Jump to content

Kimmie

Members
  • Content Count

    26
  • Joined

  • Last visited

About Kimmie

  • Rank
    Member
  • Birthday 01/31/1968

Contact Methods

  • Website URL
    http://www.kimmiescaverns.smfforfree.com

Previous Fields

  • System Specifications:
    Compaq Deskpro, 512MB
  • Teams:
    Nothing Selected
  1. Thanks for all your help (both of you)! . I tried using recovery console but it was unsuccessful. I went and purchased XP last night and tried to do a parallel install to retreive my data. That too, was unsuccessful so I went ahead and just wiped everything out and did a clean install. Thanks again for the help -Kimmie
  2. Thanks for all your help Aaflac!! As I stated, it will take me some time to get recovery console downloaded. (probably a few days). I will post back here as soon as I have it. In the meantime, Jintan, if you have any other suggestions, feel free to throw em at me! I may end up just going out and purchasing XP - if anything - just to have it as a backup os..lol. I hate to though..I dont like the NTFS filesystem. Fat32 is easier to control/maintain - atleast for me. I ran Windows ME on my other system for 8+ years and NEVER had this much trouble with trojans, etc..lol. I get a pc with WIN2k on it - put the same protection on it as I had on the other system.. and within the first month I have already had MASSIVE problems. (I just ran a superantispyware scan AND an Avast scan on this ME hd and it found "nada..nothing...zilch" (not even a tracking cookie) ). Poor Microsoft...some things they should have just left alone..lol. Yeah I know, Fat32 doesnt support most of the new technology out today..hehe. I just hate the fact that I cant even go into my local pc store and buy anything but VISTA now . They have even takin XP off most store shelves here - not sure why... VISTA has MAJOR issues..lol. Ok I am done ranting..lol. Thanks again for all your help Aaflac. Keep up the great work!
  3. Hi its actually Kimmie this time Sorry to be so much trouble hehe. Please dont scorn me for not having a recovery cd..lol. I bought this computer really REALLY cheap. I just hadn't had time to make one yet. I installed another HD that I used on an old computer (the MOBO is shot on it), but its running Windows ME. I have found on Microsofts website where I can download/put on floppys or burn to cd.."Setup Disks for Floppy Boot Install" that includes Recovery Console and will work with Win 2K. http://www.microsoft.com/downloads/details...55-BD5AFEE126D8 From experience, running chkdsk /r, in most cases, fixes these types of issues. It will take me a few days to get the above files downloaded so if you have another "easier" suggestion PLEASE---by all means let me know..lol.
  4. hi..this is kimmie's friend again..I am still talking to Kimmie and this is what she says she has another harddrive running windows millenium on a computer she used to use..she has installed that harddrive in place of the one you two have been working on..with this harddrive she now has access to the internet and wants to know, since she has no windows 2000 CD, can she correct the driver error via the internet and if so, how can she do it
  5. hi..my name is Sandy and I am a friend of kimmies'...she has asked me to send this to you due to the fact that she can no longer log into windowa..I am currently on the phone with her now and she is telling me exactly what to put down concerning her issues with her computer. She uninstalled ComboFix and reinstalled the second one you gave her...when the scan first started it staed it could not access the file due to it being used by another process. She let the scan continue and it came back and said the same thing again. she continued to let the scan finish, the system rebooted, the scan finished and came back with the error, but it went so fast and rebooted the stem she didn't catch the error. When the system rebooted again she got the BSOD. STOP: C00002c UNABLE TO LOAD DEVICE DRIVER error status:0xc000012f \SystemRoot\System32\drivers\runtime.sys device driver could not be loaded She rebooted her system and got the same STOP message. Rebooted system again, attempted to access safemode w/networking-same STOP message..rebooted system again, attempted regular safemode-same STOP message. rebooted again, attempted THE LAST KNOWN GOOD CONFIGURATION-same STOP message..also attempted safemode with command prompt to attemp to run system restore-same STOP message she needs to know what to do to fix this problem..she wants to know if there's a number where she can call you. If so, could you please send it to me, or I can send you her number in a private message..my email address is (deleted). Kimmie said that from working at Dell she's familiar with STOP messages in general and nine times out of ten they require the re-installation of the operating system, however she bought the computer refurbished and did not have time to make a recovery CD
  6. Getting ready to do the combofix part but thought you should see this. I reran avenger with the other script and after my system rebooted twice, this appeared in notepad: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\krdbxcrc ******************* Fatal error: integrity of Services key failed verification check! Security may be fatally compromised. Exiting immediately. Could not open script file! Status: 0xc0000034 Abort!
  7. RootChk Log: ********************************* ROOTCHK-(02-05-07)-LOG, by ejvindh Mon 05/14/2007 15:17:22.54 The rootkits that are detected by this tool were not found. ********************************* ROOTCHK-LOG-end catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-14 15:17:23 Windows 5.0.2195 Service Pack 3 NTFS scanning hidden processes ... scanning hidden services ... HKLM\SYSTEM\CurrentControlSet\Services\ACPI80n5 HKLM\SYSTEM\CurrentControlSet\Services\ACPIECn5 HKLM\SYSTEM\CurrentControlSet\Services\AFDu160m HKLM\SYSTEM\CurrentControlSet\Services\Aha154xm HKLM\SYSTEM\CurrentControlSet\Services\aic116xm HKLM\SYSTEM\CurrentControlSet\Services\aic78u2m HKLM\SYSTEM\CurrentControlSet\Services\aic78xxm HKLM\SYSTEM\CurrentControlSet\Services\Alerterm HKLM\SYSTEM\CurrentControlSet\Services\ami0ntrm HKLM\SYSTEM\CurrentControlSet\Services\amsintrm HKLM\SYSTEM\CurrentControlSet\Services\AppMgmtm HKLM\SYSTEM\CurrentControlSet\Services\ascsChatServer HKLM\SYSTEM\CurrentControlSet\Services\asc3350pServer HKLM\SYSTEM\CurrentControlSet\Services\asc3550pServer HKLM\SYSTEM\CurrentControlSet\Services\aswMon0pServer HKLM\SYSTEM\CurrentControlSet\Services\aswRdr0pServer HKLM\SYSTEM\CurrentControlSet\Services\aswTdi0pServer HKLM\SYSTEM\CurrentControlSet\Services\aswUpdSvServer HKLM\SYSTEM\CurrentControlSet\Services\AsyncMacServer HKLM\SYSTEM\CurrentControlSet\Services\atapiMacServer HKLM\SYSTEM\CurrentControlSet\Services\AtdiskacServer HKLM\SYSTEM\CurrentControlSet\Services\AtmarpccServer HKLM\SYSTEM\CurrentControlSet\Services\audstubcServer HKLM\SYSTEM\CurrentControlSet\Services\AVG Anti-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\AvgAsCln-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\BANTExtn-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\BeepExtn-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\BITSExtn-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Browsern-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\BusLogic-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\CCDECODE-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\cd20xrnt-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Cdaudiot-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Cdfsdiot-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Cdr4_2Kt-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Cdralw2k-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Cdromw2k-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\Changerk-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\cisvcerk-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\ClipSrvk-Spyware Guardr HKLM\SYSTEM\CurrentControlSet\Services\ContentFilterare Guardr HKLM\SYSTEM\CurrentControlSet\Services\ContentIndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Cpqarrayndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\cpqarry2ndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\cpqfcalmndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\cpqfws2endexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\cs429x2endexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\dac960ntndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\deckzpsxndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Dhcpzpsxndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Diskzpsxndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Diskperfndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\dmadminfndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\dmbootnfndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\dmiootnfndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\dmloadnfndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\dmserverndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\DMusicerndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Dnscachendexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\E100Bchendexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\EFS0Bchendexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Eventlogndexrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\EventSystemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Fastfatstemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Faxtfatstemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Fd16_700temxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Fdc6_700temxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Fips_700temxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\fireporttemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\flashpnttemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Flpydisktemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Fs_Recsktemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Ftdisksktemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\gameenumtemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\giveioumtemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Gpceioumtemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\HidServmtemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\HidUsbvmtemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\i8042prttemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\i81x2prttemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\IASx2prttemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\inetaccstemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\ini910ustemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\Inportustemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\IntelIdetemxrare Guardr HKLM\SYSTEM\CurrentControlSet\Services\IpFilterDriverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\IpInIperDriverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\IpNatperDriverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\IPSECperDriverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\ipsraidnDriverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\IRENUMdnDriverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\ISAPISearchverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\isapnpearchverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\Kbdclassrchverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\kbdhidssrchverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\kmixerssrchverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\KSecDDssrchverre Guardr HKLM\SYSTEM\CurrentControlSet\Services\lanmanservererre Guardr HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\lbrtfdcorkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\LexBceSorkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\LmHostsorkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\lp6nds35rkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MessengerkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\mnmddngerkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\mnmsrvcerkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\ModemvcerkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MouclassrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MountMgrrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MPEntMgrrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\mraid35xrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MRxSmb5xrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MSDTCb5xrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MsfsCb5xrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MSIServerkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MSKSSRVerkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MSPCLOCKrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MSPQMOCKrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MSTEEOCKrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\MupEEOCKrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NABTSFECrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\Ncrc710CrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NDIS710CrkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NdisTapirkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NdisWanirkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NDProxyirkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetBIOSirkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetBTOSirkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetDDESirkstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetDDEdsdmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetDetectmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetlogontmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NetmanontmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NMSCFGontmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NMSSvcontmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NpfsvcontmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NtfsvcontmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NtLmSspntmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NtmsSvcntmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NullSvcntmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFlttmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\NwlnkFwdtmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\ParalleltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\ParportltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PartMgrltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\ParVdmrltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PCIVdmrltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PCIDumpltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PCIIdepltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PcmciapltmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PerfDisktmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PerfNetktmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PerfOStktmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PerfProctmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PfModNTctmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PlugPlaytmstationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgenttationGuardr HKLM\SYSTEM\CurrentControlSet\Services\PptpMiniportationGuardr HKLM\SYSTEM\CurrentControlSet\Services\ProtectedStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\PtilinkedStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\PxHelp20dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\ql108020dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\Ql10wnt0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\ql1240t0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\ql2100t0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RasAcdt0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RasAuto0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\Rasl2tp0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RasManp0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\Rasptip0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RCAptip0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\Rdbssip0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\redbook0dStoragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccessragenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RemoteRegistrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RpcLocatorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RpcSscatorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\RSVPscatorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SamSsme2orstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SASDIFSVorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SASENUMVorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SASKUTILorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\sbpciTILorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SCardDrvorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SCardSvrorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\ScheduleorstrygenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SchedulingAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\seclogonngAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SENSogonngAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\serenumnngAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SerialmnngAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SfloppynngAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\sglfbpynngAgentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SharedAccessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SimbadAccessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SLIPadAccessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\smwdmdAccessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SparrowccessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\speedfancessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SpoolerncessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\srescanncessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SrvscanncessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\StiSvcnncessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\streamipcessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\swenumipcessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\swmidiipcessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\symc810pcessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\symc8xxpcessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\sym_hixpcessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\sysaudiocessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\SysmonLogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\TapiSrvogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\TcpiprvogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\tgaiprvogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\TlntSvrogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\TrkWksrogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\UdfsksrogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\uhcdksrogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\ultra66ogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\Update6ogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\UPSate6ogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\usbhub6ogessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\usbprintgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\usbscantgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\USBSTORtgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\UtilMantgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\VgaSavetgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\vsdatantgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\vsmonantgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\VxDonantgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\W32TimetgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\W3SVCmetgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WanarpetgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\wdmaudetgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WebPosttgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WinMgmttgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WinsocktgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WinSock2gessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WinTrustgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WmdmPmSNgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WmimPmSNgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WS2IFSLNgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\WSTCODECgessentenGuardr HKLM\SYSTEM\CurrentControlSet\Services\wuauservgessentenGuardr scanning hidden autostart entries ... scanning hidden files ... C:\WINNT\system32\drivers\runtime2.sys scan completed successfully hidden processes: 0 hidden services: 244 hidden files: 1 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Avenger.txt Log: Is empty (??). Scan completed, my system rebooted. Scan finished - In "black dos looking window" it said it could not find Avenger.txt did I want to crate a new one. I said no. Went to C:\Avenger.txt. The file is there but its empty. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ****NOTE**** After installing that avenger script, my system rebooted - right before windows loaded it rebooted itself, then kept looking for a disc in Drive A:. Now I have a constant box on my screen wanting me to insert a disk in Drive A:. Three options on box: CANCEL TRY AGAIN CONTINUE. Canceling out doesn't work - I had to reboot again to fix it. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HJT Log: Still cannot do "scan and save log file. In Reg Windows my pc reboots itself. Tried it in safemode: Error: HJT has caused an error and will now close (this happens when it tries to create the log file). Screenshot attached.
