A mess of bad things.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

dbguru16

Thread Starter
Joined
Apr 20, 2005
Messages
93
I'm having trouble with things lagging lately and the windows bar freezing up along with explorer, basically the explorer.exe stops working. I have Symantec anti-virus 2006 and has found craploads of stuff pertaining to viruses and the such...and for some reason its not removing them. So I'm wondering if there's something else and if you could identify anything from a HijackThis log file I just took in safe mode. Also here is a list of viruses I'v listed in what Symantec found. The ones with arrows by them, there were hundreds (literally) of each.

Trojan Horse

W32.Spybot.KHC

Trojan.Progent

W32.Bobax <-----------------

W32.IRCBot <--------------------

Download.Trojan

Hacktool.Tootkit

W32.Mapson.D.Worm

W32.Alcra.B

W32.Bobax!dr

W32.Spybot.Worm

PWSteal.Trojan

W32.Kelvir.Y

W32.Francette.Worm

Bloodhound.Morphine

W32.Spybot.KEG



-------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:03:26 PM, on 12/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Guru\My Documents\My Programs\Security\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\DOCUME~1\Guru\MYDOCU~1\MYPROG~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\ddawx.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\fcywx.dll
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] "C:\Program Files\Norton AntiVirus\CfgWiz.exe" /GUID {0D7956A2-5A08-4ec2-A72C-DF8495A66016} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\RunServices: [aaoowonhVkyj] C:\WINDOWS\System32\vytxabb.exe
O4 - HKCU\..\Run: [CursorXP] C:\Documents and Settings\Guru\My Documents\My Programs\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Rainlendar.lnk = C:\Documents and Settings\Guru\My Documents\My Programs\Rainlendar\Rainlendar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll
O9 - Extra 'Tools' menuitem: Run IM2 Messenger - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://www.mir3europe.com/nProtect/nPKeyCrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4A766-2118-490D-ACF3-EC2BB99ABE6C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ddawx - C:\WINDOWS\System32\ddawx.dll
O20 - Winlogon Notify: fcywx - C:\WINDOWS\SYSTEM32\fcywx.dll
O20 - Winlogon Notify: hgghi - C:\WINDOWS\SYSTEM32\hgghi.dll
O20 - Winlogon Notify: pmkij - C:\WINDOWS\SYSTEM32\pmkij.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\SYSTEM32\ssqpn.dll
O20 - Winlogon Notify: tuvvv - C:\WINDOWS\SYSTEM32\tuvvv.dll
O20 - Winlogon Notify: ursrs - C:\WINDOWS\SYSTEM32\ursrs.dll
O20 - Winlogon Notify: ursst - C:\WINDOWS\SYSTEM32\ursst.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
I will post back with instructions shortly.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this
    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....
  • At this point press enter one time.
  • Next you will see:
    Please Type in the file path as instructed by the forum staff
    and then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\System32\ddawx.dll

  • Press Enter to continue with the fix.
  • Next you will see:
    Please type in the second file path as instructed by the forum
    staff then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):

    • C:\WINDOWS\System32\xwadd.*

  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:

    • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\ddawx.dlll

    • O20 - Winlogon Notify: ddawx - C:\WINDOWS\System32\ddawx.dll

  • After you have fixed these items, close HijackThis.
  • Press enter to exit the program then manually reboot your computer.
  • The fix will tell you to shutdown using the Power button. Hold in your power button until the computer shuts down. Wait about 15 seconds and then restart the computer into regular windows.

    Chkdsk will run. This is normal. It will take a few minutes and is checking your file system because of the Bad Shutdown we caused.
  • Now go back and repeat the same process for each of these, one at a time. You cannot do them all together as it won’t work:

    Replace item in red with: fcywx.dll
    Replace item in green with: xwycf.*
    Fix with HJT: O20 - Winlogon Notify: fcywx - C:\WINDOWS\SYSTEM32\fcywx.dll

    Replace item in red with: hgghi.dll
    Replace item in green with: ihggh.*
    Fix with HJT: O20 - Winlogon Notify: hgghi - C:\WINDOWS\SYSTEM32\hgghi.dll


    Replace item in red with: pmkij.dll
    Replace item in green with: jikmp.*
    Fix with HJT: O20 - Winlogon Notify: pmkij - C:\WINDOWS\SYSTEM32\pmkij.dll

