Post by: nishi on August 08, 2006, 12:03:00 PM
i been having a problem.. at the choose user part at the starting of my windows, it will pop out a windows and say my comp has been corruptd and this problem i have been troubling for a long.. it is like very 1 or 2 months i format my comp when i got tis trouble.. can u teach me how to get rid of this corrupted bug.. it has been troubling me for close to 1 yr...tnx tnx
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Post by: nishi on August 08, 2006, 12:23:16 PM
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Post by: guestolo on August 08, 2006, 12:24:45 PM
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important
Post by: nishi on August 08, 2006, 12:37:28 PM
Scan saved at 1:37:03 AM, on 8/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F24148E-70C8-4F5B-BCDD-E3CC8369D4CA}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on August 08, 2006, 12:51:17 PM
What I see is lack of Windows Updates!
You leave your computer wide open for attacks
Immediately, for now, can you ensure your firewall is enabled
Use the below link Scroll down to
To enable or disable Internet Connection Firewall
http://www.microsoft.com/windowsxp/using/n...rnmore/icf.mspx (http://\"http://www.microsoft.com/windowsxp/using/networking/learnmore/icf.mspx\")
come back and let me know the exact problem you are having
Post by: nishi on August 08, 2006, 12:59:08 PM
firstly when i switch on my comp.. then at the login windows page(choose urser account) a window will pop up and say my comp files is corrupted.. after i press the 'ok' button another window pop up... and say my comp will run in tempory files or sth.. i cant remember exactly.. after tat my comp will lag the the welcome page.. after a while it prompt me to the desktop... and some of my files was gone.. for eg some movies clip my friend me and i save it at dektop and it is a gone..
hmm this is about it.. if u cant understand which part i trying to say u can msg me again.. i shld be online till 3am.. sorry for the inconvenient causes
/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Post by: guestolo on August 08, 2006, 01:07:27 PM
I'm here in Canada, so I understand the language barrier now
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> your doing fine
Do you have your Windows XP CD?
Is this a legit version of XP?
Your log actually looks good, but
Can you do the following please, I just want to check on something
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply
Along with a fresh hijackthis log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post by: nishi on August 08, 2006, 01:16:18 PM
i think my window cd is not legit..
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> Start Time= Wed 08/09/2006 2:10:57.07
Running from: C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Desktop
QuickScan did not find any signs of infected files
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-08-09 01:37:04 3842 ( A.... ) "C:\Program Files\hijackthis.log"
2006-08-09 01:36:28 218112 ( A.... ) "C:\Program Files\hijackthis.exe"
2006-08-08 20:57:30 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\Real"
2006-08-08 19:39:36 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\AdobeUM"
2006-08-08 19:38:46 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\Adobe"
2006-08-08 13:48:34 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\vlc"
2006-08-08 13:16:42 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\Macromedia"
2006-08-08 13:15:10 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\Google"
2006-08-08 12:56:42 ( .D... ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\Identities"
2006-08-08 12:56:10 ( .DS.. ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\Microsoft"
2006-08-08 00:17:34 ( .D... ) "C:\Program Files\TVUPlayer"
2006-08-06 11:37:36 ( .D... ) "C:\Program Files\Creative"
2006-08-06 09:49:54 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-08-06 09:49:42 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-08-06 09:48:48 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-28 23:58:38 5647 ( A.... ) "C:\Program Files\WinKawaks.ini"
2006-07-28 23:58:38 461 ( A.... ) "C:\Program Files\WinKawaks.rom"
2006-07-27 00:57:00 ( .D... ) "C:\Program Files\sshots"
2006-07-27 00:57:00 ( .D... ) "C:\Program Files\saves"
2006-07-27 00:57:00 ( .D... ) "C:\Program Files\roms"
2006-07-27 00:57:00 ( .D... ) "C:\Program Files\recinput"
2006-07-27 00:56:54 ( .D... ) "C:\Program Files\ini"
2006-07-27 00:56:54 ( .D... ) "C:\Program Files\cheats"
2006-07-27 00:56:54 ( .D... ) "C:\Program Files\capture"
2006-07-27 00:55:36 ( .D... ) "C:\Program Files\tracklst"
2006-07-27 00:55:36 ( .D... ) "C:\Program Files\lang"
2006-07-27 00:55:36 ( .D... ) "C:\Program Files\eeprom"
2006-07-27 00:55:36 ( .D... ) "C:\Program Files\blend"
2006-07-27 00:37:34 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-07-27 00:36:40 ( .D... ) "C:\Program Files\Adobe"
2006-07-25 22:48:28 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-25 21:17:16 ( .D... ) "C:\Program Files\DivX"
2006-07-23 22:55:08 ( .D... ) "C:\Program Files\Alwil Software"
2006-07-23 10:55:42 ( .D... ) "C:\Program Files\Power MP3 WMA Converter"
2006-07-19 19:54:08 ( .D... ) "C:\Program Files\SAMSUNG"
2006-07-16 20:00:20 ( .D... ) "C:\Program Files\softnyx"
2006-07-16 06:22:44 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-16 06:22:42 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-16 06:22:42 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-16 06:22:42 ( .D... ) "C:\Program Files\Common Files"
2006-07-16 06:22:24 62 ( A.SH. ) "C:\Documents and Settings\TEMP.PTS-WEIUMFHZ25Z\Application Data\desktop.ini"
2006-07-16 02:20:52 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-16 02:20:52 ( .D... ) "C:\Program Files\WIZET"
2006-07-16 02:19:58 402603734 ( A.... ) "C:\Program Files\MapleSEA_MSSetup060712a.exe"
2006-07-16 00:08:58 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-16 00:08:34 2855080 ( A.... ) "C:\Program Files\aawsepersonal.exe"
2006-07-15 23:56:36 ( .D... ) "C:\Program Files\Yahoo!"