  8. "kimmie" - 05/14/2007 0:59:13 Service Pack 3 [sAFE MODE] ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\new user\Desktop\" (((((((((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\cyvvxguh.dll C:\WINNT\system32\dvpvlwpd.dll C:\WINNT\system32\edhsxsrl.dll C:\WINNT\system32\ifusmucs.dll C:\WINNT\system32\objkoxjg.dll C:\WINNT\system32\twwcnemw.dll C:\WINNT\system32\whwgtvhr.dll C:\WINNT\system32\awtrrrq.dll C:\WINNT\system32\iifcyxu.dll C:\WINNT\system32\iifdbxv.dll C:\WINNT\system32\khfddbb.dll C:\WINNT\system32\ljjghih.dll C:\WINNT\system32\ljjkljg.dll C:\WINNT\system32\nnnligg.dll C:\WINNT\system32\nnnmnol.dll C:\WINNT\system32\opnollk.dll C:\WINNT\system32\pmnmjki.dll C:\WINNT\system32\pmnmnom.dll C:\WINNT\system32\pmnnnlj.dll C:\WINNT\system32\qomlkij.dll C:\WINNT\system32\rqrommj.dll C:\WINNT\system32\rqrrsro.dll C:\WINNT\system32\ssqnmjh.dll C:\WINNT\system32\ssqpqpp.dll C:\WINNT\system32\tuvutqo.dll C:\WINNT\system32\tuvutqq.dll C:\WINNT\system32\vtutust.dll C:\WINNT\system32\wvuspqo.dll C:\WINNT\system32\wvuttqr.dll C:\WINNT\system32\yayabby.dll C:\WINNT\system32\yaywxuu.dll C:\WINNT\system32\yayywxv.dll C:\WINNT\system32\ttvwa.bak1 C:\WINNT\system32\ttvwa.ini C:\WINNT\system32\dpwlvpvd.ini C:\WINNT\system32\rhvtgwhw.ini C:\WINNT\system32\awvtt.dll C:\WINNT\system32\pmnnnol.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * C:\WINNT\system32\awvtt.dll C:\WINNT\system32\pmnnnol.dll (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINNT\system32\pfxzmtaim.dll C:\WINNT\system32\pfxzmtgtal.dll C:\WINNT\system32\pfxzmticq.dll C:\WINNT\system32\pfxzmtymsg.dll C:\WINNT\system32\sfxzmtforum.dll C:\WINNT\system32\sfxzmtsmt.dll C:\WINNT\system32\sfxzmtsmtspm.dll C:\WINNT\system32\sfxzmtwbmail.dll C:\Documents and Settings\All Users.\documents\settings\desktop.ini C:\Documents and Settings\All Users.\documents\settings C:\WINNT\system32\rpcc1.dll . . . . failed to delete Infected copy of C:\WINNT\system32\winlogon.exe was found & disinfected Restored copy from - "c:\WINNT\ServicePackFiles\i386\winlogon.exe" ((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-14 )))))))))))))))))))))))))))))))))) 2007-05-14 01:03 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_260.dat 2007-05-13 22:50 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys 2007-05-13 21:17 262,708 --------- C:\WINNT\system32\awvtt.dll 2007-05-13 20:51 1,012 --a------ C:\WINNT\system32\tmp.reg 2007-05-13 20:25 1,474,706 ---hs---- C:\WINNT\system32\rtutv.ini2 2007-05-13 18:38 30,720 --------- C:\WINNT\system32\rpcc1.dll 2007-05-13 18:38 10,000 --a------ C:\WINNT\system32\fs6ehnf8jd.dll 2007-05-13 17:18 <DIR> d-------- C:\Program Files\XoftSpySE 2007-05-13 11:00 1,465,752 ---hs---- C:\WINNT\system32\rtutv.bak1 2007-05-13 10:10 1,468,444 ---hs---- C:\WINNT\system32\nqtwa.ini2 2007-05-13 09:22 1,465,712 ---hs---- C:\WINNT\system32\nqtwa.bak1 2007-05-13 09:01 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real 2007-05-13 09:00 29,206 --------- C:\WINNT\system32\pmnnnol.dll 2007-05-13 08:27 <DIR> d-------- C:\DOCUME~1\Jeanne\APPLIC~1\SUPERAntiSpyware.com 2007-05-13 08:24 <DIR> d-------- C:\DOCUME~1\Jeanne\APPLIC~1\AdobeUM 2007-05-13 07:19 201,360 --a------ C:\WINNT\system32\update30728908.exe 2007-05-13 07:06 1,466,609 ---hs---- C:\WINNT\system32\klkkj.bak1 2007-05-13 00:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo 2007-05-12 18:28 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\DiVision Studios - Escaping Atlantis 2007-05-12 00:00 <DIR> d-------- C:\Program Files\bfgclient 2007-05-12 00:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BigFishGamesCache 2007-05-09 02:01 31 --ah----- C:\WINNT\uccspecc.sys 2007-05-09 02:01 <DIR> d-------- C:\WINNT\Cache 2007-05-09 02:01 <DIR> d-------- C:\Program Files\Coupons 2007-05-08 02:51 <DIR> d-------- C:\Program Files\Ghost Hunter Demo 2007-05-07 17:42 <DIR> d-------- C:\Program Files\Big City Adventure SF 2007-05-07 03:51 <DIR> d-------- C:\Program Files\Private Eye - Greatest Unsolved Mysteries 2007-05-05 23:43 3,840 --a------ C:\WINNT\system32\drivers\BANTExt.sys 2007-05-05 23:43 <DIR> d-------- C:\Program Files\Belarc 2007-05-05 22:39 <DIR> d-------- C:\Program Files\CCleaner 2007-05-05 18:36 <DIR> d--h----- C:\WINNT\PIF 2007-05-05 03:25 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\FloodLightGames 2007-05-05 03:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FloodLightGames 2007-05-03 21:26 278,528 --a------ C:\WINNT\system32\livesnth.dll 2007-04-30 05:28 <DIR> d-------- C:\DOCUME~1\Jeanne\APPLIC~1\Real 2007-04-30 03:36 <DIR> d-------- C:\Program Files\Fishing Trip 2007-04-30 00:28 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-04-30 00:28 <DIR> d-------- C:\My Music 2007-04-30 00:26 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Real 2007-04-30 00:23 <DIR> d-------- C:\My Downloads 2007-04-28 20:01 <DIR> d-------- C:\Program Files\Alawar 2007-04-28 18:45 0 --a------ C:\temp\svcipa.exe 2007-04-28 18:45 0 --a------ C:\svcipa.exe 2007-04-26 00:43 4,096 --a------ C:\WINNT\d3dx.dat 2007-04-25 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear 2007-04-25 16:41 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Magic Academy 2007-04-24 01:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2007-04-24 01:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-04-24 01:45 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-04-24 01:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com 2007-04-23 23:37 <DIR> d-------- C:\VundoFix Backups 2007-04-23 16:22 <DIR> d-------- C:\Program Files\Brave Dwarves BFT Expansion Pack #4 2007-04-21 02:08 <DIR> d-------- C:\Program Files\SpeedFan 2007-04-19 23:54 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Alien Skin 2007-04-18 19:16 <DIR> d-------- C:\Program Files\Web Publish 2007-04-18 19:15 53,760 --a------ C:\WINNT\system32\LTFIL70N.DLL 2007-04-18 19:15 349,696 --a------ C:\WINNT\system32\LTKRN70N.DLL 2007-04-18 19:15 32,768 --a------ C:\WINNT\system32\LFGIF70N.DLL 2007-04-18 19:15 24,576 --a------ C:\WINNT\system32\LFBMP70N.DLL 2007-04-18 19:15 21,504 --a------ C:\WINNT\system32\LFWMF70N.DLL 2007-04-18 19:15 20,992 --a------ C:\WINNT\system32\LFTGA70N.DLL 2007-04-18 19:15 19,456 --a------ C:\WINNT\system32\LFPCD70N.DLL 2007-04-18 19:15 186,880 --a------ C:\WINNT\system32\LFCMP70N.DLL 2007-04-18 19:15 156,160 --a------ C:\WINNT\system32\fplayer.dll 2007-04-18 19:14 212,480 --a------ C:\WINNT\PCDLIB32.DLL 2007-04-18 19:14 <DIR> d-------- C:\WINNT\Bbstore 2007-04-18 19:13 96,768 --a------ C:\WINNT\system32\Ptsacx40.dll 2007-04-18 19:13 50,048 --a------ C:\WINNT\system32\PTSAABDB.DLL 2007-04-18 19:13 5,632 --a------ C:\WINNT\system32\MFCUIA32.DLL 2007-04-18 19:13 4,280 --a------ C:\WINNT\system32\WBT32RES.DLL 2007-04-18 19:13 4,128 --a------ C:\WINNT\system32\WBTRVRES.DLL 2007-04-18 19:13 317,116 --a------ C:\WINNT\system32\WBTR32.EXE 2007-04-18 19:13 30,080 --a------ C:\WINNT\system32\Ptabimp3.exe 2007-04-18 19:13 21,840 --a------ C:\WINNT\system32\PTSAAB30.DLL 2007-04-18 19:13 17,704 --a------ C:\WINNT\system32\WBTRLOCL.DLL 2007-04-18 19:13 16,496 --a------ C:\WINNT\system32\WBTRCALL.DLL 2007-04-18 19:13 133,904 --a------ C:\WINNT\system32\MFCANS32.DLL 2007-04-18 19:13 116,640 --a------ C:\WINNT\system32\Ptsaci40.dll 2007-04-18 19:13 101,376 --a------ C:\WINNT\system32\Ptsaab32.dll 2007-04-17 12:42 24,901 --a------ C:\WINNT\zzz.exe 2007-04-16 14:33 82,432 --a------ C:\WINNT\system32\msxml4r.dll 2007-04-16 14:33 44,544 --a------ C:\WINNT\system32\msxml4a.dll 2007-04-16 14:33 421,888 --a------ C:\WINNT\Nero PhotoShow.scr 2007-04-16 14:33 1,233,920 --a------ C:\WINNT\system32\msxml4.dll 2007-04-16 14:33 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Simple Star 2007-04-16 14:33 <DIR> d-------- C:\Demo Album 2007-04-16 14:31 2,670,592 --------- C:\WINNT\UNNMP.exe 2007-04-16 14:31 <DIR> d-------- C:\Program Files\Nero 2007-04-16 14:31 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Ahead 2007-04-16 14:28 155,648 --a------ C:\WINNT\system32\NeroCheck.exe 2007-04-16 14:28 <DIR> d-------- C:\Program Files\Common Files\Nero 2007-04-16 14:26 2,916,352 --------- C:\WINNT\UNNeroVision.exe 2007-04-16 14:25 476,320 --a------ C:\WINNT\system32\ImagXpr7.dll 2007-04-16 14:25 471,040 --a------ C:\WINNT\system32\ImagXRA7.dll 2007-04-16 14:25 38,912 --a------ C:\WINNT\system32\picn20.dll 2007-04-16 14:25 364,544 --a------ C:\WINNT\system32\TwnLib4.dll 2007-04-16 14:25 262,144 --a------ C:\WINNT\system32\ImagXR7.dll 2007-04-16 14:25 106,496 --a------ C:\WINNT\system32\TwnLib20.dll 2007-04-16 14:25 1,568,768 --a------ C:\WINNT\system32\ImagX7.dll 2007-04-16 14:25 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-04-16 14:25 <DIR> d-------- C:\Program Files\Ahead 2007-04-16 14:25 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead 2007-04-16 14:21 71,168 --a------ C:\WINNT\system32\Camapi32.dll 2007-04-16 14:21 63,488 --a------ C:\WINNT\system32\PICN1111.DLL 2007-04-16 14:21 522,752 --a------ C:\WINNT\system32\DC120fc7_32.dll 2007-04-16 14:21 5,632 --a------ C:\WINNT\system32\HELLUT32.DLL 2007-04-16 14:21 332,800 --a------ C:\WINNT\system32\FPXLIB.DLL 2007-04-16 14:21 329,216 --a------ C:\WINNT\system32\opccli32.dll 2007-04-16 14:21 29,184 --a------ C:\WINNT\system32\PICN11.DLL 2007-04-16 14:21 29,184 --a------ C:\WINNT\system32\Comm32.dll 2007-04-16 14:21 254,976 --a------ C:\WINNT\system32\SFWIUDLL.DLL 2007-04-16 14:21 24,576 --a------ C:\WINNT\system32\SFWUTS20.DLL 2007-04-16 14:21 212,480 --a------ C:\WINNT\system32\PCDLIB32.DLL 2007-04-16 14:21 20,480 --a------ C:\WINNT\system32\MGIIpl2.dll 2007-04-16 14:21 19,968 --a------ C:\WINNT\system32\CPUINF32.DLL 2007-04-16 14:21 122,880 --a------ C:\WINNT\system32\JPEGLIB.DLL 2007-04-16 14:21 1,265,664 --a------ C:\WINNT\system32\MGIIpl2A6.dll 2007-04-16 14:21 1,228,800 --a------ C:\WINNT\system32\MGIIpl2M6.dll 2007-04-16 14:21 1,200,128 --a------ C:\WINNT\system32\MGIIpl2M5.dll 2007-04-16 14:21 1,073,152 --a------ C:\WINNT\system32\MGIIpl2P6.dll 2007-04-16 14:21 1,064,960 --a------ C:\WINNT\system32\MGIIpl2PX.dll 2007-04-16 14:21 1,028,096 --a------ C:\WINNT\system32\MGIIpl2P5.dll 2007-04-16 14:20 <DIR> d-------- C:\Program Files\Broderbund 2007-04-16 11:37 87,040 --a------ C:\WINNT\system32\drmstor.dll 2007-04-16 11:37 36,528 --------- C:\WINNT\system32\drivers\PxHelp20.sys 2007-04-16 11:37 306,424 --a------ C:\WINNT\system32\drmclien.dll 2007-04-16 11:37 129,784 --------- C:\WINNT\system32\pxafs.dll 2007-04-16 11:37 115,880 --------- C:\WINNT\system32\pxinsi64.exe 2007-04-16 11:36 <DIR> d-------- C:\Program Files\Winamp 2007-04-16 03:54 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\AdobeUM 2007-04-16 03:46 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Jasc 2007-04-15 14:36 90,896 --a------ C:\WINNT\system32\trkwks.dll 2007-04-15 14:36 89,872 --a------ C:\WINNT\system32\smlogsvc.exe 2007-04-15 14:36 83,888 --a------ C:\WINNT\system32\vga.dll 2007-04-15 14:36 81,168 --a------ C:\WINNT\system32\stobject.dll 2007-04-15 14:36 80,144 --a------ C:\WINNT\system32\telnet.exe 2007-04-15 14:36 8,464 --a------ C:\WINNT\system32\wshirda.dll 2007-04-15 14:36 74,000 --a------ C:\WINNT\system32\wmicore.dll 2007-04-15 14:36 69,392 --a------ C:\WINNT\system32\shim.dll 2007-04-15 14:36 68,368 --a------ C:\WINNT\system32\ws2_32.dll 2007-04-15 14:36 68,368 --a------ C:\WINNT\system32\unimdmat.dll 2007-04-15 14:36 62,736 --a------ C:\WINNT\system32\sstext3d.scr 2007-04-15 14:36 61,712 --a------ C:\WINNT\system32\stisvc.exe 2007-04-15 14:36 56,592 --a------ C:\WINNT\system32\w32tm.exe 2007-04-15 14:36 55,568 --a------ C:\WINNT\system32\wlnotify.dll 2007-04-15 14:36 55,056 --a------ C:\WINNT\system32\tlntsess.exe 2007-04-15 14:36 50,960 --a------ C:\WINNT\system32\w32time.dll 2007-04-15 14:36 47,888 --a------ C:\WINNT\system32\ssbezier.scr 2007-04-15 14:36 42,768 --a------ C:\WINNT\system32\webhits.dll 2007-04-15 14:36 419,600 --a------ C:\WINNT\system32\ssmaze.scr 2007-04-15 14:36 41,744 --a------ C:\WINNT\system32\tcpmon.dll 2007-04-15 14:36 41,744 --a------ C:\WINNT\system32\ssflwbox.scr 2007-04-15 14:36 392,464 --a------ C:\WINNT\system32\txfaux.dll 2007-04-15 14:36 39,696 --a------ C:\WINNT\system32\wsnmp32.dll 2007-04-15 14:36 38,672 --a------ C:\WINNT\system32\ssmarque.scr 2007-04-15 14:36 375,568 --a------ C:\WINNT\system32\tapi3.dll 2007-04-15 14:36 37,648 --a------ C:\WINNT\system32\winsta.dll 2007-04-15 14:36 36,624 --a------ C:\WINNT\system32\ssmyst.scr 2007-04-15 14:36 35,600 --a------ C:\WINNT\system32\storprop.dll 2007-04-15 14:36 33,040 --a------ C:\WINNT\system32\ssstars.scr 2007-04-15 14:36 315,664 --a------ C:\WINNT\system32\usp10.dll 2007-04-15 14:36 30,992 --a------ C:\WINNT\system32\vbajet32.dll 2007-04-15 14:36 30,992 --a------ C:\WINNT\system32\shmgrate.exe 2007-04-15 14:36 287,504 --a------ C:\WINNT\system32\vmhelper.dll 2007-04-15 14:36 285,456 --a------ C:\WINNT\system32\smlogcfg.dll 2007-04-15 14:36 28,944 --a------ C:\WINNT\system32\svcpack.dll 2007-04-15 14:36 28,400 --a------ C:\WINNT\system32\wupdinfo.dll 2007-04-15 14:36 270,608 --a------ C:\WINNT\winhlp32.exe 2007-04-15 14:36 27,920 --a------ C:\WINNT\system32\umandlg.dll 2007-04-15 14:36 246,544 --a------ C:\WINNT\system32\strmdll.dll 2007-04-15 14:36 24,848 --a------ C:\WINNT\system32\sqlwid.dll 2007-04-15 14:36 22,800 --a------ C:\WINNT\system32\utilman.exe 2007-04-15 14:36 214,288 --a------ C:\WINNT\system32\snmpsnap.dll 2007-04-15 14:36 21,776 --a------ C:\WINNT\system32\wsock32.dll 2007-04-15 14:36 193,296 --a------ C:\WINNT\winrep.exe 2007-04-15 14:36 187,664 --a------ C:\WINNT\system32\thumbvw.dll 2007-04-15 14:36 187,024 --a------ C:\WINNT\system32\spcmdcon.sys 2007-04-15 14:36 186,128 --a------ C:\WINNT\system32\tlntsvr.exe 2007-04-15 14:36 178,960 --a------ C:\WINNT\system32\winlogon.exe 2007-04-15 14:36 173,328 --a------ C:\WINNT\system32\tapisrv.dll 2007-04-15 14:36 171,792 --a------ C:\WINNT\system32\wjview.exe 2007-04-15 14:36 17,680 --a------ C:\WINNT\system32\wshtcpip.dll 2007-04-15 14:36 17,680 --a------ C:\WINNT\system32\tftp.exe 2007-04-15 14:36 17,680 --a------ C:\WINNT\system32\SNMPAPI.DLL 2007-04-15 14:36 166,160 --a------ C:\WINNT\system32\WINTRUST.DLL 2007-04-15 14:36 165,744 --a------ C:\WINNT\system32\XENROLL.DLL 2007-04-15 14:36 162,576 --a------ C:\WINNT\system32\WLDAP32.DLL 2007-04-15 14:36 155,920 --a------ C:\WINNT\system32\wavemsp.dll 2007-04-15 14:36 15,120 --a------ C:\WINNT\system32\sisbkup.dll 2007-04-15 14:36 14,608 --a------ C:\WINNT\system32\uniplat.dll 2007-04-15 14:36 138,000 --a------ C:\WINNT\system32\ss3dfo.scr 2007-04-15 14:36 13,072 --a------ C:\WINNT\system32\tcpmib.dll 2007-04-15 14:36 11,536 --a------ C:\WINNT\system32\usbmon.dll 2007-04-15 14:36 102,160 --a------ C:\WINNT\system32\sspipes.scr 2007-04-15 14:36 10,000 --a------ C:\WINNT\system32\wshatm.dll 2007-04-15 14:35 991,504 --a------ C:\WINNT\system32\OLE32.DLL 2007-04-15 14:35 974,096 --a------ C:\WINNT\system32\sfcfiles.dll 2007-04-15 14:35 97,040 --a------ C:\WINNT\system32\rtm.dll 2007-04-15 14:35 97,040 --a------ C:\WINNT\system32\polagent.dll 2007-04-15 14:35 945,936 --a------ C:\WINNT\system32\msjava.dll 2007-04-15 14:35 94,208 --------- C:\WINNT\system32\iuctl.dll 2007-04-15 14:35 91,408 --a------ C:\WINNT\system32\netman.dll 2007-04-15 14:35 91,136 --a------ C:\WINNT\system32\nlhtml.dll 2007-04-15 14:35 90,112 --a------ C:\WINNT\system32\odbcint.dll 2007-04-15 14:35 9,488 --a------ C:\WINNT\system32\spiisupd.exe 2007-04-15 14:35 85,776 --a------ C:\WINNT\system32\ntsdexts.dll 2007-04-15 14:35 831,760 --a------ C:\WINNT\system32\mswdat10.dll 2007-04-15 14:35 80,144 --a------ C:\WINNT\system32\ntdskcc.dll 2007-04-15 14:35 8,704 --------- C:\WINNT\system32\wuauserv.dll 2007-04-15 14:35 77,584 --a------ C:\WINNT\system32\scripto.dll 2007-04-15 14:35 77,072 --a------ C:\WINNT\system32\rsvpsp.dll 2007-04-15 14:35 76,560 --a------ C:\WINNT\system32\msw3prt.dll 2007-04-15 14:35 72,464 --a------ C:\WINNT\system32\netui0.dll 2007-04-15 14:35 70,928 --a------ C:\WINNT\system32\olethk32.dll 2007-04-15 14:35 7,440 --a------ C:\WINNT\system32\msswchx.exe 2007-04-15 14:35 692,496 --a------ C:\WINNT\system32\OPENGL32.DLL 2007-04-15 14:35 67,344 --a------ C:\WINNT\system32\ntdsetup.dll 2007-04-15 14:35 66,832 --a------ C:\WINNT\system32\regsvc.exe 2007-04-15 14:35 65,601 --a------ C:\WINNT\system32\servdeps.dll 2007-04-15 14:35 64,272 --a------ C:\WINNT\system32\mswsock.dll 2007-04-15 14:35 63,248 --a------ C:\WINNT\system32\RASSCRPT.DLL 2007-04-15 14:35 614,672 --a------ C:\WINNT\system32\mswstr10.dll 2007-04-15 14:35 61,440 --------- C:\WINNT\system32\sp3res.dll 2007-04-15 14:35 6,928 --a------ C:\WINNT\system32\schmupd.exe 2007-04-15 14:35 57,616 --a------ C:\WINNT\system32\ntdsapi.dll 2007-04-15 14:35 57,104 --a------ C:\WINNT\system32\ocmanage.dll 2007-04-15 14:35 56,592 --a------ C:\WINNT\system32\mydocs.dll 2007-04-15 14:35 553,232 --a------ C:\WINNT\system32\msrepl40.dll 2007-04-15 14:35 547,600 --a------ C:\WINNT\system32\netcfgx.dll 2007-04-15 14:35 53,520 --a------ C:\WINNT\system32\odbcji32.dll 2007-04-15 14:35 53,520 --a------ C:\WINNT\system32\ntmsapi.dll 2007-04-15 14:35 53,520 --a------ C:\WINNT\system32\msjter40.dll 2007-04-15 14:35 53,008 --a------ C:\WINNT\system32\packager.exe 2007-04-15 14:35 52,496 --a------ C:\WINNT\system32\mtxclu.dll 2007-04-15 14:35 505,616 --a------ C:\WINNT\system32\msxml.dll 2007-04-15 14:35 48,912 --a------ C:\WINNT\system32\rastls.dll 2007-04-15 14:35 48,400 --a------ C:\WINNT\system32\secur32.dll 2007-04-15 14:35 468,752 --a------ C:\WINNT\system32\netshell.dll 2007-04-15 14:35 450,832 --a------ C:\WINNT\system32\rpcrt4.dll 2007-04-15 14:35 45,840 --------- C:\WINNT\system32\msmqprop.exe 2007-04-15 14:35 444,176 --a------ C:\WINNT\system32\oieng400.dll 2007-04-15 14:35 422,160 --a------ C:\WINNT\system32\msrd2x40.dll 2007-04-15 14:35 41,232 --a------ C:\WINNT\system32\odbcconf.exe 2007-04-15 14:35 41,232 --a------ C:\WINNT\system32\odbcconf.dll 2007-04-15 14:35 401,168 --a------ C:\WINNT\system32\ntmssvc.dll 2007-04-15 14:35 40,720 --a------ C:\WINNT\system32\RESUTILS.DLL 2007-04-15 14:35 391,440 --a------ C:\WINNT\system32\oakley.dll 2007-04-15 14:35 371,472 --a------ C:\WINNT\system32\NETLOGON.DLL 2007-04-15 14:35 37,136 --a------ C:\WINNT\system32\ODBCAD32.exe 2007-04-15 14:35 36,624 --a------ C:\WINNT\system32\RNR20.DLL 2007-04-15 14:35 36,112 --a------ C:\WINNT\system32\regapi.dll 2007-04-15 14:35 35,600 --a------ C:\WINNT\system32\RASCHAP.DLL 2007-04-15 14:35 35,088 --a------ C:\WINNT\system32\MSSIGN32.DLL 2007-04-15 14:35 348,432 --a------ C:\WINNT\system32\mspbde40.dll 2007-04-15 14:35 348,432 --a------ C:\WINNT\system32\msjetoledb40.dll 2007-04-15 14:35 344,336 --a------ C:\WINNT\system32\msxbde40.dll 2007-04-15 14:35 34,816 --------- C:\WINNT\system32\msiregmv.exe 2007-04-15 14:35 32,016 --a------ C:\WINNT\system32\ntdsatq.dll 2007-04-15 14:35 315,664 --a------ C:\WINNT\system32\msrd3x40.dll 2007-04-15 14:35 310,272 --------- C:\WINNT\system32\winhttp.dll 2007-04-15 14:35 290,869 --a------ C:\WINNT\system32\msvcrt.dll 2007-04-15 14:35 28,944 --a------ C:\WINNT\system32\perfproc.dll 2007-04-15 14:35 28,432 --a------ C:\WINNT\system32\scrnsave.scr 2007-04-15 14:35 28,432 --a------ C:\WINNT\system32\ntdsbsrv.dll 2007-04-15 14:35 270,608 --a------ C:\WINNT\system32\odbcjt32.dll 2007-04-15 14:35 27,920 --a------ C:\WINNT\system32\ntdsbcli.dll 2007-04-15 14:35 26,624 --a------ C:\WINNT\system32\msxmlr.dll 2007-04-15 14:35 254,224 --a------ C:\WINNT\system32\mstext40.dll 2007-04-15 14:35 25,360 --a------ C:\WINNT\system32\rsfsaps.dll 2007-04-15 14:35 25,360 --a------ C:\WINNT\system32\rapilib.dll 2007-04-15 14:35 248,592 --a------ C:\WINNT\system32\scesrv.dll 2007-04-15 14:35 242,688 --a------ C:\WINNT\system32\qmgr.dll 2007-04-15 14:35 241,936 --a------ C:\WINNT\system32\msjtes40.dll 2007-04-15 14:35 24,848 --a------ C:\WINNT\system32\odbcbcp.dll 2007-04-15 14:35 24,848 --a------ C:\WINNT\system32\ODBC32GT.dll 2007-04-15 14:35 24,336 --a------ C:\WINNT\system32\rpcns4.dll 2007-04-15 14:35 24,336 --a------ C:\WINNT\system32\perfdisk.dll 2007-04-15 14:35 24,336 --------- C:\WINNT\system32\ftpqfe.exe 2007-04-15 14:35 236,816 --a------ C:\WINNT\system32\rpcss.dll 2007-04-15 14:35 23,824 --a------ C:\WINNT\system32\mtxdm.dll 2007-04-15 14:35 221,456 --a------ C:\WINNT\system32\osk.exe 2007-04-15 14:35 219,408 --a------ C:\WINNT\system32\mstask.dll 2007-04-15 14:35 217,360 --a------ C:\WINNT\system32\ODBC32.dll 2007-04-15 14:35 213,264 --a------ C:\WINNT\system32\msltus40.dll 2007-04-15 14:35 21,264 --a------ C:\WINNT\system32\msjdbc10.dll 2007-04-15 14:35 207,632 --a------ C:\WINNT\system32\objsel.dll 2007-04-15 14:35 200,976 --a------ C:\WINNT\system32\odbccu32.dll 2007-04-15 14:35 20,752 --a------ C:\WINNT\system32\odtext32.dll 2007-04-15 14:35 20,752 --a------ C:\WINNT\system32\odpdx32.dll 2007-04-15 14:35 20,752 --a------ C:\WINNT\system32\odfox32.dll 2007-04-15 14:35 20,752 --a------ C:\WINNT\system32\odexl32.dll 2007-04-15 14:35 20,752 --a------ C:\WINNT\system32\oddbse32.dll 2007-04-15 14:35 20,208 --------- C:\WINNT\system32\drivers\msircomm.sys 2007-04-15 14:35 197,904 --a------ C:\WINNT\system32\rasppp.dll 2007-04-15 14:35 196,880 --a------ C:\WINNT\system32\odbccr32.dll 2007-04-15 14:35 186,880 --------- C:\WINNT\system32\wuaueng.dll 2007-04-15 14:35 18,432 --a------ C:\WINNT\system32\qmgrprxy.dll 2007-04-15 14:35 173,840 --a------ C:\WINNT\system32\netplwiz.dll 2007-04-15 14:35 173,328 --a------ C:\WINNT\system32\ntmsdba.dll 2007-04-15 14:35 17,680 --a------ C:\WINNT\system32\seclogon.dll 2007-04-15 14:35 169,984 --------- C:\WINNT\system32\iuengine.dll 2007-04-15 14:35 164,112 --a------ C:\WINNT\system32\OLEPRO32.DLL 2007-04-15 14:35 16,144 --a------ C:\WINNT\system32\NDDEAPI.DLL 2007-04-15 14:35 155,920 --a------ C:\WINNT\system32\ODBCTRAC.dll 2007-04-15 14:35 155,920 --a------ C:\WINNT\system32\msorcl32.dll 2007-04-15 14:35 154,896 --a------ C:\WINNT\system32\rasmontr.dll 2007-04-15 14:35 152,848 --a------ C:\WINNT\system32\pdh.dll 2007-04-15 14:35 151,824 --a------ C:\WINNT\system32\msjint40.dll 2007-04-15 14:35 146,192 --a------ C:\WINNT\system32\dssenh.dll 2007-04-15 14:35 145,168 --a------ C:\WINNT\system32\polstore.dll 2007-04-15 14:35 140,800 --------- C:\WINNT\system32\wuauclt.exe 2007-04-15 14:35 14,608 --a------ C:\WINNT\system32\RASSAPI.DLL 2007-04-15 14:35 14,608 --a------ C:\WINNT\system32\msswch.dll 2007-04-15 14:35 139,536 --a------ C:\WINNT\system32\regedt32.exe 2007-04-15 14:35 133,904 --a------ C:\WINNT\system32\rsaenh.dll 2007-04-15 14:35 131,344 --a------ C:\WINNT\system32\RSABASE.DLL 2007-04-15 14:35 131,344 --a------ C:\WINNT\system32\netid.dll 2007-04-15 14:35 13,584 --a------ C:\WINNT\system32\powrprof.dll 2007-04-15 14:35 118,544 --a------ C:\WINNT\system32\mstask.exe 2007-04-15 14:35 114,448 --a------ C:\WINNT\system32\PSBASE.DLL 2007-04-15 14:35 113,936 --a------ C:\WINNT\system32\newdev.dll 2007-04-15 14:35 111,888 --a------ C:\WINNT\system32\scecli.dll 2007-04-15 14:35 108,816 --a------ C:\WINNT\system32\NETDDE.EXE 2007-04-15 14:35 108,304 --a------ C:\WINNT\system32\rsnotify.exe 2007-04-15 14:35 106,256 --a------ C:\WINNT\system32\mtxoci.dll 2007-04-15 14:35 105,232 --a------ C:\WINNT\system32\rend.dll 2007-04-15 14:35 104,960 --a------ C:\WINNT\system32\offfilt.dll 2007-04-15 14:35 102,672 --a------ C:\WINNT\system32\odbccp32.dll 2007-04-15 14:35 102,160 --a------ C:\WINNT\system32\NTMARTA.DLL 2007-04-15 14:35 10,512 --a------ C:\WINNT\system32\runas.exe 2007-04-15 14:35 10,512 --------- C:\WINNT\system32\sptsupd.exe 2007-04-15 14:35 10,288 --------- C:\WINNT\system32\drivers\irenum.sys 2007-04-15 14:35 1,503,504 --a------ C:\WINNT\system32\msjet40.dll 2007-04-15 14:35 1,424,144 --a------ C:\WINNT\system32\query.dll 2007-04-15 14:35 1,026,320 --a------ C:\WINNT\system32\ntdsa.dll 2007-04-15 14:34 99,088 --a------ C:\WINNT\system32\modemui.dll 2007-04-15 14:34 88,848 --a------ C:\WINNT\system32\msdtclog.dll 2007-04-15 14:34 835,856 --a------ C:\WINNT\system32\mmcndmgr.dll 2007-04-15 14:34 76,048 --a------ C:\WINNT\system32\mdhcp.dll 2007-04-15 14:34 700,176 --a------ C:\WINNT\system32\msdtcprx.dll 2007-04-15 14:34 69,904 --a------ C:\WINNT\system32\mprddm.dll 2007-04-15 14:34 66,320 --a------ C:\WINNT\system32\LOADPERF.DLL 2007-04-15 14:34 603,408 --a------ C:\WINNT\system32\mmc.exe 2007-04-15 14:34 56,080 --a------ C:\WINNT\system32\mprui.dll 2007-04-15 14:34 55,056 --a------ C:\WINNT\system32\mpr.dll 2007-04-15 14:34 512,272 --a------ C:\WINNT\system32\msexch40.dll 2007-04-15 14:34 48,400 --a------ C:\WINNT\system32\loghours.dll 2007-04-15 14:34 47,376 --a------ C:\WINNT\system32\mprdim.dll 2007-04-15 14:34 4,368 --a------ C:\WINNT\system32\msdxmlc.dll 2007-04-15 14:34 319,760 --a------ C:\WINNT\system32\msexcl40.dll 2007-04-15 14:34 25,872 --a------ C:\WINNT\system32\LODCTR.EXE 2007-04-15 14:34 24,848 --a------ C:\WINNT\system32\msdart32.dll 2007-04-15 14:34 236,304 --a------ C:\WINNT\system32\msclus.dll 2007-04-15 14:34 235,792 --a------ C:\WINNT\system32\localsec.dll 2007-04-15 14:34 20,240 --a------ C:\WINNT\system32\lpk.dll 2007-04-15 14:34 19,216 --a------ C:\WINNT\system32\mimefilt.dll 2007-04-15 14:34 168,720 --a------ C:\WINNT\system32\mobsync.dll 2007-04-15 14:34 154,384 --a------ C:\WINNT\system32\msawt.dll 2007-04-15 14:34 146,192 --a------ C:\WINNT\system32\msdtcui.dll 2007-04-15 14:34 130,832 --a------ C:\WINNT\system32\logon.scr 2007-04-15 14:34 13,824 --a------ C:\WINNT\system32\mscpxl32.dLL 2007-04-15 14:34 105,744 --a------ C:\WINNT\system32\msafd.dll 