Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

spy sheriff aftermath

Started by silverfalcon , Aug 01 2005 04:29 PM

  • Please log in to reply

#1
silverfalcon
Posted 01 August 2005 - 04:29 PM

silverfalcon

    Member

  • Member
  • PipPip
  • 16 posts
i have seen this problem with others before but i can't seem to find the similarities with there logs to my log

I had spysheriff in my computer and i have gotten it out but i do not have control of my desktop wallpaper. could you please help me find what I am missing in this computer

Here is my log from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:01:34 PM, on 8/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Office keyboard utility\1.2\MMKEYB.EXE
C:\Program Files\Office keyboard utility\1.2\TrayMon.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\w?wexec.exe
c:\program files\srcc\dtdh.exe
C:\WINDOWS\System32\rundll32.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {312919AA-FE43-DC94-34B1-8C0DF68DF5EB} - C:\WINDOWS\System32\lquzd.dll
O2 - BHO: (no name) - {68891DAF-C223-B705-1E3F-B78E7DDA91A9} - C:\WINDOWS\System32\HLzXRh57.dll
O2 - BHO: (no name) - {DC5AE52A-0898-7D49-ED5E-7222841A1CE5} - C:\WINDOWS\System32\mqfrbmhe.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb006.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [Hoti] C:\Program Files\srcc\dtdh.exe
O4 - HKCU\..\Run: [Kleh] C:\WINDOWS\System32\w?wexec.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_8.dll
O21 - SSODL: System - {7C548A9B-21D9-4201-9C07-48E390C7EA3F} - vr_sys.dll (file missing)
O21 - SSODL: AnyDVD - {C67DBD47-7E43-092E-44B1-20FB2A7040A2} - c:\program files\slysoft\anydvd\wxdhw32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
  • 0

Advertisements

#2
don77
Posted 01 August 2005 - 04:57 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hi there silverfalcon and welcome

Lets see if we can get you sorted out here,

Dowload the following program
CWShredder
It should be the current version, but check for updates
Run Program cwshredder and have it fix anything it finds.
Make sure you click the “Fix” button

Close out the program when done please,
Now onto getting rid of spysheriff,

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items:
===================================================
O2 - BHO: (no name) - {312919AA-FE43-DC94-34B1-8C0DF68DF5EB} - C:\WINDOWS\System32\lquzd.dll
O2 - BHO: (no name) - {68891DAF-C223-B705-1E3F-B78E7DDA91A9} - C:\WINDOWS\System32\HLzXRh57.dll
O2 - BHO: (no name) - {DC5AE52A-0898-7D49-ED5E-7222841A1CE5} - C:\WINDOWS\System32\mqfrbmhe.dll
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb006.dll
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [Hoti] C:\Program Files\srcc\dtdh.exe
O4 - HKCU\..\Run: [Kleh] C:\WINDOWS\System32\w?wexec.exe
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_8.dll
O21 - SSODL: System - {7C548A9B-21D9-4201-9C07-48E390C7EA3F} - vr_sys.dll (file missing)
O21 - SSODL: AnyDVD - {C67DBD47-7E43-092E-44B1-20FB2A7040A2} - c:\program files\slysoft\anydvd\wxdhw32.dll







.
===================================================
Have only HJT running (make sure you have all other windows closed )and click on" Fix Checked" Close out HJT,
Next,
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#3
silverfalcon
Posted 02 August 2005 - 09:10 PM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
here is all the requested information

in addition i have found that i do not have access to my taskbar options: any ideas on that

hijackthis:

C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\Program Files\Office keyboard utility\1.2\MMKEYB.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Office keyboard utility\1.2\TrayMon.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\RunOnce: [Panda_cleaner_177015] C:\WINDOWS\System32\ActiveScan\pavdr.exe 177015
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe

ActiveScan:


Incident Status Location

Adware:adware/azesearch No disinfected C:\Documents and Settings\All Users\Start Menu\PopUp Blocker.url
Adware:adware/cws.searchmeup No disinfected C:\Documents and Settings\All Users\Start Menu\Spyware Remover.url
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Silver Falcon\Desktop\install_cheat_001.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Silver Falcon\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip[start.exe]
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Titanium Phoenix\Desktop\install_cheat_001.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Titanium Phoenix\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip[start.exe]
Virus:Trj/Downloader.DOY Disinfected C:\hjt\backups\backup-20050802-174555-836.dll
Adware:Adware/PurityScan No disinfected C:\Program Files\srcc\dtdh.exe
Virus:Trj/Shellbot.B Disinfected C:\WINDOWS\system\svchost.dll
Virus:Trj/Shellbot.B Disinfected C:\WINDOWS\system\svchost.exe
Virus:Trj/Shellbot.B Disinfected C:\WINDOWS\system\__delete_on_reboot__svchosthook.dll
Adware:Adware/CWS No disinfected C:\WINDOWS\system32\chp.dll
Adware:Adware/Troyanov No disinfected C:\WINDOWS\system32\dcom_7.dll
Adware:Adware/Troyanov No disinfected C:\WINDOWS\system32\dcom_8.dll
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:adware/adsmart No disinfected C:\WINDOWS\system32\vxh8jkdq5.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\??rvices.exe
Smitfiles:

smitRem log file
version 2.2

by noahdfear

The current date is: Tue 08/02/2005
The current time is: 17:47:25.89

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~

SpySheriff


~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~

winstall.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :tazz:

Ewido log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:08:17 PM, 8/2/2005
+ Report-Checksum: 21A67546

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Spyware.Azsearch : Cleaned with backup
[1744] C:\WINDOWS\svchost.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
[128] C:\WINDOWS\System\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
[352] C:\WINDOWS\System\svchosthook.dll -> Backdoor.Agent.iw : Error during cleaning
[360] C:\WINDOWS\System\svchosthook.dll -> Backdoor.Agent.iw : Error during cleaning
[496] C:\WINDOWS\System\svchosthook.dll -> Backdoor.Agent.iw : Error during cleaning
[1192] C:\WINDOWS\System\svchosthook.dll -> Backdoor.Agent.iw : Error during cleaning
[636] C:\WINDOWS\System\svchosthook.dll -> Backdoor.Agent.iw : Error during cleaning
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9V3DMWV1\load02[1].exe -> TrojanDropper.Small.aad : Cleaned with backup
C:\Documents and Settings\Silver Falcon\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch\start.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup
C:\Documents and Settings\Silver Falcon\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip/start.exe -> TrojanDownloader.IstBar.ja : Error during cleaning
C:\Documents and Settings\Titanium Phoenix\Cookies\titanium [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Titanium Phoenix\Cookies\titanium phoenix@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Titanium Phoenix\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch\start.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup
C:\Documents and Settings\Titanium Phoenix\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip/start.exe -> TrojanDownloader.IstBar.ja : Error during cleaning
C:\hjt\backups\backup-20050802-174555-491.dll -> Spyware.Azesearch : Cleaned with backup
C:\hjt\backups\backup-20050802-174555-761.dll -> Spyware.PurityScan : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\SlySoft\AnyDVD\wxdhw32.dll -> TrojanDownloader.Murlo.ar : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-1004\Dc1.exe -> Not-A-Virus.Hoax.Renos.i : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc10.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc102.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc103.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc104.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc107.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc109.txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc114.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc123.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc127.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc134.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc137.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc138.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc139.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc140.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc141.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc144.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc145.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc146.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc147.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc148.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc149.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc167.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc169.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc184.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc196.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc197.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc215.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc221.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc223.txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc229.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc235.txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc245.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc246.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc247.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc248.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc252.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc253.txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc255.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc256.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc261.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc270.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc271.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc275.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc278.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc332.txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc369.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc373.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc374.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc42.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc44.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc49.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc60.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc80.txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc81.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc88.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc92.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-2000478354-1532298954-682003330-500\Dc98.txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\WINDOWS\msxmidi.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\svchost.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
C:\WINDOWS\sys3956.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\sys3957.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\sys746.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\sys752.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\sys753.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\system\Loader.dll -> TrojanDownloader.Agent.li : Cleaned with backup
C:\WINDOWS\system\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\1916359.exe -> TrojanDropper.Small.aad : Cleaned with backup
C:\WINDOWS\system32\abc.exe -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\WINDOWS\system32\abirvalg32.dll -> TrojanProxy.Small.cn : Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\WINDOWS\system32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\system32\latest.exe -> Trojan.Crypt.c : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanDropper.Small.acg : Cleaned with backup
C:\WINDOWS\system32\vxgame2.exe -> TrojanDownloader.Small.avt : Cleaned with backup
C:\WINDOWS\system32\vxgame3.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\system32\vxgame4.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\vxgamet1.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Trojan.LowZones.y : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq1.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.i : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> TrojanDownloader.Small.atl : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq8.exe -> TrojanDownloader.Small.bdz : Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.LdPinch.os : Cleaned with backup


thanks for all the help so far
  • 0

#4
don77
Posted 03 August 2005 - 07:39 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Lets get a bit more cleaning done here,

Download the DelDomains zip file and unzip it to your desktop.

DelDomains

Right-click on the deldomains.inf file and select 'Install'


Next,

*Please open notepad and save these instructions, Name it something you will remember
*Click Here to download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\All Users\Start Menu\PopUp Blocker.url 
 C:\Documents and Settings\All Users\Start Menu\Spyware Remover.url 
C:\Documents and Settings\Silver Falcon\Desktop\install_cheat_001.exe 
C:\Documents and Settings\Silver Falcon\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip[start.exe] 
C:\Documents and Settings\Titanium Phoenix\Desktop\install_cheat_001.exe 
C:\Documents and Settings\Titanium Phoenix\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip[start.exe] 
C:\Program Files\srcc\dtdh.exe 
C:\WINDOWS\system32\chp.dll 
C:\WINDOWS\system32\dcom_7.dll 
C:\WINDOWS\system32\dcom_8.dll 
C:\WINDOWS\system32\Shex.exe 
C:\WINDOWS\system32\vxh8jkdq5.exe 
C:\WINDOWS\system32\??rvices.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Your computer should restart on its own if it doesn't please restart maunally

Download TaskbarRepairToolPlus!.zip From Kellys Korner, Reboot and see if you have your taskbar back now,

Please run a scan with active again please post back the log from it, Please post back a fresh HJT log as well
  • 0

#5
silverfalcon
Posted 04 August 2005 - 04:35 AM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hey i did not run the taskbar tool because after the killbox ran i got back control
here is thed hijackthis and active scan:

Logfile of HijackThis v1.99.1
Scan saved at 11:37:05 PM, on 8/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Office keyboard utility\1.2\MMKEYB.EXE
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Office keyboard utility\1.2\TrayMon.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe

active scan:


Incident Status Location

Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Silver Falcon\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip[start.exe]
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Titanium Phoenix\Desktop\ner0 update\DVD CSS decoder\snd-anydvd5.2.6.1.patch.zip[start.exe]
Adware:adware/azesearch No disinfected C:\Documents and Settings\Titanium Phoenix\Favorites\Leisure\Anime sites.url
Virus:Trj/Shellbot.B Disinfected C:\Documents and Settings\Titanium Phoenix\Local Settings\Temp\12E0.tmp
Virus:Trj/Shellbot.B Disinfected C:\Documents and Settings\Titanium Phoenix\Local Settings\Temp\12E1.tmp
Virus:Trj/Shellbot.B Disinfected C:\Documents and Settings\Titanium Phoenix\Local Settings\Temp\12E2.tmp
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\??rvices.exe
  • 0

#6
don77
Posted 04 August 2005 - 05:12 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

hey i did not run the taskbar tool because after the killbox ran i got back control

Excellent,

Could you manually navigate to this folder
C:\Documents and Settings\Silver Falcon\Desktop\ner0 update\DVD CSS decoder\

Do you regconize this snd-anydvd5.2.6.1.patch.zip ?