2006-07-15 23:14:28 139264 ( A.... ) "C:\WINDOWS\War3Unin.exe"
2006-07-15 23:11:50 ( .D... ) "C:\Program Files\Hamachi"
2006-07-15 23:04:22 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-15 22:46:12 ( .D... ) "C:\Program Files\WinAce"
2006-07-15 22:45:02 ( .D... ) "C:\Program Files\Warcraft III"
2006-07-15 22:44:56 729088 ( A.... ) "C:\WINDOWS\iun6002.exe"
2006-07-15 22:44:14 ( .D... ) "C:\Program Files\Google"
2006-07-15 22:43:30 ( .D... ) "C:\Program Files\Alcohol Soft"
2006-07-15 22:41:10 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-15 22:38:04 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-15 22:33:52 ( .D... ) "C:\Program Files\xerox"
2006-07-15 22:33:52 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-15 22:33:32 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-15 22:31:44 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-15 22:31:24 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-15 22:31:22 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-15 22:31:20 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-15 22:31:16 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-15 22:31:14 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-15 22:31:12 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-15 22:31:08 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-15 22:30:34 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-15 22:30:22 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-15 22:30:22 ( .D... ) "C:\Program Files\Online Services"
2006-07-15 22:30:18 ( .D... ) "C:\Program Files\Messenger"
2006-07-15 22:30:12 ( .D... ) "C:\Program Files\MSN"
2006-07-15 22:30:10 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-15 22:30:02 ( .D... ) "C:\Program Files\Windows NT"
2006-06-29 16:56:16 807032 ( A.... ) "C:\WINDOWS\system32\wmv9dmod.dll"
2006-06-02 06:11:08 109568 ( ..... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-06-02 06:11:08 108544 ( ..... ) "C:\WINDOWS\system32\pxcpyi64.exe"
2006-06-02 06:10:26 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-06-02 06:09:58 593920 ( A.... ) "C:\WINDOWS\system32\dpuGUI11.dll"
2006-06-02 06:09:58 344064 ( A.... ) "C:\WINDOWS\system32\dpus11.dll"
2006-06-02 06:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu11.dll"
2006-06-02 06:09:58 294912 ( A.... ) "C:\WINDOWS\system32\dpu10.dll"
2006-06-02 06:09:58 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-06-02 06:09:58 90112 ( A.... ) "C:\WINDOWS\system32\dpl100.dll"
2006-06-02 06:09:58 57344 ( A.... ) "C:\WINDOWS\system32\dpv11.dll"
2006-06-02 06:09:58 53248 ( A.... ) "C:\WINDOWS\system32\dpuGUI10.dll"
2006-06-02 06:07:46 536576 ( A.... ) "C:\WINDOWS\system32\DivXsm.exe"
2006-06-02 06:07:38 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-06-02 06:07:38 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-06-02 06:07:34 245408 ( A.... ) "C:\WINDOWS\system32\unicows.dll"
2006-06-02 06:07:00 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2006-06-02 06:06:58 778240 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2006-06-02 06:06:58 761856 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2006-06-02 06:06:58 619156 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2006-06-02 06:06:34 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-02 06:06:34 12288 ( A.... ) "C:\WINDOWS\system32\DivXWMPExtType.dll"
2006-05-31 17:02:04 624640 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2006-05-31 16:54:36 90112 ( A.... ) "C:\WINDOWS\system32\AVASTSS.scr"
2005-12-01 16:47:48 57140 ( A.... ) "C:\Program Files\whatsnew.txt"
2005-12-01 16:38:58 382029 ( A.... ) "C:\Program Files\WinKawaks.exe"
2005-01-06 23:37:10 21401 ( A.... ) "C:\Program Files\faq.txt"
2002-06-07 22:08:26 720498 ( A.... ) "C:\Program Files\Warcraft III Manual.pdf"
2002-06-07 19:43:04 17120711 ( A.... ) "C:\Program Files\Setup.mpq"
2002-06-07 19:08:56 294912 ( A.... ) "C:\Program Files\install.exe"
2002-06-06 07:29:14 420770794 ( A.... ) "C:\Program Files\War3.mpq"
2002-06-06 06:56:50 61440 ( A.... ) "C:\Program Files\autoplay.exe"
2002-05-27 11:09:56 21630 ( A.... ) "C:\Program Files\War3.ico"
2002-02-13 13:52:38 32256 ( A.... ) "C:\Program Files\kailleraclient.dll"
2002-01-30 21:19:44 2298 ( A.... ) "C:\Program Files\defaultkeysCPS.ini"
2002-01-23 16:04:02 2063 ( A.... ) "C:\Program Files\DefaultWinKawaksINI.zip"
2001-08-12 03:00:22 2294 ( A.... ) "C:\Program Files\defaultkeysMVS.ini"
2001-07-25 01:35:24 2324 ( A.... ) "C:\Program Files\sample_ini_files.zip"
2001-07-23 12:25:04 47 ( A.... ) "C:\Program Files\autorun.inf"
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))
2006-08-06 11:41 41,984 C:\WINDOWS\Ctregrun.exe
2006-08-06 11:37 997,888 C:\WINDOWS\system32\wmvdmoe2.dll
2006-08-06 11:37 892,416 C:\WINDOWS\system32\wmspdmoe.dll
2006-08-06 11:37 82,432 C:\WINDOWS\system32\drmstor.dll
2006-08-06 11:37 816,264 C:\WINDOWS\system32\wmvdmod.dll
2006-08-06 11:37 81,408 C:\WINDOWS\system32\logagent.exe
2006-08-06 11:37 760,968 C:\WINDOWS\system32\wmsdmod.dll
2006-08-06 11:37 678,912 C:\WINDOWS\system32\drmv2clt.dll