2007-04-15 14:34 102,160 --a------ C:\WINNT\system32\mdminst.dll 2007-04-15 14:34 1,128,208 --a------ C:\WINNT\system32\msdtctm.dll 2007-04-15 14:33 97,040 --a------ C:\WINNT\system32\iasrad.dll 2007-04-15 14:33 96,016 --a------ C:\WINNT\system32\imm32.dll 2007-04-15 14:33 81,978 --a------ C:\WINNT\system32\hlink.dll 2007-04-15 14:33 79,632 --a------ C:\WINNT\system32\irmon.dll 2007-04-15 14:33 76,560 --a------ C:\WINNT\system32\hotplug.dll 2007-04-15 14:33 75,536 --a------ C:\WINNT\system32\iasads.dll 2007-04-15 14:33 72,464 --a------ C:\WINNT\system32\isign32.dll 2007-04-15 14:33 65,808 --a------ C:\WINNT\system32\inetpp.dll 2007-04-15 14:33 63,248 --a------ C:\WINNT\system32\javaprxy.dll 2007-04-15 14:33 60,176 --a------ C:\WINNT\system32\iassvcs.dll 2007-04-15 14:33 60,176 --a------ C:\WINNT\system32\iasnap.dll 2007-04-15 14:33 6,928 --a------ C:\WINNT\system32\KBDCA.DLL 2007-04-15 14:33 57,296 --a------ C:\WINNT\system32\drivers\irda.sys 2007-04-15 14:33 49,936 --a------ C:\WINNT\system32\ixsso.dll 2007-04-15 14:33 441,616 --a------ C:\WINNT\system32\ipnathlp.dll 2007-04-15 14:33 42,809 --a------ C:\WINNT\system32\key01.sys 2007-04-15 14:33 42,537 --a------ C:\WINNT\system32\KEYBOARD.SYS 2007-04-15 14:33 404,752 --a------ C:\WINNT\system32\javart.dll 2007-04-15 14:33 4,368 --a------ C:\WINNT\system32\IPROP.DLL 2007-04-15 14:33 374,032 --a------ C:\WINNT\system32\JET500.DLL 2007-04-15 14:33 304,912 --a------ C:\WINNT\system32\gpedit.dll 2007-04-15 14:33 29,456 --a------ C:\WINNT\system32\INETMIB1.DLL 2007-04-15 14:33 28,944 --a------ C:\WINNT\system32\iasacct.dll 2007-04-15 14:33 269,584 --a------ C:\WINNT\system32\iassdo.dll 2007-04-15 14:33 26,896 --a------ C:\WINNT\hh.exe 2007-04-15 14:33 21,776 --a------ C:\WINNT\system32\HTICONS.DLL 2007-04-15 14:33 207,632 --a------ C:\WINNT\system32\kerberos.dll 2007-04-15 14:33 206,096 --a------ C:\WINNT\system32\infosoft.dll 2007-04-15 14:33 20,752 --a------ C:\WINNT\system32\iasperf.dll 2007-04-15 14:33 19,728 --a------ C:\WINNT\system32\hidserv.exe 2007-04-15 14:33 187,152 --a------ C:\WINNT\system32\javacypt.dll 2007-04-15 14:33 18,192 --a------ C:\WINNT\system32\hid.dll 2007-04-15 14:33 172,304 --a------ C:\WINNT\system32\jview.exe 2007-04-15 14:33 171,280 --a------ C:\WINNT\system32\jit.dll 2007-04-15 14:33 163,088 --a------ C:\WINNT\system32\h323msp.dll 2007-04-15 14:33 158,992 --a------ C:\WINNT\system32\iprtrmgr.dll 2007-04-15 14:33 138,000 --a------ C:\WINNT\system32\INITPKI.DLL 2007-04-15 14:33 121,104 --a------ C:\WINNT\system32\idq.dll 2007-04-15 14:33 118,544 --a------ C:\WINNT\system32\gptext.dll 2007-04-15 14:33 100,624 --a------ C:\WINNT\system32\iassam.dll 2007-04-15 14:32 96,016 --a------ C:\WINNT\system32\clbcatex.dll 2007-04-15 14:32 92,944 --a------ C:\WINNT\system32\dskquota.dll 2007-04-15 14:32 91,920 --a------ C:\WINNT\system32\dnsrslvr.dll 2007-04-15 14:32 89,872 --a------ C:\WINNT\system32\CRYPTDLG.DLL 2007-04-15 14:32 82,704 --a------ C:\WINNT\system32\cmnquery.dll 2007-04-15 14:32 78,096 --a------ C:\WINNT\system32\aclui.dll 2007-04-15 14:32 75,024 --a------ C:\WINNT\system32\cryptsvc.dll 2007-04-15 14:32 74,810 --a------ C:\WINNT\system32\atl.dll 2007-04-15 14:32 74,512 --a------ C:\WINNT\system32\dsauth.dll 2007-04-15 14:32 7,440 --a------ C:\WINNT\system32\control.exe 2007-04-15 14:32 625,936 --a------ C:\WINNT\system32\comuid.dll 2007-04-15 14:32 62,736 --a------ C:\WINNT\system32\adsmsext.dll 2007-04-15 14:32 61,712 --a------ C:\WINNT\system32\dfrgfat.exe 2007-04-15 14:32 591,120 --a------ C:\WINNT\system32\catsrvut.dll 2007-04-15 14:32 552,208 --a------ C:\WINNT\system32\autofmt.exe 2007-04-15 14:32 55,568 --a------ C:\WINNT\system32\esentutl.exe 2007-04-15 14:32 55,568 --a------ C:\WINNT\system32\CLUSAPI.DLL 2007-04-15 14:32 509,712 --a------ C:\WINNT\system32\clbcatq.dll 2007-04-15 14:32 50,620 --a------ C:\WINNT\system32\command.com 2007-04-15 14:32 50,448 --a------ C:\WINNT\system32\fdeploy.dll 2007-04-15 14:32 5,904 --a------ C:\WINNT\system32\dllhst3g.exe 2007-04-15 14:32 49,936 --a------ C:\WINNT\system32\browser.dll 2007-04-15 14:32 475,408 --a------ C:\WINNT\system32\CRYPT32.DLL 2007-04-15 14:32 45,328 --a------ C:\WINNT\system32\EVENTLOG.DLL 2007-04-15 14:32 45,328 --a------ C:\WINNT\system32\cmstp.exe 2007-04-15 14:32 442,640 --a------ C:\WINNT\system32\CRYPTUI.DLL 2007-04-15 14:32 43,280 --a------ C:\WINNT\system32\dmutil.dll 2007-04-15 14:32 422,160 --a------ C:\WINNT\system32\certmgr.dll 2007-04-15 14:32 42,768 --a------ C:\WINNT\system32\dfrgsnap.dll 2007-04-15 14:32 42,768 --a------ C:\WINNT\system32\CRYPTNET.DLL 2007-04-15 14:32 41,744 --a------ C:\WINNT\system32\dsfolder.dll 2007-04-15 14:32 402,704 --a------ C:\WINNT\system32\cdonts.dll 2007-04-15 14:32 380,688 --a------ C:\WINNT\system32\expsrv.dll 2007-04-15 14:32 37,648 --a------ C:\WINNT\system32\colbact.dll 2007-04-15 14:32 36,112 --a------ C:\WINNT\system32\cipher.exe 2007-04-15 14:32 33,040 --a------ C:\WINNT\system32\dbmsspxn.dll 2007-04-15 14:32 33,040 --a------ C:\WINNT\system32\dbmsadsn.dll 2007-04-15 14:32 316,176 --a------ C:\WINNT\system32\dmconfig.dll 2007-04-15 14:32 31,504 --a------ C:\WINNT\system32\atmlib.dll 2007-04-15 14:32 306,448 --a------ C:\WINNT\system32\dhcpmon.dll 2007-04-15 14:32 3,856 --a------ C:\WINNT\system32\COMCAT.DLL 2007-04-15 14:32 297,232 --a------ C:\WINNT\system32\dsprop.dll 2007-04-15 14:32 294,160 --a------ C:\WINNT\system32\filemgmt.dll 2007-04-15 14:32 287,856 --a------ C:\WINNT\system32\atmfd.dll 2007-04-15 14:32 28,432 --a------ C:\WINNT\system32\dssec.dll 2007-04-15 14:32 265,488 --a------ C:\WINNT\system32\dxmrtp.dll 2007-04-15 14:32 25,872 --a------ C:\WINNT\system32\conime.exe 2007-04-15 14:32 242,960 --a------ C:\WINNT\explorer.exe 2007-04-15 14:32 24,848 --a------ C:\WINNT\system32\ds32gt.dll 2007-04-15 14:32 239,376 --a------ C:\WINNT\system32\cscui.dll 2007-04-15 14:32 230,672 --a------ C:\WINNT\system32\es.dll 2007-04-15 14:32 23,824 --a------ C:\WINNT\system32\at.exe 2007-04-15 14:32 226,576 --a------ C:\WINNT\system32\avtapi.dll 2007-04-15 14:32 221,968 --a------ C:\WINNT\system32\devmgr.dll 2007-04-15 14:32 22,288 --a------ C:\WINNT\system32\cmutil.dll 2007-04-15 14:32 219,920 --a------ C:\WINNT\system32\confmsp.dll 2007-04-15 14:32 200,976 --a------ C:\WINNT\system32\FONTEXT.DLL 2007-04-15 14:32 200,976 --a------ C:\WINNT\system32\adsnt.dll 2007-04-15 14:32 20,752 --a------ C:\WINNT\system32\batmeter.dll 2007-04-15 14:32 2,524,944 --a------ C:\WINNT\system32\cdosys.dll 2007-04-15 14:32 193,808 --a------ C:\WINNT\system32\cmdial32.dll 2007-04-15 14:32 187,152 --a------ C:\WINNT\system32\eudcedit.exe 2007-04-15 14:32 185,616 --a------ C:\WINNT\system32\faxt30.dll 2007-04-15 14:32 179,472 --a------ C:\WINNT\system32\activeds.dll 2007-04-15 14:32 174,864 --a------ C:\WINNT\system32\dmdlgs.dll 2007-04-15 14:32 166,160 --a------ C:\WINNT\system32\catsrv.dll 2007-04-15 14:32 164,112 --a------ C:\WINNT\system32\adsnds.dll 2007-04-15 14:32 163,600 --a------ C:\WINNT\system32\dmdskmgr.dll 2007-04-15 14:32 163,088 --a------ C:\WINNT\system32\dbghelp.dll 2007-04-15 14:32 16,144 --a------ C:\WINNT\system32\diskcopy.dll 2007-04-15 14:32 159,807 --a------ C:\WINNT\system32\cmprops.dll 2007-04-15 14:32 157,456 --a------ C:\WINNT\system32\els.dll 2007-04-15 14:32 156,944 --a------ C:\WINNT\system32\dsquery.dll 2007-04-15 14:32 156,944 --a------ C:\WINNT\system32\ciadmin.dll 2007-04-15 14:32 15,120 --a------ C:\WINNT\system32\faxdrv.dll 2007-04-15 14:32 147,728 --a------ C:\WINNT\system32\dmadmin.exe 2007-04-15 14:32 146,192 --a------ C:\WINNT\system32\dskquoui.dll 2007-04-15 14:32 144,144 --a------ C:\WINNT\system32\DSSBASE.DLL 2007-04-15 14:32 143,632 --a------ C:\WINNT\system32\ASYCFILT.DLL 2007-04-15 14:32 14,096 --a------ C:\WINNT\system32\diskperf.exe 2007-04-15 14:32 138,000 --a------ C:\WINNT\system32\faxui.dll 2007-04-15 14:32 133,392 --a------ C:\WINNT\system32\certcli.dll 2007-04-15 14:32 130,832 --a------ C:\WINNT\system32\CLUSTER.EXE 2007-04-15 14:32 130,832 --a------ C:\WINNT\system32\adsldpc.dll 2007-04-15 14:32 13,072 --a------ C:\WINNT\system32\dmintf.dll 2007-04-15 14:32 13,072 --a------ C:\WINNT\system32\CHKNTFS.EXE 2007-04-15 14:32 123,152 --a------ C:\WINNT\system32\adsldp.dll 2007-04-15 14:32 122,368 --a------ C:\WINNT\system32\dmdskres.dll 2007-04-15 14:32 12,560 --a------ C:\WINNT\system32\dmserver.dll 2007-04-15 14:32 119,568 --a------ C:\WINNT\system32\appmgmts.dll 2007-04-15 14:32 113,936 --a------ C:\WINNT\system32\DCOMCNFG.EXE 2007-04-15 14:32 