    Replace item in red with: ssqpn.dll
    Replace item in green with: npqss.*
    Fix with HJT: O20 - Winlogon Notify: sspqn - C:\WINDOWS\SYSTEM32\ssqpn.dll

    Replace item in red with: tuvvv.dll
    Replace item in green with: vvvut.*
    Fix with HJT: O20 - Winlogon Notify: tuvvv - C:\WINDOWS\SYSTEM32\tuvvv.dll

    Replace item in red with: ursrs.dll
    Replace item in green with: srsru.*
    Fix with HJT: O20 - Winlogon Notify: ursrs - C:\WINDOWS\SYSTEM32\ursrs.dll

    Replace item in red with: ursst.dll
    Replace item in green with: tssru.*
    Fix with HJT: O20 - Winlogon Notify: ursst - C:\WINDOWS\SYSTEM32\ursst.dll

  • Once your machine reboots after the last file, please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Now please run an online scan from this site:

http://www.pandasoftware.com/products/activescan.htm

Be sure to save the log and post it back here in your next reply.
 

dbguru16

Thread Starter
Joined
Apr 20, 2005
Messages
93
Ok, finished, and by the way, sorry for not mentioning my Windows info earlier so here it is:
Windows XP Home Edition SP1
I'v completed the list and here is the log of the ActiveScan at pandasoftware.com (after scanning My Computer -Figured since ECRYTHING is under that, best way to go-) :


Incident Status Location

Virus:Trj/Sfc.A.mod Not disinfected Operating system
Adware:adware/bigtrafficnet Not disinfected c:\documents and settings\guru\favorites\1111\1111.url
Adware:adware/savenow Not disinfected C:\WINDOWS\SYSTEM32\q10pvbrv.dat
Adware:adware/sahagent Not disinfected C:\WINDOWS\SYSTEM32\ritsacnk.dat
Spyware:spyware/betterinet Not disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/ipinsight Not disinfected C:\WINDOWS\INF\polall1r.inf
Adware:adware/delfinmedia Not disinfected C:\keys.ini
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/pacimedia Not disinfected c:\documents and settings\guru\favorites\1111
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/secure32 Not disinfected C:\WINDOWS\System32\drivers\etc\hosts
Adware:adware/stickypops Not disinfected Windows Registry
Adware:Adware/BigTrafficNet Not disinfected C:\1.exe
Adware:Adware/WUpd Not disinfected C:\AoautoUpdateNav.exe
Adware:Adware/WinAD Not disinfected C:\autosupdate.exe
Adware:Adware/WUpd Not disinfected C:\AutoUpdate.exe
Virus:Trj/Qhost.AD Not disinfected C:\AVG7QT.DAT
Virus:Trj/Pintxatore.C Not disinfected C:\dasio.exe
Adware:Adware/WinAD Not disinfected C:\dd.exe
Adware:Adware/WUpd Not disinfected C:\des.exe
Virus:Trj/Downloader.EGF Not disinfected C:\Documents and Settings\Guru\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\time.class-480448a5-35087000.class
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guru\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-3bda1a2b-73eb3c30.zip[Dummy.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Guru\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv479.jar-3bda1a2b-73eb3c30.zip[Matrix.class]
Virus:Rootkit/FU.A Not disinfected C:\Documents and Settings\Guru\msdirectx.sys




If you would like me to go into safe mode and run HJT and post the log file, please let me know.

Also, should I go ahead and run my spybot and Symantech to try to resolve these issues?
 

dbguru16

Thread Starter
Joined
Apr 20, 2005
Messages
93
I went ahead and made a HJT log in safe mode and normal mode, here are each. And also, I'm still having problems with explorer.exe. It will freeze and I end up having to end the process and run it again through TaskManager to get it working again.

SAFE MODE:
____________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 2:12:04 AM, on 12/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Guru\My Documents\My Programs\Security\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 clit2.sextracker.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\DOCUME~1\Guru\MYDOCU~1\MYPROG~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\ddawx.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\fcywx.dll
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [aaoowonhVkyj] C:\WINDOWS\System32\vytxabb.exe
O4 - HKCU\..\Run: [CursorXP] C:\Documents and Settings\Guru\My Documents\My Programs\CursorXP\CursorXP.exe
O4 - Startup: Rainlendar.lnk = C:\Documents and Settings\Guru\My Documents\My Programs\Rainlendar\Rainlendar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll
O9 - Extra 'Tools' menuitem: Run IM2 Messenger - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://www.mir3europe.com/nProtect/nPKeyCrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4A766-2118-490D-ACF3-EC2BB99ABE6C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ddawx - C:\WINDOWS\System32\ddawx.dll
O20 - Winlogon Notify: fcywx - C:\WINDOWS\SYSTEM32\fcywx.dll
O20 - Winlogon Notify: hgghi - C:\WINDOWS\SYSTEM32\hgghi.dll
O20 - Winlogon Notify: pmkij - C:\WINDOWS\SYSTEM32\pmkij.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\SYSTEM32\ssqpn.dll
O20 - Winlogon Notify: tuvvv - C:\WINDOWS\SYSTEM32\tuvvv.dll
O20 - Winlogon Notify: ursrs - C:\WINDOWS\SYSTEM32\ursrs.dll
O20 - Winlogon Notify: ursst - C:\WINDOWS\SYSTEM32\ursst.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)


____________________________________________________________________
NORMAL MODE:
____________________________________________________________________


Logfile of HijackThis v1.99.1
Scan saved at 2:18:55 AM, on 12/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Guru\My Documents\My Programs\CursorXP\CursorXP.exe
C:\Documents and Settings\Guru\My Documents\My Programs\Rainlendar\Rainlendar.exe
C:\Documents and Settings\Guru\My Documents\My Programs\Security\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.accoona.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.
O1 - Hosts: 127.0.
O1 - Hosts: .0.0.1 clit2.sextracker.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\DOCUME~1\Guru\MYDOCU~1\MYPROG~1\FRESHD~1\FRESHD~1\fdcatch.dll
O2 - BHO: PnIEBrowserHelperObj Class - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\System32\ddawx.dll
O2 - BHO: (no name) - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\fcywx.dll
O3 - Toolbar: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunServices: [aaoowonhVkyj] C:\WINDOWS\System32\vytxabb.exe
O4 - HKCU\..\Run: [CursorXP] C:\Documents and Settings\Guru\My Documents\My Programs\CursorXP\CursorXP.exe
O4 - Startup: Rainlendar.lnk = C:\Documents and Settings\Guru\My Documents\My Programs\Rainlendar\Rainlendar.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: @C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll,-4 - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll
O9 - Extra 'Tools' menuitem: Run IM2 Messenger - {410C30C7-098A-4090-928E-F1D356D34C7F} - C:\Documents and Settings\Guru\My Documents\My Instant Messengers\IM2\Messenger2\im2_ie_plugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0835BC90-6ABC-4F52-A103-4FC3A61F2C33} (A18X Control) - http://www.albatross18.com/cabs/A18X.ocx
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://www.mir3europe.com/nProtect/nPKeyCrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3A4A766-2118-490D-ACF3-EC2BB99ABE6C}: NameServer = 192.168.1.1
O20 - Winlogon Notify: ddawx - C:\WINDOWS\System32\ddawx.dll
O20 - Winlogon Notify: fcywx - C:\WINDOWS\SYSTEM32\fcywx.dll
O20 - Winlogon Notify: hgghi - C:\WINDOWS\SYSTEM32\hgghi.dll
O20 - Winlogon Notify: pmkij - C:\WINDOWS\SYSTEM32\pmkij.dll
O20 - Winlogon Notify: ssqpn - C:\WINDOWS\SYSTEM32\ssqpn.dll
O20 - Winlogon Notify: tuvvv - C:\WINDOWS\SYSTEM32\tuvvv.dll
O20 - Winlogon Notify: ursrs - C:\WINDOWS\SYSTEM32\ursrs.dll
O20 - Winlogon Notify: ursst - C:\WINDOWS\SYSTEM32\ursst.dll
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\ImageTune\dtsslsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
Did you run through all the steps in post no. 3 for each of those files specified in red and green? it doesn't look like it.

I would also like to see a RootKitRevealer log please.

Download and save (do not choose ‘open’) http://www.sysinternals.com/Files/RootkitRevealer.zip
Save its log and post back with the log.

DO NOT attempt to fix anything it finds as most entries will be legitimate.
 

dbguru16

Thread Starter
Joined
Apr 20, 2005
Messages
93
Yeah, I did every step to the word on then intsructions you gave me. And as for the log, is there a way I could e-mail you the file, because it takes forever to load onto here. It's 11.3mb large. It even takes me a bit to open it up. If there's a certain portion of it you would like to see tho, that shouldn't be a problem to post.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
Please upload it as an attachment.
 

dbguru16

Thread Starter
Joined
Apr 20, 2005
Messages
93
Upload of file keeps failing, guessing it's just too big, still about 6mb or more.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
What I'm looking for usually appears at the bottom so if you could upload a sizeable amount from the bottom upwards, that would be good.
 

dbguru16

Thread Starter
Joined
Apr 20, 2005
Messages
93
above this is the system and system32 folders, which are over 600000 characters long, and i can only post up to 30000 :(
___________________________________

C:\WINDOWS\systemsplit.ini 11/17/2005 4:20 PM 23 bytes Hidden from Windows API.
C:\WINDOWS\T3 1/19/2005 9:22 PM 604 bytes Hidden from Windows API.
C:\WINDOWS\T4 1/19/2005 9:22 PM 604 bytes Hidden from Windows API.
C:\WINDOWS\taskman.exe 8/29/2002 6:00 AM 15.00 KB Hidden from Windows API.
C:\WINDOWS\Tasks 12/27/2005 9:46 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Tasks\desktop.ini 8/29/2002 6:00 AM 65 bytes Hidden from Windows API.
C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Guru.job 12/26/2005 5:42 PM 528 bytes Hidden from Windows API.
C:\WINDOWS\Tasks\SA.DAT 12/27/2005 10:18 PM 6 bytes Hidden from Windows API.
C:\WINDOWS\Tasks\Symantec NetDetect.job 12/27/2005 9:51 PM 362 bytes Hidden from Windows API.
C:\WINDOWS\tellei35.sys 5/5/1999 9:22 PM 26.00 KB Hidden from Windows API.
C:\WINDOWS\Temp 12/29/2005 3:34 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\ASHeuristic 12/27/2005 11:40 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\History 4/4/2005 10:14 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\History\History.IE5 4/21/2005 11:24 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\History\History.IE5\desktop.ini 4/4/2005 10:14 PM 113 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat 12/28/2005 2:13 AM 16.00 KB Hidden from Windows API.
C:\WINDOWS\Temp\Perflib_Perfdata_678.dat 12/28/2005 2:18 AM 16.00 KB Hidden from Windows API.
C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat 12/29/2005 3:34 AM 16.00 KB Hidden from Windows API.
C:\WINDOWS\Temp\Perflib_Perfdata_680.dat 12/28/2005 12:31 PM 16.00 KB Hidden from Windows API.
C:\WINDOWS\Temp\Perflib_Perfdata_6a0.dat 12/29/2005 12:40 AM 16.00 KB Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files 4/4/2005 10:14 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5 4/21/2005 11:24 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1YPQXHNH 4/4/2005 10:14 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1YPQXHNH\desktop.ini 4/4/2005 10:14 PM 67 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8VCIQ6PK 4/4/2005 10:14 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8VCIQ6PK\desktop.ini 4/4/2005 10:14 PM 67 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9GVNMBTD 4/4/2005 10:14 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\9GVNMBTD\desktop.ini 4/4/2005 10:14 PM 67 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini 4/4/2005 10:14 PM 67 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PYN20PHJ 4/4/2005 10:14 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PYN20PHJ\desktop.ini 4/4/2005 10:14 PM 67 bytes Hidden from Windows API.
C:\WINDOWS\Thumbs.db 3/25/2005 6:20 PM 18.00 KB Hidden from Windows API.
C:\WINDOWS\TMUPDATE.DLL 12/3/2005 10:06 PM 1.09 MB Hidden from Windows API.
C:\WINDOWS\tmupdate.ini 7/4/2002 3:05 PM 269 bytes Hidden from Windows API.
C:\WINDOWS\tsc.exe 1/10/2005 4:17 PM 166.07 KB Hidden from Windows API.
C:\WINDOWS\TSC.ini 12/3/2005 10:07 PM 679 bytes Hidden from Windows API.
C:\WINDOWS\tsc.ptn 11/29/2005 9:22 PM 2.35 MB Hidden from Windows API.
C:\WINDOWS\tsoc.log 12/25/2005 4:30 AM 329.54 KB Hidden from Windows API.
C:\WINDOWS\twain.dll 8/29/2002 6:00 AM 92.56 KB Hidden from Windows API.
C:\WINDOWS\twain_32 11/11/2005 9:28 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\twain_32.dll 8/29/2002 6:00 AM 45.50 KB Hidden from Windows API.
C:\WINDOWS\twain_32\wiatwain.ds 8/29/2002 6:00 AM 3.50 KB Hidden from Windows API.
C:\WINDOWS\twunk_16.exe 8/29/2002 6:00 AM 48.52 KB Hidden from Windows API.
C:\WINDOWS\twunk_32.exe 8/29/2002 6:00 AM 25.00 KB Hidden from Windows API.
C:\WINDOWS\uneng.exe 3/22/2005 6:07 PM 56.00 KB Hidden from Windows API.
C:\WINDOWS\UninstallFirefox.exe 11/24/2005 10:23 PM 97.62 KB Hidden from Windows API.
C:\WINDOWS\unvise32qt.exe 11/10/1999 12:05 PM 84.00 KB Hidden from Windows API.
C:\WINDOWS\UNZIP.DLL 12/3/2005 10:06 PM 68.06 KB Hidden from Windows API.
C:\WINDOWS\Updreg.exe 12/26/2005 7:33 PM 84.01 KB Hidden from Windows API.
C:\WINDOWS\v35peformatei.dll 5/11/2005 12:37 PM 11 bytes Hidden from Windows API.
C:\WINDOWS\vb.ini 10/6/2004 7:06 PM 1.28 KB Hidden from Windows API.
C:\WINDOWS\vbaddin.ini 5/20/2005 6:04 PM 37 bytes Hidden from Windows API.
C:\WINDOWS\vminst.log 2/26/2005 11:07 AM 2.02 KB Hidden from Windows API.
C:\WINDOWS\vmmreg32.dll 8/29/2002 6:00 AM 18.50 KB Hidden from Windows API.
C:\WINDOWS\VPTNFILE.981 12/1/2005 1:18 PM 15.88 MB Hidden from Windows API.
C:\WINDOWS\vsapi32.dll 2/18/2005 6:40 PM 1020.08 KB Hidden from Windows API.
C:\WINDOWS\Web 11/26/2005 1:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Web\bullet.gif 8/29/2002 6:00 AM 64 bytes Hidden from Windows API.
C:\WINDOWS\Web\deskmovr.htt 8/29/2002 6:00 AM 830 bytes Hidden from Windows API.
C:\WINDOWS\Web\exclam.gif 8/29/2002 6:00 AM 2.58 KB Hidden from Windows API.
C:\WINDOWS\Web\printers 11/11/2005 9:29 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\images 11/11/2005 9:27 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\images\ipp_0002.gif 8/29/2002 6:00 AM 1.48 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\images\ipp_0003.gif 8/29/2002 6:00 AM 899 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\images\ipp_0004.gif 8/29/2002 6:00 AM 895 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\images\ipp_0005.gif 8/29/2002 6:00 AM 255 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\images\ipp_0012.gif 8/29/2002 6:00 AM 1.24 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\images\ipp_0015.gif 8/29/2002 6:00 AM 902 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0000.inc 8/29/2002 6:00 AM 10.85 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0001.asp 8/29/2002 6:00 AM 10.29 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0002.asp 8/29/2002 6:00 AM 1.76 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0003.asp 8/29/2002 6:00 AM 369 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0004.asp 8/29/2002 6:00 AM 9.07 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0005.asp 8/29/2002 6:00 AM 8.70 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0006.asp 8/29/2002 6:00 AM 5.35 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0007.asp 8/29/2002 6:00 AM 8.57 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0008.asp 8/29/2002 6:00 AM 528 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0009.asp 8/29/2002 6:00 AM 383 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0010.asp 8/29/2002 6:00 AM 7.39 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0011.asp 8/29/2002 6:00 AM 339 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0012.asp 8/29/2002 6:00 AM 419 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0013.asp 8/29/2002 6:00 AM 912 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0014.asp 8/29/2002 6:00 AM 1.42 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0015.asp 8/29/2002 6:00 AM 570 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_0016.asp 8/29/2002 6:00 AM 336 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_adsi.inc 8/29/2002 6:00 AM 520 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_res.inc 8/29/2002 6:00 AM 428 bytes Hidden from Windows API.
C:\WINDOWS\Web\printers\ipp_util.inc 8/29/2002 6:00 AM 13.61 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\page1.asp 8/29/2002 6:00 AM 16.38 KB Hidden from Windows API.
C:\WINDOWS\Web\printers\prtwebvw.css 8/29/2002 6:00 AM 799 bytes Hidden from Windows API.
C:\WINDOWS\Web\related.htm 5/31/2005 1:04 AM 646 bytes Hidden from Windows API.
C:\WINDOWS\Web\safemode.htt 8/29/2002 6:00 AM 4.15 KB Hidden from Windows API.
C:\WINDOWS\Web\Thumbs.db 3/25/2005 6:20 PM 9.50 KB Hidden from Windows API.
C:\WINDOWS\Web\tip.htm 8/29/2002 6:00 AM 13.24 KB Hidden from Windows API.
C:\WINDOWS\Web\tips.gif 8/29/2002 6:00 AM 1.02 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper 11/11/2005 4:41 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Ascent.jpg 8/29/2002 6:00 AM 61.76 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Autumn.jpg 8/29/2002 6:00 AM 64.73 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Azul.jpg 8/29/2002 6:00 AM 59.93 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Bliss.bmp 11/11/2005 4:41 PM 1.37 MB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Crystal.jpg 8/29/2002 6:00 AM 62.16 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Follow.jpg 8/29/2002 6:00 AM 49.33 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Friend.jpg 8/29/2002 6:00 AM 60.60 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Home.jpg 8/29/2002 6:00 AM 41.73 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Moon flower.jpg 8/29/2002 6:00 AM 75.63 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Peace.jpg 8/29/2002 6:00 AM 32.99 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Power.jpg 8/29/2002 6:00 AM 84.65 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Purple flower.jpg 8/29/2002 6:00 AM 56.57 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Radiance.jpg 8/29/2002 6:00 AM 43.15 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Red moon desert.jpg 8/29/2002 6:00 AM 79.52 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Ripple.jpg 8/29/2002 6:00 AM 57.22 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Stonehenge.jpg 8/29/2002 6:00 AM 58.20 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Tulips.jpg 8/29/2002 6:00 AM 71.44 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Vortec space.jpg 8/29/2002 6:00 AM 62.37 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Wind.jpg 8/29/2002 6:00 AM 36.37 KB Hidden from Windows API.
C:\WINDOWS\Web\Wallpaper\Windows XP.jpg 8/29/2002 6:00 AM 56.61 KB Hidden from Windows API.
C:\WINDOWS\Webspace.INI 6/18/2005 10:48 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\wiadebug.log 12/29/2005 3:38 AM 537 bytes Hidden from Windows API.
C:\WINDOWS\wiaservc.log 12/29/2005 3:34 AM 50 bytes Hidden from Windows API.
C:\WINDOWS\win.ini 12/28/2005 2:06 AM 595 bytes Hidden from Windows API.
C:\WINDOWS\winamp.ini 11/25/2005 6:54 PM 1.10 KB Hidden from Windows API.
C:\WINDOWS\Windows Update.log 11/17/2005 4:43 PM 211.94 KB Hidden from Windows API.
C:\WINDOWS\WindowsShell.Manifest 11/11/2005 4:41 PM 749 bytes Hidden from Windows API.
C:\WINDOWS\WindowsUpdate.log 12/28/2005 2:30 AM 1.29 MB Hidden from Windows API.
C:\WINDOWS\winhelp.exe 8/29/2002 6:00 AM 250.19 KB Hidden from Windows API.
C:\WINDOWS\winhlp32.exe 8/29/2002 6:00 AM 260.50 KB Hidden from Windows API.
C:\WINDOWS\wininit.ini 11/23/2005 7:53 PM 32 bytes Hidden from Windows API.
C:\WINDOWS\winnt.bmp 8/29/2002 6:00 AM 47.54 KB Hidden from Windows API.
C:\WINDOWS\winnt256.bmp 8/29/2002 6:00 AM 47.54 KB Hidden from Windows API.
C:\WINDOWS\WINNT32.LOG 8/20/2005 3:10 PM 416 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS 8/21/2005 2:24 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp 10/19/2005 5:17 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\45519 11/11/2005 9:26 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\52690 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\56274 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\56494 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\56500 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\56507 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\56562 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\56683 4/16/2005 4:06 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\59968 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\59968\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63683 11/11/2005 3:31 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63683\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63974 11/11/2005 3:43 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63974\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63977 11/11/2005 4:19 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63977\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63979 11/11/2005 4:13 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63979\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63980 11/11/2005 4:07 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63980\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63985 11/11/2005 3:37 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\63985\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66483 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66537 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66765 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66767 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66768 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66769 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66771 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66772 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66773 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66776 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66783 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66786 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66787 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66788 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66791 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66792 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66793 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66794 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66798 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\InstallTemp\66836 4/17/2005 6:30 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.cat 8/29/2002 6:00 AM 7.06 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7.Manifest 11/11/2005 4:29 PM 1.78 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.cat 8/29/2002 6:00 AM 7.07 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a.Manifest 11/11/2005 4:29 PM 1.74 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805.cat 8/29/2002 6:00 AM 7.08 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805.Manifest 11/11/2005 4:29 PM 1.76 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02.cat 2/20/2004 9:15 PM 7.25 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02.Manifest 5/25/2004 8:27 PM 1.77 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08.cat 9/29/2004 12:28 PM 7.25 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08.Manifest 2/26/2005 11:07 AM 1.77 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08.cat 12/21/2004 1:04 PM 7.21 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08.Manifest 2/26/2005 11:06 AM 1.77 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.cat 8/29/2002 6:00 AM 7.07 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a.Manifest 11/11/2005 4:29 PM 494 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3.cat 8/29/2002 6:00 AM 7.08 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3.Manifest 11/11/2005 4:29 PM 495 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.cat 8/29/2002 6:00 AM 7.07 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13.Manifest 11/11/2005 4:29 PM 391 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8.cat 8/29/2002 6:00 AM 7.08 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8.Manifest 11/11/2005 4:29 PM 392 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47.cat 3/9/2004 12:12 AM 7.25 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47.Manifest 2/26/2005 11:08 AM 397 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.1_x-ww_468466a5.cat 8/21/2005 2:24 PM 7.06 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.1_x-ww_468466a5.Manifest 8/21/2005 2:24 PM 1.89 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.1_x-ww_d6bd8b93.cat 8/21/2005 2:24 PM 7.06 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.1_x-ww_d6bd8b93.Manifest 8/21/2005 2:24 PM 966 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.cat 8/29/2002 6:00 AM 7.07 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Manifests\x86_Microsoft.Windows.SystemCompatible_6595b64144ccf1df_5.1.0.0_x-ww_fc342b0b.Manifest 11/11/2005 4:29 PM 640 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies 5/24/2004 5:13 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.10.0.cat 8/29/2002 6:00 AM 7.08 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.10.0.Policy 11/11/2005 4:29 PM 590 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.1360.cat 3/9/2004 12:12 AM 7.25 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.1.0.Microsoft.Windows.GdiPlus_6595b64144ccf1df_x-ww_4e8510ac\1.0.2600.1360.Policy 2/26/2005 11:08 AM 605 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.10.0.cat 8/29/2002 6:00 AM 7.07 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.10.0.Policy 11/11/2005 4:29 PM 606 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1331.cat 2/20/2004 9:15 PM 7.25 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1331.Policy 5/25/2004 8:27 PM 621 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1579.cat 9/29/2004 12:28 PM 7.25 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1579.Policy 2/26/2005 11:07 AM 621 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1612.cat 12/21/2004 1:04 PM 7.20 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.6.0.Microsoft.Windows.Common-Controls_6595b64144ccf1df_x-ww_5ddad775\6.0.2600.1612.Policy 2/26/2005 11:06 AM 621 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.10.0.cat 8/29/2002 6:00 AM 7.08 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\Policies\x86_policy.7.0.Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_x-ww_a317e4b3\7.0.10.0.Policy 11/11/2005 4:29 PM 608 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\atl.dll 8/29/2002 6:00 AM 73.05 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42.dll 8/29/2002 6:00 AM 972.05 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\mfc42u.dll 8/29/2002 6:00 AM 972.05 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.0.0_x-ww_ff9986d7\msvcp60.dll 8/29/2002 6:00 AM 392.05 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll 8/29/2002 6:00 AM 899.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 8/29/2002 6:00 AM 900.00 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02 5/25/2004 8:27 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1331_x-ww_7abf6d02\comctl32.dll 2/20/2004 9:07 PM 900.00 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08 2/26/2005 11:07 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1579_x-ww_7bbf8d08\comctl32.dll 8/20/2004 3:01 PM 900.00 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08 12/27/2005 11:41 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1612_x-ww_7c379b08\comctl32.dll 12/21/2004 12:55 PM 900.00 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcirt.dll 8/29/2002 6:00 AM 49.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll 8/29/2002 6:00 AM 315.00 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcirt.dll 8/29/2002 6:00 AM 49.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.10.0_x-ww_d8862ba3\msvcrt.dll 8/29/2002 6:00 AM 315.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\GdiPlus.dll 8/29/2002 6:00 AM 1.62 MB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8 11/11/2005 4:29 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.10.0_x-ww_712befd8\GdiPlus.dll 8/29/2002 6:00 AM 1.63 MB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47 2/26/2005 11:08 AM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.1360_x-ww_24a2ed47\GdiPlus.dll 3/2/2004 3:19 PM 1.56 MB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.1_x-ww_468466a5 8/21/2005 2:24 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.1_x-ww_468466a5\dxmrtp.dll 8/21/2005 2:24 PM 812.50 KB Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.1_x-ww_d6bd8b93 8/21/2005 2:24 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.1_x-ww_d6bd8b93\rtcdll.dll 8/21/2005 2:24 PM 829.00 KB Hidden from Windows API.
C:\WINDOWS\wmsetup.log 11/25/2005 6:54 PM 2.27 KB Hidden from Windows API.
C:\WINDOWS\wmsetup10.log 7/25/2005 5:45 PM 231 bytes Hidden from Windows API.
C:\WINDOWS\WMSysPr9.prx 11/12/2005 8:10 PM 309.22 KB Hidden from Windows API.
C:\WINDOWS\WMSysPrx.prx 11/11/2005 4:42 PM 292.53 KB Hidden from Windows API.
C:\WINDOWS\WORDPAD.INI 12/9/2005 6:58 PM 754 bytes Hidden from Windows API.
C:\WINDOWS\wsdu.log 7/25/2005 5:17 PM 149 bytes Hidden from Windows API.
C:\WINDOWS\xpsp1hfm.log 2/26/2005 11:11 AM 7.78 KB Hidden from Windows API.
C:\WINDOWS\yacs.log 8/21/2005 7:55 PM 13.00 KB Hidden from Windows API.
C:\WINDOWS\Zapotec.bmp 8/29/2002 6:00 AM 9.30 KB Hidden from Windows API.
C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-00511102}.BAK 12/12/2005 4:09 PM 3.02 MB Hidden from Windows API.
C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-00511102}.CDF 12/12/2005 4:09 PM 3.02 MB Hidden from Windows API.
C:\wuampdr.exe 2/28/2005 5:23 PM 416 bytes Hidden from Windows API.
C:\WUTemp 11/14/2005 8:43 PM 0 bytes Hidden from Windows API.
C:\z.txt 5/11/2005 1:41 PM 47.02 KB Hidden from Windows API.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
There are some odd looking things in there.


Please navigate to this file, open it in Notepad and post the contents here:

C:\z.txt


Go to the forum here and upload this (these) file(s):


C:\WINDOWS\T3

C:\WINDOWS\T4

C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-00511102}.CDF


Here are the directions for uploading the files:

Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,219
OK, I see you uploaded them and we're just waiting for confirmation on these two:

C:\WINDOWS\T3
C:\WINDOWS\T4


The C:\z.txt contained html code so I removed the posts here so no one can copy the code.

This one looks to be legit:
C:\WINDOWS\{00000000-00000000-0000000B-00001102-00000004-00511102}.CDF


For now, delete the C:\z.txt file. You may have to do that in safe mode. If it won't delete then let me know and I'll tell you what to do.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top