Also navigate to this folder C:\Documents and Settings\Titanium Phoenix\Favorites\Leisure\Anime sites.url
Delete the above in bold,


Next -
Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.

dir C:\WINDOWS\system32\ ??rvices.exe  /a h > files.txt
notepad files.txt

Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here along with a new HiJackThis log.
  • 0

#7
silverfalcon
Posted 04 August 2005 - 02:53 PM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Anydvd i regonize but i deleted it anyway

Volume in drive C has no label.
Volume Serial Number is 6889-1DA8

Directory of C:\WINDOWS\system32

08/03/2005 11:34 PM <DIR> .
08/03/2005 11:34 PM <DIR> ..
07/31/2005 08:07 PM 36 $$$_.log
01/06/2005 02:41 AM 261 $winnt$.inf
01/05/2005 09:25 PM <DIR> 1025
01/05/2005 09:25 PM <DIR> 1028
01/05/2005 09:25 PM <DIR> 1031
01/05/2005 09:26 PM <DIR> 1033
01/05/2005 09:25 PM <DIR> 1037
01/05/2005 09:25 PM <DIR> 1041
01/05/2005 09:25 PM <DIR> 1042
01/05/2005 09:25 PM <DIR> 1054
09/12/2002 02:25 AM 2,151 12520437.cpx
09/12/2002 02:25 AM 2,233 12520850.cpx
01/05/2005 09:25 PM <DIR> 2052
08/03/2003 06:40 AM 7 25c85a89.dll
01/05/2005 09:25 PM <DIR> 3076
01/05/2005 09:25 PM <DIR> 3com_dmi
08/03/2003 06:40 AM 699 68891da8.dll
08/29/2002 03:40 AM 59,392 6to4svc.dll
09/12/2002 02:25 AM 25,600 aaaamon.dll
07/31/2005 08:06 PM 64 abirvalg.dll
09/12/2002 02:25 AM 66,048 access.cpl
09/12/2002 02:25 AM 64,512 acctres.dll
09/12/2002 02:25 AM 179,200 accwiz.exe
09/12/2002 02:25 AM 61,952 acelpdec.ax
09/12/2002 02:25 AM 129,536 acledit.dll
09/12/2002 02:25 AM 107,008 aclui.dll
09/12/2002 02:25 AM 181,760 activeds.dll
09/12/2002 02:25 AM 111,104 activeds.tlb
08/02/2005 06:13 PM <DIR> ActiveScan
09/12/2002 02:25 AM 4,096 actmovie.exe
09/12/2002 02:25 AM 98,304 actxprxy.dll
08/03/2005 11:36 PM 1,406 AddQuit.ico
09/12/2002 02:25 AM 57,344 admparse.dll
09/12/2002 02:25 AM 26,112 adptif.dll
08/29/2002 03:40 AM 162,816 adsldp.dll
08/29/2002 03:40 AM 139,776 adsldpc.dll
08/29/2002 03:40 AM 62,464 adsmsext.dll
09/12/2002 02:25 AM 161,792 adsnds.dll
08/29/2002 03:40 AM 239,616 adsnt.dll
09/12/2002 02:25 AM 109,568 adsnw.dll
08/29/2002 03:40 AM 558,080 advapi32.dll
08/29/2002 03:40 AM 91,136 advpack.dll
08/29/2002 03:41 AM 91,648 ahui.exe
08/29/2002 03:41 AM 41,984 alg.exe
09/12/2002 02:25 AM 15,872 alrsvc.dll
11/17/2004 05:08 PM 16,162,816 ALSNDMGR.CPL
02/05/2002 02:54 PM 141,016 ALSNDMGR.WAV
01/06/2005 02:38 AM 16,832 amcompat.tlb
12/12/2002 01:14 AM 64,512 amstream.dll
09/12/2002 02:26 AM 9,029 ansi.sys
09/12/2002 02:26 AM 102,912 apcups.dll
09/12/2002 02:26 AM 12,498 append.exe
08/29/2002 03:40 AM 115,712 apphelp.dll
08/29/2002 03:40 AM 156,672 appmgmts.dll
08/29/2002 03:40 AM 277,504 appmgr.dll
08/29/2002 03:41 AM 578,560 appwiz.cpl
09/12/2002 02:26 AM 19,456 arp.exe
08/29/2002 03:39 AM 89,600 asctrls.ocx
08/29/2002 03:40 AM 5,120 asferror.dll
08/02/2005 06:13 PM 0 asfiles.txt
08/29/2002 03:40 AM 14,366 asfsipc.dll
01/10/2003 07:36 PM 128 asinst.cfg
09/12/2002 02:26 AM 27,136 asr_fmt.exe
09/12/2002 02:26 AM 32,256 asr_ldm.exe
08/29/2002 03:41 AM 29,696 asr_pfu.exe
07/29/2005 09:07 PM 73,728 asuninst.exe
09/12/2002 02:26 AM 77,824 asycfilt.dll
08/29/2002 03:41 AM 22,528 at.exe
11/30/2004 10:26 PM 249,856 ati2cqag.dll
11/30/2004 11:12 PM 221,184 ati2dvag.dll
11/30/2004 11:07 PM 30,720 ati2edxx.dll
11/30/2004 11:06 PM 94,208 ati2evxx.dll
11/30/2004 11:05 PM 425,984 ati2evxx.exe
11/30/2004 11:07 PM 65,536 Ati2mdxx.exe
11/30/2004 10:10 PM 516,096 ati2sgag.exe
08/28/2002 11:40 PM 844,675 ati3d1ag.dll
08/28/2002 11:40 PM 921,475 ati3d2ag.dll
11/30/2004 10:51 PM 2,305,984 ati3duag.dll
11/30/2004 11:04 PM 81,920 ATIDDC.DLL
12/01/2004 01:18 AM 200,704 ATIDEMGR.dll
11/24/2004 02:41 PM 9,282 atifglpf.xml
12/01/2004 01:53 AM 294,912 atiiiexx.dll
11/30/2004 11:37 PM 6,619,136 atioglxx.dll
11/30/2004 11:07 PM 131,072 atipdlxx.dll
11/30/2004 10:35 PM 17,408 atitvo32.dll
11/09/2001 12:01 PM 24,064 ativcoxx.dll
11/30/2004 10:45 PM 434,496 ativvaxx.dll
09/12/2002 02:26 AM 13,312 atkctrs.dll
08/29/2002 03:40 AM 74,810 atl.dll
03/18/2003 09:05 PM 89,088 atl71.dll
09/12/2002 02:26 AM 10,240 atmadm.exe
09/12/2002 02:26 AM 272,768 atmfd.dll
09/12/2002 02:26 AM 27,136 atmlib.dll
09/12/2002 02:26 AM 34,816 atmpvcno.dll
09/12/2002 02:26 AM 11,264 atrace.dll
09/12/2002 02:26 AM 11,264 attrib.exe
08/29/2002 03:40 AM 38,912 audiosrv.dll
09/12/2002 02:26 AM 51,200 authz.dll
08/29/2002 03:41 AM 565,760 autochk.exe
09/12/2002 02:26 AM 578,560 autoconv.exe
09/12/2002 02:26 AM 80,384 autodisc.dll
09/12/2002 02:26 AM 1,688 AUTOEXEC.NT
09/12/2002 02:26 AM 558,592 autofmt.exe
08/29/2002 03:41 AM 8,192 autolfn.exe
09/12/2002 02:26 AM 69,584 avicap.dll
09/12/2002 02:26 AM 64,000 avicap32.dll
08/29/2002 03:40 AM 76,288 avifil32.dll
09/12/2002 02:26 AM 109,456 avifile.dll
09/12/2002 02:26 AM 16,384 avmeter.dll
09/12/2002 02:26 AM 227,840 avtapi.dll
09/12/2002 02:26 AM 73,216 avwav.dll
08/29/2002 03:40 AM 44,032 basesrv.dll
07/31/2005 02:49 PM 34,308 BASSMOD.dll
09/12/2002 02:26 AM 27,136 batmeter.dll
08/29/2002 03:40 AM 6,656 batt.dll
07/09/2004 04:26 AM 16,896 bdaplgin.ax
09/12/2002 02:26 AM 14,848 bidispl.dll
09/12/2002 02:26 AM 28,420 bios1.rom
09/12/2002 02:26 AM 8,191 bios4.rom
09/12/2002 02:26 AM 204,800 blackbox.dll
09/12/2002 02:26 AM 136,704 bootcfg.exe
09/12/2002 02:26 AM 4,608 bootok.exe
09/12/2002 02:26 AM 12,288 bootvid.dll
09/12/2002 02:26 AM 5,120 bootvrfy.exe
09/12/2002 02:26 AM 22,984 bopomofo.uce
08/29/2002 03:40 AM 62,976 browselc.dll
08/29/2002 03:40 AM 49,152 browser.dll
08/29/2002 03:40 AM 1,021,952 browseui.dll
08/29/2002 03:40 AM 71,680 browsewm.dll
08/29/2002 08:00 AM 59,904 cabinet.dll
09/12/2002 02:26 AM 80,384 cabview.dll
09/12/2002 02:26 AM 18,432 cacls.exe
09/12/2002 02:26 AM 114,688 calc.exe
09/12/2002 02:26 AM 45,056 camocx.dll
09/12/2002 02:26 AM 142,848 capesnpn.dll
09/12/2002 02:26 AM 359,936 cards.dll
04/30/2005 01:47 PM <DIR> CatRoot
08/02/2005 06:13 PM <DIR> CatRoot2
09/12/2002 02:26 AM 215,040 catsrv.dll
09/12/2002 02:26 AM 85,504 catsrvps.dll
08/29/2002 03:40 AM 582,656 catsrvut.dll
09/12/2002 02:26 AM 27,648 ccfgnt.dll
09/12/2002 02:26 AM 142,336 cdfview.dll
08/29/2002 03:40 AM 14,848 cdm.dll
09/12/2002 02:27 AM 15,872 cdmodem.dll
09/12/2002 02:27 AM 2,028,032 cdosys.dll
01/06/2005 02:36 AM 749 cdplayer.exe.manifest
08/29/2002 03:40 AM 186,880 certcli.dll
09/12/2002 02:27 AM 436,736 certmgr.dll
09/12/2002 02:27 AM 42,339 certmgr.msc
08/29/2002 03:40 AM 179,712 cewmdm.dll
08/29/2002 03:40 AM 32,768 cfgbkend.dll
09/12/2002 02:27 AM 16,896 cfgmgr32.dll
09/12/2002 02:27 AM 80,384 charmap.exe
10/27/2004 04:47 PM 40,960 ChCfg.exe
09/12/2002 02:27 AM 7,680 chcp.com
09/12/2002 02:27 AM 11,776 chkdsk.exe
09/12/2002 02:27 AM 11,264 chkntfs.exe
07/31/2005 08:06 PM 27 chp32.dll
09/12/2002 02:27 AM 163,328 ciadmin.dll
09/12/2002 02:27 AM 41,762 ciadv.msc
09/12/2002 02:27 AM 109,568 cic.dll
09/12/2002 02:27 AM 8,192 cidaemon.exe
08/29/2002 03:40 AM 64,512 ciodm.dll
09/12/2002 02:27 AM 45,056 cipher.exe
09/12/2002 02:27 AM 5,120 cisvc.exe
09/12/2002 02:27 AM 7,680 ckcnv.exe
09/12/2002 02:27 AM 10,752 clb.dll
09/12/2002 02:27 AM 100,864 clbcatex.dll
09/12/2002 02:27 AM 468,480 clbcatq.dll
09/12/2002 02:27 AM 61,440 cleanmgr.exe
09/12/2002 02:27 AM 71,859 cliconf.chm
09/12/2002 02:27 AM 127,552 cliconfg.dll
09/12/2002 02:27 AM 45,632 cliconfg.exe
09/12/2002 02:27 AM 24,576 cliconfg.rll
08/29/2002 03:41 AM 98,816 clipbrd.exe
09/12/2002 02:27 AM 30,720 clipsrv.exe
08/29/2002 03:41 AM 49,182 clspack.exe
08/29/2002 03:40 AM 54,272 clusapi.dll
09/12/2002 02:27 AM 12,288 cmcfg32.dll
09/12/2002 02:27 AM 375,808 cmd.exe
08/29/2002 03:40 AM 324,608 cmdial32.dll