2006-08-06 11:37 670,208 C:\WINDOWS\system32\wmadmoe.dll
2006-08-06 11:37 6,656 C:\WINDOWS\system32\laprxy.dll
2006-08-06 11:37 486,536 C:\WINDOWS\system32\wmspdmod.dll
2006-08-06 11:37 384,512 C:\WINDOWS\system32\mp4sdmod.dll
2006-08-06 11:37 316,040 C:\WINDOWS\system32\mp43dmod.dll
2006-08-06 11:37 301,712 C:\WINDOWS\system32\drmclien.dll
2006-08-06 11:37 253,952 C:\WINDOWS\system32\msnetobj.dll
2006-08-06 11:37 241,664 C:\WINDOWS\system32\qasf.dll
2006-08-06 11:37 241,664 C:\WINDOWS\system32\mpg4dmod.dll
2006-08-06 11:37 232,960 C:\WINDOWS\system32\blackbox.dll
2006-08-06 11:37 143,360 C:\WINDOWS\system32\wmidx.dll
2006-08-06 11:37 1,111,040 C:\WINDOWS\system32\wmsdmoe2.dll
2006-07-25 22:48 774,144 C:\WINDOWS\system32\vsfilter.dll
2006-07-25 22:48 77,824 C:\WINDOWS\system32\vorbisfile.dll
2006-07-25 22:48 75,264 C:\WINDOWS\system32\MACDec.dll
2006-07-25 22:48 679,936 C:\WINDOWS\system32\xvidcore.dll
2006-07-25 22:48 61,440 C:\WINDOWS\system32\ogg.dll
2006-07-25 22:48 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-07-25 22:48 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-07-25 22:48 446,464 C:\WINDOWS\system32\vp31vfw.dll
2006-07-25 22:48 438,272 C:\WINDOWS\system32\vp6vfw.dll
2006-07-25 22:48 421,888 C:\WINDOWS\system32\OpenQuicktimeLib.dll
2006-07-25 22:48 413,760 C:\WINDOWS\system32\mpg4c32.dll
2006-07-25 22:48 39,936 C:\WINDOWS\system32\huffyuv.dll
2006-07-25 22:48 368,640 C:\WINDOWS\system32\vobsub.dll
2006-07-25 22:48 344,064 C:\WINDOWS\system32\msvcr70.dll
2006-07-25 22:48 286,720 C:\WINDOWS\system32\3ivxVfWCodec.dll
2006-07-25 22:48 278,528 C:\WINDOWS\system32\pncrt.dll
2006-07-25 22:48 237,568 C:\WINDOWS\system32\OggDS.dll
2006-07-25 22:48 225,280 C:\WINDOWS\system32\qtmlClient.dll
2006-07-25 22:48 19,968 C:\WINDOWS\system32\cpuinf32.dll
2006-07-25 22:48 176,167 C:\WINDOWS\system32\rmoc3260.dll
2006-07-25 22:48 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-25 22:48 155,648 C:\WINDOWS\system32\xvidvfw.dll
2006-07-25 22:48 1,163,264 C:\WINDOWS\system32\vorbis.dll
2006-07-25 22:48 1,040,384 C:\WINDOWS\system32\vorbisenc.dll
2006-07-25 22:48 1,024,000 C:\WINDOWS\system32\3ivx.dll
2006-07-25 21:17 109,568 C:\WINDOWS\system32\pxinsi64.exe
2006-07-25 21:17 108,544 C:\WINDOWS\system32\pxcpyi64.exe
2006-07-23 22:55 90,112 C:\WINDOWS\system32\AVASTSS.scr
2006-07-23 22:55 624,640 C:\WINDOWS\system32\aswBoot.exe
2006-07-23 22:55 499,712 C:\WINDOWS\system32\MSVCP71.dll
2006-07-23 22:55 348,160 C:\WINDOWS\system32\MSVCR71.dll
2006-07-23 22:55 1,060,864 C:\WINDOWS\system32\MFC71.dll
2006-07-16 20:13 4,682 C:\WINDOWS\system32\npptNT2.sys
2006-07-16 06:24 9,759 C:\WINDOWS\system32\HSF_INST.dll
2006-07-16 06:23 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-16 06:23 51,200 C:\WINDOWS\system32\sfman32.dll
2006-07-16 06:23 495,616 C:\WINDOWS\system32\sblfx.dll
2006-07-16 06:23 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-16 06:23 4,096 C:\WINDOWS\system32\ctwdm32.dll
2006-07-16 06:23 256,512 C:\WINDOWS\system32\devcon32.dll
2006-07-16 06:23 24,064 C:\WINDOWS\system32\devldr32.exe
2006-07-16 06:22 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-16 06:22 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-16 06:22 70,656 C:\WINDOWS\system32\storprop.dll
2006-07-16 06:22 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-16 06:22 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-16 06:22 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-16 06:22 6,656 C:\WINDOWS\system32\batt.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-16 06:22 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-16 06:22 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-16 06:22 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-16 06:22 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-16 06:22 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-16 06:22 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-16 06:22 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-16 06:18 805,306,368 C:\pagefile.sys
2006-07-15 23:09 139,264 C:\WINDOWS\War3Unin.exe
2006-07-15 22:45 729,088 C:\WINDOWS\iun6002.exe
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvwrsru.dll
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvwrsptb.dll
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvwrspt.dll
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvwrsit.dll
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvwrses.dll
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvwrsde.dll
2006-07-15 22:41 98,304 C:\WINDOWS\system32\nvrsja.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrstr.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrssk.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrspl.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrsnl.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrshu.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrsfr.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvwrsfi.dll
2006-07-15 22:41 94,208 C:\WINDOWS\system32\nvrsko.dll
2006-07-15 22:41 90,112 C:\WINDOWS\system32\nvwrssv.dll
2006-07-15 22:41 90,112 C:\WINDOWS\system32\nvwrsno.dll