112,400 --a------ C:\WINNT\system32\adsnw.dll 2007-04-15 14:32 112,336 --a------ C:\WINNT\system32\cdm.dll 2007-04-15 14:32 110,352 --a------ C:\WINNT\system32\dsuiext.dll 2007-04-15 14:32 101,136 --a------ C:\WINNT\system32\cscdll.dll 2007-04-15 14:32 10,512 --a------ C:\WINNT\system32\dmremote.exe 2007-04-15 14:32 10,000 --a------ C:\WINNT\system32\autolfn.exe 2007-04-15 14:32 1,776,456 -ra------ C:\WINNT\system32\dtcsetup.exe 2007-04-15 14:32 1,439,504 --a------ C:\WINNT\system32\comsvcs.dll 2007-04-15 14:32 1,137,936 --a------ C:\WINNT\system32\esent.dll 2007-04-15 13:59 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Uniblue 2007-04-15 03:35 <DIR> d-------- C:\DOCUME~1\NEWUSE~1\APPLIC~1\Google 2007-04-15 03:34 <DIR> d-------- C:\Program Files\Google 2007-04-14 17:28 <DIR> d-------- C:\DOCUME~1\Jeanne\APPLIC~1\Intuit 2007-04-14 13:32 <DIR> d-------- C:\Program Files\Alien Skin 2007-04-14 01:53 <DIR> d-------- C:\Program Files\Jasc Software Inc (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-13 01:28:00 -------- d-----w C:\Program Files\Oberon Media 2007-05-13 00:25:31 -------- d-----w C:\Program Files\SmileyPad 2007-05-06 07:19:53 -------- d-----w C:\Program Files\microsoft frontpage 2007-04-30 15:46:10 745,600 ----a-w C:\WINNT\system32\aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w C:\WINNT\system32\drivers\aswmon.sys 2007-04-30 15:41:42 94,552 ----a-w C:\WINNT\system32\drivers\aswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w C:\WINNT\system32\drivers\aswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w C:\WINNT\system32\drivers\aswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w C:\WINNT\system32\drivers\aavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w C:\WINNT\system32\AVASTSS.scr 2007-04-30 07:27:55 -------- d-----w C:\Program Files\Common Files\Real 2007-04-30 07:27:15 -------- d-----w C:\Program Files\Real 2007-04-20 09:11:17 -------- d-----w C:\Program Files\Mystery Case Files - Ravenhearst 2007-04-15 21:41:29 -------- d-----w C:\Program Files\Windows NT 2007-04-15 10:34:51 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-04-15 08:41:51 -------- d-----w C:\Program Files\Opera 2007-04-13 21:51:37 -------- d-----w C:\DOCUME~1\NEWUSE~1\APPLIC~1\Help 2007-04-13 03:49:13 90,624 ----a-w C:\WINNT\system32\ecFCI.dll 2007-04-13 03:49:13 104,448 ----a-w C:\WINNT\system32\ecFDI.dll 2007-04-12 22:33:34 8,704 ----a-w C:\WINNT\system32\sporder.dll 2007-04-12 22:00:19 -------- d--ha-w C:\Program Files\WindowsUpdate 2007-04-12 06:11:50 -------- d-----w C:\Program Files\Browser MOUSE 2007-04-11 21:16:03 50,688 ----a-w C:\WINNT\system32\rpcrt3.dll 2007-04-10 19:42:36 -------- d--h--w C:\Program Files\QMgr 2007-04-10 19:42:23 -------- d-----w C:\Program Files\MSN Messenger 2007-04-10 19:42:20 -------- d-----w C:\Program Files\Messenger 2007-04-09 21:20:56 -------- d-----w C:\Program Files\Ares 2007-04-09 21:02:57 57,344 ----a-w C:\WINNT\uneng.exe 2007-04-09 21:02:57 -------- d-----w C:\Program Files\Common Files\Adaptec Shared 2007-04-09 21:02:56 49,152 ----a-w C:\WINNT\system32\cdrtc.dll 2007-04-09 21:02:55 45,056 ----a-w C:\WINNT\system32\cdral.dll 2007-04-09 09:43:01 -------- d-----w C:\Program Files\Common Files\Sandlot Shared 2007-04-09 09:01:35 1,636 ----a-w C:\WINNT\system32\d3d9caps.dat 2007-04-08 05:49:40 -------- d-----w C:\DOCUME~1\NEWUSE~1\APPLIC~1\Opera 2007-04-08 01:41:50 -------- d-----w C:\Program Files\BFG 2007-04-08 00:37:06 1,933,312 ----a-w C:\WINNT\system32\Tropix.scr 2007-04-08 00:32:08 774,144 ----a-w C:\Program Files\RngInterstitial.dll 2007-04-08 00:28:14 -------- d-----w C:\Program Files\Sierra On-Line 2007-04-08 00:28:13 -------- d-----w C:\Program Files\WON 2007-04-08 00:20:54 -------- d-----w C:\DOCUME~1\NEWUSE~1\APPLIC~1\Intuit 2007-04-08 00:20:32 -------- d-----w C:\Program Files\ItsDeductible2006 2007-04-08 00:19:59 -------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0 2007-04-08 00:19:52 -------- d-----w C:\Program Files\Common Files\InstallShield 2007-04-08 00:17:21 -------- d-----w C:\Program Files\Common Files\Intuit 2007-04-08 00:15:59 -------- d-----w C:\Program Files\TurboTax 2007-04-08 00:15:40 -------- d-----w C:\DOCUME~1\NEWUSE~1\APPLIC~1\InstallShield 2007-04-07 23:01:34 -------- d-----w C:\Program Files\Alwil Software 2007-04-07 22:49:49 -------- d-----w C:\DOCUME~1\NEWUSE~1\APPLIC~1\FastStone 2007-04-07 22:49:45 -------- d-----w C:\Program Files\FastStone Capture 2007-04-07 22:45:03 -------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint 2007-04-07 22:44:30 -------- d-----w C:\Program Files\ABBYY FineReader 6.0 2007-04-07 22:44:03 -------- d-----w C:\Program Files\FaxTools 2007-04-07 22:41:38 -------- d-----w C:\Program Files\Lexmark 1200 Series 2007-04-07 21:21:31 -------- d-----w C:\Program Files\BroadJump 2007-04-07 21:21:30 -------- d-----w C:\Program Files\Common Files\Motive 2007-04-07 21:20:37 4,504,130 ----a-w C:\BellSouthIW.reg 2007-03-09 21:51:27 2,818 ----a-w C:\WINNT\mozver.dat 2007-03-07 00:14:07 -------- d-----w C:\Program Files\Creative 2007-02-06 23:35:38 0 ----a-w C:\WINNT\nsreg.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1}=C:\WINNT\system32\pmnnnol.dll [07-05-13 09:00 ] {CEC128C2-095E-4AFA-8B3D-1CD8BCCEE5DC}=C:\WINNT\System32\awvtt.dll [07-05-13 21:17 ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe" "FLMOFFICE4DMOUSE"="C:\\Program Files\\Browser MOUSE\\mouse32a.exe" "Synchronization Manager"="mobsync.exe /logon" "NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-04-30 08:42 ] "FLMOFFICE4DMOUSE"="C:\Program Files\Browser MOUSE\mouse32a.exe" [07-04-11 23:11 ] "Synchronization Manager"="mobsync.exe" [01-05-08 05:00 C:\WINNT\system32\mobsync.exe]) "NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [01-07-09 11:50 ] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07-04-30 00:27 ] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06-10-07 05:20 ] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Uniblue Registry Booster2"="C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe" [] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe" [05-02-25 17:28 ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Uniblue Registry Booster2"="C:\\Program Files\\Uniblue\\RegistryBooster2\\RegistryBooster.exe /S" "PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\Nero\\data\\Xtras\\mssysmgr.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [06-12-20 12:55 ] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [06-09-28 07:13 ] "{8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1}"="C:\WINNT\system32\pmnnnol.dll" [07-05-13 09:00 ] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtt HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnnol HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc1 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\runtime2.sys HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^start menu^programs^startup^winzip quick pick.lnk C:\PROGRA~1\WinZip\WZQKPICK.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjcfd C:\Program Files\BroadJump\Client Foundation\CFD.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hotkeyscmds C:\WINNT\System32\hkcmd.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray C:\WINNT\System32\igfxtray.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lexmark 1200 series "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\loadqm loadqm.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\promon.exe PROMon.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\synchronization manager mobsync.exe /logon [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Messenger"=dword:00000002 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] rpcss RpcSs\0\0 wugroup wuauserv\0\0 BITSgroup BITS\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost WmdmPmSN ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070513-230951-491 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30acbc57336159...ip/RdxIE601.cab backup-20070513-230951-915 O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINNT\System32\dvpvlwpd.dll",realset backup-20070513-210030-977 O20 - Winlogon Notify: rpcc1 - C:\WINNT\System32\rpcc1.dll backup-20070513-210030-246 O20 - Winlogon Notify: pmnnnol - C:\WINNT\SYSTEM32\pmnnnol.dll backup-20070513-210030-454 O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll (file missing) backup-20070513-205826-115 O2 - BHO: (no name) - {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1} - C:\WINNT\system32\pmnnnol.dll backup-20070513-205815-232 O20 - Winlogon Notify: vtutr - C:\WINNT\System32\vtutr.dll (file missing) backup-20070513-205815-355 O20 - Winlogon Notify: rpcc1 - C:\WINNT\System32\rpcc1.dll backup-20070513-205815-366 O20 - Winlogon Notify: pmnnnol - C:\WINNT\SYSTEM32\pmnnnol.dll backup-20070513-205815-587 O2 - BHO: C:\WINNT\System32\fs6ehnf8jd.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - C:\WINNT\System32\fs6ehnf8jd.dll backup-20070513-205815-201 O2 - BHO: (no name) - {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1} - C:\WINNT\System32\pmnnnol.dll backup-20070513-102529-725 O20 - Winlogon Notify: pmnnnol - C:\WINNT\SYSTEM32\pmnnnol.dll backup-20070513-102512-141 O20 - Winlogon Notify: rqrommj - C:\WINNT\SYSTEM32\rqrommj.dll backup-20070513-102512-579 O20 - Winlogon Notify: pmnnnol - C:\WINNT\SYSTEM32\pmnnnol.dll backup-20070513-102512-747 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL backup-20070513-102512-905 O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - (no file) backup-20070513-102512-864 O2 - BHO: (no name) - {8D5849A2-93F3-429D-FF34-260A2068897C} - (no file) backup-20070513-095221-867 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe backup-20070513-095152-298 O4 - HKLM\..\Run: [startdrv] C:\WINNT\Temp\startdrv.exe backup-20070513-090719-761 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe backup-20070513-090435-770 O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe backup-20070513-090434-428 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab backup-20070513-090434-998 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab backup-20070513-085716-527 O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) backup-20070513-085716-382 O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-8.0.1.23/worl...class-en_US.cab backup-20070513-085716-566 O23 - Service: ieupdater2 (Microsoft IEUpdater2) - Unknown owner - C:\Documents and Settings\Jeanne\Start Menu\Programs\Startup\MSWin--1213653088.exe backup-20070513-085716-640 O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) backup-20070513-085716-691 O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-8.0.2.32/whac...kdown-en_US.cab backup-20070513-085716-497 O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-8.0.2.32/word...homp2-en_US.cab backup-20070513-085716-915 O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.1.32/memo...ories-en_US.cab backup-20070513-085716-830 O16 - DPF: Vaults of Atlantis Slots by pogo - http://game1.
  9. Unfortunately, I am having to reply to you via safemode w/ networking. Once I finished the AVG scan and rebooted. my normal desktop no longer loads properly. What is happening is: my background image loads, the taskbar loads up, after a minute or so, my avast icons appear by the clock, then my screen starts flashing really fast between that screen, and the big white "Active Recovery Desktop" screen. It wont let me click on the button to reactivate it. I have tried rebooting 3 times and it happens every time. So...on that note..lol, here is what I am actually able to give you at the moment: ~~~~~~~~~~~~~~~~~~~ SDFix Report.txt: SDFix: Version 1.83 Run by kimmie - Sun 05/13/2007 - 23:19:30.32 Microsoft Windows 2000 [Version 5.00.2195] Running From: C:\DOCUME~1\NEWUSE~1\Desktop\HOUSEC~1\SDFix Safe Mode: Checking Services: Name: kprof NDnet1 poof Runtime ImagePath: \??\C:\WINNT\System32\kprof \??\C:\WINNT\System32\ksys.sys \??\C:\WINNT\System32\poof \??\C:\WINNT\System32\drivers\runtime.sys kprof - Deleted NDnet1 - Deleted poof - Deleted Killing PID 144 'smss.exe' Killing PID 196 'winlogon.exe' Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\Documents and Settings\All Users\Documents\Settings\partnership.dll~ - Deleted C:\WINNT\bot.exe - Deleted C:\WINNT\system32\6_exception.nls - Deleted C:\WINNT\system32\form.txt - Deleted C:\WINNT\system32\info.txt - Deleted C:\WINNT\system32\koos.exe - Deleted C:\WINNT\system32\kprof - Deleted C:\WINNT\system32\ksys.sys - Deleted C:\WINNT\system32\poof - Deleted C:\WINNT\system32\RunOnce2.t__ - Deleted C:\WINNT\system32\RunOnce2.tm_ - Deleted C:\WINNT\Temp\removalfile.bat - Deleted Folder C:\Program Files\InetGet2 - Removed Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINNT\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINNT\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Backups Folder: - C:\DOCUME~1\NEWUSE~1\Desktop\HOUSEC~1\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\WINNT\system32\awvtt.dll C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe C:\Program Files\Nero\data\Nero PhotoShow Express.exe C:\WINNT\uccspecc.sys C:\WINNT\system32\nqtwa.tmp C:\WINNT\system32\rtutv.tmp Finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AVG AS report: Unavailable - I selected the option to create a report after each scan, but when I went to the reports section it said there were "No Reports Available". I can tell you what it found and deleted though: Adware.Virtumundo - c:\WINNT\System32\pmnnnol.dll = 10 entries Logger.BZup.ip - adv007.exe - 1 entry Proxy.Wopla.ag - found in SDFix backup.zip - 1 entry Downloader.Murlo.fd - 2 entries (1 in SDFIX backup.zip, 1 in a prior HJT backup file) Proxy.small - 1 entry found in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ComboFix.exe Report: Unavailable - 404 Error on the link you provided. I tried doing a google search for that file, but I got the same error when I tried downloading it from techguy forums and bleeping computer. (edit: I was able to actually ge this program downloaded. See next post for log. Warning: ts HUGE..lol) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ HJT Log: unavailable - I can run the "scan only", but when I tell it to run the "scan and save log file", it runs the scan then my computer reboots all by itself..lol. (tried this twice before replying here). I CAN however tell you that the instances you had me fix are no longer appearing in the log. (I know you dont like screenshots but I can do one if you need me to ) (edit#1 : I also cant use IE in safemode anymore. It wont stay open..lol. Good thing I have FF and Opera here huh? Edit #2 - I now have my desktop back after completing the ComboFix.exe scan, however, now, whenever I run IE, or open a folder that uses IE, AVG pops up saying it has found Adware.Virtumonde - C:\WINNT\system32\pmnnnol.dll)
  10. the link you gave me for SDFix was broken and sent me to a page that said this: Multiple Choices The document name you requested (/RemovalTools/SDFix.zip) could not be found on this server. However, we found documents with names similar to the one you requested. Available documents: /RemovalTools/SDFix.exe (common basename) Please consider informing the owner of the referring page about the broken link. Is it ok to click on the above link? lol. I'm afraid to click on anything at this point..haha. [edit: was able to get the program downloaded]
  11. SUPERAntispyware log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/13/2007 at 08:40 PM Application Version : 3.7.1018 Core Rules Database Version : 3223 Trace Rules Database Version: 1234 Scan type : Complete Scan Total Scan Time : 01:31:32 Memory items scanned : 313 Memory threats detected : 5 Registry items scanned : 4059 Registry threats detected : 42 File items scanned : 21322 File threats detected : 80 Trojan.Net-Partnership/WL-Resident C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL C:\DOCUMENTS AND SETTINGS\ALL USERS\DOCUMENTS\SETTINGS\PARTNERSHIP.DLL C:\WINNT\TEMP\PAR1A75.TMP C:\WINNT\TEMP\PAR1A75.TMP Adware.Vundo Variant C:\WINNT\SYSTEM32\VTUTR.DLL C:\WINNT\SYSTEM32\VTUTR.DLL HKLM\Software\Classes\CLSID\{35473C24-2956-4E9C-82BB-FDDB45AE21C0} HKCR\CLSID\{35473C24-2956-4E9C-82BB-FDDB45AE21C0} HKCR\CLSID\{35473C24-2956-4E9C-82BB-FDDB45AE21C0}\InprocServer32 HKCR\CLSID\{35473C24-2956-4E9C-82BB-FDDB45AE21C0}\InprocServer32#ThreadingModel HKLM\Software\Classes\CLSID\{E666AA1E-2E93-466B-B4B7-EEABD025F778} HKCR\CLSID\{E666AA1E-2E93-466B-B4B7-EEABD025F778} HKCR\CLSID\{E666AA1E-2E93-466B-B4B7-EEABD025F778}\InprocServer32 HKCR\CLSID\{E666AA1E-2E93-466B-B4B7-EEABD025F778}\InprocServer32#ThreadingModel C:\WINNT\SYSTEM32\VTSQQ.DLL HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35473C24-2956-4E9C-82BB-FDDB45AE21C0} Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\vtutr C:\WINNT\SYSTEM32\VTURS.DLL Trojan.Downloader-SVCHOTS C:\WINNT\TEMP\SVCHOTS.EXE C:\WINNT\TEMP\SVCHOTS.EXE [Restore Operation] C:\WINNT\TEMP\SVCHOTS.EXE Trojan.IP6FW/Rootkit-Installer C:\WINNT\SYSTEM32\UPDATE92774612.EXE C:\WINNT\SYSTEM32\UPDATE92774612.EXE C:\WINNT\SYSTEM32\UPDATE01809019.EXE C:\WINNT\SYSTEM32\UPDATE02580498.EXE C:\WINNT\SYSTEM32\UPDATE06281259.EXE C:\WINNT\SYSTEM32\UPDATE08619119.EXE C:\WINNT\SYSTEM32\UPDATE11441057.EXE C:\WINNT\SYSTEM32\UPDATE19301856.EXE C:\WINNT\SYSTEM32\UPDATE23224742.EXE C:\WINNT\SYSTEM32\UPDATE23870810.EXE C:\WINNT\SYSTEM32\UPDATE27541234.EXE C:\WINNT\SYSTEM32\UPDATE28354053.EXE C:\WINNT\SYSTEM32\UPDATE28678585.EXE C:\WINNT\SYSTEM32\UPDATE30555214.EXE C:\WINNT\SYSTEM32\UPDATE32407496.EXE C:\WINNT\SYSTEM32\UPDATE36285409.EXE C:\WINNT\SYSTEM32\UPDATE38418056.EXE C:\WINNT\SYSTEM32\UPDATE40879481.EXE C:\WINNT\SYSTEM32\UPDATE42068334.EXE C:\WINNT\SYSTEM32\UPDATE46784346.EXE C:\WINNT\SYSTEM32\UPDATE47406131.EXE C:\WINNT\SYSTEM32\UPDATE60488296.EXE C:\WINNT\SYSTEM32\UPDATE62074855.EXE C:\WINNT\SYSTEM32\UPDATE64837560.EXE C:\WINNT\SYSTEM32\UPDATE64977311.EXE C:\WINNT\SYSTEM32\UPDATE65020841.EXE C:\WINNT\SYSTEM32\UPDATE70289231.EXE C:\WINNT\SYSTEM32\UPDATE74025176.EXE C:\WINNT\SYSTEM32\UPDATE77431841.EXE C:\WINNT\SYSTEM32\UPDATE86153193.EXE C:\WINNT\SYSTEM32\UPDATE88028614.EXE C:\WINNT\SYSTEM32\UPDATE89892398.EXE C:\WINNT\SYSTEM32\UPDATE93084374.EXE C:\WINNT\SYSTEM32\UPDATE97003829.EXE C:\WINNT\TEMP\STARTDRV.EXE Trojan.Downloader-Gen/Rootkit-M7 HKLM\System\ControlSet001\Services\EXAMPLE C:\WINNT\SYSTEM32\MAIN.SYS HKLM\System\CurrentControlSet\Services\EXAMPLE Adware.Tracking Cookie C:\Documents and Settings\new user\Cookies\kimmie@pro-market[1].txt C:\Documents and Settings\new user\Cookies\kimmie@cpvfeed[2].txt C:\Documents and Settings\new user\Cookies\kimmie@findwhat[1].txt C:\Documents and Settings\new user\Cookies\kimmie@1072714790[1].txt Trojan.Net-Partnership/WL HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#DllName HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Startup HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Impersonate HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\partnershipreg#Asynchronous Trojan.Downloader-Gen/SVCHost-Fake HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICROSOFT_IEUPDATER2\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2 HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2#Type HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2#Start HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2#ObjectName HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2\Security HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2\Enum HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\Microsoft IEUpdater2\Enum#NextInstance Malware.DriveCleaner C:\DOCUMENTS AND SETTINGS\NEW USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WDY7KTYF\INSTALLDRIVECLEANERSTART[1].EXE Trojan.Downloader-Gen/Upd-NoEM C:\WINNT\SYSTEM32\UPDATE03284046.EXE C:\WINNT\SYSTEM32\UPDATE04080293.EXE C:\WINNT\SYSTEM32\UPDATE05401733.EXE C:\WINNT\SYSTEM32\UPDATE05724457.EXE C:\WINNT\SYSTEM32\UPDATE10358547.EXE C:\WINNT\SYSTEM32\UPDATE15952796.EXE C:\WINNT\SYSTEM32\UPDATE19684843.EXE C:\WINNT\SYSTEM32\UPDATE23297389.EXE C:\WINNT\SYSTEM32\UPDATE26583367.EXE C:\WINNT\SYSTEM32\UPDATE28749101.EXE C:\WINNT\SYSTEM32\UPDATE30381083.EXE C:\WINNT\SYSTEM32\UPDATE34881247.EXE C:\WINNT\SYSTEM32\UPDATE35771947.EXE C:\WINNT\SYSTEM32\UPDATE37068039.EXE C:\WINNT\SYSTEM32\UPDATE37736545.EXE C:\WINNT\SYSTEM32\UPDATE45701855.EXE C:\WINNT\SYSTEM32\UPDATE48014295.EXE C:\WINNT\SYSTEM32\UPDATE51570396.EXE C:\WINNT\SYSTEM32\UPDATE51898474.EXE C:\WINNT\SYSTEM32\UPDATE57724978.EXE C:\WINNT\SYSTEM32\UPDATE58614410.EXE C:\WINNT\SYSTEM32\UPDATE61903845.EXE C:\WINNT\SYSTEM32\UPDATE63659190.EXE C:\WINNT\SYSTEM32\UPDATE64165389.EXE C:\WINNT\SYSTEM32\UPDATE68731342.EXE C:\WINNT\SYSTEM32\UPDATE68791722.EXE C:\WINNT\SYSTEM32\UPDATE71687270.EXE C:\WINNT\SYSTEM32\UPDATE73006745.EXE C:\WINNT\SYSTEM32\UPDATE75287561.EXE C:\WINNT\SYSTEM32\UPDATE91754238.EXE C:\WINNT\SYSTEM32\UPDATE93443189.EXE C:\WINNT\SYSTEM32\UPDATE93503116.EXE C:\WINNT\SYSTEM32\UPDATE97103777.EXE Trojan.WinFixer C:\WINNT\SYSTEM32\VTSQN.DLL
  12. I am LOADED with WIN32 trojans. I just had you help me get rid of this crap a few weeks ago and more is back. I think I have most of my system cleaned up but there are a few things lingering that I cant seem to get rid of. In my WINNT folder, there are APP files that avast and SUPERAntispyware both keep finding - it goes through the motions of deleting them, but in actuality they dont get deleted. The file names are simply #'s except for one. They are calling them: Win32:Small-EPJ. The file names are: 104750.exe 99046.exe 99093.exe 1078590.exe startdrv.exe The minute I try to manually delete any of these Avast pops up saying ANOTHER one has been found. . There are also entried in my System32 folder that are causing issues (BHO's). I already ran VundoFix - it found these exact files, and claimed to delete them - they are still there..lol. Tried to have HJT fix them, nogo. they keep showing back up. Here is my HJT log: Logfile of HijackThis v1.99.1 Scan saved at 11:22:46 AM, on 5/13/2007 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\hidserv.exe C:\WINNT\System32\NMSSvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Alwil Software\Avast4\ashLogV.exe C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE C:\Documents and Settings\new user\Desktop\House Cleaning\HijackThis\HijackThis.exe O2 - BHO: (no name) - {6D125317-C54E-45EF-B816-B1F248E6FF33} - C:\WINNT\System32\vtutr.dll (file missing) O2 - BHO: (no name) - {76D3BB21-CB03-4CEB-A9E9-4E0BF7D69C45} - (no file) O2 - BHO: (no name) - {8BE3050F-AD0F-4AB2-BB9A-83AF2E0E70F1} - C:\WINNT\System32\pmnnnol.dll O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINNT\System32\cyvvxguh.dll O2 - BHO: (no name) - {E666AA1E-2E93-466B-B4B7-EEABD025F778} - C:\WINNT\System32\vtsqq.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINNT\System32\whwgtvhr.dll",realset O4 - HKCU\..\Run: [uniblue Registry Booster2] C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe /S O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30acbc57336159...ip/RdxIE601.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1176325425234 O20 - Winlogon Notify: pmnnnol - C:\WINNT\SYSTEM32\pmnnnol.dll O20 - Winlogon Notify: vtutr - C:\WINNT\System32\vtutr.dll (file missing) O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: IntelĀ® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
  13. lol. yeah yeah yeah I know. Keygens are a . Believe you, me. I am PAYING for it..lol. Well, Aaflac and I seem to be getting my system cleaned up pretty good http://forums.pcpitstop.com/index.php?show...view=getnewpost. I am able to utilize HJT AND Silent Runners now. . It seems I had some pretty nasty variants of VUNDO, among OTHER things, and ALL from this one particular website . Thanks for all your feedback -Kimmie
  14. Yeah I was thinking Root Kit... or perhaps I have been tagged with VUNDO. I was able to post a screenshot of the majority of my HJT log so I am gonna wait on that and see what happens. GUYS AND GALS ----do NOT ever go to a keygen site! I did a search on google looking for a specific keygen and as soon as I hit the website all this happened. I never even downloaded anything from the site. I cant even get Silent Runners to run properly on my system . Thanks for all the feedback and I will repost back here with my solution...
  15. Ok maybe I wasnt clear in my initial post..lol. I cannot create a HijackThis log file for posting here. WHen I try running "Scan and Save Log", it generates the error you see below. I can run JUST a scan, but when I try to save THAT log file, I get the same error. Here is what I have tried to do so far: Tried unstalling the HijackThis I already had, and reinstall the one you gave me. Nogo. This error generates every time I try to run it. Also tried renaming the file to "Kimmie.exe" as someone suggested. Nogo. Same Error. It also wont save the log file. I am about to try Safe Mode and see if I can get rid of it there. Since this bugger is embedded in memory, I have a feeling that an OS reinstall is going to have to occur, as this is almost always the ONLY way to get rid of them when they are in memory. (I have now also had to go in to IE and delete several HUNDRED sites listed as "safe" because its doing that too - and is what is initiating all these stupid popups. Deleting them, however, does NOT do any good because this trojan puts them right back in there. I am familiar with HijackThis as I have used it many many times, however, this trojan seems to be to far embedded.
×
×
  • Create New...