600 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="ywypcmma.dll prtthtty.dll"
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

C:\Documents and Settings\Admin\ntuser.dat:AFP_AfpInfo 60 bytes hidden from API
C:\Documents and Settings\Admin\ntuser.dat.LOG:AFP_AfpInfo 60 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


Remaining Services :

Authorized Application Key Export:

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 15 Mar 2007 711,311 A.SH. --- "C:\WINDOWS\system32\bdeeg.bak1"
Mon 19 Mar 2007 721,369 A.SH. --- "C:\WINDOWS\system32\bdeeg.bak2"
Tue 24 Jun 2008 1,714,836 ..SH. --- "C:\WINDOWS\system32\dnrktfiw.tmp"
Tue 22 Apr 2008 3,293,209 A.SH. --- "C:\WINDOWS\system32\womabcsj.tmp"
Thu 30 Jun 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 7 Apr 2005 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 7 Apr 2005 12,888 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Mon 14 Apr 2008 1,038 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"
Thu 28 Sep 2006 47,104 A..H. --- "C:\Clients\Internet\3D Wealth Management\dev\supplied\~WRL1175.tmp"
Thu 28 Sep 2006 22,016 A..H. --- "C:\Clients\Internet\3D Wealth Management\dev\supplied\~WRL1539.tmp"
Thu 28 Sep 2006 47,104 A..H. --- "C:\Clients\Internet\3D Wealth Management\dev\supplied\~WRL1777.tmp"
Thu 28 Sep 2006 47,104 A..H. --- "C:\Clients\Internet\3D Wealth Management\dev\supplied\~WRL2811.tmp"
Thu 28 Sep 2006 47,104 A..H. --- "C:\Clients\Internet\3D Wealth Management\dev\supplied\~WRL3098.tmp"
Thu 7 Dec 2006 29,696 A..H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0002.tmp"
Tue 19 Dec 2006 29,696 A..H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0003.tmp"
Mon 8 Jan 2007 29,696 A..H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0004.tmp"
Fri 11 May 2007 29,696 ...H. --- "C:\Documents and Settings\Admin\Application Data\Microsoft\Word\~WRL0005.tmp"
Thu 5 Jul 2007 2,668 A..H. --- "C:\Program Files\Adobe\Illustrator 10\Plug-ins\KPT Vector Effects 1.5\MetaImage.dll"

Finished!

Member Avatar for kevin wood 
ComboFix 08-06-20.4 - Admin 2008-06-25 10:37:52.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.0.1252.1.1033.18.448 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.


C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\pskt.ini
.
---- Previous Run -------
.
C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\AcLlonpo.ini
C:\WINDOWS\system32\AcLlonpo.ini2
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\dnrktfiw.ini
C:\WINDOWS\system32\dnrktfiw.ini2
C:\WINDOWS\system32\dnrktfiw.tmp
C:\WINDOWS\system32\fokrilaq.ini
C:\WINDOWS\system32\gumqlcsq.ini
C:\WINDOWS\system32\hghtxiqr.ini
C:\WINDOWS\system32\hRCLlnpo.ini
C:\WINDOWS\system32\hRCLlnpo.ini2
C:\WINDOWS\system32\ikjmnqss.ini
C:\WINDOWS\system32\ikjmnqss.ini2
C:\WINDOWS\system32\iqpxjghu.ini
C:\WINDOWS\system32\joxwwsmd.ini
C:\WINDOWS\system32\kbxwdlnu.ini
C:\WINDOWS\system32\lbneltfk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\opnlLCRh.dll
C:\WINDOWS\system32\rvemwtca.ini
C:\WINDOWS\system32\tsYcdfii.ini
C:\WINDOWS\system32\tsYcdfii.ini2
C:\WINDOWS\system32\uxrorshk.ini
C:\WINDOWS\system32\uyainuly.ini
C:\WINDOWS\system32\wjoclcbp.ini
C:\WINDOWS\system32\xsnnnduj.ini


.
(((((((((((((((((((((((((   Files Created from 2008-05-25 to 2008-06-25  )))))))))))))))))))))))))))))))
.


2008-06-25 10:07 . 2008-06-25 10:07 294 ---hs----   C:\WINDOWS\system32\dnrktfiw.ini
2008-06-24 16:06 . 2008-06-24 16:06 <DIR>    d--------   C:\WINDOWS\ERUNT
2008-06-24 15:58 . 2008-06-24 17:23 <DIR>    d--------   C:\SDFix
2008-06-24 15:36 . 2008-06-24 15:36 105,472 --a------   C:\WINDOWS\system32\prtthtty.dll
2008-06-24 15:33 . 2008-06-24 15:33 81,920  --a------   C:\WINDOWS\system32\wiftkrnd.dll
2008-06-24 15:28 . 2008-06-24 15:28 91,136  --a------   C:\WINDOWS\system32\fxsyphxi.dll
2008-06-24 15:07 . 2008-06-24 15:07 <DIR>    d--------   C:\TEMP\PendMoves
2008-06-24 14:17 . 2008-06-24 14:18 <DIR>    d--------   C:\TEMP\ListDLLS
2008-06-24 14:13 . 2008-06-24 14:13 <DIR>    d--------   C:\Program Files\Common Files\PC Tools
2008-06-24 14:13 . 2008-06-24 14:13 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\PC Tools
2008-06-24 14:13 . 2008-06-02 15:19 159,880 --a------   C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-24 10:56 . 2008-06-24 10:57 <DIR>    d--------   C:\Program Files\iKnowPS
2008-06-24 10:02 . 2008-06-24 10:19 <DIR>    d--------   C:\spywarebegone
2008-06-24 10:02 . 2008-06-24 10:02 724,992 --a------   C:\WINDOWS\iun6002.exe
2008-06-24 10:02 . 2008-06-24 10:02 170 --a------   C:\WINDOWS\spywarebegone-fullversion-installed.html
2008-06-24 09:42 . 2008-06-24 09:58 <DIR>    d--------   C:\Program Files\SpyZooka
2008-06-24 09:40 . 2008-06-24 09:40 <DIR>    d--------   C:\Program Files\Common Files\Download Manager
2008-06-23 16:34 . 2008-06-23 16:34 81,408  --a------   C:\WINDOWS\system32\kftlenbl.dll
2008-06-23 16:33 . 2008-06-23 16:33 105,984 --a------   C:\WINDOWS\system32\Evil4
2008-06-23 16:33 . 2008-06-23 16:33 91,136  --a------   C:\WINDOWS\system32\Evil2
2008-06-23 16:33 . 2008-06-23 16:33 81,408  --a------   C:\WINDOWS\system32\jsovamal.dll
2008-06-23 16:31 . 2008-06-23 16:31 321,536 --a------   C:\WINDOWS\system32\Evil3
2008-06-23 16:27 . 2008-06-23 16:31 5,120   --a------   C:\waxd.exe
2008-06-23 16:00 . 2008-06-23 16:00 <DIR>    d--------   C:\Program Files\XoftSpySE
2008-06-23 13:46 . 2008-06-25 10:36 <DIR>    d--------   C:\Program Files\Spyware Doctor
2008-06-23 13:46 . 2008-06-23 13:46 <DIR>    d--------   C:\Documents and Settings\Admin\Application Data\PC Tools
2008-06-23 13:46 . 2008-06-10 21:22 81,288  --a------   C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-23 13:46 . 2008-06-02 15:19 66,952  --a------   C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-23 13:46 . 2008-06-02 15:19 42,376  --a------   C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-23 13:46 . 2008-06-02 15:19 29,576  --a------   C:\WINDOWS\system32\drivers\kcom.sys
2008-06-23 13:41 . 2008-06-24 15:41 <DIR>    d--------   C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 13:52 . 2008-06-20 13:52 <DIR>    d--------   C:\Program Files\Genometri
2008-06-10 13:12 . 2008-06-10 14:52 <DIR>    d--------   C:\Program Files\RegCure
2008-05-28 12:49 . 2008-05-28 12:49 <DIR>    d--------   C:\Program Files\Alwil Software


.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 09:36    ---------   d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-25 09:19    ---------   d-----w C:\Program Files\Microsoft AntiSpyware
2008-06-23 14:47    ---------   d-----w C:\Program Files\Password Spectator
2008-06-23 12:41    ---------   d-----w C:\Program Files\Google
2008-06-02 11:23    ---------   d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-05-22 14:54    ---------   d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-05-20 10:22    ---------   d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-20 10:22    ---------   d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-20 10:20    ---------   d-----w C:\Program Files\Norton 360
2008-05-20 10:19    ---------   d-----w C:\Program Files\Symantec
2008-04-30 10:17    ---------   d-----w C:\Program Files\Free FLV Converter
2008-04-22 08:59    3,293,209   --sha-w C:\WINDOWS\system32\womabcsj.tmp
2008-04-15 14:02    1,024   ----a-w C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll
2008-04-11 11:08    118,586 ----a-w C:\WINDOWS\Keyfinder Advanced 2007 (Trial Version) Uninstaller.exe
2008-02-19 11:34    69,416  ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-05-18 09:18    317,987 ----a-w C:\Program Files\setuplog.txt
.


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ae5b2c8-22ca-420c-b799-a1a506d436be}]
C:\WINDOWS\System32\iifdcYst.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7ab96bd2-217c-4b4f-9c13-396acff5d5b6}]
2008-06-24 15:36    105472  --a------   C:\WINDOWS\System32\prtthtty.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"="C:\spywarebegone\SpywareBeGone.exe" [2006-12-07 08:20 3712512]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 13:12 473928]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"Miramar Systems, Inc."="C:\Program Files\Miramar\PC MACLAN\atmsg.exe" [2003-05-30 15:14 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 09:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-05-10 17:04 11776]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-05 14:08 385024]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"bca17784"="C:\WINDOWS\System32\wiftkrnd.dll" [2008-06-24 15:33 81920]
"BMbf924418"="C:\WINDOWS\System32\fxsyphxi.dll" [2008-06-24 15:28 91136]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"CR55.EXE"="msnlive.exe" []


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-23 13:00 13312]


C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-04-07 09:25:17 110592]


C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-04-07 09:25:17 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-04-07 01:14:32 335872]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedb]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggdbcy]
hggdbcy.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqPiGWP]
ssqPiGWP.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ywypcmma.dll prtthtty.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MSUD"= msulvc06.dll
"VIDC.LAGS"= lagarith.dll


[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^TomTom HOME.lnk]
backup=C:\WINDOWS\pss\TomTom HOME.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe


R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-05-16 00:20]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-02 15:19]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\System32\DRIVERS\atalk.sys [2003-05-30 15:11]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\System32\DRIVERS\atfsd.sys [2003-05-30 15:17]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE [2003-05-30 14:57]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE [2003-05-30 15:05]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\System32\DRIVERS\AN983.sys [2001-08-17 12:11]
S2 ATMsg;AppleTalk Messenger;C:\Program Files\Miramar\PC MACLAN\ATMsg.exe [2003-05-30 15:14]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []


*Newly Created Service* - IKFILESEC
*Newly Created Service* - IKSYSFLT
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 16:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-25 09:07:41 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-10 12:12:37 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-25 09:07:41 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-06-24 10:30:22 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 10:41:37
Windows 5.1.2600  NTFS


scanning hidden processes ...


scanning hidden autostart entries ...


scanning hidden files ...



**************************************************************************
.
Completion time: 2008-06-25 10:51:22
ComboFix-quarantined-files.txt  2008-06-25 09:50:19


Pre-Run: 49,642,463,232 bytes free
Post-Run: 49,632,014,336 bytes free


189 --- E O F ---   2008-04-10 08:11:49
Edited by Nick Evan because: Fixed formatting
Member Avatar for kevin wood

Logfile of HijackThis v1.99.1
Scan saved at 10:52:34, on 25/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {6b5d5ffc-a693-31c9-f4b4-c7122db69ba7} - {7ab96bd2-217c-4b4f-9c13-396acff5d5b6} - C:\WINDOWS\System32\prtthtty.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [bca17784] rundll32.exe "C:\WINDOWS\System32\wiftkrnd.dll",b
O4 - HKLM\..\Run: [BMbf924418] Rundll32.exe "C:\WINDOWS\System32\fxsyphxi.dll",s
O4 - HKLM\..\RunServices: [CR55.EXE] msnlive.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - AppInit_DLLs: ywypcmma.dll prtthtty.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: hggdbcy - hggdbcy.dll (file missing)
O20 - Winlogon Notify: ssqPiGWP - ssqPiGWP.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

Member Avatar for crunchie

Hi Kevin. You are running an outdated version of hijackthis. Uninstall that one and install the latest. There is a link to it in the first sticky post in the forum.
You ran combofix twice so I do not know what was deleted on the first run. It is best that you do not run such tools unless advised to as well. Problems have arisen from doing so.

==

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

==

I am off to bed so will check back in about 7 hours.

Member Avatar for kevin wood

thanks for the reply i have just ran the malwarebytes program (might have got the name wrong) here is the log

Malwarebytes' Anti-Malware 1.18
Database version: 890

14:08:03 25/06/2008
mbam-log-6-25-2008 (14-08-03).txt

Scan type: Quick Scan
Objects scanned: 41238
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\wiftkrnd.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SystemErrorFixerDownloader (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bca17784 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMbf924418 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\wiftkrnd.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dnrktfiw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Evil3 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\waxd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fxsyphxi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

Member Avatar for kevin wood

here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:49, on 25/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {6b5d5ffc-a693-31c9-f4b4-c7122db69ba7} - {7ab96bd2-217c-4b4f-9c13-396acff5d5b6} - C:\WINDOWS\System32\prtthtty.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [CR55.EXE] msnlive.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: ywypcmma.dll prtthtty.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: hggdbcy - hggdbcy.dll (file missing)
O20 - Winlogon Notify: ssqPiGWP - ssqPiGWP.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10778 bytes

Member Avatar for crunchie

Please go here & install ALL critical updates required for your system, including service pack 1a for XP.
Most malware is designed to attack unpatched XP systems - exploiting the available 'holes' - and can bypass third-party protection on an unpatched system. The most that can be done with an unpatched system is put a temporary bandage on it. Your system can potentially be reinfected within minutes of cleaning it.
Post back a new hijackthis log after rebooting your system.

==

Scan with HijackThis and then place a check next to all the following, if present:


R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: {6b5d5ffc-a693-31c9-f4b4-c7122db69ba7} - {7ab96bd2-217c-4b4f-9c13-396acff5d5b6} - C:\WINDOWS\System32\prtthtty.dll

O4 - HKLM\..\RunServices: [CR55.EXE] msnlive.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O20 - AppInit_DLLs: ywypcmma.dll prtthtty.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: hggdbcy - hggdbcy.dll (file missing)
O20 - Winlogon Notify: ssqPiGWP - ssqPiGWP.dll (file missing)


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINDOWS\System32\prtthtty.dll

Search for...

msnlive.exe
prtthtty.dll

...using "Start | Search...".

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.

Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Member Avatar for kevin wood

here is the log after the service pack was installed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:16, on 26/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\spywarebegone\SpywareBeGone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: {6b5d5ffc-a693-31c9-f4b4-c7122db69ba7} - {7ab96bd2-217c-4b4f-9c13-396acff5d5b6} - C:\WINDOWS\System32\prtthtty.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [CR55.EXE] msnlive.exe
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - AppInit_DLLs: ywypcmma.dll prtthtty.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\
O20 - Winlogon Notify: hggdbcy - hggdbcy.dll (file missing)
O20 - Winlogon Notify: ssqPiGWP - ssqPiGWP.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 10699 bytes

Member Avatar for kevin wood

this msnlive.exe was not present on my system but this one prtthtty.dll was which i have deleted in safe mode it has now gone i will run hijackthis again now and post the log on here.

My comp is running the same as usual not errors or anything have came up as of yet anyway.

thanks for all your help.

Member Avatar for kevin wood

the latest log from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:23:37, on 26/06/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iKnowPS\iKnowPS.exe
C:\spywarebegone\SpywareBeGone.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Admin\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ae5b2c8-22ca-420c-b799-a1a506d436be} - C:\WINDOWS\System32\iifdcYst.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Miramar Systems, Inc.] C:\Program Files\Miramar\PC MACLAN\atmsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iKnowPS] C:\Program Files\iKnowPS\iKnowPS.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by111fd.bay111.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Admin/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 9860 bytes

Member Avatar for kevin wood

just ran a Malwarebytes scan and this is the log for that

Malwarebytes' Anti-Malware 1.18
Database version: 890

15:35:48 26/06/2008
mbam-log-6-26-2008 (15-35-48).txt

Scan type: Quick Scan
Objects scanned: 40271
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Member Avatar for crunchie

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Member Avatar for kevin wood

ComboFif log

ComboFix 08-06-20.4 - Admin 2008-06-27 10:44:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.431 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.

2008-06-27 10:16 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 10:09 . 2008-06-27 10:18 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-27 09:39 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\peernet
2008-06-26 16:47 . 2004-08-04 06:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-06-26 16:46 . 2004-08-04 08:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-06-26 16:45 . 2004-08-04 08:56 380,416 --------- C:\WINDOWS\system32\irprops.cpl
2008-06-26 16:44 . 2004-08-04 06:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-26 16:43 . 2004-08-04 08:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-26 16:42 . 2004-08-04 08:56 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-06-26 16:27 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-26 15:35 . 2008-06-27 10:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 15:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 14:41 . 2008-06-26 14:41 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-26 14:35 . 2008-06-27 10:33 13,646 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-26 13:32 . 2004-08-04 08:56 96,768 --a------ C:\WINDOWS\system32\dpcdll.dll
2008-06-26 13:28 . 2004-08-04 06:19 1,351,168 --a------ C:\WINDOWS\system32\mshtml.tlb
2008-06-26 13:27 . 2004-08-04 08:56 1,708,032 --a------ C:\WINDOWS\system32\netshell.dll
2008-06-26 13:26 . 2004-07-17 19:35 1,326,080 --a------ C:\WINDOWS\system32\webfldrs.msi
2008-06-26 13:23 . 2002-06-14 18:46 19,274 --a------ C:\WINDOWS\001253_.tmp
2008-06-26 12:42 . 2001-08-23 13:00 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-06-26 12:42 . 2001-08-23 13:00 29,338 --a------ C:\WINDOWS\system32\EULA.TXT.wga
2008-06-26 12:42 . 2001-08-23 13:00 27,136 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-06-26 12:12 . 2008-06-26 12:12 1,025 --a------ C:\XPChangeSerial.vbs
2008-06-26 10:42 . 2008-06-26 10:42 <DIR> d-------- C:\Program Files\HP
2008-06-26 10:42 . 2008-06-26 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-25 14:50 . 2008-06-25 14:51 <DIR> d-------- C:\Program Files\SIW
2008-06-25 13:49 . 2008-06-25 13:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 13:49 . 2008-06-25 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 13:49 . 2008-06-25 13:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-25 13:49 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 13:49 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 11:13 . 2008-06-25 11:13 <DIR> d-------- C:\VundoFix Backups
2008-06-24 16:06 . 2008-06-24 16:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-24 15:58 . 2008-06-24 17:23 <DIR> d-------- C:\SDFix
2008-06-24 15:07 . 2008-06-24 15:07 <DIR> d-------- C:\TEMP\PendMoves
2008-06-24 14:17 . 2008-06-24 14:18 <DIR> d-------- C:\TEMP\ListDLLS
2008-06-24 10:56 . 2008-06-25 14:59 <DIR> d-------- C:\Program Files\iKnowPS
2008-06-24 10:02 . 2008-06-24 10:19 <DIR> d-------- C:\spywarebegone
2008-06-24 10:02 . 2008-06-24 10:02 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-06-24 10:02 . 2008-06-24 10:02 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html
2008-06-24 09:42 . 2008-06-27 10:37 <DIR> d-------- C:\Program Files\SpyZooka
2008-06-24 09:40 . 2008-06-24 09:40 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 16:34 . 2008-06-23 16:34 81,408 --a------ C:\WINDOWS\system32\kftlenbl.dll
2008-06-23 16:33 . 2008-06-23 16:33 105,984 --a------ C:\WINDOWS\system32\Evil4
2008-06-23 16:33 . 2008-06-23 16:33 91,136 --a------ C:\WINDOWS\system32\Evil2
2008-06-23 16:33 . 2008-06-23 16:33 81,408 --a------ C:\WINDOWS\system32\jsovamal.dll
2008-06-23 13:41 . 2008-06-26 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 13:52 . 2008-06-20 13:52 <DIR> d-------- C:\Program Files\Genometri
2008-06-10 13:12 . 2008-06-10 14:52 <DIR> d-------- C:\Program Files\RegCure
2008-05-28 12:49 . 2008-05-28 12:49 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:44 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-06-25 12:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 14:47 --------- d-----w C:\Program Files\Password Spectator
2008-06-23 12:41 --------- d-----w C:\Program Files\Google
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 11:23 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-05-22 14:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-05-20 10:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-20 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-20 10:20 --------- d-----w C:\Program Files\Norton 360
2008-05-20 10:19 --------- d-----w C:\Program Files\Symantec
2008-04-30 10:17 --------- d-----w C:\Program Files\Free FLV Converter
2008-04-22 08:59 3,293,209 --sha-w C:\WINDOWS\system32\womabcsj.tmp
2008-04-15 14:02 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll
2008-04-11 11:08 118,586 ----a-w C:\WINDOWS\Keyfinder Advanced 2007 (Trial Version) Uninstaller.exe
2008-02-19 11:34 69,416 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-05-18 09:18 317,987 ----a-w C:\Program Files\setuplog.txt
.

((((((((((((((((((((((((((((( snapshot@2008-06-25_10.50.04.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-08-29 00:33:20 50,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\1394bus.sys
+ 2002-08-29 00:33:22 46,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\61883.sys
+ 2006-08-16 12:14:23 95,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\6to4svc.dll
+ 2001-08-23 12:00:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe
+ 2002-08-29 02:40:48 1,818,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\acgenral.dll
+ 2002-08-29 02:40:48 406,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclayers.dll
+ 2002-08-29 02:40:48 125,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclua.dll
+ 2001-08-23 12:00:00 107,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\aclui.dll
+ 2002-08-29 00:09:06 179,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\acpi.sys
+ 2002-08-29 02:40:48 219,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\acspecfc.dll
+ 2001-08-23 12:00:00 181,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\activeds.dll
+ 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\actmovie.exe
+ 2002-08-29 06:14:40 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\actxprxy.dll
+ 2002-08-29 02:40:48 255,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\acverfyr.dll
+ 2002-08-29 02:40:48 107,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\acxtrnal.dll
+ 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\admexs.dll
+ 2002-08-29 02:40:48 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.dll
+ 2002-08-29 02:41:20 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\admin.exe
+ 2001-08-23 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\admparse.dll
+ 2001-08-23 12:00:00 34,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\admwprox.dll
+ 2002-08-29 02:40:48 249,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsiis51.dll
+ 2002-08-29 02:40:48 162,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldp.dll
+ 2002-08-29 02:40:48 139,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsldpc.dll
+ 2002-08-29 02:40:48 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsmsext.dll
+ 2002-08-29 02:40:48 239,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\adsnt.dll
+ 2002-08-29 02:40:48 558,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\advapi32.dll
+ 2002-08-29 02:40:48 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\advpack.dll
+ 2002-08-28 22:16:38 142,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\aec.sys
+ 2002-08-29 01:01:14 131,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\afd.sys
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentanm.dll
+ 2001-08-23 12:00:00 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentctl.dll
+ 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentdp2.dll
+ 2001-08-23 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentmpx.dll
+ 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentpsh.dll
+ 2001-08-23 12:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsr.dll
+ 2001-08-23 12:00:00 235,008 -c----w C:\WINDOWS\$NtServicePackUninstall$\agentsvr.exe
+ 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\agtintl.dll
+ 2002-08-29 02:41:20 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ahui.exe
+ 2002-08-29 02:41:20 41,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\alg.exe
+ 2001-08-23 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\alrsvc.dll
+ 2002-08-29 00:05:06 32,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk6.sys
+ 2002-08-29 00:05:08 32,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amdk7.sys
+ 2002-12-12 00:14:32 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\amstream.dll
+ 2001-08-23 12:00:00 98,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\appconf.dll
+ 2002-08-29 02:40:48 115,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\apphelp.dll
+ 2002-08-29 02:40:48 156,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\appmgmts.dll
+ 2002-08-29 02:40:48 277,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\appmgr.dll
+ 2002-08-29 00:33:30 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\arp1394.sys
+ 2002-08-29 02:40:06 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\asferror.dll
+ 2002-08-29 02:40:48 14,366 -c----w C:\WINDOWS\$NtServicePackUninstall$\asfsipc.dll
+ 2002-08-29 02:40:48 339,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\asp51.dll
+ 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_fmt.exe
+ 2002-08-29 02:41:20 29,696 -c----w C:\WINDOWS\$NtServicePackUninstall$\asr_pfu.exe
+ 2001-08-23 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\asycfilt.dll
+ 2001-08-23 12:00:00 13,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\asyncmac.sys
+ 2002-08-29 02:41:20 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\at.exe
+ 2002-08-29 00:27:50 86,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
+ 2002-08-29 02:40:48 377,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2dvaa.dll
+ 2002-08-29 02:40:48 202,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2dvag.dll
+ 2002-08-28 22:16:18 327,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2mtaa.sys
+ 2002-08-28 22:16:16 450,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati2mtag.sys
+ 2002-08-29 02:40:48 844,675 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3d1ag.dll
+ 2002-08-29 02:40:50 921,475 -c----w C:\WINDOWS\$NtServicePackUninstall$\ati3d2ag.dll
+ 2002-08-28 22:16:24 56,591 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinbtxx.sys
+ 2002-08-28 22:16:24 11,615 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinmdxx.sys
+ 2002-08-28 22:16:26 12,047 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinpdxx.sys
+ 2002-08-28 22:16:26 30,671 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinraxx.sys
+ 2002-08-28 22:16:26 63,663 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinrvxx.sys
+ 2002-08-28 22:16:28 26,367 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinsnxx.sys
+ 2002-08-28 22:16:28 21,343 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinttxx.sys
+ 2002-08-28 22:16:28 36,463 -c----w C:\WINDOWS\$NtServicePackUninstall$\atintuxx.sys
+ 2002-08-28 22:16:30 29,455 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinxbxx.sys
+ 2002-08-28 22:16:30 34,735 -c----w C:\WINDOWS\$NtServicePackUninstall$\atinxsxx.sys
+ 2002-08-29 02:40:50 74,810 -c----w C:\WINDOWS\$NtServicePackUninstall$\atl.dll
+ 2001-08-23 12:00:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmadm.exe
+ 2001-08-23 12:00:00 57,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmarpc.sys
+ 2001-08-23 12:00:00 272,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmfd.dll
+ 2002-08-29 00:33:36 53,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlane.sys
+ 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\atmlib.dll
+ 2002-08-29 02:40:50 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\audiosrv.dll
+ 2002-08-29 02:40:50 20,540 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.dll
+ 2002-08-29 02:41:20 16,439 -c----w C:\WINDOWS\$NtServicePackUninstall$\author.exe
+ 2005-03-02 18:20:03 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\authz.dll
+ 2002-08-29 02:41:20 565,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
+ 2001-08-23 12:00:00 578,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\autoconv.exe
+ 2001-08-23 12:00:00 558,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\autofmt.exe
+ 2002-08-29 02:41:20 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\autolfn.exe
+ 2002-08-29 00:33:22 36,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\avc.sys
+ 2002-08-29 02:40:50 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\avifil32.dll
+ 2002-08-29 02:40:50 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\basesrv.dll
+ 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\batmeter.dll
+ 2002-08-29 02:40:50 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\batt.dll
+ 2004-07-09 04:26:38 11,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\bdasup.sys
+ 2001-08-23 12:00:00 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\bidispl.dll
+ 2004-07-01 22:08:18 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx2.dll
+ 2004-07-01 22:08:18 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\bitsprx3.dll
+ 2002-08-29 00:34:42 68,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\bridge.sys
+ 2002-08-29 02:40:10 62,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\browselc.dll
+ 2002-08-29 02:40:50 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\browser.dll
+ 2006-09-04 06:23:53 1,027,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\browseui.dll
+ 2002-08-29 02:40:50 71,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\browsewm.dll
+ 2002-08-29 02:40:50 59,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabinet.dll
+ 2001-08-23 12:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\cabview.dll
+ 2004-03-30 01:48:36 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\callcont.dll
+ 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\camocx.dll
+ 2005-07-26 04:30:34 220,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrv.dll
+ 2001-08-23 12:00:00 85,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvps.dll
+ 2005-07-26 04:30:38 581,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\catsrvut.dll
+ 2004-07-09 04:26:38 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ccdecode.sys
+ 2002-08-29 00:58:52 59,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfs.sys
+ 2004-12-07 17:43:02 143,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdfview.dll
+ 2002-08-29 02:40:50 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdm.dll
+ 2005-09-10 02:04:32 2,025,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdosys.dll
+ 2002-08-29 00:27:56 47,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
+ 2002-08-29 02:40:50 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\certcli.dll
+ 2001-08-23 12:00:00 436,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\certmgr.dll
+ 2002-08-29 02:40:50 179,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cewmdm.dll
+ 2002-08-29 02:40:50 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgbkend.dll
+ 2001-08-23 12:00:00 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgmgr32.dll
+ 2002-08-29 02:41:20 188,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\cfgwiz.exe
+ 2002-08-29 02:40:50 1,267,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cimwin32.dll
+ 2002-08-28 20:39:42 201,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintime.dll
+ 2002-08-28 20:39:44 480,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\cintsetp.exe
+ 2006-06-22 05:19:48 64,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\ciodm.dll
+ 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\cipher.exe
+ 2001-08-23 12:00:00 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\cisvc.exe
+ 2002-08-29 01:08:44 46,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\classpnp.sys
+ 2005-07-26 04:30:38 110,080 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatex.dll
+ 2005-07-26 04:30:41 497,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\clbcatq.dll
+ 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
+ 2001-08-23 12:00:00 127,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.dll
+ 2001-08-23 12:00:00 45,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\cliconfg.exe
+ 2002-08-29 02:41:20 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipbrd.exe
+ 2001-08-23 12:00:00 30,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\clipsrv.exe
+ 2002-08-29 02:40:50 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\clusapi.dll
+ 2002-08-29 00:09:06 13,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmbatt.sys
+ 2001-08-23 12:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmcfg32.dll
+ 2001-08-23 12:00:00 375,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
+ 2004-03-30 01:48:36 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdevtgprov.dll
+ 2002-08-29 02:40:50 324,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdial32.dll
+ 2002-08-29 02:41:22 41,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmdl32.exe
+ 2001-08-23 12:00:00 35,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmmon32.exe
+ 2001-08-23 12:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmprops.dll
+ 2001-08-23 12:00:00 54,784 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmstp.exe
+ 2001-08-23 12:00:00 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\cmutil.dll
+ 2001-08-23 12:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\cnbjmon.dll
+ 2002-08-29 02:40:50 42,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\coadmin.dll
+ 2005-07-26 04:30:41 62,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\colbact.dll
+ 2005-07-26 04:30:42 187,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\comadmin.dll
+ 2006-08-25 15:53:55 561,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\comctl32.dll
+ 2002-08-29 02:40:50 258,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\comdlg32.dll
+ 2002-08-29 02:40:50 238,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\compatui.dll
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\compfilt.dll
+ 2001-08-23 12:00:00 222,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\compstui.dll
+ 2004-02-17 18:49:58 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\comrepl.exe
+ 2001-08-23 12:00:00 792,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\comres.dll
+ 2005-07-26 04:30:49 1,179,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\comsvcs.dll
+ 2005-07-26 04:31:11 499,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\comuid.dll
+ 2002-08-29 02:41:22 995,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\conf.exe
+ 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\confmrsl.dll
+ 2002-08-29 02:41:22 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\conime.exe
+ 2001-08-23 12:00:00 14,877 -c----w C:\WINDOWS\$NtServicePackUninstall$\corpol.dll
+ 2002-08-28 20:38:26 57,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\cplexe.exe
+ 2002-08-29 02:40:50 158,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\credui.dll
+ 2002-08-29 00:05:08 31,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\crusoe.sys
+ 2002-09-23 14:10:26 544,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\crypt32.dll
+ 2002-08-29 02:40:50 70,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdlg.dll
+ 2001-08-23 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptdll.dll
+ 2001-08-23 12:00:00 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptext.dll
+ 2001-08-23 12:00:00 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptnet.dll
+ 2002-08-29 02:40:50 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
+ 2002-08-29 02:40:50 471,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\cryptui.dll
+ 2004-10-28 01:29:54 92,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscdll.dll
+ 2001-08-23 12:00:00 102,450 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscript.exe
+ 2002-08-29 02:40:50 307,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\cscui.dll
+ 2002-08-29 02:40:50 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrsrv.dll
+ 2001-08-23 12:00:00 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
+ 2002-08-29 02:41:22 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
+ 2005-01-28 12:44:28 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\custsat.dll
+ 2004-07-09 04:27:28 1,201,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8.dll
+ 2002-12-12 00:14:32 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d8thk.dll
+ 2004-07-09 04:27:28 1,703,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3d9.dll
+ 2003-05-30 09:00:02 797,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\d3dim700.dll
+ 2002-08-29 02:40:50 986,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\danim.dll
+ 2001-08-23 12:00:00 557,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\dao360.dll
+ 2001-08-23 12:00:00 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\dataclen.dll
+ 2001-08-23 12:00:00 39,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\davcdata.exe
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\davclnt.dll
+ 2002-08-29 02:40:50 489,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbghelp.dll
+ 2002-08-28 23:36:06 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbmsrpcn.dll
+ 2002-08-29 02:40:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnetlib.dll
+ 2002-08-28 23:34:36 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\dbnmpntw.dll
+ 2002-08-29 02:57:58 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 02:40:50 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcap32.dll
+ 2001-08-23 12:00:00 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dciman32.dll
+ 2001-08-23 12:00:00 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddeshare.exe
+ 2004-07-09 04:27:28 292,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddraw.dll
+ 2002-12-12 00:14:32 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\ddrawex.dll
+ 2002-08-29 02:41:22 70,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\defrag.exe
+ 2003-05-30 09:00:02 132,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\devenum.dll
+ 2002-08-29 02:40:50 263,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\devmgr.dll
+ 2002-08-29 02:41:22 76,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgfat.exe
+ 2002-08-29 02:41:22 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgntfs.exe
+ 2002-08-29 02:40:50 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgsnap.dll
+ 2002-08-29 02:40:50 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfrgui.dll
+ 2002-08-29 02:40:50 25,600 -c----w C:\WINDOWS\$NtServicePackUninstall$\dfsshlex.dll
+ 2002-08-29 02:40:50 103,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\dgnet.dll
+ 2006-05-19 12:15:32 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\dhcpcsvc.dll
+ 2001-08-23 12:00:00 522,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\dialer.exe
+ 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\diantz.exe
+ 2002-08-29 02:40:50 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\digest.dll
+ 2002-08-29 02:40:50 151,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput.dll
+ 2002-08-29 02:40:50 168,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\dinput8.dll
+ 2006-02-27 12:31:38 75,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\directdb.dll
+ 2002-08-29 00:27:58 33,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\disk.sys
+ 2002-08-29 00:27:56 13,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskdump.sys
+ 2001-08-23 12:00:00 145,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\diskpart.exe
+ 2002-08-29 02:41:22 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\dlimport.exe
+ 2001-08-23 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\dllhost.exe
+ 2001-08-23 12:00:00 204,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmadmin.exe
+ 2002-12-12 00:14:32 27,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmband.dll
+ 2001-08-23 12:00:00 780,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmboot.sys
+ 2002-12-12 00:14:32 58,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmcompos.dll
+ 2001-08-23 12:00:00 184,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmdskmgr.dll
+ 2004-07-09 04:27:28 181,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmime.dll
+ 2001-08-23 12:00:00 146,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmio.sys
+ 2002-12-12 00:14:32 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmloader.dll
+ 2001-08-23 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmremote.exe
+ 2002-12-12 00:14:32 76,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmscript.dll
+ 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmserver.dll
+ 2002-12-12 00:14:32 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmstyle.dll
+ 2002-12-12 00:14:32 100,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmsynth.dll
+ 2004-07-09 04:27:28 122,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.dll
+ 2001-08-17 12:59:58 50,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmusic.sys
+ 2001-08-23 12:00:00 50,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\dmutil.dll
+ 2006-06-26 17:47:50 140,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsapi.dll
+ 2001-08-23 12:00:00 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
+ 2002-08-29 02:40:50 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\docprop2.dll
+ 2001-08-23 12:00:00 53,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dosx.exe
+ 2002-08-29 02:40:50 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpcdll.dll
+ 2002-12-12 00:14:32 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplaysvr.exe
+ 2004-07-09 04:27:28 230,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\dplayx.dll
+ 2002-12-12 00:14:32 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpmodemx.dll
+ 2002-12-12 00:14:32 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnaddr.dll
+ 2002-12-12 00:14:32 723,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnet.dll
+ 2003-03-24 09:00:02 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhpast.dll
+ 2003-03-24 09:00:02 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnhupnp.dll
+ 2002-12-12 00:14:32 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnlobby.dll
+ 2002-12-12 00:14:32 16,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpnsvr.exe
+ 2002-12-12 00:14:32 19,968 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvacm.dll
+ 2002-12-12 00:14:32 381,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvoice.dll
+ 2002-12-12 00:14:32 80,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvsetup.exe
+ 2002-12-12 00:14:32 112,128 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpvvox.dll
+ 2004-07-09 04:27:28 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\dpwsockx.dll
+ 2002-08-29 02:40:50 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmclien.dll
+ 2002-08-29 00:32:34 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmk.sys
+ 2002-08-29 00:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2002-08-29 02:40:50 76,830 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmstor.dll
+ 2002-08-29 02:40:50 602,112 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmv2clt.dll
+ 2001-08-23 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\drprov.dll
+ 2002-08-29 02:40:50 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\ds32gt.dll
+ 2002-12-12 00:14:32 186,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmo.dll
+ 2002-12-12 00:14:32 491,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsdmoprp.dll
+ 2001-08-23 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dskquota.dll
+ 2004-07-09 04:27:28 381,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound.dll
+ 2002-12-12 00:14:32 1,294,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsound3d.dll
+ 2002-08-29 02:40:50 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprop.dll
+ 2002-08-29 00:14:26 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsprpres.dll
+ 2002-08-29 02:40:52 227,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsquery.dll
+ 2001-08-23 12:00:00 47,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssec.dll
+ 2002-08-28 21:27:32 124,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\dssenh.dll
+ 2001-08-23 12:00:00 106,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\dsuiext.dll
+ 2002-12-12 00:14:32 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\dswave.dll
+ 2002-08-29 02:41:22 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe
+ 2002-08-29 02:40:52 263,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\duser.dll
+ 2001-08-23 12:00:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\dvdupgrd.exe
+ 2002-08-29 02:41:22 180,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\dwwin.exe
+ 2002-12-12 00:14:32 602,624 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx7vb.dll
+ 2003-05-30 09:00:02 1,189,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\dx8vb.dll
+ 2004-07-09 04:27:28 974,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiag.exe
+ 2004-07-09 04:27:28 1,769,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxdiagn.dll
+ 2002-08-29 02:40:44 68,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxg.sys
+ 2002-08-29 02:40:52 498,205 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmasf.dll
+ 2002-08-29 02:40:52 802,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxmrtp.dll
+ 2006-06-09 13:35:50 351,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtmsft.dll
+ 2006-06-09 13:35:30 192,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\dxtrans.dll
+ 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\efsadu.dll
+ 2002-08-29 02:40:52 165,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\els.dll
+ 2002-08-29 02:40:52 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\encapi.dll
+ 2002-08-29 02:40:52 155,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\encdec.dll
+ 2002-08-29 02:40:52 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\ersvc.dll
+ 2005-07-26 04:31:12 227,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\es.dll
+ 2005-10-20 22:33:08 991,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\esent.dll
+ 2002-08-29 02:40:52 235,520 -c----w C:\WINDOWS\$NtServicePackUninstall$\esscli.dll
+ 2002-08-29 02:41:24 178,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\eudcedit.exe
+ 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\evcreate.exe
+ 2001-08-23 12:00:00 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventcreate.exe
+ 2002-08-29 02:40:52 49,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
+ 2001-08-23 12:00:00 96,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntagnt.dll
+ 2001-08-23 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntcmd.exe
+ 2002-08-29 02:40:52 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntrprv.dll
+ 2001-08-23 12:00:00 84,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\evntwin.exe
+ 2004-03-30 01:48:36 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\evtgprov.dll
+ 2002-08-29 02:41:24 1,004,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
+ 2002-08-29 02:40:54 380,445 -c----w C:\WINDOWS\$NtServicePackUninstall$\expsrv.dll
+ 2001-08-23 12:00:00 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\exstrace.dll
+ 2001-08-23 12:00:00 40,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\extrac32.exe
+ 2002-08-29 01:12:46 145,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
+ 2002-08-29 02:40:54 565,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\fastprox.dll
+ 2002-08-29 02:40:54 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\faultrep.dll
+ 2002-08-29 02:41:24 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\faxpatch.exe
+ 2001-08-23 12:00:00 26,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdc.sys
+ 2002-08-29 02:40:54 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\fdeploy.dll
+ 2001-08-23 12:00:00 18,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\feclient.dll
+ 2001-08-23 12:00:00 323,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\filemgmt.dll
+ 2001-08-23 12:00:00 25,088 -c----w C:\WINDOWS\$NtServicePackUninstall$\findstr.exe
+ 2004-08-20 22:01:15 82,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\fldrclnr.dll
+ 2002-08-29 00:27:44 19,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\flpydisk.sys
+ 2001-08-23 12:00:00 361,472 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontext.dll
+ 2002-08-29 02:41:24 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\fontview.exe
+ 2002-08-29 02:40:54 32,828 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp40ext.dll
+ 2002-08-29 02:40:54 184,435 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4amsft.dll
+ 2002-08-29 02:40:54 82,035 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4anscp.dll
+ 2002-08-29 02:40:54 147,513 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4apws.dll
+ 2002-08-29 02:40:54 127,034 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4areg.dll
+ 2002-08-29 02:40:54 102,509 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4atxt.dll
+ 2002-08-29 02:40:54 618,605 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4autl.dll
+ 2002-08-29 02:40:54 41,020 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avnb.dll
+ 2002-08-29 02:40:54 32,826 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4avss.dll
+ 2002-08-29 02:40:54 49,212 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awebs.dll
+ 2002-08-29 02:40:56 872,557 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp4awel.dll
+ 2002-08-29 02:41:24 15,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98sadm.exe
+ 2002-08-29 02:41:24 109,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\fp98swin.exe
+ 2002-08-29 02:41:24 24,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmcgi.exe
+ 2002-08-29 02:40:56 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpadmdll.dll
+ 2002-08-29 02:41:24 188,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpcount.exe
+ 2002-08-29 02:40:56 94,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpencode.dll
+ 2002-08-29 02:40:56 20,541 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpexedll.dll
+ 2002-08-29 02:40:56 598,071 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmc.dll
+ 2002-05-14 17:16:22 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpmmcsat.dll
+ 2002-08-29 02:41:24 20,538 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpremadm.exe
+ 2002-08-29 02:41:24 28,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\fpsrvadm.exe
+ 2002-08-29 02:40:44 8,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\framebuf.dll
+ 2001-08-23 12:00:00 174,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\framedyn.dll
+ 2002-08-29 02:41:24 40,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
+ 2001-08-23 12:00:00 5,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftpmib.dll
+ 2002-08-29 02:40:56 117,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\ftpsv251.dll
+ 2002-08-29 02:40:56 443,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsapi.dll
+ 2002-08-29 02:41:24 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsclnt.exe
+ 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscom.dll
+ 2002-08-29 02:40:56 271,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscomex.dll
+ 2002-08-29 02:41:24 216,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxscover.exe
+ 2002-08-29 02:40:56 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsdrv.dll
+ 2001-08-23 12:00:00 53,760 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsevent.dll
+ 2002-08-29 02:40:56 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsext32.dll
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsmon.dll
+ 2002-08-29 02:40:56 122,880 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsocm.dll
+ 2002-08-29 02:40:56 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsperf.dll
+ 2002-08-29 02:39:56 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsres.dll
+ 2002-08-29 02:40:56 559,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsst.dll
+ 2002-08-29 02:41:24 250,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxssvc.exe
+ 2002-08-29 02:40:56 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxst30.dll
+ 2002-08-29 02:40:56 391,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxstiff.dll
+ 2002-08-29 02:40:56 149,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsui.dll
+ 2002-08-29 02:40:56 185,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxswzrd.dll
+ 2002-08-29 02:40:56 395,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\fxsxp32.dll
+ 2002-08-29 00:32:44 9,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\gameenum.sys
+ 2002-08-29 00:32:48 54,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\gckernel.sys
+ 2006-01-02 22:38:03 260,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\gdi32.dll
+ 2001-08-23 12:00:00 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\glu32.dll
+ 2001-08-23 12:00:00 488,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpedit.dll
+ 2001-08-23 12:00:00 9,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpkrsrc.dll
+ 2002-08-29 02:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gpresult.exe
+ 2002-08-29 02:41:24 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\gprslt.exe
+ 2004-08-25 22:07:34 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\gptext.dll
+ 2001-08-23 12:00:00 37,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\grpconv.exe
+ 2002-08-29 02:40:56 114,688 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn.dll
+ 2002-08-29 02:40:56 100,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\guitrn_a.dll
+ 2001-08-23 12:00:00 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\gzip.dll
+ 2002-08-29 02:40:56 53,248 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323cc.dll
+ 2004-03-30 01:48:36 593,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\h323msp.dll
+ 2002-08-29 00:05:04 127,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\hal.dll
+ 2002-08-29 00:05:04 127,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\halaacpi.dll
+ 2002-08-29 00:05:04 77,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\halacpi.dll
+ 2002-08-29 00:05:04 146,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\halapic.dll
+ 2002-08-29 00:05:04 129,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\halmacpi.dll
+ 2002-08-29 00:05:06 148,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\halmps.dll
+ 2002-08-29 02:40:56 5,120 -c----w C:\WINDOWS\$NtServicePackUninstall$\hccoin.dll
+ 2004-03-30 01:34:15 741,376 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpctr.exe
+ 2002-08-29 02:41:24 703,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe
+ 2005-05-25 22:44:31 10,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\hh.exe
+ 2005-05-27 01:59:52 38,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\hhsetup.dll
+ 2001-08-23 12:00:00 22,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\hid.dll
+ 2002-08-29 00:32:42 34,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidclass.sys
+ 2002-08-29 00:32:42 6,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidir.sys
+ 2001-08-23 12:00:00 23,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidparse.sys
+ 2002-08-29 02:40:56 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\hidserv.dll
+ 2002-08-29 02:40:56 36,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\hmmapi.dll
+ 2002-08-29 02:40:56 240,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetcfg.dll
+ 2001-08-23 12:00:00 315,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\hnetwiz.dll
+ 2001-08-23 12:00:00 35,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\hostmib.dll
+ 2001-08-23 12:00:00 137,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\hotplug.dll
+ 2002-08-29 02:41:24 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\hscupd.exe
+ 2002-08-29 02:40:56 240,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\httpext.dll
+ 2001-08-23 12:00:00 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\httpmb51.dll
+ 2002-08-29 02:40:56 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\httpod51.dll
+ 2001-08-23 12:00:00 39,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\htui.dll
+ 2004-11-17 17:57:01 493,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\hypertrm.dll
+ 2002-08-29 01:06:38 51,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\i8042prt.sys
+ 2001-08-23 12:00:00 116,224 -c----w C:\WINDOWS\$NtServicePackUninstall$\iasrad.dll
+ 2002-08-29 02:40:56 9,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\icaapi.dll
+ 2001-08-23 12:00:00 110,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\iccvid.dll
+ 2005-06-29 01:54:58 237,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\icm32.dll
+ 2001-08-23 12:00:00 3,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\icmp.dll
+ 2001-08-23 12:00:00 3,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\iconlib.dll
+ 2001-08-23 12:00:00 57,344 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn.dll
+ 2002-08-29 02:41:24 208,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn1.exe
+ 2001-08-23 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwconn2.exe
+ 2001-08-23 12:00:00 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdial.dll
+ 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwdl.dll
+ 2001-08-23 12:00:00 155,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwhelp.dll
+ 2001-08-23 12:00:00 61,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwphbk.dll
+ 2001-08-23 12:00:00 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwrmind.exe
+ 2001-08-23 12:00:00 45,056 -c----w C:\WINDOWS\$NtServicePackUninstall$\icwutil.dll
+ 2002-08-29 02:40:56 113,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\idq.dll
+ 2002-08-29 02:41:24 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\ie4uinit.exe
+ 2002-08-29 02:40:56 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieakeng.dll
+ 2002-08-29 02:40:56 204,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\ieaksie.dll
+ 2002-08-29 02:40:56 294,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\iedkcs32.dll
+ 2006-02-24 14:24:42 236,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\iepeers.dll
+ 2001-08-23 12:00:00 23,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\iernonce.dll
+ 2002-08-29 02:40:56 59,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\iesetup.dll
+ 2002-08-29 02:41:26 91,136 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe
+ 2001-08-23 12:00:00 99,840 -c----w C:\WINDOWS\$NtServicePackUninstall$\iexpress.exe
+ 2001-08-23 12:00:00 125,952 -c----w C:\WINDOWS\$NtServicePackUninstall$\ifmon.dll
+ 2001-08-23 12:00:00 8,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\igmpagnt.dll
+ 2002-08-29 02:40:56 468,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\iis.dll
+ 2001-08-23 12:00:00 21,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisadmin.dll
+ 2001-08-23 12:00:00 129,536 -c----w C:\WINDOWS\$NtServicePackUninstall$\iische51.dll
+ 2001-08-23 12:00:00 59,392 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisext51.dll
+ 2001-08-23 12:00:00 7,168 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisfecnv.dll
+ 2002-08-29 02:40:56 73,216 -c----w C:\WINDOWS\$NtServicePackUninstall$\iislog51.dll
+ 2001-08-23 12:00:00 60,416 -c----w C:\WINDOWS\$NtServicePackUninstall$\iismap.dll
+ 2001-08-23 12:00:00 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisrstas.exe
+ 2001-08-23 12:00:00 120,832 -c----w C:\WINDOWS\$NtServicePackUninstall$\iisrtl.dll
+ 2002-08-29 02:40:56 73,728 -c----w C:\WINDOWS\$NtServicePackUninstall$\ils.dll
+ 2002-08-29 02:40:56 126,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\imagehlp.dll
+ 2002-08-29 02:41:26 123,904 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.exe
+ 2002-08-29 00:28:08 39,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\imapi.sys
+ 2002-08-29 00:12:30 99,328 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrcic.dll
+ 2001-08-23 12:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\imekrmbx.dll
+ 2002-08-29 02:40:56 36,922 -c----w C:\WINDOWS\$NtServicePackUninstall$\imeshare.dll
+ 2002-08-29 02:40:56 30,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\imgutil.dll
+ 2002-06-12 18:14:46 827,438 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjp81k.dll
+ 2002-08-07 18:35:54 360,494 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcic.dll
+ 2002-08-28 20:38:40 716,857 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpcus.dll
+ 2002-08-28 20:38:40 81,977 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdct.dll
+ 2002-08-28 20:38:40 307,258 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdct.exe
+ 2002-08-28 20:38:40 155,706 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpdsvr.exe
+ 2002-08-28 20:38:42 196,666 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpinst.exe
+ 2002-08-28 20:38:42 208,953 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjpmig.exe
+ 2002-08-28 20:38:46 233,528 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjprw.exe
+ 2002-08-28 20:38:52 262,201 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjputy.exe
+ 2002-08-28 20:38:54 274,490 -c----w C:\WINDOWS\$NtServicePackUninstall$\imjputyc.dll
+ 2002-08-29 02:40:56 103,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\imm32.dll
+ 2001-08-23 12:00:00 266,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcfg.dll
+ 2006-02-27 12:31:54 596,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetcomm.dll
+ 2001-08-23 12:00:00 13,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetin51.exe
+ 2001-08-23 12:00:00 802,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetmgr.dll
+ 2006-08-16 12:14:23 31,232 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetmib1.dll
+ 2001-08-23 12:00:00 68,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetpp.dll
+ 2001-08-23 12:00:00 14,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetppui.dll
+ 2006-02-27 12:31:50 47,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetres.dll
+ 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\inetwiz.exe
+ 2001-08-23 12:00:00 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\infoadmn.dll
+ 2002-08-29 02:40:56 241,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\infocomm.dll
+ 2001-08-23 12:00:00 144,896 -c----w C:\WINDOWS\$NtServicePackUninstall$\initpki.dll
+ 2002-08-29 02:40:58 114,176 -c----w C:\WINDOWS\$NtServicePackUninstall$\input.dll
+ 2004-08-26 09:53:48 69,632 -c----w C:\WINDOWS\$NtServicePackUninstall$\inseng.dll
+ 2002-08-29 00:27:48 4,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\intelide.sys
+ 2002-08-29 02:41:26 51,712 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipconfig.exe
+ 2002-08-29 01:21:06 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipevldpc.dll
+ 2002-08-29 00:08:24 28,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipevlpid.dll
+ 2006-08-16 12:14:23 83,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\iphlpapi.dll
+ 2001-08-23 12:00:00 19,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipinip.sys
+ 2002-08-29 01:21:14 113,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipmntdpc.dll
+ 2002-08-29 00:36:14 79,488 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipnat.sys
+ 2004-03-30 01:48:36 439,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
+ 2002-08-29 02:40:58 318,464 -c----w C:\WINDOWS\$NtServicePackUninstall$\ippromon.dll
+ 2001-08-23 12:00:00 33,280 -c----w C:\WINDOWS\$NtServicePackUninstall$\iprip.dll
+ 2006-05-13 10:13:31 74,368 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
+ 2006-05-14 09:13:41 334,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsecsnp.dll
+ 2006-05-14 09:13:41 159,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsecsvc.dll
+ 2002-08-29 01:20:46 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipseldpc.dll
+ 2002-08-29 00:08:24 27,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipselpid.dll
+ 2006-05-14 09:13:41 364,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipsmsnap.dll
+ 2006-08-16 09:28:55 48,640 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6.exe
+ 2006-08-16 12:14:23 54,272 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipv6mon.dll
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\ipxroute.exe
+ 2001-08-23 12:00:00 120,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir41_qc.dll
+ 2001-08-23 12:00:00 338,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir41_qcx.dll
+ 2001-08-23 12:00:00 755,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_32.dll
+ 2001-08-23 12:00:00 200,192 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_qc.dll
+ 2001-08-23 12:00:00 183,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\ir50_qcx.dll
+ 2002-08-29 00:32:48 17,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\irbus.sys
+ 2001-08-23 12:00:00 10,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\irenum.sys
+ 2002-08-29 02:40:58 78,336 -c----w C:\WINDOWS\$NtServicePackUninstall$\irmon.dll
+ 2001-08-23 12:00:00 65,024 -c----w C:\WINDOWS\$NtServicePackUninstall$\isatq.dll
+ 2001-08-23 12:00:00 24,064 -c----w C:\WINDOWS\$NtServicePackUninstall$\iscomlog.dll
+ 2001-08-23 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\isign32.dll
+ 2001-08-23 12:00:00 28,672 -c----w C:\WINDOWS\$NtServicePackUninstall$\isrdbg32.dll
+ 2005-05-27 01:59:52 143,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\itircl.dll
+ 2005-05-27 01:59:52 128,000 -c----w C:\WINDOWS\$NtServicePackUninstall$\itss.dll
+ 2002-08-29 02:40:58 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\iuctl.dll
+ 2002-08-29 02:40:58 166,912 -c----w C:\WINDOWS\$NtServicePackUninstall$\iuengine.dll
+ 2002-08-29 02:40:58 49,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\ixsso.dll
+ 2001-08-23 12:00:00 45,568 -c----w C:\WINDOWS\$NtServicePackUninstall$\iyuv_32.dll
+ 2006-04-28 09:58:48 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\jsproxy.dll
+ 2002-08-29 00:27:02 23,424 -c----w C:\WINDOWS\$NtServicePackUninstall$\kbdclass.sys
+ 2002-08-29 00:05:10 7,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\kd1394.dll
+ 2005-06-15 17:50:24 285,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\kerberos.dll
+ 2006-07-05 10:46:36 928,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\kernel32.dll
+ 2001-08-23 12:00:00 146,432 -c----w C:\WINDOWS\$NtServicePackUninstall$\keymgr.dll
+ 2002-08-29 00:32:30 159,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\kmixer.sys
+ 2001-08-23 12:00:00 92,160 -c----w C:\WINDOWS\$NtServicePackUninstall$\krnl386.exe
+ 2001-08-23 12:00:00 23,552 -c----w C:\WINDOWS\$NtServicePackUninstall$\krnlprov.dll
+ 2002-12-12 00:14:32 130,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\ks.sys
+ 2001-08-23 12:00:00 79,744 -c----w C:\WINDOWS\$NtServicePackUninstall$\ksecdd.sys
+ 2002-12-12 00:14:32 4,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\ksuser.dll
+ 2002-08-29 02:41:00 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\laprxy.dll
+ 2002-08-29 02:41:00 367,616 -c----w C:\WINDOWS\$NtServicePackUninstall$\licdll.dll
+ 2002-08-29 02:41:00 19,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\licmgr10.dll
+ 2002-08-29 02:41:00 57,856 -c----w C:\WINDOWS\$NtServicePackUninstall$\licwmi.dll
+ 2005-09-01 01:49:29 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\linkinfo.dll
+ 2001-08-23 12:00:00 12,288 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmhsvc.dll
+ 2001-08-23 12:00:00 29,184 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmmib2.dll
+ 2002-08-29 02:41:00 381,440 -c----w C:\WINDOWS\$NtServicePackUninstall$\lmrt.dll
+ 2001-08-23 12:00:00 91,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\loadperf.dll
+ 2001-08-23 12:00:00 202,752 -c----w C:\WINDOWS\$NtServicePackUninstall$\localsec.dll
+ 2002-08-29 02:41:00 295,936 -c----w C:\WINDOWS\$NtServicePackUninstall$\localspl.dll
+ 2002-08-29 02:41:00 10,240 -c----w C:\WINDOWS\$NtServicePackUninstall$\localui.dll
+ 2002-12-03 17:50:10 68,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\locator.exe
+ 2002-08-29 02:41:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\log.dll
+ 2002-08-29 02:41:26 24,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\logagent.exe
+ 2001-08-23 12:00:00 55,296 -c----w C:\WINDOWS\$NtServicePackUninstall$\logman.exe
+ 2002-08-29 02:41:28 219,648 -c----w C:\WINDOWS\$NtServicePackUninstall$\logon.scr
+ 2002-08-29 02:41:26 504,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\logonui.exe
+ 2001-08-23 12:00:00 11,264 -c----w C:\WINDOWS\$NtServicePackUninstall$\lonsint.dll
+ 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\lpdsvc.dll
+ 2001-08-23 12:00:00 18,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\lpk.dll
+ 2001-08-23 12:00:00 8,704 -c----w C:\WINDOWS\$NtServicePackUninstall$\lprhelp.dll
+ 2001-08-23 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\lprmon.dll
+ 2004-10-28 01:29:54 681,984 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsasrv.dll
+ 2002-08-29 02:41:26 11,776 -c----w C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
+ 2002-08-28 22:34:36 607,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\ltmdmnt.sys
+ 2002-08-29 00:28:02 6,656 -c----w C:\WINDOWS\$NtServicePackUninstall$\ltotape.sys
+ 2001-08-23 12:00:00 67,584 -c----w C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
+ 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\makecab.exe
+ 2001-08-23 12:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\mcastmib.dll
+ 2001-08-23 12:00:00 80,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciavi32.dll
+ 2002-12-12 00:14:32 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciqtz32.dll
+ 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciseq.dll
+ 2001-08-23 12:00:00 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mciwave.dll
+ 2002-08-29 02:41:00 34,304 -c----w C:\WINDOWS\$NtServicePackUninstall$\md5filt.dll
+ 2001-08-23 12:00:00 108,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\mdminst.dll
+ 2002-08-29 02:41:00 15,872 -c----w C:\WINDOWS\$NtServicePackUninstall$\medctroc.dll
+ 2002-08-29 02:41:26 13,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\medctrro.exe
+ 2002-08-29 00:28:32 24,448 -c----w C:\WINDOWS\$NtServicePackUninstall$\memstpci.sys
+ 2001-08-23 12:00:00 77,824 -c----w C:\WINDOWS\$NtServicePackUninstall$\metada51.dll
+ 2001-08-23 12:00:00 62,208 -c----w C:\WINDOWS\$NtServicePackUninstall$\mf.sys
+ 2004-03-30 01:48:36 36,864 -c----w C:\WINDOWS\$NtServicePackUninstall$\mf3216.dll
+ 2001-08-23 12:00:00 995,383 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfc42.dll
+ 2001-08-23 12:00:00 995,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfc42u.dll
+ 2001-08-23 12:00:00 20,992 -c----w C:\WINDOWS\$NtServicePackUninstall$\mfcsubs.dll
+ 2001-08-23 12:00:00 12,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\mgmtapi.dll
+ 2001-08-23 12:00:00 17,920 -c----w C:\WINDOWS\$NtServicePackUninstall$\midimap.dll
+ 2002-08-29 02:41:00 179,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\migism.dll
+ 2002-08-29 02:41:00 170,496 -c----w C:\WINDOWS\$NtServicePackUninstall$\migism_a.dll
+ 2001-08-23 12:00:00 56,320 -c----w C:\WINDOWS\$NtServicePackUninstall$\miglibnt.dll
+ 2002-08-29 02:41:26 98,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migload.exe
+ 2005-07-22 23:03:37 7,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\migregdb.exe
+ 2002-08-29 02:41:26 230,400 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
+ 2002-08-29 02:41:26 226,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\migwiz_a.exe
+ 2002-08-29 06:14:40 574,976 -c----w C:\WINDOWS\$NtServicePackUninstall$\mlang.dll
+ 2001-08-23 12:00:00 774,144 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmc.exe
+ 2001-08-23 12:00:00 66,560 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcbase.dll
+ 2002-08-29 02:41:00 1,128,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcndmgr.dll
+ 2001-08-23 12:00:00 46,592 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmcshext.dll
+ 2001-08-23 12:00:00 16,384 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmfutil.dll
+ 2001-08-23 12:00:00 68,928 -c----w C:\WINDOWS\$NtServicePackUninstall$\mmsystem.dll
+ 2002-08-29 02:41:00 32,256 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmdd.dll
+ 2001-08-23 12:00:00 32,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe
+ 2002-08-29 02:41:00 196,096 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.dll
+ 2001-08-23 12:00:00 135,680 -c----w C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
+ 2001-08-23 12:00:00 28,800 -c----w C:\WINDOWS\$NtServicePackUninstall$\modem.sys
+ 2001-08-23 12:00:00 145,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\modemui.dll
+ 2002-08-29 02:41:26 15,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofcomp.exe
+ 2002-08-29 02:41:00 104,960 -c----w C:\WINDOWS\$NtServicePackUninstall$\mofd.dll
+ 2002-08-29 02:39:42 210,944 -c----w C:\WINDOWS\$NtServicePackUninstall$\moricons.dll
+ 2002-08-29 00:27:02 22,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mouclass.sys
+ 2001-08-23 12:00:00 37,504 -c----w C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
+ 2002-08-29 02:41:26 806,969 -c----w C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
+ 2002-12-11 18:12:02 316,040 -c----w C:\WINDOWS\$NtServicePackUninstall$\mp43dmod.dll
+ 2002-12-11 14:16:58 384,512 -c----w C:\WINDOWS\$NtServicePackUninstall$\mp4sdmod.dll
+ 2004-07-09 04:26:38 15,104 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpe.sys
+ 2002-12-11 16:34:40 241,664 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpg4dmod.dll
+ 2002-08-29 02:41:26 116,736 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplay32.exe
+ 2002-08-29 02:41:26 4,639 -c----w C:\WINDOWS\$NtServicePackUninstall$\mplayer2.exe
+ 2001-08-23 12:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\mpr.dll
+ 2001-08-23 12:00:00 79,360 -c----w C:\WINDOWS\$NtServicePackUninstall$\mprapi.dll
+ 2005-03-23 00:55:20 67,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqac.sys
+ 2005-03-23 18:12:48 130,048 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqad.dll
+ 2001-08-23 12:00:00 17,408 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqbkup.exe
+ 2005-03-23 18:12:48 44,032 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqdscli.dll
+ 2005-03-23 18:12:48 14,848 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqise.dll
+ 2001-08-23 12:00:00 55,808 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqlogmgr.dll
+ 2001-08-23 12:00:00 214,016 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqoa.dll
+ 2005-03-23 18:12:48 608,768 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqqm.dll
+ 2005-03-23 18:12:48 165,888 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqrt.dll
+ 2001-08-23 12:00:00 115,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqrtdep.dll
+ 2005-03-23 18:12:48 88,576 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsec.dll
+ 2002-08-29 02:41:00 478,720 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsnap.dll
+ 2001-08-23 12:00:00 4,608 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqsvc.exe
+ 2001-08-23 12:00:00 97,792 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqtgsvc.exe
+ 2002-08-29 02:41:00 164,352 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqtrig.dll
+ 2005-03-23 18:12:48 44,544 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqupgrd.dll
+ 2005-03-23 18:12:48 467,456 -c----w C:\WINDOWS\$NtServicePackUninstall$\mqutil.dll
+ 2005-04-26 01:58:03 173,312 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxdav.sys
+ 2006-05-05 09:31:04 433,152 -c----w C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
+ 2001-08-23 12:00:00 67,072 -c----w C:\WINDOWS\$NtServicePackUninstall$\msacm32.dll
+ 2002-08-29 02:41:02 307,200 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadce.dll
+ 2001-08-23 12:00:00 20,480 -c----w C:\WINDOWS\$NtServicePackUninstall$\msadcer.dll
+ 2002-08-29 02:41:02 57,344 -c----w C:\WINDOWS\$NtServicePackUninsta

Member Avatar for kevin wood

the combofix log is massive it keeps messing up the post that i put up i will email this to you.

Member Avatar for crunchie

Just edit out the following section;

((((((((((((((((((((((((((((( snapshot@2008-06-25_10.50.04.90 )))))))))))))))))))))))))))))))))))))))))

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.