08/29/2002 03:41 AM 41,472 cmdl32.exe
09/12/2002 02:27 AM 40,505 cmdlib.wsc
09/12/2002 02:27 AM 61,172 cmmgr32.hlp
09/12/2002 02:27 AM 35,840 cmmon32.exe
09/12/2002 02:27 AM 64 cmos.ram
09/12/2002 02:27 AM 14,336 cmpbk32.dll
09/12/2002 02:27 AM 174,592 cmprops.dll
09/12/2002 02:27 AM 54,784 cmstp.exe
09/12/2002 02:27 AM 36,352 cmutil.dll
09/12/2002 02:29 AM 45,568 cnbjmon.dll
09/12/2002 02:27 AM 32,768 cnetcfg.dll
09/12/2002 02:27 AM 26,624 cnvfat.dll
09/12/2002 02:27 AM 56,832 colbact.dll
01/06/2005 02:35 AM <DIR> Com
09/12/2002 02:27 AM 25,600 comaddin.dll
09/12/2002 02:27 AM 3,584 comcat.dll
08/29/2002 03:40 AM 557,056 comctl32.dll
08/29/2002 03:40 AM 258,048 comdlg32.dll
09/12/2002 02:27 AM 10,544 comm.drv
09/12/2002 02:27 AM 50,620 command.com
09/12/2002 02:27 AM 32,816 commdlg.dll
09/12/2002 02:27 AM 15,872 comp.exe
09/12/2002 02:27 AM 17,408 compact.exe
08/29/2002 03:40 AM 238,592 compatUI.dll
09/12/2002 02:27 AM 38,302 compmgmt.msc
09/12/2002 02:27 AM 30,160 compobj.dll
09/12/2002 02:27 AM 222,208 compstui.dll
09/12/2002 02:27 AM 82,432 comrepl.dll
09/12/2002 02:27 AM 792,064 comres.dll
09/12/2002 02:27 AM 147,456 comsnap.dll
08/29/2002 03:40 AM 1,172,992 comsvcs.dll
09/12/2002 02:27 AM 495,616 comuid.dll
01/06/2005 02:42 AM <DIR> config
01/06/2005 02:38 AM 2,577 CONFIG.NT
09/12/2002 02:27 AM 345,600 confmsp.dll
08/29/2002 03:41 AM 24,576 conime.exe
09/12/2002 02:27 AM 66,560 console.dll
09/12/2002 02:27 AM 8,192 control.exe
09/12/2002 02:27 AM 13,824 convert.exe
09/12/2002 02:27 AM 14,877 corpol.dll
09/12/2002 02:27 AM 27,097 country.sys
08/29/2002 03:40 AM 158,720 credui.dll
09/12/2002 02:28 AM 149,019 crtdll.dll
08/29/2002 03:40 AM 557,568 crypt32.dll
08/29/2002 03:40 AM 70,144 cryptdlg.dll
09/12/2002 02:28 AM 29,184 cryptdll.dll
09/12/2002 02:28 AM 48,640 cryptext.dll
09/12/2002 02:28 AM 53,248 cryptnet.dll
08/29/2002 03:40 AM 53,248 cryptsvc.dll
08/29/2002 03:40 AM 471,040 cryptui.dll
09/12/2002 02:28 AM 89,600 cscdll.dll
09/12/2002 02:28 AM 102,450 cscript.exe
08/29/2002 03:40 AM 307,712 cscui.dll
08/29/2002 03:40 AM 29,184 csrsrv.dll
09/12/2002 02:28 AM 4,096 csrss.exe
09/12/2002 02:28 AM 73,728 csseqchk.dll
08/29/2002 03:41 AM 13,312 ctfmon.exe
09/12/2002 02:28 AM 27,136 ctl3d32.dll
09/12/2002 02:28 AM 27,200 ctl3dv2.dll
09/12/2002 02:28 AM 8,386 ctype.nls
09/12/2002 02:28 AM 66,082 c_037.nls
09/12/2002 02:28 AM 66,082 c_10000.nls
09/12/2002 02:28 AM 66,082 c_10006.nls
09/12/2002 02:28 AM 66,082 c_10007.nls
09/12/2002 02:28 AM 66,082 c_10010.nls
09/12/2002 02:28 AM 66,082 c_10017.nls
09/12/2002 02:28 AM 66,082 c_10029.nls
09/12/2002 02:28 AM 66,082 c_10079.nls
09/12/2002 02:28 AM 66,082 c_10081.nls
09/12/2002 02:28 AM 66,082 c_10082.nls
09/12/2002 02:28 AM 66,082 c_1026.nls
09/12/2002 02:28 AM 66,082 c_1250.nls
09/12/2002 02:28 AM 66,082 c_1251.nls
09/12/2002 02:28 AM 66,082 c_1252.nls
09/12/2002 02:28 AM 66,082 c_1253.nls
09/12/2002 02:28 AM 66,082 c_1254.nls
09/12/2002 02:28 AM 66,082 c_1255.nls
09/12/2002 02:28 AM 66,082 c_1256.nls
09/12/2002 02:28 AM 66,082 c_1257.nls
09/12/2002 02:28 AM 66,082 c_1258.nls
09/12/2002 02:28 AM 66,082 c_20127.nls
09/12/2002 02:28 AM 139,810 c_20261.nls
09/12/2002 02:28 AM 66,082 c_20866.nls
09/12/2002 02:28 AM 66,082 c_20905.nls
09/12/2002 02:28 AM 66,082 c_21866.nls
09/12/2002 02:28 AM 66,082 c_28591.nls
09/12/2002 02:28 AM 66,082 c_28592.nls
09/12/2002 02:28 AM 66,082 c_28593.nls
09/12/2002 02:28 AM 66,082 C_28594.NLS
09/12/2002 02:28 AM 66,082 C_28595.NLS
09/12/2002 02:28 AM 66,082 C_28597.NLS
09/12/2002 02:28 AM 66,082 c_28598.nls
09/12/2002 02:28 AM 66,082 c_28599.nls
04/19/2002 06:20 PM 66,082 c_28603.nls
09/12/2002 02:28 AM 66,082 c_28605.nls
09/12/2002 02:28 AM 66,594 c_437.nls
09/12/2002 02:28 AM 66,082 c_500.nls
09/12/2002 02:28 AM 66,594 c_737.nls
09/12/2002 02:28 AM 66,594 c_775.nls
09/12/2002 02:28 AM 66,594 c_850.nls
09/12/2002 02:28 AM 66,594 c_852.nls
09/12/2002 02:28 AM 66,594 c_855.nls
09/12/2002 02:28 AM 66,594 c_857.nls
09/12/2002 02:28 AM 66,594 c_860.nls
09/12/2002 02:28 AM 66,594 c_861.nls
09/12/2002 02:28 AM 66,594 c_863.nls
09/12/2002 02:28 AM 66,594 c_865.nls
09/12/2002 02:28 AM 66,594 c_866.nls
09/12/2002 02:28 AM 66,594 c_869.nls
09/12/2002 02:28 AM 66,594 c_874.nls
09/12/2002 02:28 AM 66,082 c_875.nls
09/12/2002 02:28 AM 162,850 c_932.nls
09/12/2002 02:28 AM 196,642 c_936.nls
09/12/2002 02:28 AM 196,642 c_949.nls
09/12/2002 02:28 AM 196,642 c_950.nls
07/09/2004 04:27 AM 1,179,648 d3d8.dll
12/12/2002 01:14 AM 8,192 d3d8thk.dll
07/09/2004 04:27 AM 1,689,600 d3d9.dll
09/12/2002 02:28 AM 436,224 d3dim.dll
05/30/2003 10:00 AM 797,184 d3dim700.dll
09/12/2002 02:28 AM 34,816 d3dpmesh.dll
09/12/2002 02:28 AM 590,336 d3dramp.dll
09/12/2002 02:28 AM 350,208 d3drm.dll
09/12/2002 02:28 AM 47,616 d3dxof.dll
08/29/2002 03:40 AM 986,112 danim.dll
09/12/2002 02:28 AM 51,712 dataclen.dll
09/12/2002 02:28 AM 152,064 datime.dll
09/12/2002 02:28 AM 22,016 davclnt.dll
09/12/2002 02:28 AM 142,848 daxctle.ocx
09/12/2002 02:28 AM 847,872 dbgeng.dll
08/29/2002 03:40 AM 489,984 dbghelp.dll
08/29/2002 03:40 AM 20,480 dbmsadsn.dll
08/29/2002 12:36 AM 24,576 dbmsrpcn.dll
08/29/2002 12:36 AM 24,576 dbmsvinn.dLL
08/29/2002 03:40 AM 61,440 dbnetlib.dll
08/29/2002 12:34 AM 28,672 dbnmpntw.dll
08/29/2002 03:57 AM 1,740 Dcache.bin
09/12/2002 02:28 AM 7,680 dciman32.dll
09/12/2002 02:28 AM 5,120 dcomcnfg.exe
09/12/2002 02:28 AM 39,424 ddeml.dll
09/12/2002 02:28 AM 27,136 ddeshare.exe
07/09/2004 04:27 AM 265,728 ddraw.dll
12/12/2002 01:14 AM 24,064 ddrawex.dll
09/12/2002 02:28 AM 20,634 debug.exe
08/29/2002 03:41 AM 70,656 defrag.exe
08/29/2002 03:41 AM 129,024 desk.cpl
09/12/2002 02:28 AM 16,384 deskadp.dll
09/12/2002 02:28 AM 16,896 deskmon.dll
09/12/2002 02:28 AM 18,432 deskperf.dll
08/03/2005 11:36 PM 9,470 Desktop.ico
09/12/2002 02:31 AM 2 desktop.ini
05/30/2003 10:00 AM 132,608 devenum.dll
09/12/2002 02:28 AM 33,079 devmgmt.msc
08/29/2002 03:40 AM 263,168 devmgr.dll
09/12/2002 02:28 AM 41,397 dfrg.msc
08/29/2002 03:41 AM 76,288 dfrgfat.exe
08/29/2002 03:41 AM 99,328 dfrgntfs.exe
09/12/2002 02:28 AM 51,200 dfrgres.dll
08/29/2002 03:40 AM 35,328 dfrgsnap.dll
08/29/2002 03:40 AM 113,152 dfrgui.dll
08/29/2002 03:40 AM 25,600 dfsshlex.dll
08/29/2002 03:40 AM 103,424 dgnet.dll
09/12/2002 02:28 AM 176,157 dgrpsetu.dll
09/12/2002 02:28 AM 85,020 dgsetup.dll
01/05/2005 09:25 PM <DIR> dhcp
08/29/2002 03:40 AM 99,840 dhcpcsvc.dll
09/12/2002 02:28 AM 370,176 dhcpmon.dll
09/12/2002 02:28 AM 74,240 dhcpsapi.dll
09/12/2002 02:28 AM 394,240 diactfrm.dll
09/12/2002 02:28 AM 79,360 diantz.exe
08/29/2002 03:40 AM 55,296 digest.dll
09/12/2002 02:28 AM 44,032 dimap.dll
08/29/2002 04:40 AM 648,704 dinput.dll
08/29/2002 04:40 AM 667,648 dinput8.dll
04/30/2005 01:48 PM <DIR> DirectX
09/12/2002 02:29 AM 9,216 diskcomp.com
09/12/2002 02:29 AM 7,168 diskcopy.com
09/12/2002 02:29 AM 1,501,696 diskcopy.dll
09/12/2002 02:29 AM 33,673 diskmgmt.msc
09/12/2002 02:29 AM 145,920 diskpart.exe
09/12/2002 02:29 AM 17,920 diskperf.exe
09/12/2002 02:29 AM 45,083 dispex.dll
10/26/2004 06:38 PM 716,800 DivX.dll
04/01/2000 05:11 AM 291,408 DivXa32.acm
04/01/2000 06:35 AM 414,272 DivXc32.dll
04/01/2000 06:35 AM 414,272 DivXc32f.dll
10/26/2004 06:38 PM 577,536 divxdec.ax
10/26/2004 06:38 PM 94,208 divxdec_0407.dll
10/26/2004 06:38 PM 94,208 divxdec_040c.dll
10/26/2004 06:38 PM 94,208 divxdec_0411.dll
02/04/2005 10:15 PM 151,552 DivXG400.ax
04/26/2000 08:48 PM 240,400 DivX_c32.ax
10/26/2004 06:38 PM 206,848 divx_xx07.dll
10/26/2004 06:38 PM 206,336 divx_xx0c.dll
10/26/2004 06:38 PM 528,384 divx_xx11.dll
08/01/2005 06:25 PM <DIR> dllcache
09/12/2002 02:29 AM 4,608 dllhost.exe
09/12/2002 02:29 AM 4,608 dllhst3g.exe
09/12/2002 02:29 AM 204,800 dmadmin.exe
12/12/2002 01:14 AM 27,136 dmband.dll
12/12/2002 01:14 AM 58,368 dmcompos.dll
09/12/2002 02:29 AM 330,752 dmconfig.dll
09/12/2002 02:29 AM 273,920 dmdlgs.dll
09/12/2002 02:29 AM 184,320 dmdskmgr.dll
09/12/2002 02:29 AM 118,784 dmdskres.dll
07/09/2004 04:27 AM 181,248 dmime.dll
09/12/2002 02:29 AM 18,432 dmintf.dll
12/12/2002 01:14 AM 33,280 dmloader.dll
09/12/2002 02:29 AM 19,456 dmocx.dll
09/12/2002 02:29 AM 14,336 dmremote.exe
12/12/2002 01:14 AM 76,800 dmscript.dll
09/12/2002 02:29 AM 21,504 dmserver.dll
12/12/2002 01:14 AM 98,816 dmstyle.dll
12/12/2002 01:14 AM 100,864 dmsynth.dll
07/09/2004 04:27 AM 104,448 dmusic.dll
09/12/2002 02:29 AM 50,688 dmutil.dll
09/12/2002 02:29 AM 61,440 dmview.ocx
08/29/2002 03:40 AM 139,264 dnsapi.dll
09/12/2002 02:29 AM 44,032 dnsrslvr.dll
09/12/2002 02:29 AM 46,080 docprop.dll
08/29/2002 03:40 AM 45,568 docprop2.dll
09/12/2002 02:29 AM 10,752 doskey.exe
09/12/2002 02:29 AM 53,840 dosx.exe
08/29/2002 02:20 AM 115,200 dpcdll.dll
09/12/2002 02:29 AM 33,040 dplay.dll
12/12/2002 01:14 AM 28,160 dplaysvr.exe
07/09/2004 04:27 AM 230,400 dplayx.dll
12/12/2002 01:14 AM 77,824 dpmodemx.dll
12/12/2002 01:14 AM 3,072 dpnaddr.dll
12/12/2002 01:14 AM 723,968 dpnet.dll
03/24/2003 10:00 AM 32,768 dpnhpast.dll
03/24/2003 10:00 AM 68,096 dpnhupnp.dll
12/12/2002 01:14 AM 3,072 dpnlobby.dll
09/12/2002 02:29 AM 62,464 dpnmodem.dll
12/12/2002 01:14 AM 16,896 dpnsvr.exe
09/12/2002 02:29 AM 61,952 dpnwsock.dll
09/12/2002 02:29 AM 53,520 dpserial.dll
10/26/2004 06:39 PM 290,816 dpu10.dll
10/26/2004 06:39 PM 602,112 dpuGUI10.dll
10/26/2004 06:39 PM 335,872 dpus10.dll
10/26/2004 06:39 PM 53,248 dpv10.dll
12/12/2002 01:14 AM 19,968 dpvacm.dll
12/12/2002 01:14 AM 381,952 dpvoice.dll
12/12/2002 01:14 AM 80,896 dpvsetup.exe
12/12/2002 01:14 AM 112,128 dpvvox.dll
09/12/2002 02:29 AM 42,768 dpwsock.dll
07/09/2004 04:27 AM 57,856 dpwsockx.dll
09/12/2002 02:29 AM 58,368 driverquery.exe
07/31/2005 07:39 PM <DIR> drivers
08/29/2002 03:40 AM 266,240 drmclien.dll
08/29/2002 03:40 AM 76,830 drmstor.dll
08/29/2002 03:40 AM 602,112 drmv2clt.dll
09/12/2002 02:29 AM 11,776 drprov.dll
09/12/2002 02:29 AM 28,112 drwatson.exe
09/12/2002 02:29 AM 45,568 drwtsn32.exe
09/12/2002 02:29 AM 4,656 ds16gt.dLL
08/29/2002 03:40 AM 16,384 ds32gt.dll
09/12/2002 02:29 AM 62,976 dsauth.dll
12/12/2002 01:14 AM 186,880 dsdmo.dll
12/12/2002 01:14 AM 491,520 dsdmoprp.dll
09/12/2002 02:29 AM 84,992 dskquota.dll
09/12/2002 02:29 AM 144,384 dskquoui.dll
07/09/2004 04:27 AM 363,520 dsound.dll
09/12/2002 02:29 AM 81 dsound.vxd
12/12/2002 01:14 AM 1,294,336 dsound3d.dll
08/29/2002 03:40 AM 135,680 dsprop.dll
08/29/2002 01:14 AM 3,584 dsprpres.dll
08/29/2002 03:40 AM 227,840 dsquery.dll
09/12/2002 02:29 AM 218,003 dssec.dat
09/12/2002 02:29 AM 47,104 dssec.dll
08/28/2002 10:27 PM 124,928 dssenh.dll
09/12/2002 02:29 AM 106,496 dsuiext.dll
12/12/2002 01:14 AM 18,432 dswave.dll
08/29/2002 03:41 AM 9,216 dumprep.exe
08/29/2002 03:40 AM 263,680 duser.dll
09/12/2002 02:29 AM 55,296 dvdplay.exe
09/12/2002 02:29 AM 15,872 dvdupgrd.exe
12/11/2002 04:19 AM 249,856 DVobSub.ax
08/29/2002 03:41 AM 180,224 dwwin.exe
08/29/2002 03:40 AM 313,856 dx3j.dll
12/12/2002 01:14 AM 602,624 dx7vb.dll
05/30/2003 10:00 AM 1,189,888 dx8vb.dll
07/09/2004 04:27 AM 974,848 dxdiag.exe
07/09/2004 04:27 AM 1,769,472 dxdiagn.dll
12/12/2002 12:14 AM 46,592 dxdllreg.exe
08/29/2002 03:40 AM 498,205 dxmasf.dll
08/29/2002 03:40 AM 802,304 dxmrtp.dll
08/29/2002 03:40 AM 337,920 dxtmsft.dll
08/29/2002 03:40 AM 194,560 dxtrans.dll
09/12/2002 02:29 AM 69,886 edit.com
09/12/2002 02:30 AM 10,790 edit.hlp
09/12/2002 02:30 AM 12,642 edlin.exe
09/12/2002 02:30 AM 24,576 efsadu.dll
09/12/2002 02:30 AM 127,213 ega.cpi
08/29/2002 03:40 AM 165,376 els.dll
01/06/2005 02:35 AM 21,640 emptyregdb.dat
12/12/2002 01:14 AM 18,944 encapi.dll
08/29/2002 03:40 AM 155,648 encdec.dll
09/12/2002 02:30 AM 103,424 EqnClass.Dll
08/29/2002 03:40 AM 19,456 ersvc.dll
08/29/2002 03:40 AM 225,280 es.dll
09/12/2002 02:30 AM 1,018,368 esent.dll
09/12/2002 02:30 AM 1,114,896 esent97.dll
09/12/2002 02:30 AM 17,408 esentprf.dll
09/12/2002 02:30 AM 6,708 esentprf.hxx
09/12/2002 02:30 AM 1,015,477 esentprf.ini
09/12/2002 02:30 AM 39,424 esentutl.exe
08/29/2002 03:41 AM 178,688 eudcedit.exe
09/12/2002 02:30 AM 29,351 eula.txt
09/12/2002 02:30 AM 33,280 eventcls.dll
09/12/2002 02:30 AM 47,616 eventcreate.exe
08/29/2002 03:40 AM 49,152 eventlog.dll
09/12/2002 02:30 AM 97,965 eventquery.vbs
09/12/2002 02:30 AM 77,824 eventtriggers.exe
09/12/2002 02:30 AM 8,704 eventvwr.exe
09/12/2002 02:30 AM 56,678 eventvwr.msc
09/12/2002 02:30 AM 8,424 exe2bin.exe
09/12/2002 02:30 AM 15,872 expand.exe
01/05/2005 09:25 PM <DIR> export
08/29/2002 03:40 AM 380,445 expsrv.dll
02/16/1999 11:38 AM 38,912 EXSEC32.DLL
09/12/2002 02:30 AM 40,960 extrac32.exe
09/12/2002 02:30 AM 121,856 exts.dll
09/12/2002 02:30 AM 882 fastopen.exe
08/29/2002 03:40 AM 66,560 faultrep.dll
09/12/2002 02:30 AM 14,848 fc.exe
09/12/2002 02:30 AM 117,760 fde.dll
08/29/2002 03:40 AM 67,584 fdeploy.dll
09/12/2002 02:30 AM 18,432 feclient.dll
09/12/2002 02:30 AM 323,072 filemgmt.dll
09/12/2002 02:30 AM 9,216 find.exe
09/12/2002 02:30 AM 25,088 findstr.exe
09/12/2002 02:30 AM 9,216 finger.exe
09/12/2002 02:30 AM 3,072 fixmapi.exe
08/29/2002 03:40 AM 82,432 fldrclnr.dll
10/28/1999 02:49 PM 1,129,232 FM20.DLL
10/28/1999 02:49 PM 26,384 FM20ENU.DLL
09/12/2002 02:30 AM 16,384 fmifs.dll
03/06/2005 11:54 AM 110,192 FNTCACHE.DAT
09/12/2002 02:30 AM 361,472 fontext.dll
09/12/2002 02:30 AM 79,360 fontsub.dll
08/29/2002 03:41 AM 19,456 fontview.exe
09/12/2002 02:30 AM 7,168 forcedos.exe
09/12/2002 02:30 AM 25,600 format.com
08/29/2002 03:40 AM 8,832 framebuf.dll
09/12/2002 02:30 AM 55,296 freecell.exe
09/12/2002 02:30 AM 32,760 fsmgmt.msc
09/12/2002 02:30 AM 81,408 fsusd.dll
09/12/2002 02:30 AM 56,320 fsutil.exe
08/29/2002 03:41 AM 40,448 ftp.exe
09/12/2002 02:30 AM 176,128 ftsrch.dll
09/12/2002 02:30 AM 41,472 g711codc.ax
09/12/2002 02:30 AM 24,006 gb2312.uce
09/12/2002 02:30 AM 76,800 gcdef.dll
09/12/2002 02:30 AM 24,576 gdi.exe
08/29/2002 03:40 AM 250,368 gdi32.dll
03/07/2005 11:52 AM 79,432 GEARAspi.dll
09/12/2002 02:30 AM 24,772 geo.nls
09/12/2002 02:30 AM 55,296 getmac.exe
09/12/2002 02:30 AM 605,696 getuname.dll
09/12/2002 02:30 AM 285,184 glmf32.dll
09/12/2002 02:30 AM 116,736 glu32.dll
09/12/2002 02:30 AM 488,960 gpedit.dll
09/12/2002 02:30 AM 34,871 gpedit.msc
09/12/2002 02:30 AM 101,888 gpkcsp.dll
09/12/2002 02:30 AM 9,728 gpkrsrc.dll
08/29/2002 03:41 AM 113,152 gpresult.exe
08/29/2002 03:40 AM 183,296 gptext.dll
09/12/2002 02:30 AM 57,344 gpupdate.exe
09/12/2002 02:30 AM 26,112 graftabl.com
09/12/2002 02:30 AM 19,694 graphics.com
09/12/2002 02:30 AM 21,232 graphics.pro
09/12/2002 02:30 AM 37,888 grpconv.exe
09/12/2002 02:30 AM 252,928 h323.tsp
01/05/2005 09:33 PM 0 h323log.txt
09/12/2002 02:30 AM 592,896 h323msp.dll
08/29/2002 01:05 AM 127,872 hal.dll
09/12/2002 02:30 AM 150,016 hdwwiz.cpl
09/12/2002 02:30 AM 14,848 help.exe
08/03/2005 11:36 PM 1,406 Help.ico
07/26/2002 09:47 PM 511,560 hhctrl.ocx
08/29/2002 03:40 AM 37,888 hhsetup.dll
09/12/2002 02:29 AM 22,528 hid.dll
09/12/2002 02:30 AM 28,160 hidphone.tsp
09/12/2002 02:30 AM 4,768 himem.sys
09/12/2002 02:30 AM 77,850 hlink.dll
08/29/2002 03:40 AM 240,640 hnetcfg.dll
09/12/2002 02:30 AM 14,848 hnetmon.dll
09/12/2002 02:30 AM 315,904 hnetwiz.dll
08/28/2002 10:51 PM 929 homepage.inf
09/12/2002 02:30 AM 7,680 hostname.exe
09/12/2002 02:30 AM 137,216 hotplug.dll
09/12/2002 02:30 AM 44,544 hticons.dll
09/12/2002 02:30 AM 39,936 htui.dll
09/12/2002 02:31 AM 489,984 hypertrm.dll
06/23/2000 01:06 PM 192,000 iac25_32.ax
06/23/2000 01:05 PM 136,704 iacenc.dll
01/06/2005 02:37 AM <DIR> ias
09/12/2002 02:31 AM 23,552 iasacct.dll
09/12/2002 02:31 AM 41,472 iasads.dll
09/12/2002 02:31 AM 32,256 iashlpr.dll
09/12/2002 02:31 AM 62,464 iasnap.dll
09/12/2002 02:31 AM 17,920 iaspolcy.dll
09/12/2002 02:31 AM 116,224 iasrad.dll
09/12/2002 02:31 AM 141,312 iasrecst.dll
09/12/2002 02:31 AM 86,528 iassam.dll
09/12/2002 02:31 AM 247,808 iassdo.dll
09/12/2002 02:31 AM 59,392 iassvcs.dll
08/29/2002 03:40 AM 9,216 icaapi.dll
09/12/2002 02:31 AM 110,592 iccvid.dll
09/12/2002 02:31 AM 16,384 icfgnt5.dll
08/29/2002 03:40 AM 236,032 icm32.dll
09/12/2002 02:31 AM 3,072 icmp.dll
09/12/2002 02:31 AM 54,784 icmui.dll
01/05/2005 09:26 PM <DIR> icsxml
09/12/2002 02:31 AM 69,632 icwdial.dll
09/12/2002 02:31 AM 61,440 icwphbk.dll
09/12/2002 02:31 AM 60,458 ideograf.uce
08/29/2002 03:40 AM 113,152 idq.dll
08/03/2005 11:36 PM 5,350 IE.ico
08/29/2002 03:41 AM 28,672 ie4uinit.exe
08/29/2002 03:40 AM 126,976 ieakeng.dll
08/29/2002 03:40 AM 204,288 ieaksie.dll
09/12/2002 02:31 AM 221,184 ieakui.dll
08/29/2002 03:40 AM 294,912 iedkcs32.dll
08/29/2002 03:40 AM 231,424 iepeers.dll
09/12/2002 02:31 AM 23,040 iernonce.dll
08/29/2002 03:40 AM 59,392 iesetup.dll
08/28/2002 10:51 PM 19,514 ieuinit.inf
09/12/2002 02:31 AM 99,840 iexpress.exe
09/12/2002 02:31 AM 125,952 ifmon.dll
09/12/2002 02:31 AM 70,656 ifsutil.dll
09/12/2002 02:31 AM 8,192 igmpagnt.dll
09/12/2002 02:31 AM 9,216 iissuba.dll
08/29/2002 03:40 AM 73,728 ils.dll
08/29/2002 03:39 AM 14,848 imaadp32.acm
09/15/2003 01:56 PM 57,344 ImageDrive.cpl
08/29/2002 03:40 AM 126,976 imagehlp.dll
07/06/2001 01:41 PM 569,344 imagr5.dll
07/06/2001 11:44 AM 544,768 imagx5.dll
07/26/2004 05:16 PM 1,568,768 ImagX7.dll
07/06/2001 05:24 PM 283,920 ImagXpr5.dll
07/26/2004 05:16 PM 476,320 ImagXpr7.dll
07/26/2004 05:16 PM 262,144 ImagXR7.dll
07/26/2004 05:16 PM 471,040 ImagXRA7.dll
08/29/2002 03:41 AM 123,904 imapi.exe
01/05/2005 09:25 PM <DIR> IME
08/29/2002 03:40 AM 36,922 imeshare.dll
08/29/2002 03:40 AM 30,208 imgutil.dll
08/29/2002 03:40 AM 103,936 imm32.dll
03/19/1999 01:23 PM 1,221,464 IMMC.EXE
09/23/2004 06:57 PM 747,008 Indeo4.qtx
09/12/2002 02:31 AM 266,240 inetcfg.dll
08/29/2002 03:40 AM 587,776 inetcomm.dll
08/29/2002 03:41 AM 292,352 inetcpl.cpl
09/12/2002 02:31 AM 110,592 inetcplc.dll
09/12/2002 02:31 AM 31,232 inetmib1.dll
09/12/2002 02:31 AM 68,096 inetpp.dll
09/12/2002 02:31 AM 14,336 inetppui.dll
09/12/2002 02:31 AM 47,616 inetres.dll
01/05/2005 09:25 PM <DIR> inetsrv
09/12/2002 02:31 AM 450,560 infosoft.dll
09/12/2002 02:31 AM 144,896 initpki.dll
08/29/2002 03:40 AM 114,176 input.dll
08/29/2002 03:40 AM 69,632 inseng.dll
04/22/2002 06:18 PM 766,934 instcat.sql
08/29/2002 03:41 AM 121,856 intl.cpl
09/12/2002 02:31 AM 30,720 iologmsg.dll
09/12/2002 02:31 AM 16,384 ipconf.tsp
08/29/2002 03:41 AM 51,712 ipconfig.exe
08/29/2002 03:40 AM 82,944 iphlpapi.dll
09/12/2002 02:31 AM 154,112 ipmontr.dll
08/29/2002 03:40 AM 435,200 ipnathlp.dll
08/29/2002 03:40 AM 318,464 ippromon.dll
09/12/2002 02:31 AM 3,584 iprop.dll
09/12/2002 02:31 AM 4,096 iprtprio.dll
09/12/2002 02:31 AM 169,984 iprtrmgr.dll
09/12/2002 02:31 AM 44,032 ipsec6.exe
09/12/2002 02:31 AM 332,800 ipsecsnp.dll
08/29/2002 03:40 AM 155,648 ipsecsvc.dll
07/09/2004 04:26 AM 14,848 ipsink.ax
09/12/2002 02:31 AM 364,032 ipsmsnap.dll
08/29/2002 03:41 AM 60,928 ipv6.exe
08/29/2002 03:40 AM 134,144 ipv6mon.dll
09/12/2002 02:31 AM 83,968 ipxmontr.dll
09/12/2002 02:31 AM 69,120 ipxpromn.dll
09/12/2002 02:31 AM 21,504 ipxrip.dll
09/12/2002 02:31 AM 22,016 ipxroute.exe
09/12/2002 02:31 AM 39,936 ipxrtmgr.dll
09/12/2002 02:31 AM 66,560 ipxsap.dll
09/12/2002 02:31 AM 20,992 ipxwan.dll
06/26/2000 10:57 AM 202,240 ir32_32.dll
06/22/2000 12:49 PM 842,240 ir41_32.ax
09/23/2004 03:55 PM 120,320 IR41_QC.dll
09/23/2004 03:55 PM 338,432 IR41_QCX.dll
10/23/2002 03:56 PM 746,496 ir50_32.dll
09/12/2002 02:31 AM 13,312 irclass.dll
09/12/2002 02:31 AM 77,824 isign32.dll
09/12/2002 02:31 AM 28,672 isrdbg32.dll
08/29/2002 03:40 AM 143,872 itircl.dll
08/29/2002 03:40 AM 122,368 itss.dll
08/29/2002 03:40 AM 91,648 iuctl.dll
08/29/2002 03:40 AM 166,912 iuengine.dll
06/22/2000 05:11 PM 145,408 Ivfsrc.ax
08/29/2002 03:40 AM 49,664 ixsso.dll
09/12/2002 02:29 AM 45,568 iyuv_32.dll
06/22/2000 12:09 PM 56,320 iyvu9_32.dll
08/29/2002 03:40 AM 186,911 javacypt.dll
08/29/2002 03:40 AM 63,007 javaprxy.dll
08/29/2002 03:40 AM 404,509 javart.dll
08/29/2002 03:41 AM 14,878 jdbgmgr.exe
09/12/2002 02:31 AM 362,496 jet500.dll
09/12/2002 02:31 AM 44,544 jgaw400.dll
09/12/2002 02:31 AM 144,896 jgdw400.dll
09/12/2002 02:31 AM 35,840 jgmd400.dll
09/12/2002 02:31 AM 42,496 jgpl400.dll
09/12/2002 02:31 AM 45,568 jgsd400.dll
09/12/2002 02:31 AM 65,536 jgsh400.dll
08/29/2002 03:40 AM 171,034 jit.dll
09/12/2002 02:31 AM 47,952 jobexec.dll
08/29/2002 04:41 AM 208,896 joy.cpl
09/12/2002 02:31 AM 593,948 jscript.dll
09/12/2002 02:31 AM 12,288 jsproxy.dll
08/29/2002 03:41 AM 172,060 jview.exe
09/12/2002 02:31 AM 6,948 kanji_1.uce
09/12/2002 02:31 AM 8,484 kanji_2.uce
09/12/2002 02:31 AM 14,710 kb16.com
09/12/2002 02:31 AM 6,656 KBDAL.DLL
09/12/2002 02:31 AM 5,632 kbdaze.dll
09/12/2002 02:31 AM 5,632 kbdazel.dll
09/12/2002 02:31 AM 6,144 kbdbe.dll
09/12/2002 02:31 AM 6,144 kbdbene.dll
09/12/2002 02:31 AM 5,632 kbdblr.dll
09/12/2002 02:31 AM 6,144 kbdbr.dll
09/12/2002 02:31 AM 5,632 kbdbu.dll
09/12/2002 02:31 AM 6,144 kbdca.dll
09/12/2002 02:31 AM 7,680 kbdcan.dll
09/12/2002 02:31 AM 6,656 kbdcr.dll
09/12/2002 02:31 AM 7,168 kbdcz.dll
09/12/2002 02:31 AM 6,656 kbdcz1.dll
09/12/2002 02:31 AM 6,656 kbdcz2.dll
09/12/2002 02:31 AM 6,144 kbdda.dll
09/12/2002 02:31 AM 5,120 kbddv.dll
09/12/2002 02:31 AM 6,144 kbdes.dll
09/12/2002 02:31 AM 6,144 kbdest.dll
09/12/2002 02:31 AM 6,144 kbdfc.dll
09/12/2002 02:31 AM 6,144 kbdfi.dll
09/12/2002 02:31 AM 6,144 kbdfo.dll
09/12/2002 02:31 AM 6,144 kbdfr.dll
09/12/2002 02:31 AM 5,632 kbdgae.dll
09/12/2002 02:31 AM 6,144 kbdgkl.dll
09/12/2002 02:31 AM 6,144 kbdgr.dll
09/12/2002 02:31 AM 6,144 kbdgr1.dll
09/12/2002 02:31 AM 5,632 kbdhe.dll
09/12/2002 02:31 AM 5,632 kbdhe220.dll
09/12/2002 02:31 AM 5,632 kbdhe319.dll
09/12/2002 02:31 AM 6,144 kbdhela2.dll
09/12/2002 02:31 AM 6,656 kbdhela3.dll
09/12/2002 02:31 AM 8,192 kbdhept.dll
09/12/2002 02:31 AM 6,656 kbdhu.dll
09/12/2002 02:31 AM 5,632 kbdhu1.dll
09/12/2002 02:31 AM 6,144 kbdic.dll
09/12/2002 02:31 AM 5,632 kbdir.dll
09/12/2002 02:31 AM 5,632 kbdit.dll
09/12/2002 02:31 AM 5,632 kbdit142.dll
09/12/2002 02:31 AM 5,632 kbdkaz.dll
09/12/2002 02:31 AM 5,632 kbdkyr.dll
09/12/2002 02:31 AM 6,656 kbdla.dll
09/12/2002 02:31 AM 5,632 kbdlt.dll
09/12/2002 02:31 AM 5,632 kbdlt1.dll
09/12/2002 02:31 AM 6,144 kbdlv.dll
09/12/2002 02:31 AM 6,144 kbdlv1.dll
09/12/2002 02:31 AM 6,144 kbdmac.dll
09/12/2002 02:31 AM 5,632 kbdmon.dll
09/12/2002 02:31 AM 6,144 kbdne.dll
09/12/2002 02:31 AM 7,168 kbdnec.dll
09/12/2002 02:31 AM 6,144 kbdno.dll
09/12/2002 02:31 AM 6,656 kbdpl.dll
09/12/2002 02:31 AM 5,632 kbdpl1.dll
09/12/2002 02:31 AM 6,144 kbdpo.dll
09/12/2002 02:31 AM 5,632 kbdro.dll
09/12/2002 02:31 AM 5,632 kbdru.dll
09/12/2002 02:31 AM 5,632 kbdru1.dll
09/12/2002 02:31 AM 6,144 kbdsf.dll
09/12/2002 02:31 AM 6,656 kbdsg.dll
09/12/2002 02:31 AM 6,656 kbdsl.dll
09/12/2002 02:31 AM 6,656 kbdsl1.dll
09/12/2002 02:31 AM 6,144 kbdsp.dll
09/12/2002 02:31 AM 6,144 kbdsw.dll
09/12/2002 02:31 AM 5,632 kbdtat.dll
09/12/2002 02:31 AM 6,144 kbdtuf.dll
09/12/2002 02:31 AM 6,144 kbdtuq.dll
09/12/2002 02:31 AM 5,632 kbduk.dll
09/12/2002 02:31 AM 5,632 kbdur.dll
09/12/2002 02:31 AM 5,632 kbdus.dll
09/12/2002 02:31 AM 6,144 kbdusl.dll
09/12/2002 02:31 AM 6,144 kbdusr.dll
09/12/2002 02:31 AM 6,144 kbdusx.dll
09/12/2002 02:31 AM 5,632 kbduzb.dll
09/12/2002 02:31 AM 5,632 kbdycc.dll
09/12/2002 02:31 AM 6,656 kbdycl.dll
08/29/2002 01:05 AM 7,040 kd1394.dll
09/12/2002 02:31 AM 7,040 kdcom.dll
08/29/2002 03:41 AM 272,896 kerberos.dll
08/29/2002 03:41 AM 930,304 kernel32.dll
09/12/2002 02:31 AM 42,809 key01.sys
09/12/2002 02:31 AM 2,000 keyboard.drv
08/28/2002 09:23 PM 42,537 keyboard.sys
09/12/2002 02:31 AM 146,432 keymgr.dll
09/12/2002 02:31 AM 32,256 kmddsp.tsp
09/12/2002 02:31 AM 12,876 korean.uce
09/12/2002 02:31 AM 92,160 krnl386.exe
12/12/2002 01:14 AM 12,288 ksolay.ax
12/12/2002 01:14 AM 117,248 ksproxy.ax
07/19/2004 04:19 PM 285,696 kstvtune.ax
12/12/2002 01:14 AM 4,096 ksuser.dll
07/09/2004 04:26 AM 226,304 kswdmcap.ax
07/09/2004 04:26 AM 39,424 ksxbar.ax
08/29/2002 03:39 AM 290,816 l3codeca.acm
12/12/2002 01:14 AM 83,456 l3codecx.ax
09/12/2002 02:31 AM 9,728 label.exe
09/12/2002 02:31 AM 89,600 langwrbk.dll
09/12/2002 02:31 AM 221,600 lanman.drv
08/29/2002 03:41 AM 6,656 laprxy.dll
08/29/2002 03:41 AM 367,616 licdll.dll
08/29/2002 03:41 AM 19,456 licmgr10.dll
08/29/2002 03:41 AM 57,856 licwmi.dll
09/12/2002 02:31 AM 29,696 lights.exe
09/12/2002 02:31 AM 15,360 linkinfo.dll
09/12/2002 02:31 AM 12,288 lmhsvc.dll
08/29/2002 03:41 AM 381,440 lmrt.dll
09/12/2002 02:31 AM 25,088 lnkstub.exe
09/12/2002 02:31 AM 1,131 loadfix.com
09/12/2002 02:31 AM 91,648 loadperf.dll
04/09/2002 06:17 PM 209,010 locale.nls
09/12/2002 02:31 AM 202,752 localsec.dll
08/29/2002 03:41 AM 295,936 localspl.dll
08/29/2002 03:41 AM 10,240 localui.dll
09/12/2002 02:31 AM 68,096 locator.exe
09/12/2002 02:31 AM 5,120 lodctr.exe
08/29/2002 03:41 AM 24,576 logagent.exe
09/12/2002 02:31 AM 50,176 loghours.dll
03/25/2002 07:48 PM 487 login.cmd
09/12/2002 02:31 AM 55,296 logman.exe
09/12/2002 02:31 AM 15,360 logoff.exe
08/29/2002 03:41 AM 219,648 logon.scr
08/29/2002 03:41 AM 504,320 logonui.exe
01/06/2005 02:36 AM 488 logonui.exe.manifest
09/12/2002 02:31 AM 18,944 lpk.dll
09/12/2002 02:31 AM 6,144 lpq.exe
09/12/2002 02:31 AM 8,192 lpr.exe
09/12/2002 02:31 AM 8,704 lprhelp.dll
09/12/2002 02:31 AM 9,216 lprmonui.dll
08/29/2002 03:41 AM 671,744 lsasrv.dll
08/29/2002 03:41 AM 11,776 lsass.exe
09/12/2002 02:31 AM 42,166 lusrmgr.msc
09/12/2002 02:31 AM 2,560 lz32.dll
09/12/2002 02:31 AM 9,936 lzexpand.dll
09/12/2002 02:31 AM 168 l_except.nls
09/12/2002 02:31 AM 7,046 l_intl.nls
01/06/2005 02:35 AM <DIR> Macromed
09/12/2002 02:31 AM 67,584 magnify.exe
09/12/2002 02:31 AM 8,192 mag_hook.dll
09/12/2002 02:31 AM 187,904 main.cpl
09/12/2002 02:31 AM 79,360 makecab.exe
10/01/1998 01:00 PM 520,128 MAPI.DLL
09/12/2002 02:31 AM 112,128 mapi32.dll
10/01/1998 01:00 PM 40,208 MAPISRVR.EXE
09/12/2002 02:31 AM 112,128 mapistub.dll
09/12/2002 02:31 AM 12,800 mcastmib.dll
09/12/2002 02:31 AM 10,240 mcd32.dll
09/12/2002 02:31 AM 10,496 mcdsrv32.dll
09/12/2002 02:31 AM 4,608 mchgrcoi.dll
09/12/2002 02:31 AM 73,376 mciavi.drv
09/12/2002 02:31 AM 80,384 mciavi32.dll
09/12/2002 02:31 AM 17,408 mcicda.dll
09/12/2002 02:31 AM 8,192 mciole16.dll
09/12/2002 02:31 AM 7,680 mciole32.dll
12/12/2002 01:14 AM 34,304 mciqtz32.dll
09/12/2002 02:31 AM 20,992 mciseq.dll
09/12/2002 02:31 AM 25,264 mciseq.drv
09/12/2002 02:31 AM 22,016 mciwave.dll
09/12/2002 02:31 AM 28,160 mciwave.drv
09/12/2002 02:31 AM 50,176 mdhcp.dll
09/12/2002 02:31 AM 108,544 mdminst.dll
03/03/1999 12:05 PM 81,920 MDT2FW95.DLL
09/12/2002 02:29 AM 147,968 mdwmdmsp.dll
09/12/2002 02:31 AM 39,274 mem.exe
09/12/2002 02:31 AM 35,328 mf3216.dll
09/12/2002 02:31 AM 924,432 mfc40.dll
09/12/2002 02:31 AM 924,432 mfc40u.dll
09/12/2002 02:31 AM 995,383 mfc42.dll
06/17/1998 03:08 AM 53,248 MFC42ENU.DLL
09/12/2002 02:31 AM 995,384 mfc42u.dll
09/12/2002 02:31 AM 20,992 mfcsubs.dll
09/12/2002 02:31 AM 12,800 mgmtapi.dll
09/12/2002 02:31 AM 46,258 mib.bin
01/13/2005 08:03 PM <DIR> Microsoft
09/12/2002 02:31 AM 17,920 midimap.dll
09/12/2002 02:31 AM 56,320 miglibnt.dll
09/12/2002 02:31 AM 51,712 migpwd.exe
09/12/2002 02:31 AM 18,944 mimefilt.dll
08/29/2002 03:41 AM 163,840 mindex.dll
09/12/2002 02:31 AM 673,088 mlang.dat
09/12/2002 02:31 AM 577,024 mlang.dll
09/12/2002 02:31 AM 3,584 mll_hp.dll
09/12/2002 02:31 AM 7,680 mll_mtf.dll
09/12/2002 02:31 AM 5,632 mll_qic.dll
09/12/2002 02:31 AM 774,144 mmc.exe
09/12/2002 02:31 AM 66,560 mmcbase.dll
08/29/2002 03:41 AM 1,128,960 mmcndmgr.dll
09/12/2002 02:31 AM 46,592 mmcshext.dll
09/12/2002 02:31 AM 1,492 mmdriver.inf
09/12/2002 02:31 AM 12,288 mmdrv.dll
09/12/2002 02:31 AM 16,384 mmfutil.dll
09/12/2002 02:31 AM 559,616 mmsys.cpl
09/12/2002 02:31 AM 68,928 mmsystem.dll
09/12/2002 02:31 AM 1,152 mmtask.tsk
09/12/2002 02:31 AM 119,808 mmutilse.dll
08/29/2002 03:41 AM 32,256 mnmdd.dll
09/12/2002 02:31 AM 32,768 mnmsrvc.exe
08/29/2002 03:41 AM 196,096 mobsync.dll
09/12/2002 02:31 AM 135,680 mobsync.exe
09/12/2002 02:31 AM 19,456 mode.com
09/12/2002 02:31 AM 145,408 modemui.dll
09/12/2002 02:31 AM 10,112 modex.dll
09/12/2002 02:31 AM 15,872 more.com
08/29/2002 03:39 AM 210,944 moricons.dll
09/12/2002 02:31 AM 8,192 mountvol.exe
09/12/2002 02:31 AM 2,032 mouse.drv
07/09/2004 04:26 AM 57,856 mpeg2data.ax
12/12/2002 01:14 AM 136,192 mpg2splt.ax
08/29/2002 03:41 AM 233,472 mpg4dmod.dll
08/29/2002 03:41 AM 262,144 mpg4ds32.ax
08/29/2002 03:41 AM 116,736 mplay32.exe
09/12/2002 02:31 AM 22,016 mpnotify.exe
09/12/2002 02:31 AM 55,808 mpr.dll
09/12/2002 02:31 AM 79,360 mprapi.dll
09/12/2002 02:31 AM 69,120 mprddm.dll
09/12/2002 02:31 AM 49,152 mprdim.dll
09/12/2002 02:31 AM 99,840 mprmsg.dll
09/12/2002 02:31 AM 47,104 mprui.dll
08/29/2002 03:41 AM 130,048 mqad.dll
09/12/2002 02:31 AM 17,408 mqbkup.exe
09/12/2002 02:31 AM 10,752 mqcertui.dll
09/12/2002 02:31 AM 44,032 mqdscli.dll
09/12/2002 02:31 AM 60,928 mqgentr.dll
08/29/2002 03:41 AM 14,848 mqise.dll
09/12/2002 02:31 AM 55,808 mqlogmgr.dll
09/12/2002 02:31 AM 214,016 mqoa.dll
09/12/2002 02:31 AM 81,408 mqoa.tlb
09/12/2002 02:31 AM 36,864 mqoa10.tlb
09/12/2002 02:31 AM 55,296 mqoa20.tlb
09/12/2002 02:31 AM 8,192 mqperf.dll
09/12/2002 02:31 AM 10,110 mqperf.ini
09/12/2002 02:31 AM 2,755 mqprfsym.h
08/29/2002 03:41 AM 613,888 mqqm.dll
08/29/2002 03:41 AM 164,864 mqrt.dll
09/12/2002 02:31 AM 115,200 mqrtdep.dll
08/29/2002 03:41 AM 89,088 mqsec.dll
08/29/2002 03:41 AM 478,720 mqsnap.dll
09/12/2002 02:31 AM 4,608 mqsvc.exe
09/12/2002 02:31 AM 97,792 mqtgsvc.exe
08/29/2002 03:41 AM 164,352 mqtrig.dll
09/12/2002 02:31 AM 44,544 mqupgrd.dll
08/29/2002 03:41 AM 469,504 mqutil.dll
09/12/2002 02:31 AM 12,800 mrinfo.exe
09/12/2002 02:31 AM 102,912 msaatext.dll
09/12/2002 02:31 AM 61,168 msacm.dll
09/12/2002 02:31 AM 67,072 msacm32.dll
09/12/2002 02:31 AM 20,480 msacm32.drv
08/29/2002 03:41 AM 221,184 msadds32.ax
08/29/2002 03:40 AM 13,312 msadp32.acm
09/12/2002 02:31 AM 3,584 msafd.dll
09/12/2002 02:31 AM 80,128 msapsspc.dll
09/12/2002 02:31 AM 51,200 msasn1.dll
08/29/2002 03:39 AM 294,912 msaud32.acm
09/12/2002 02:31 AM 65,024 msaudite.dll
08/29/2002 03:41 AM 154,140 msawt.dll
09/12/2002 02:31 AM 7,168 mscat32.dll
09/12/2002 02:31 AM 817 mscdexnt.exe
08/29/2002 03:41 AM 68,096 mscms.dll
07/28/1998 07:01 PM 1,062,704 MSCOMCTL.OCX
08/29/2002 03:41 AM 65,536 msconf.dll
08/29/2002 03:39 AM 12,288 mscpx32r.dLL
09/12/2002 02:31 AM 36,864 mscpxl32.dLL
08/29/2002 03:41 AM 266,752 MSCTF.dll
08/29/2002 01:11 AM 162,304 MSCTFIME.IME
08/29/2002 03:41 AM 67,584 MSCTFP.dll
08/29/2002 03:41 AM 126,976 msdart.dll
07/11/2002 08:47 PM 12,288 msdatsrc.tlb
12/12/2002 01:14 AM 13,312 msdmo.dll
01/06/2005 02:35 AM <DIR> MsDtc
09/12/2002 02:31 AM 6,144 msdtc.exe
09/12/2002 02:31 AM 54,784 msdtclog.dll
09/12/2002 02:31 AM 768 msdtcprf.h
09/12/2002 02:31 AM 1,931 msdtcprf.ini
08/29/2002 03:41 AM 359,936 msdtcprx.dll
09/12/2002 02:31 AM 869,376 msdtctm.dll
09/12/2002 02:31 AM 151,040 msdtcuiu.dll
07/09/2004 04:26 AM 52,224 msdvbnp.ax
08/29/2002 03:40 AM 842,268 msdxm.ocx
08/29/2002 03:39 AM 4,126 msdxmlc.dll
09/12/2002 02:31 AM 94,282 msencode.dll
08/29/2002 03:41 AM 512,031 msexch40.dll
08/29/2002 03:41 AM 319,519 msexcl40.dll
08/29/2002 03:41 AM 504,832 msftedit.dll
09/12/2002 02:31 AM 20,992 msg.exe
09/12/2002 02:31 AM 9,216 msg711.acm
09/12/2002 02:31 AM 118,784 msg723.acm
08/29/2002 03:41 AM 968,192 msgina.dll
09/12/2002 02:31 AM 19,968 msgsm32.acm
09/12/2002 02:31 AM 34,304 msgsvc.dll
08/29/2002 03:41 AM 184,320 msh261.drv
08/29/2002 03:50 AM 286,720 msh263.drv
09/12/2002 02:31 AM 126,976 mshearts.exe
09/12/2002 02:31 AM 24,064 mshta.exe
08/29/2002 03:41 AM 2,833,920 mshtml.dll
08/29/2002 01:25 AM 1,350,656 mshtml.tlb
08/29/2002 03:41 AM 440,320 mshtmled.dll
08/29/2002 03:39 AM 56,320 mshtmler.dll
08/29/2002 03:41 AM 2,086,400 msi.dll
09/12/2002 02:31 AM 44,032 msident.dll
09/12/2002 02:31 AM 5,120 msidle.dll
09/12/2002 02:31 AM 14,848 msidntld.dll
08/29/2002 03:41 AM 229,888 msieftp.dll
08/29/2002 03:41 AM 64,512 msiexec.exe
08/29/2002 03:41 AM 305,664 msihnd.dll
08/29/2002 03:41 AM 4,608 msimg32.dll
07/11/1997 01:00 AM 14,336 MSIMRT.DLL
07/11/1997 01:00 AM 10,544 MSIMRT16.DLL
07/11/1997 01:00 AM 22,016 MSIMRT32.DLL
09/12/2002 02:31 AM 847,872 msimsg.dll
08/29/2002 03:41 AM 143,872 MSIMTF.dll
07/11/1997 01:00 AM 120,320 MSIMUSIC.DLL
08/29/2002 03:41 AM 368,710 msisam11.dll
09/12/2002 02:31 AM 39,936 msisip.dll
08/29/2002 03:41 AM 945,693 msjava.dll
08/29/2002 03:41 AM 21,023 msjdbc10.dll
08/29/2002 03:41 AM 1,503,262 msjet40.dll
08/29/2002 03:41 AM 348,195 msjetoledb40.dll
09/12/2002 02:31 AM 151,626 msjint40.dll
09/12/2002 02:31 AM 53,322 msjter40.dll
08/29/2002 03:41 AM 241,695 msjtes40.dll
08/29/2002 03:41 AM 22,528 mslbui.dll
09/12/2002 02:31 AM 146,432 msls31.dll
08/29/2002 03:41 AM 213,023 msltus40.dll
08/29/2002 03:41 AM 174,592 msnetobj.dll
08/29/2002 03:41 AM 319,760 msnsspc.dll
09/12/2002 02:31 AM 33,280 msobjs.dll
08/29/2002 03:41 AM 228,864 msoeacct.dll
08/29/2002 03:41 AM 81,408 msoert2.dll
09/12/2002 02:31 AM 20,480 msorc32r.dll
08/29/2002 03:41 AM 131,072 msorcl32.dll
08/29/2002 03:41 AM 339,968 mspaint.exe
09/12/2002 02:31 AM 27,136 mspatcha.dll
08/29/2002 03:41 AM 348,191 mspbde40.dll
08/29/2002 03:41 AM 175,104 mspmsp.dll
09/12/2002 02:31 AM 47,104 mspmspsv.dll
09/12/2002 02:31 AM 41,984 msports.dll
09/12/2002 02:31 AM 45,056 msprivs.dll
09/12/2002 02:31 AM 69,632 msr2c.dll
09/12/2002 02:31 AM 7,168 msr2cenu.dll
09/12/2002 02:31 AM 60,416 msratelc.dll
08/29/2002 03:41 AM 132,096 msrating.dll
09/12/2002 02:31 AM 73,802 msrclr40.dll
08/29/2002 03:41 AM 421,919 msrd2x40.dll
09/12/2002 02:31 AM 315,466 msrd3x40.dll
09/16/1998 09:20 PM 393,216 MSRDO20.DLL
10/13/1999 01:12 PM 28,944 MSRECR40.DLL
08/29/2002 03:41 AM 552,991 msrepl40.dll
08/29/2002 03:41 AM 10,240 msrle32.dll
01/22/1999 10:46 AM 65,536 MSRTEDIT.DLL
08/29/2002 03:41 AM 172,032 mssap.dll
08/29/2002 03:41 AM 69,632 msscds32.ax
08/29/2002 03:41 AM 245,760 msscp.dll
08/29/2002 03:39 AM 106,547 msscript.ocx
09/12/2002 02:31 AM 35,840 mssign32.dll
09/12/2002 02:31 AM 4,608 mssip32.dll
11/04/1999 11:15 PM 118,784 MSSTDFMT.DLL
08/09/1998 11:07 AM 94,208 MSSTKPRP.DLL
09/12/2002 02:31 AM 13,312 msswch.dll
09/12/2002 02:31 AM 6,656 msswchx.exe
08/29/2002 03:41 AM 250,368 mstask.dll
08/29/2002 03:41 AM 253,983 mstext40.dll
08/29/2002 03:41 AM 496,128 mstime.dll
08/29/2002 03:41 AM 9,728 mstinit.exe
09/12/2002 02:31 AM 103,936 mstlsapi.dll
08/29/2002 01:40 AM 388,608 mstsc.exe
08/29/2002 01:40 AM 598,016 mstscax.dll
08/29/2002 03:41 AM 241,725 msuni11.dll
08/29/2002 03:41 AM 182,784 msutb.dll
08/29/2002 03:41 AM 108,544 msv1_0.dll
09/12/2002 02:31 AM 1,355,776 msvbvm50.dll
09/12/2002 02:31 AM 1,388,544 msvbvm60.dll
09/12/2002 02:31 AM 50,688 msvcirt.dll
09/12/2002 02:31 AM 565,760 msvcp50.dll
08/29/2002 03:41 AM 401,462 msvcp60.dll
03/18/2003 10:14 PM 499,712 msvcp71.dll
02/25/2004 01:05 PM 348,160 msvcr71.dll
08/29/2002 03:41 AM 323,072 msvcrt.dll
09/12/2002 02:31 AM 253,952 msvcrt20.dll
09/12/2002 02:31 AM 65,024 msvcrt40.dll
08/29/2002 03:41 AM 113,664 msvfw32.dll
09/12/2002 02:31 AM 25,600 msvidc32.dll
07/09/2004 04:26 AM 1,230,336 msvidctl.dll
09/12/2002 02:31 AM 126,912 msvideo.dll
09/12/2002 02:31 AM 66,048 msw3prt.dll
09/12/2002 02:31 AM 831,562 mswdat10.dll
12/12/2002 01:14 AM 324,096 mswebdvd.dll
09/12/2002 02:31 AM 155,648 mswmdm.dll
09/12/2002 02:31 AM 228,352 mswsock.dll
09/12/2002 02:31 AM 614,474 mswstr10.dll
08/29/2002 03:41 AM 344,095 msxbde40.dll
09/12/2002 02:31 AM 495,376 msxml.dll
08/29/2002 03:41 AM 699,392 msxml2.dll
09/12/2002 02:31 AM 37,916 msxml2r.dll
08/29/2002 03:41 AM 1,122,304 msxml3.dll
03/08/2001 07:30 PM 24,064 msxml3a.dll
09/12/2002 02:31 AM 44,032 msxml3r.dll
04/18/2003 05:46 PM 1,233,920 msxml4.dll
04/18/2003 05:29 PM 82,432 msxml4r.dll
09/12/2002 02:31 AM 26,624 msxmlr.dll
07/09/2004 04:26 AM 16,896 msyuv.dll
09/12/2002 02:31 AM 61,440 mtxclu.dll
09/12/2002 02:31 AM 20,480 mtxdm.dll
09/12/2002 02:31 AM 4,096 mtxex.dll
09/12/2002 02:31 AM 25,088 mtxlegih.dll
09/12/2002 02:31 AM 83,968 mtxoci.dll
01/05/2005 09:25 PM <DIR> mui
09/12/2002 02:31 AM 90,112 mycomput.dll
09/12/2002 02:31 AM 88,064 mydocs.dll
09/12/2002 02:31 AM 51,200 narrator.exe
09/12/2002 02:31 AM 35,840 narrhook.dll
09/12/2002 02:31 AM 20,480 nbtstat.exe
08/29/2002 03:41 AM 42,496 ncobjapi.dll
09/12/2002 02:31 AM 35,840 ncpa.cpl
01/06/2005 02:36 AM 749 ncpa.cpl.manifest
09/12/2002 02:31 AM 7,680 ncxpnt.dll
09/12/2002 02:31 AM 15,360 nddeapi.dll
09/12/2002 02:31 AM 4,096 nddeapir.exe
08/29/2002 03:41 AM 16,384 nddenb32.dll
09/12/2002 02:31 AM 52,736 ndptsp.tsp
08/29/2002 03:41 AM 39,424 net.exe
09/12/2002 02:31 AM 102,446 net.hlp
08/29/2002 03:41 AM 115,200 net1.exe
09/12/2002 02:31 AM 108,464 netapi.dll
08/29/2002 03:41 AM 309,248 netapi32.dll
08/29/2002 03:41 AM 584,192 netcfgx.dll
08/29/2002 03:41 AM 105,984 netdde.exe
09/12/2002 02:31 AM 214,016 netevent.dll
09/12/2002 02:31 AM 253,952 neth.dll
09/12/2002 02:31 AM 134,656 netid.dll
08/29/2002 03:41 AM 399,360 netlogon.dll
08/29/2002 03:41 AM 154,112 netman.dll
09/12/2002 02:31 AM 171,008 netmsg.dll
08/29/2002 03:41 AM 857,600 netplwiz.dll
09/12/2002 02:31 AM 10,752 netrap.dll
08/29/2002 03:48 AM 326,656 netsetup.exe
09/12/2002 02:31 AM 82,944 netsh.exe
08/29/2002 03:41 AM 1,622,528 netshell.dll
09/12/2002 02:31 AM 30,720 netstat.exe
09/12/2002 02:31 AM 74,752 netui0.dll
09/12/2002 02:31 AM 230,400 netui1.dll
09/12/2002 02:31 AM 308,224 netui2.dll
09/12/2002 02:31 AM 2,656 netware.drv
08/29/2002 03:41 AM 238,080 newdev.dll
08/29/2002 03:41 AM 95,744 nlhtml.dll
09/12/2002 02:31 AM 7,052 nlsfunc.exe
09/12/2002 02:31 AM 12,288 nmevtmsg.dll
08/29/2002 03:41 AM 24,576 nmmkcert.dll
09/12/2002 02:31 AM 1,696 noise.chs
09/12/2002 02:31 AM 1,696 noise.cht
09/12/2002 02:31 AM 741 noise.dat
09/12/2002 02:31 AM 149,848 noise.deu
09/12/2002 02:31 AM 751 noise.eng
09/12/2002 02:31 AM 751 noise.enu
09/12/2002 02:31 AM 19,684 noise.esn
09/12/2002 02:31 AM 49,196 noise.fra
09/12/2002 02:31 AM 19,618 noise.ita
09/12/2002 02:31 AM 13,256 noise.nld
09/12/2002 02:31 AM 13,730 noise.sve
09/12/2002 02:31 AM 697 noise.tha
09/12/2002 02:31 AM 66,048 notepad.exe
01/05/2005 09:28 PM <DIR> npp
08/29/2002 03:41 AM 49,152 npptools.dll
01/06/2005 02:38 AM 23,392 nscompat.tlb
09/12/2002 02:31 AM 71,680 nslookup.exe
09/12/2002 02:31 AM 1,135,616 ntbackup.exe
08/29/2002 03:40 AM 668,672 ntdll.dll
09/12/2002 02:31 AM 27,866 ntdos.sys
  • 0

#8
silverfalcon
Posted 04 August 2005 - 02:55 PM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
highjack this info

Logfile of HijackThis v1.99.1
Scan saved at 4:53:07 PM, on 8/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Office keyboard utility\1.2\MMKEYB.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Office keyboard utility\1.2\TrayMon.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mIRC\mirc.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe

thanks for everything
  • 0

#9
don77
Posted 04 August 2005 - 09:16 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Just about there,
How is it running ?

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

(moto)

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

(moto)

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Post a new HiJackThis log after it reboots and let me know if you received any error messages.
  • 0

#10
silverfalcon
Posted 05 August 2005 - 04:41 AM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i do not see the service

(moto)
  • 0

#11
don77
Posted 05 August 2005 - 05:32 AM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Open HJT and have it fix
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)


Reboot and post back a fresh log please
  • 0

#12
silverfalcon
Posted 05 August 2005 - 03:05 PM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
i did as you said but it did not change anything in the log

Logfile of HijackThis v1.99.1
Scan saved at 4:59:13 PM, on 8/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser mouse\1.2\mouse32a.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Office keyboard utility\1.2\MMKEYB.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Office keyboard utility\1.2\TrayMon.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
  • 0

#13
don77
Posted 07 August 2005 - 09:10 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Sorry scroll down and look for " svchost.exe (moto) "
Follow the earlier instructions to remove it please,
  • 0

#14
silverfalcon
Posted 09 August 2005 - 04:46 PM

silverfalcon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
again i tried to fix the file and nothing happened:

Logfile of HijackThis v1.99.1
Scan saved at 6:44:34 PM, on 8/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
C:\WINDOWS\system32\ati2sgag.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Browser mouse\1.2\mouse32a.exe
C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Office keyboard utility\1.2\MMKEYB.EXE
C:\Program Files\Office keyboard utility\1.2\TrayMon.exe
C:\Program Files\Office keyboard utility\1.2\osd.exe
C:\WINDOWS\System32\imapi.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FLMBROWSERMOUSE] C:\Program Files\Browser mouse\1.2\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] C:\Program Files\Office keyboard utility\1.2\OFFICEKB.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Office keyboard utility\1.2\nhksrv.exe
  • 0

#15
don77
Posted 09 August 2005 - 06:46 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Go to.Start - Run - cmd
Enter the following commands, followed with the 'Enter' key

sc stop moto

sc delete moto

exit



Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)



Reboot post back a fresh HJT log please
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP