Another "Blue Desktop with Warnings" Issue Please Help [RESO

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

Another "Blue Desktop with Warnings" Issue Please Help [RESO, My desktop was changed to some blue desktop background with links to a

Options

Rooster87 View Member Profile	Apr 23 2008, 02:11 AM Post #1
New Member Posts: 6 OS: Windows XP Home Edition W/SP2	I have disconnected the network cable. After doing all the scans suggested on this forum the little yellow triangle warnings at the bottom do not seem to be appearing anymore. Also the blue desktop background with the warnings did not come back after manualy changing my desktop background. I still get the message "Task Manager has been disabled by your administrator" when trying to open the task manager (ctr-alt-del). What can I do to ensure that my computer is clean? When will it be safe to plug it back in to the internet? should I still hold back on emails and web browsing? Here are my Logs. I have Norton 360 install but obviously that didn't really help. BTW I am posting this from a different computer. I just grabbed the .txt files with a flash drive. Thanks a lot in advance. Seems like this is a very good site/forum! Thanks again, David Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:26 AM, on 4/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe c:\WINDOWS\system32\ZuneBusEnum.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Zune\ZuneLauncher.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\ATI Multimedia\main\ATIDtct.EXE C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\rundll32.exe C:\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe" O4 - HKCU\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE O4 - HKCU\..\Run: [ATI Remote Control] "C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\dtv\EXPLBAR.DLL O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .avsystemcare.com O15 - Trusted Zone: .gomyhit.com O15 - Trusted Zone: .imageservr.com O15 - Trusted Zone: .onerateld.com O15 - Trusted Zone: .safetydownload.com O15 - Trusted Zone: .storageguardsoft.com O15 - Trusted Zone: .trustedantivirus.com O15 - Trusted Zone: .virusschlacht.com O15 - Trusted Zone: .avsystemcare.com (HKLM) O15 - Trusted Zone: .gomyhit.com (HKLM) O15 - Trusted Zone: .imageservr.com (HKLM) O15 - Trusted Zone: .onerateld.com (HKLM) O15 - Trusted Zone: .safetydownload.com (HKLM) O15 - Trusted Zone: .storageguardsoft.com (HKLM) O15 - Trusted Zone: .trustedantivirus.com (HKLM) O15 - Trusted Zone: .virusschlacht.com (HKLM) O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207282779437 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1207289702703 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 6646 bytes Uninstall list Adobe Flash Player ActiveX Adobe Reader 8.1.2 AppCore Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Decoder ATI Display Driver ATI Multimedia Center 9.16 ATI Parental Control & Encoder ATI Remote Wonder 3.04 AutoCAD Map R2 AV AVIVO Codecs Bonus CC_ccProxyExt ccCommon ccPxyCore CIB C-Media 3D Audio Creative Audio Console DAO DVD Shrink 3.2 DVDFab Decrypter 2.9.6.2 GearDrvs HijackThis 2.0.2 Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) LiveUpdate 3.2 (Symantec Corporation) LiveUpdate Notice (Symantec Corporation) Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Combat Flight Simulator 2 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Nero OEM Norton 360 Norton 360 Norton 360 Norton 360 Norton 360 (Symantec Corporation) Norton 360 Help Norton Add-on Pack (Symantec Corporation) Norton AntiSpam Norton AntiSpam Norton Confidential Browser Component Norton Confidential Web Authentification Component Norton Confidential Web Protection Component Norton Internet Security Bonus Pack Panda ActiveScan 2.0 PowerDVD QuickTime SPBBC 32bit SUPERAntiSpyware Free Edition SuppSoft Symantec Technical Support Controls SymNet TitanTV Client components for ATI Update for Windows XP (KB898461) Windows Installer 3.1 (KB893803) Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows XP Service Pack 2 Zune Zune Language Pack (ES) Zune Language Pack (FR) ActiveScan ;***************************************************************************** ****************************************************************************** * ***************** ANALYSIS: 2008-04-23 00:13:08 PROTECTIONS: 1 MALWARE: 9 SUSPECTS: 0 ;*************************************************************************** ****************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Norton 360 2007 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00041487 adware/webhancer Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} 00048239 adware/adlogix Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5FA6752A-C4A0-4222-88C2-928AE5AB4966} 00096188 spyware/searchcentrix Spyware No 1 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4a86-ADD7-CD5F52858C31} 00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9C5B2F29-1F46-4639-A6B4-828942301D3E} 00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{622CC208-B014-4FE0-801B-874A5E5E403A} 00106761 adware/123mania Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D} 00135099 adware/powerstrip Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1} 00217430 adware/surfassistant Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b} 02913339 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013747.exe 02913340 Adware/InternetSpeedMonitor Adware No 0 Yes No C:\System Volume Information\_restore{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013743.exe 02928543 Adware/MalwareAlarm Adware No 1 Yes No C:\System Volume Information\_restore{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013768.exe ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location U ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description U ;=============================================================================== ================================================================================ = =================== 184380 MEDIUM MS08-002 U 184379 MEDIUM MS08-001 U 182048 HIGH MS07-069 U 182046 HIGH MS07-067 U 182043 HIGH MS07-064 U 179553 HIGH MS07-061 U 176382 HIGH MS07-057 U 176383 HIGH MS07-058 U 170911 HIGH MS07-050 U 170907 HIGH MS07-046 U 170906 HIGH MS07-045 U 170904 HIGH MS07-043 U 164915 HIGH MS07-035 U 164913 HIGH MS07-033 U 164911 HIGH MS07-031 U 160623 HIGH MS07-027 U 157262 HIGH MS07-022 U 157261 HIGH MS07-021 U 157260 HIGH MS07-020 U 157259 HIGH MS07-019 U 156477 HIGH MS07-017 U 150253 HIGH MS07-016 U 150249 HIGH MS07-013 U 150248 HIGH MS07-012 U 150247 HIGH MS07-011 U 150243 HIGH MS07-008 U 150242 HIGH MS07-007 U 150241 MEDIUM MS07-006 U 141034 HIGH MS06-076 U 141033 MEDIUM MS06-075 U 141030 HIGH MS06-072 U 137571 HIGH MS06-070 U 137568 HIGH MS06-067 U 133387 MEDIUM MS06-065 U 133386 MEDIUM MS06-064 U 133385 MEDIUM MS06-063 U 133379 HIGH MS06-057 U 131654 HIGH MS06-055 U 129977 MEDIUM MS06-053 U 129976 MEDIUM MS06-052 U 126093 HIGH MS06-051 U 126092 MEDIUM MS06-050 U 126087 HIGH MS06-046 U 126086 MEDIUM MS06-045 U 126083 HIGH MS06-042 U 126082 HIGH MS06-041 U 126081 HIGH MS06-040 U 123421 HIGH MS06-036 U 123420 HIGH MS06-035 U 120825 MEDIUM MS06-032 U 120823 MEDIUM MS06-030 U 120818 HIGH MS06-025 U 120815 HIGH MS06-022 U 120814 HIGH MS06-021 U 117384 MEDIUM MS06-018 U 114666 HIGH MS06-015 U 114664 HIGH MS06-013 U 108744 MEDIUM MS06-008 U 108743 MEDIUM MS06-007 U 108742 MEDIUM MS06-006 U 104567 HIGH MS06-002 U 104237 HIGH MS06-001 U 96574 HIGH MS05-053 U 93395 HIGH MS05-051 U 93394 HIGH MS05-050 U 93454 MEDIUM MS05-049 U ;=============================================================================== ================================================================================ = =================== SUPERAntiSpyware Scan Log Generated 04/22/2008 at 10:41 PM Application Version : 3.6.1000 Core Rules Database Version : 3445 Trace Rules Database Version: 1437 Scan type : Complete Scan Total Scan Time : 01:30:51 Memory items scanned : 548 Memory threats detected : 0 Registry items scanned : 5400 Registry threats detected : 8 File items scanned : 73996 File threats detected : 1 Browser Hijacker.Internet Explorer Zone Hijack HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#* HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com#* HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com HKU\S-1-5-21-1078081533-1547161642-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\imagesrvr.com#* Adware.AdSponsor/ISM C:\SYSTEM VOLUME INFORMATION\_RESTORE{F46B8A32-2EF4-4DB6-8B8A-9FCF92FD4B2B}\RP59\A0013745.EXE Malwarebytes' Anti-Malware 1.11 Database version: 672 Scan type: Quick Scan Objects scanned: 32246 Time elapsed: 5 minute(s), 56 second(s) Memory Processes Infected: 2 Memory Modules Infected: 2 Registry Keys Infected: 24 Registry Values Infected: 1 Registry Data Items Infected: 3 Folders Infected: 1 Files Infected: 43 Memory Processes Infected: c:\WINDOWS\winself.exe (Rootkit.Agent) -> Unloaded process successfully. C:\WINDOWS\system32\wmsdkns.exe (Trojan.Agent) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\fccbXrOh.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\opnoopoL.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1db141bb-85c3-4f38-a2cd-7d76a6df6e80} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{1db141bb-85c3-4f38-a2cd-7d76a6df6e80} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a8eeb996-62aa-4e48-995d-eaddcac47476} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a8eeb996-62aa-4e48-995d-eaddcac47476} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnoopol (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a8eeb996-62aa-4e48-995d-eaddcac47476} (Trojan.Vundo) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbxroh -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccbxroh -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\wmsdkns.exe -> Quarantined and deleted successfully. Folders Infected: C:\WINDOWS\system32\xcsDd01 (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\winself.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fccbXrOh.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\hOrXbccf.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hOrXbccf.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnoopoL.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wmsdkns.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\audiosrv32.dll (Fake. This post has been edited by Rooster87: Apr 23 2008, 02:26 AM

greyknight17 View Member Profile	Apr 23 2008, 08:51 AM Post #2
Malware Expert Posts: 15,811 From: New York OS: Windows 98, XP, Vista, Mac OS X	Hi David and welcome to GTG. Right click on this link http://www.mvps.org/winhelp2002/DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again. 1. Download combofix at http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe or http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Double-click combofix.exe & follow the prompts. 3. When finished, it will produce a log for you. Post that log in your next reply. Note: Do not click on combofix's window while it's running. That may cause it to stall.

Rooster87

Apr 23 2008, 11:36 AM

Post #3

New Member

Posts: 6
OS: Windows XP Home Edition W/SP2

good morning greyknight17. i followed your instructions and it seems like my task manager is working now. here are my logs

ComboFix 08-04-22.5 - Gallo 2008-04-23 10:20:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1066 [GMT -7:00]
Running from: C:\Documents and Settings\Gallo\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\default.htm
C:\WINDOWS\system32\fccbXrOh.dll
C:\WINDOWS\system32\hOrXbccf.ini
C:\WINDOWS\system32\opnoopoL.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-22 23:02 . 2008-04-22 23:02 <DIR> d-------- C:\Program Files\Panda Security
2008-04-22 21:04 . 2008-04-22 22:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\SUPERAntiSpyware.com
2008-04-22 21:04 . 2008-04-22 21:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-22 21:03 . 2008-04-22 21:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 20:53 . 2008-04-22 20:53 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Malwarebytes
2008-04-22 20:52 . 2008-04-22 20:53 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-22 20:52 . 2008-04-22 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 15:49 . 2008-04-19 16:50 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-19 15:48 . 2008-04-19 15:48 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-04-19 15:43 . 2008-04-19 15:48 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 15:43 . 2008-04-23 10:20 1,024 --ah----- C:\Documents and Settings\Administrator\NTUSER.dat.LOG
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L99EB.tmp
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L96CF.tmp
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L9577.tmp
2008-04-19 12:25 . 2008-04-19 12:25 398 --a------ C:\WINDOWS\system32\L92E7.tmp
2008-04-19 12:25 . 2008-04-22 20:57 138 -r-hs---- C:\WINDOWS\mainms.vpi
2008-04-19 12:25 . 2008-04-22 20:57 33 -r-hs---- C:\WINDOWS\muotr.so
2008-04-19 12:25 . 2008-04-22 20:45 4 --------- C:\WINDOWS\megavid.cdt
2008-04-19 12:22 . 2008-04-19 12:22 <DIR> d-------- C:\Temp\berDrv11
2008-04-19 12:22 . 2008-04-19 12:22 <DIR> d-------- C:\Temp
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Program Files\CyberLink
2008-04-16 15:03 . 2008-04-16 15:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-15 18:12 . 2008-04-23 10:22 3,162,278 --------- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.BAK
2008-04-15 18:12 . 2008-04-23 10:23 31,064 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 31,064 --a------ C:\WINDOWS\system32\BMXState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 28,248 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 28,248 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-00511102}.rfx
2008-04-15 18:12 . 2008-04-23 10:23 1,076 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-04-15 18:12 . 2008-04-23 10:23 1,076 --a------ C:\WINDOWS\system32\settings.sfm
2008-04-15 18:11 . 2008-04-15 18:13 <DIR> d-------- C:\WINDOWS\system32\Defaults
2008-04-15 18:11 . 2000-12-05 09:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2
2008-04-15 18:11 . 2008-04-23 10:22 3,162,278 --a------ C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-00511102}.CDF
2008-04-15 18:10 . 2008-04-15 18:11 <DIR> d-------- C:\Program Files\Creative
2008-04-15 18:10 . 2006-08-11 15:14 86,446 --a------ C:\WINDOWS\system32\instwdm.ini
2008-04-15 18:10 . 2006-08-11 14:56 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2008-04-15 18:10 . 2006-08-11 14:32 191 --a------ C:\WINDOWS\system32\ctzapxx.ini
2008-04-14 16:07 . 2008-04-23 10:18 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\U3
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-04-14 14:36 . 2008-04-14 14:36 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01005.Wdf
2008-04-14 14:35 . 2008-04-14 14:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-14 14:35 . 2008-04-14 14:37 <DIR> d-------- C:\Program Files\Zune
2008-04-14 14:35 . 2008-01-11 17:39 145,408 --a------ C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-14 14:35 . 2008-01-11 17:39 70,656 --a------ C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 62,464 --a------ C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-14 14:35 . 2008-01-11 17:39 35,840 --a------ C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-12 13:25 . 2008-04-15 17:22 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\W Photo Studio Viewer
2008-04-11 16:56 . 2008-04-11 17:12 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI MMC
2008-04-11 16:49 . 2003-12-15 14:28 257,872 --a------ C:\WINDOWS\system32\drivers\atirwvd.sys
2008-04-11 16:49 . 2003-07-24 13:18 9,091 --a------ C:\WINDOWS\system32\drivers\atirwrf.sys
2008-04-11 16:26 . 2008-04-11 16:26 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-11 16:24 . 2008-04-11 16:24 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-04-11 16:24 . 2008-04-11 16:49 <DIR> d-------- C:\Program Files\Common Files\ATI
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\TitanTV
2008-04-11 16:19 . 2008-04-11 16:19 <DIR> d-------- C:\Program Files\msaccrt
2008-04-11 16:08 . 2008-04-11 16:08 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\Ahead
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\Gallo\Application Data\ATI
2008-04-09 19:38 . 2008-04-09 19:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-09 02:24 . 2006-10-04 07:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-09 02:24 . 2006-10-04 07:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-09 02:24 . 2006-10-04 07:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-09 02:23 . 2008-04-09 02:23 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-09 02:21 . 2008-04-09 02:21 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-09 02:21 . 2008-04-15 00:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-09 02:03 . 2008-04-09 02:04 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-09 02:03 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-08 22:19 . 2008-04-08 22:19 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-07 11:27 . 2008-04-07 11:27 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-06 15:07 . 2008-04-06 15:07 <DIR> d-------- C:\DVDFabDecrypter_Temp
2008-04-05 15:03 . 2008-04-15 22:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-05 15:03 . 2008-04-05 15:03 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\Apple Software Update
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-05 15:01 . 2008-04-05 15:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-05 14:59 . 2008-04-05 15:01 <DIR> d-------- C:\Program Files\QuickTime
2008-04-05 13:23 . 2008-04-06 15:07 <DIR> d-------- C:\Program Files\DVDFab Decrypter
2008-04-05 13:20 . 2008-04-05 13:20 <DIR> d-------- C:\Program Files\DVD Shrink
2008-04-05 13:20 . 2008-04-15 21:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-05 13:17 . 2008-04-05 13:17 <DIR> d-------- C:\Program Files\Ahead
2008-04-05 13:17 . 2001-07-06 06:41 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll
2008-04-05 13:17 . 2001-07-06 04:44 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll
2008-04-05 13:17 . 2001-07-06 10:24 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-05 13:17 . 2001-07-09 03:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-05 13:17 . 2001-06-26 00:15 38,912 -ra------ C:\WINDOWS\system32\picn20.dll
2008-04-05 13:08 . 2008-04-05 13:08 29,976 --a------ C:\20040318095344796_SM710T.zip
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-05 12:55 . 2004-08-04 01:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-05 00:17 . 2008-04-16 21:22 <DIR> d-------- C:\Work_Projects
2008-04-05 00:07 . 1997-05-05 20:26 721,168 --a------ C:\WINDOWS\system32\VB40032.DLL
2008-04-05 00:07 . 1997-05-05 20:15 267,264 --a------ C:\WINDOWS\system32\ACADFICN.DLL
2008-04-05 00:07 . 1997-05-30 08:12 260,368 --a------ C:\WINDOWS\system32\MSXB3032.DLL
2008-04-05 00:07 . 1997-05-30 08:12 244,496 --a------ C:\WINDOWS\system32\VBAR2232.DLL
2008-04-05 00:07 . 1997-05-30 08:12 226,576 --a------ C:\WINDOWS\system32\MSPX3032.DLL
2008-04-05 00:07 . 1997-05-05 20:26 92,672 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-04-05 00:07 . 1997-05-05 20:24 81,920 --a------ C:\WINDOWS\system32\GDIFONT3.HDI
2008-04-05 00:07 . 1997-05-05 20:24 42,496 --a------ C:\WINDOWS\system32\MTSTACK.EXE
2008-04-05 00:07 . 1997-05-05 20:24 14,848 --a------ C:\WINDOWS\system32\ADI3.HDI
2008-04-05 00:07 . 1997-05-05 20:15 7,680 --a------ C:\WINDOWS\system32\ADRESC.DLL
2008-04-04 23:14 . 1997-05-05 20:24 447,488 --a------ C:\WINDOWS\system32\HEIDI3.DLL
2008-04-04 22:58 . 2004-08-04 00:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-04 17:18 . 2008-04-04 17:18 <DIR> d-------- C:\Program Files\C-Media 3D Audio
2008-04-04 17:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-04 17:05 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-04 14:13 . 1997-05-30 08:12 965,904 --a------ C:\WINDOWS\system32\MSJT3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 245,520 --a------ C:\WINDOWS\system32\MSRD2X32.DLL
2008-04-04 14:13 . 1997-05-30 08:12 200,976 --a------ C:\WINDOWS\system32\MSXL3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 113,936 --a------ C:\WINDOWS\system32\MSTX3032.DLL
2008-04-04 14:13 . 1997-05-30 08:12 98,356 --a------ C:\WINDOWS\system32\MSJTER32.DLL
2008-04-04 14:13 . 1997-05-05 20:15 76,800 --a------ C:\WINDOWS\system32\REGACAD.DLL
2008-04-04 14:13 . 1997-05-05 20:24 41,984 --a------ C:\WINDOWS\system32\ADIMON.DLL
2008-04-04 14:13 . 1997-05-30 08:12 33,552 --a------ C:\WINDOWS\system32\MSJINT32.DLL
2008-04-04 14:13 . 2008-04-04 14:13 0 --a------ C:\WINDOWS\MTSTACK.INI
2008-04-04 14:12 . 2008-04-04 14:12 <DIR> d-------- C:\Program Files\Autodesk
2008-04-04 14:10 . 2008-04-04 14:10 <DIR> d-------- C:\Documents and Settings\Gallo\WINDOWS
2008-04-04 14:10 . 1997-05-06 18:53 299,520 --a------ C:\WINDOWS\uninst.exe
2008-04-04 13:48 . 2008-04-04 13:48 <DIR> d-------- C:\Program_Updates
2008-04-04 12:37 . 2008-04-04 12:37 <DIR> d-------- C:\Acad
2008-04-04 01:42 . 2008-04-04 23:16 <DIR> d-------- C:\David_Back_Up
2008-04-04 00:30 . 2001-08-17 23:36 171,008 --a------ C:\WINDOWS\system32\LXADSUI.DLL
2008-04-04 00:30 . 2001-07-21 19:52 25,645 --a------ C:\WINDOWS\system32\CNBJHLP.HLP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 04:35 409,600