2006-07-15 22:41 90,112 C:\WINDOWS\system32\nvwrsda.dll
2006-07-15 22:41 86,016 C:\WINDOWS\system32\nvwrssl.dll
2006-07-15 22:41 86,016 C:\WINDOWS\system32\nvwrseng.dll
2006-07-15 22:41 86,016 C:\WINDOWS\system32\nvwrscs.dll
2006-07-15 22:41 81,920 C:\WINDOWS\system32\nvwrsar.dll
2006-07-15 22:41 81,920 C:\WINDOWS\system32\nvrszht.dll
2006-07-15 22:41 81,920 C:\WINDOWS\system32\nvrszhc.dll
2006-07-15 22:41 77,824 C:\WINDOWS\system32\nvwrshe.dll
2006-07-15 22:41 622,592 C:\WINDOWS\system32\nvqtwk.dll
2006-07-15 22:41 61,440 C:\WINDOWS\system32\nvwrsko.dll
2006-07-15 22:41 61,440 C:\WINDOWS\system32\nvwrsja.dll
2006-07-15 22:41 61,440 C:\WINDOWS\system32\nvsvc32.exe
2006-07-15 22:41 548,933 C:\WINDOWS\system32\nview.dll
2006-07-15 22:41 49,152 C:\WINDOWS\system32\nvwrszht.dll
2006-07-15 22:41 49,152 C:\WINDOWS\system32\nvwrszhc.dll
2006-07-15 22:41 372,736 C:\WINDOWS\system32\nwiz.exe
2006-07-15 22:41 340,039 C:\WINDOWS\system32\nvshell.dll
2006-07-15 22:41 3,543,642 C:\WINDOWS\system32\nv4_disp.dll
2006-07-15 22:41 278,528 C:\WINDOWS\system32\dmcpl.exe
2006-07-15 22:41 266,240 C:\WINDOWS\system32\nvrshe.dll
2006-07-15 22:41 2,932,736 C:\WINDOWS\system32\nvoglnt.dll
2006-07-15 22:41 2,056,192 C:\WINDOWS\system32\nvcpl.dll
2006-07-15 22:41 139,264 C:\WINDOWS\system32\nvrsel.dll
2006-07-15 22:41 135,168 C:\WINDOWS\system32\nvrspt.dll
2006-07-15 22:41 135,168 C:\WINDOWS\system32\nvrsit.dll
2006-07-15 22:41 135,168 C:\WINDOWS\system32\nvrses.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrstr.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrssk.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrsru.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrsptb.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrsnl.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrshu.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrsfr.dll
2006-07-15 22:41 131,072 C:\WINDOWS\system32\nvrsde.dll
2006-07-15 22:41 126,976 C:\WINDOWS\system32\nvrssv.dll
2006-07-15 22:41 126,976 C:\WINDOWS\system32\nvrspl.dll
2006-07-15 22:41 126,976 C:\WINDOWS\system32\nvrsfi.dll
2006-07-15 22:41 126,976 C:\WINDOWS\system32\nvrsda.dll
2006-07-15 22:41 126,976 C:\WINDOWS\system32\nvrscs.dll
2006-07-15 22:41 122,880 C:\WINDOWS\system32\nvrsno.dll
2006-07-15 22:41 122,880 C:\WINDOWS\system32\nvrseng.dll
2006-07-15 22:41 118,784 C:\WINDOWS\system32\nvrsar.dll
2006-07-15 22:41 110,592 C:\WINDOWS\system32\nvinstnt.dll
2006-07-15 22:41 106,496 C:\WINDOWS\system32\nvwrsel.dll
2006-07-15 22:41 1,290,240 C:\WINDOWS\system32\nvrssl.dll
2006-07-15 22:39 98,304 C:\WINDOWS\system32\msir3jp.dll
2006-07-15 22:39 9,216 C:\WINDOWS\system32\kbdnecAT.dll
2006-07-15 22:39 838,144 C:\WINDOWS\system32\chtbrkr.dll
2006-07-15 22:39 827,438 C:\WINDOWS\system32\imjp81k.dll
2006-07-15 22:39 73,216 C:\WINDOWS\system32\uniime.dll
2006-07-15 22:39 70,656 C:\WINDOWS\system32\korwbrkr.dll
2006-07-15 22:39 7,680 C:\WINDOWS\system32\kbdnecNT.dll
2006-07-15 22:39 7,168 C:\WINDOWS\system32\kbdnec95.dll
2006-07-15 22:39 7,168 C:\WINDOWS\system32\kbdibm02.dll
2006-07-15 22:39 7,168 C:\WINDOWS\system32\f3ahvoas.dll
2006-07-15 22:39 6,656 C:\WINDOWS\system32\kbdlk41a.dll
2006-07-15 22:39 6,144 C:\WINDOWS\system32\kbdlk41j.dll
2006-07-15 22:39 6,144 C:\WINDOWS\system32\kbdax2.dll
2006-07-15 22:39 6,144 C:\WINDOWS\system32\kbd106n.dll
2006-07-15 22:39 6,144 C:\WINDOWS\system32\kbd101a.dll
2006-07-15 22:39 6,144 C:\WINDOWS\system32\kbd101.dll
2006-07-15 22:39 218,112 C:\WINDOWS\system32\c_g18030.dll
2006-07-15 22:39 1,677,824 C:\WINDOWS\system32\chsbrkr.dll
2006-07-15 22:38 8,704 C:\WINDOWS\system32\kbdjpn.dll
2006-07-15 22:38 8,192 C:\WINDOWS\system32\kbdkor.dll
2006-07-15 22:38 6,656 C:\WINDOWS\system32\c_is2022.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\kbdth3.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\kbdth2.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\kbdinpun.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\kbd106.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\kbd101c.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\kbd101b.dll
2006-07-15 22:38 6,144 C:\WINDOWS\system32\ftlx041e.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdvntc.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdusa.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdurdu.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdth1.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdth0.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdsyr2.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdsyr1.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdintel.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdintam.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdinmar.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdinkan.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdinhin.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdinguj.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdindev.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdheb.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbdfa.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbddiv2.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbddiv1.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbda3.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbda2.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbda1.dll
2006-07-15 22:38 5,632 C:\WINDOWS\system32\kbd103.dll
2006-07-15 22:38 5,120 C:\WINDOWS\system32\kbdgeo.dll
2006-07-15 22:38 5,120 C:\WINDOWS\system32\kbdarmw.dll
2006-07-15 22:38 5,120 C:\WINDOWS\system32\kbdarme.dll
2006-07-15 22:38 185,344 C:\WINDOWS\system32\Thawbrkr.dll
2006-07-15 22:38 10,752 C:\WINDOWS\system32\c_iscii.dll
2006-07-15 22:33 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-15 22:33 0 C:\MSDOS.SYS
2006-07-15 22:33 0 C:\IO.SYS
2006-07-15 22:33 0 C:\CONFIG.SYS
2006-07-15 22:33 0 C:\AUTOEXEC.BAT
2006-07-15 22:31 90,624 C:\WINDOWS\system32\msoert2.dll
2006-07-15 22:31 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-15 22:31 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-15 22:31 73,728 C:\WINDOWS\system32\ils.dll
2006-07-15 22:31 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-15 22:31 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-15 22:31 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-15 22:31 61,952 C:\WINDOWS\system32\srclient.dll
2006-07-15 22:31 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-15 22:31 593,920 C:\WINDOWS\system32\inetcomm.dll
2006-07-15 22:31 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-15 22:31 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-15 22:31 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-15 22:31 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-15 22:31 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-15 22:31 32,384 C:\WINDOWS\system32\mnmdd.dll
2006-07-15 22:31 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-15 22:31 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-15 22:31 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-15 22:31 249,856 C:\WINDOWS\system32\mstask.dll
2006-07-15 22:31 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-15 22:31 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-15 22:31 218,112 C:\WINDOWS\system32\srrstr.dll
2006-07-15 22:31 179,200 C:\WINDOWS\system32\qmgr.dll
2006-07-15 22:31 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-15 22:31 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-15 22:31 158,720 C:\WINDOWS\system32\schedsvc.dll
2006-07-15 22:31 155,136 C:\WINDOWS\system32\srsvc.dll
2006-07-15 22:31 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-15 22:31 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-15 22:30 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-15 22:30 5,632 C:\WINDOWS\system32\write.exe
2006-07-15 22:30 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-15 22:30 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-15 22:30 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-15 22:30 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-15 22:30 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-15 22:30 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-15 22:30 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-15 22:30 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-15 22:30 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-15 22:30 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-15 22:29 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-15 22:29 95,744 C:\WINDOWS\system32\wuaueng.dll
2006-07-15 22:29 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-15 22:29 9,728 C:\WINDOWS\system32\reset.exe
2006-07-15 22:29 88,576 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-15 22:29 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-15 22:29 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-15 22:29 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-15 22:29 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-15 22:29 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-15 22:29 8,704 C:\WINDOWS\system32\icaapi.dll
2006-07-15 22:29 73,864 C:\WINDOWS\system32\rdpwsx.dll
2006-07-15 22:29 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-15 22:29 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-15 22:29 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-15 22:29 583,168 C:\WINDOWS\system32\catsrvut.dll
2006-07-15 22:29 57,344 C:\WINDOWS\system32\licwmi.dll
2006-07-15 22:29 56,832 C:\WINDOWS\system32\sol.exe
2006-07-15 22:29 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-15 22:29 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-15 22:29 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-15 22:29 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-15 22:29 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-15 22:29 534,016 C:\WINDOWS\system32\spider.exe
2006-07-15 22:29 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-15 22:29 503,296 C:\WINDOWS\system32\mstscax.dll
2006-07-15 22:29 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-15 22:29 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-15 22:29 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-15 22:29 41,984 C:\WINDOWS\system32\rdpclip.exe
2006-07-15 22:29 40,448 C:\WINDOWS\system32\tscupgrd.exe
2006-07-15 22:29 4,096 C:\WINDOWS\system32\wuauserv.dll
2006-07-15 22:29 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-15 22:29 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-15 22:29 385,536 C:\WINDOWS\system32\mstsc.exe
2006-07-15 22:29 360,960 C:\WINDOWS\system32\msdtcprx.dll
2006-07-15 22:29 33,792 C:\WINDOWS\system32\regini.exe
2006-07-15 22:29 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-15 22:29 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-15 22:29 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-15 22:29 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-15 22:29 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-15 22:29 20,992 C:\WINDOWS\system32\msg.exe
2006-07-15 22:29 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-15 22:29 197,632 C:\WINDOWS\system32\termsrv.dll
2006-07-15 22:29 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-15 22:29 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-15 22:29 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-15 22:29 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-15 22:29 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-15 22:29 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-15 22:29 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-15 22:29 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-15 22:29 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-15 22:29 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-15 22:29 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-15 22:29 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-15 22:29 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-15 22:29 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-15 22:29 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-15 22:29 134,656 C:\WINDOWS\system32\rdchost.dll
2006-07-15 22:29 130,048 C:\WINDOWS\system32\sessmgr.exe
2006-07-15 22:29 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-15 22:29 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-15 22:29 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-15 22:29 114,688 C:\WINDOWS\system32\calc.exe
2006-07-15 22:29 112,128 C:\WINDOWS\system32\wuauclt.exe
2006-07-15 22:29 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-15 22:29 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-15 22:29 1,139,200 C:\WINDOWS\system32\comsvcs.dll
2006-06-29 16:56 807,032 C:\WINDOWS\system32\wmv9dmod.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"nwiz"="nwiz.exe /install"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"CTRegRun"="C:\\WINDOWS\\CTRegRun.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
Contents of the 'Scheduled Tasks' folder
Completion time: Wed 08/09/2006 2:11:02.15
ComboFix ver 06.07.15/29 - This logfile is located at C:\ComboFix.txt
and this is the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 2:14:05 AM, on 8/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F24148E-70C8-4F5B-BCDD-E3CC8369D4CA}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
oops.. sry i got my window xp disk with me..
Post by: guestolo on August 08, 2006, 01:26:34 PM
Download and unzip to your desktop InstalledPrograms.zip (http://\"http://www.billsway.com/vbspage/vbsfiles/InstalledPrograms.zip\")
Double click on InstalledPrograms.vbs
Click OK at the IP prompt and click YES to view the results now
A text file will open, can you copy and paste back here the whole contents
When was the last time you ran a repair or reinstalled your system?
Post by: nishi on August 08, 2006, 01:28:19 PM
Ver: 1.9.2.1705 Installed: 7/15/2006
Ad-Aware SE Personal Ver: 1.06
Adobe Flash Player 9 Ver: 9
Adobe Reader 7.0.8 Ver: 7.0.8 Installed: 7/27/2006
AutoUpdate Ver: 1.1
avast! Antivirus Ver: 4.7
Creative System Information
Creative Zen Neeon (512MB, 1GB, 2GB) Ver: 1.0
DivX Ver: 6.2.2
DivX Converter Ver: 6.1.1
DivX Player Ver: 6.2.0
DivX Web Player Ver: 1.0.0
Google Toolbar for Internet Explorer
GunboundWC
Hamachi 1.0.0.59
HijackThis 1.99.1 Ver: 1.99.1
Image Editor Ver: 1.00.0000 Installed: 7/19/2006
K-Lite Mega Codec Pack 1.33 Ver: 1.33
MapleStory Ver: 1.00.000 Installed: 7/16/2006
Microsoft Office XP Professional Ver: 10.0.2627.01 Installed: 8/6/2006
mIRC
MSN Messenger 7.5 Ver: 7.5.0324.0 Installed: 7/15/2006
NVIDIA Windows 2000/XP Display Drivers
Power MP3 WMA Converter 2006, (ver 3.51) Ver: 3.51
TVUPlayer 2.2.0 Ver: 2.2.0
WebFldrs XP Ver: 9.50.5318 Installed: 7/15/2006
WinAce Archiver Ver: 2.65
Yahoo! Toolbar
Yahoo! Toolbar
YAWLE 0.5b
Post by: guestolo on August 08, 2006, 01:43:02 PM
It looks like it was recently
I still see something that we should see if we can identify
==Download and install Windows CleanUp! 4.5.2 (http://\"http://www.stevengould.org/downloads/cleanup/CleanUp452.exe\")
Don't run a scan yet
CleanUp! attempts to delete files from various temporary directories (including download directories/caches),
as well as emptying the Recycle Bins.
If you make a habit of saving files that you wish to keep in any of these places, they will be deleted when CleanUp! is run.
Please move them too a different location before we run this tool if the above is true
Note: It is generally considered poor practice to use temporary folders or the Recycle Bin to store files you intend to keep.
==Download, install, and update Ewido anti-spyware (http://\"http://www.ewido.net/en/download/\")
Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Don't run a scan yet
I recommend that you print the rest of these instructions or save them to a text file too desktop
for use in safe mode without Internet connection
Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done>>Click Close
DECLINE to Log off or Restart the computer
NOTE: The first time you run CleanUp! it may prompt to run in Demonstration mode
Deny this, we want to run the actual cleanup!!
Run this twice please
Ewido Scan
- Then run Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
- Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Post back the following please
1. Run Hijackthis again and post back a fresh log
2. Post the whole report from Ewido's
Post by: nishi on August 08, 2006, 02:37:21 PM
er here those stuffs u need..
Logfile of HijackThis v1.99.1
Scan saved at 3:36:03 AM, on 8/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\hijackthis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F24148E-70C8-4F5B-BCDD-E3CC8369D4CA}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
the ewido's report
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:25:31 AM 8/9/2006
+ Scan result:
C:\Program Files\WinAce\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\Poh\My Documents\My Received Files\mIRC.zip/mIRC/zion/plugins/zion_updater.mrc -> Backdoor.Small.o : Cleaned with backup (quarantined).
::Report end
Post by: guestolo on August 08, 2006, 02:49:22 PM
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
or
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to the file on your harddrive if found
C:\Windows\C:\WINDOWS\System32\wininet.dll <-this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here
Could you also post one last hijackthis log
Post by: nishi on August 08, 2006, 11:00:19 PM
Service load: 0% 100%
File: iun6002.exe
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 80e41fbc33b6d5a605e53787de767048
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
i post this first.. ltr i will post again how my things r runing after ti do the sfc /scannow
Post by: nishi on August 08, 2006, 11:19:33 PM
as usual i see a pop up window telling me windows cannot load my profile as it is corrupted
after tat another pop saying windows cant find the local profile and is loggin in my tempory folder, and after i switch off my comp.. my files will be lost..
then i am back to the desktop after i click the ' ok ' button
Post by: guestolo on August 08, 2006, 11:37:03 PM
How many user accounts do you have on this machine?
Log on account that has Admin privileges
I assume yours
Create a new user account with Administrator privileges
If your running XP Pro
1. Log on as the Administrator or as a user with administrator credentials.
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Click the Advanced tab, and then click Advanced.
5. In the left pane, click the Users folder.
6. On the Action menu, click New User.
7. Enter the appropriate user information, and then click Create.
If your running XP Home
1. Log on as the Administrator or as a user with administrator credentials.
2. Click Start, and then click Control Panel.
3. Click User Accounts.
4. Under Pick a task, click Create a new account.
5. Type a name for the user information, and then click Next.
6. Click an account type, and then click Create Account.
Log off your account and into the new one, do you get any error messages?
Post by: nishi on August 09, 2006, 12:37:18 AM
when i log off my account and go to another account i did not get an error messages..
er before i log off my account i created another account..
Post by: guestolo on August 09, 2006, 12:41:21 AM
I'm going to bed for the night then work tomorrow
I'll be back later tomorrow
Leave that new account you just made alone for now, we'll need it later
I'll help you transfer your folders and files to the new user account
When I get back on
In the meantime, can you create one more Administrative user account
So you will now have 3 admin accounts
1. Your corrupt user account
2. The second account you just made
3. A third account we will need for transferring files and folders
Then post back and let me know that's done and we will carry on tomorrow <--my time anyways
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: nishi on August 09, 2006, 12:48:26 AM
ok tnx for the help pal
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on August 09, 2006, 11:39:48 PM
I first recommend backing up any files or folders to be safe
Next: You now have 3 accounts made
#1. Corrupt profile
#2. Profile you created earlier, which will be your new profile
#3. Another new profile
This is the account you will be doing the transferring from
Log off all other accounts then log into the LAST account you made
User profile #3
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Using Windows Explorer
Open MyComputer>>C:\ >>Documents and Settings\Old_Username folder <<This is the corrupted profile
1. Press and hold down the CTRL key while you click each file and subfolder in this folder,
The Old_Username folder, except the following files:
• Ntuser.dat
• Ntuser.dat.log
• Ntuser.ini
I repeat, DO NOT SELECT THE ABOVE 3 FILES, but select everything else
On the Edit menu, click Copy.
Locate the C:\Documents and Settings\New_Username folder, where C is the drive on which Windows XP is installed, and New_Username is the name of the user profile that you created in the "Create a New User Profile" section earlier, the Second account that you made
On the Edit menu, click Paste.
Log off the computer, and then log on as the new user. >>The second account that you made
If you need to backup and import any email accounts thru Outlook Express
See the following link
http://support.microsoft.com/kb/313055/ (http://\"http://support.microsoft.com/kb/313055/\")
You can now go into the User accounts in Control Panel and delete the /3rd (last) account that you made
Let me know how everything is running in User profile #2
If everything is running OK, we can remove the corrupt profile #1
Post by: nishi on August 10, 2006, 01:14:51 AM
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' /> but there seems to have a problem, everytime i log on , a ewido pop up will show and say tat there is malware detected...the name is..
Name:downloader.agent.arh
location:c:\WINDOWS\SYSTEM32\WININET.DLL
wad i did is i tick the 'Clean and move to quarantine( recommended )'
and i tick the 'Use for all objects of this infection.'
but everytime i log on to my account i will have this thing pop up again..
Is it normal or it is another bug?
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />
Post by: guestolo on August 10, 2006, 01:18:12 AM
==Download SmitRem.exe by Noahdfear (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Don't run it yet
RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter
==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Reboot back to Normal mode
1. Run another "System scan and Save logfile" with Hijackthis and post the log
2. Post the Whole log made from SmitRem located here C:\Smitfiles.txt
Post by: nishi on August 10, 2006, 01:29:24 AM
Post by: guestolo on August 10, 2006, 01:33:03 AM
Open Ewido and click on the Infections tab and Restore that file
We will have to disinfect it and not delete it
I need you to disable AVAST's realtime protections
The file I asked you too download is safe
Right click on the Avast icon by the clock and stop active protections then try downloading it
Post by: nishi on August 10, 2006, 01:50:21 AM
Scan saved at 2:47:56 PM, on 8/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijackthis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F24148E-70C8-4F5B-BCDD-E3CC8369D4CA}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
and heres the SmitRem log
smitRem © log file
version 3.1
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Thu 08/10/2006
The current time is: 14:42:04.62
Running from
C:\Documents and Settings\nishi\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
amcompat.tlb
nscompat.tlb
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 724 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright© 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Post by: guestolo on August 10, 2006, 01:56:15 AM
services.msc
Hit OK
In the new window
Look on the right hand side for
ewido anti-spyware 4.0 guard
Double click on it and then in the startup type set to Disabled in the drop down menu
Then use the STOP button
Apply and OK out of there
Log off and then back on
Let me know if you have problems logging into your new user account #2 or the corrupted user profile #1
Post by: nishi on August 10, 2006, 02:05:20 AM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> and by the way wad i needa do with my corrupt profile?
Post by: guestolo on August 10, 2006, 02:07:19 AM
I'm just on my way to bed again
But in the meantime, do yourself a favor
Avast may prompt that a file from Panda's is malware
IT'S NOT! ALLOW THIS
Use Internet Explorer and Run the online Panda ActiveScan (http://\"http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan.htm&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest\")
* Once you are on the Panda site click the Scan your PC button.
* A new window will open...click the big Check Now button.
* Enter your Country.
* Enter your State/Province.
* Enter your e-mail address.
* Select either "Home User or Company."
* Click the big Scan Now button.
* Allow the ActiveX component to install and download the files required for the scan. This may take a couple of minutes.
* Click on Local Disks to start the scan.
When the scan is complete
click See Report, then click Save Report and save it to your Desktop.
Let me know if you still have problems signing into the corrupt profile after you run this scan
Post by: nishi on August 10, 2006, 02:08:17 AM
Post by: guestolo on August 10, 2006, 02:09:06 AM
We can remove the corrupt profile if it indeed corrupt when we're done
Post by: nishi on August 10, 2006, 02:16:32 AM
er i never see a new window..
* A new window will open...click the big Check Now button
er i never see a new window..
* A new window will open...click the big Check Now button
i need to disable my pop blocker?
Post by: nishi on August 10, 2006, 02:28:04 AM
hmm i cant do this action ' click See Report, then click Save Report and save it to your Desktop '
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />
Post by: guestolo on August 10, 2006, 09:16:43 AM
It means nothing bad was found, which is good
But can you do me one favor
I'm just on my way to work
In the meantime
Go to either of these links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
or
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to the file on your harddrive if found
C:\WINDOWS\system32\wininet.dll <-this file
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here
Could you also post one last hijackthis log please
Post by: nishi on August 10, 2006, 09:56:35 AM
File: wininet.dll
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 cf9f1eef71f42ede71b6f4aa05d5ca1a
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
and heres the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 10:55:57 PM, on 8/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F24148E-70C8-4F5B-BCDD-E3CC8369D4CA}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on August 10, 2006, 06:44:00 PM
I would add extra protection to this computer
I would also get the next 2 spyware detection tools
Download and Install
Ad-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Close out after it is updated, as we will need it later
Open Ad-Aware SE 1.06
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer to finish the cleaning process
===================================
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer if any Red entries were found and fixed
EXTRA PROTECTION
*Install SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
*Make sure your Anti-Virus software is always kept up to date and actively running in the background
Update and do scan's with your Anti-Spyware programs on a regular basis
In addition, open Spybot 1.4
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Immunize after every update
Get a better firewall then the one supplied in XP
Take a look at Sunbelt Kerio Personal Firewall (http://\"http://www.sunbelt-software.com/Kerio.cfm\")
The full version will become a limited free version after 30 days
Of course, the best protection is keeping Windows Updates up to date
Getting a legal copy of Windows is an option I would consider strongly
Give it a couple days, if everything is running fine go ahead and remove the corrupt profile
Post by: nishi on August 11, 2006, 01:20:46 PM
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' /> Wish u all the best in everything!
/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' /> nishi
Post by: guestolo on August 11, 2006, 02:35:14 PM
I'll lock this topic as your problems appear resolved
Take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />