Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Zlob.DNSChanger - Unable to remove

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Zlob.DNSChanger - Unable to remove

Unread postby Akia » October 30th, 2008, 5:27 pm

Hey :)

I recently reformatted my PC. I went to update windows, I kept being redirected to msn.com. I went to download mcafee, it would let me follow through up to the download page, click download then it would say page not found.

I then went to my ISP's homepage to download f-secure. The home page has ad's that are not approriate. I contacted them, they told me I had spyware. I proceeded to download f-secure, that worked it did not pick up any bugs. I uninstalled it went back to Mcafee.

I contacted mcafee, they had me make some changes to a "hosts" file. I was then able to download Mcafee. Still is not picking up anything.

I am still unable to update windows. I am also still getting popups from a place called adv.net and mt5.goole

running spybot search & destroy it shows I have a Zlob.DNSchanger. I remove it, it keeps coming back.

I do connect to the internet via a router. I was reading on this forum I think it said to mention that.

I want to add that I can't update windows properly. I can go to update.microsoft.com, it will direct me to msn.com, unless I run spybot. When I restart my PC after updates, I have to repeat the whole procedure again.

I have been trying for days now to sort this out myself. I am not having any luck, any help would be appreciated.

Thank you in advance,
Kirsta

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:54 PM, on 10/30/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O1 - Hosts: 221.135.111.121 Download.McAfee.com
O1 - Hosts: 221.135.111.121 Download.McAfee.com
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5371712125
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

--
End of file - 4922 bytes
Akia
Active Member
 
Posts: 5
Joined: October 30th, 2008, 5:11 pm
Advertisement
Register to Remove

Re: Zlob.DNSChanger - Unable to remove

Unread postby silver » November 1st, 2008, 10:23 pm

Hi Akia,

Download F-Secure Blacklight to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Double click fsbl.exe to run it, choose I accept the agreement then press Scan
  • It will create the fsbl-xxxxxxx.log on your desktop containing a list of all items found.
  • Do not choose to rename any because legitimate items can also be present.
  • Exit Blacklight and post the contents of the log in your next reply.

Download RSIT by random/random to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)

  • Double click RSIT.exe to start the program, and click Continue at the disclaimer screen.
  • When the scan is complete, two text files will open - log.txt <- this one will be maximized and info.txt <-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of log.txt and info.txt in your reply

Once complete, please post the Blacklight report and both RSIT logs, you won't need to produce a new HijackThis log as RSIT produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob.DNSChanger - Unable to remove

Unread postby Akia » November 4th, 2008, 10:10 am

Thanks, here is the info you requested. I had been reading a bit after making the post. My router settings had been changed, I removed those and I was able to update windows.

11/04/08 09:03:12 [Info]: BlackLight Engine 2.2.1092 initialized
11/04/08 09:03:12 [Info]: OS: 5.1 build 2600 (Service Pack 3)
11/04/08 09:03:12 [Note]: 7019 4
11/04/08 09:03:12 [Note]: 7005 0
11/04/08 09:03:17 [Note]: 7006 0
11/04/08 09:03:17 [Note]: 7011 1772
11/04/08 09:03:17 [Note]: 7035 0
11/04/08 09:03:18 [Note]: 7026 0
11/04/08 09:03:18 [Note]: 7026 0
11/04/08 09:03:19 [Note]: FSRAW library version 1.7.1024
11/04/08 09:05:26 [Note]: 7007 0





Logfile of random's system information tool 1.04 (written by random/random)
Run by Cathy at 2008-11-04 09:06:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 130 GB (87%) free of 149 GB
Total RAM: 1534 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:43 AM, on 11/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Cathy\My Documents\RSIT.exe
C:\Program Files\trend micro\Cathy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unrelenting-guild.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 221.135.111.121 Download.McAfee.com
O1 - Hosts: 221.135.111.121 Download.McAfee.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5371712125
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 3467 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-30 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-30 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-30 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-30 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-23 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-11-04 09:02:16 ----D---- C:\rsit
2008-11-04 08:59:09 ----D---- C:\WINDOWS\ERDNT
2008-11-04 08:59:09 ----D---- C:\Qoobox
2008-11-04 08:59:08 ----A---- C:\WINDOWS\system32\CF31510.exe
2008-10-31 14:00:32 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-31 14:00:32 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-31 14:00:32 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-31 10:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-30 23:18:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-30 23:12:15 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-10-30 23:12:09 ----D---- C:\Program Files\Windows Live
2008-10-30 23:12:01 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-10-30 21:07:56 ----D---- C:\WINDOWS\Prefetch
2008-10-30 21:06:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-30 21:05:57 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-30 21:05:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-30 21:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-30 21:05:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-30 21:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-30 21:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-30 21:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-30 21:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-30 21:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-30 21:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-30 21:04:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-30 21:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-30 21:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-30 21:01:20 ----D---- C:\WINDOWS\system32\scripting
2008-10-30 21:01:19 ----D---- C:\WINDOWS\system32\en
2008-10-30 21:01:19 ----D---- C:\WINDOWS\l2schemas
2008-10-30 20:48:25 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-10-30 20:48:25 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-10-30 20:48:24 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-30 20:48:24 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-30 20:48:22 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-10-30 20:48:22 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-10-30 20:48:17 ----N---- C:\WINDOWS\system32\setupn.exe
2008-10-30 20:48:16 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-30 20:48:15 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-10-30 20:48:15 ----N---- C:\WINDOWS\system32\qutil.dll
2008-10-30 20:48:15 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-10-30 20:48:15 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-10-30 20:48:15 ----N---- C:\WINDOWS\system32\qagent.dll
2008-10-30 20:48:14 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-30 20:48:13 ----N---- C:\WINDOWS\system32\onex.dll
2008-10-30 20:48:11 ----N---- C:\WINDOWS\system32\napstat.exe
2008-10-30 20:48:11 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-10-30 20:48:11 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-10-30 20:48:10 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-10-30 20:48:10 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-10-30 20:48:10 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-30 20:48:10 ----N---- C:\WINDOWS\system32\mssha.dll
2008-10-30 20:48:06 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-10-30 20:48:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-30 20:48:06 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-10-30 20:48:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-30 20:48:03 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-30 20:48:03 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-10-30 20:48:03 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-10-30 20:48:03 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-30 20:48:03 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-30 20:48:03 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-30 20:47:58 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-10-30 20:47:58 ----A---- C:\WINDOWS\005192_.tmp
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-30 20:47:57 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-10-30 20:47:56 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-10-30 20:47:56 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-30 20:47:56 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-30 20:47:55 ----N---- C:\WINDOWS\system32\credssp.dll
2008-10-30 20:47:53 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-30 20:47:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-10-30 20:47:50 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-10-30 20:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-10-30 20:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-30 20:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-30 20:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-30 20:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-30 20:17:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-30 20:16:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-30 20:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-30 20:16:49 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-30 20:16:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-30 20:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-30 20:16:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-30 20:16:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-30 20:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-30 20:16:16 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-30 20:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-30 20:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-30 20:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-30 20:15:01 ----D---- C:\WINDOWS\ie7updates
2008-10-30 20:14:36 ----D---- C:\WINDOWS\WBEM
2008-10-30 20:14:28 ----D---- C:\WINDOWS\system32\en-US
2008-10-30 20:13:02 ----HDC---- C:\WINDOWS\ie7
2008-10-30 20:12:51 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-30 20:12:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-30 20:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-30 20:12:12 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-30 20:11:22 ----D---- C:\WINDOWS\network diagnostic
2008-10-30 20:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-10-30 20:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-10-30 19:43:10 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-30 19:43:05 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-10-30 19:42:58 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2008-10-30 19:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2008-10-30 19:42:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-10-30 19:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2008-10-30 19:42:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2008-10-30 19:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-10-30 19:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2008-10-30 19:42:10 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2008-10-30 19:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2008-10-30 19:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-10-30 19:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-10-30 19:41:41 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2008-10-30 19:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2008-10-30 19:41:27 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-10-30 19:41:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-10-30 19:41:15 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2008-10-30 19:41:07 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-10-30 19:41:01 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2008-10-30 19:40:54 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-10-30 19:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-10-30 19:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-10-30 19:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2008-10-30 19:39:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-10-30 19:39:49 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2008-10-30 19:39:42 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-10-30 19:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2008-10-30 19:39:29 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2008-10-30 19:39:21 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-10-30 19:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-10-30 19:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-10-30 19:39:01 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-10-30 19:38:55 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-10-30 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-10-30 19:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-10-30 19:38:35 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-10-30 19:38:27 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-10-30 19:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-10-30 19:38:12 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-10-30 19:38:06 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-10-30 19:38:00 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-10-30 19:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB873333$
2008-10-30 19:37:47 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-10-30 19:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-10-30 19:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-10-30 19:37:29 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-10-30 18:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-10-30 18:44:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-10-30 18:12:40 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-30 18:11:19 ----D---- C:\WINDOWS\provisioning
2008-10-30 18:11:19 ----D---- C:\WINDOWS\peernet
2008-10-30 18:10:08 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-30 18:04:15 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-30 18:04:08 ----D---- C:\WINDOWS\EHome
2008-10-30 18:01:37 ----N---- C:\WINDOWS\system32\spnpinst.exe
2008-10-30 17:29:21 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-30 16:34:57 ----D---- C:\WINDOWS\system32\PreInstall
2008-10-30 16:34:56 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-30 16:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-10-30 16:34:55 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-30 16:34:40 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-10-30 16:34:23 ----D---- C:\WINDOWS\system32\bits
2008-10-30 16:34:19 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-30 16:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2008-10-30 16:33:01 ----N---- C:\WINDOWS\system32\xpob2res.dll
2008-10-30 16:33:01 ----N---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-30 16:33:01 ----N---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-30 16:33:01 ----A---- C:\WINDOWS\system32\winhttp.dll
2008-10-30 16:33:01 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-30 16:30:38 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-30 16:30:38 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-30 16:30:38 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-30 16:30:38 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-30 16:30:38 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-30 16:30:37 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-30 16:30:37 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-30 15:59:45 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-10-30 15:27:22 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-10-30 15:00:56 ----D---- C:\Documents and Settings\All Users\Application Data\Citrix
2008-10-30 14:35:08 ----D---- C:\WINDOWS\Sun
2008-10-30 14:34:55 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-30 14:34:55 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-30 14:34:55 ----A---- C:\WINDOWS\system32\java.exe
2008-10-30 14:34:55 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-30 14:34:44 ----D---- C:\Program Files\Java
2008-10-30 14:30:34 ----D---- C:\Documents and Settings\Cathy\Application Data\Sun
2008-10-30 08:06:04 ----D---- C:\Program Files\Trend Micro
2008-10-30 08:01:59 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-30 07:38:42 ----A---- C:\WINDOWS\system32\MSVCR71.dll
2008-10-30 07:38:42 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2008-10-30 07:38:42 ----A---- C:\WINDOWS\system32\MFC71.dll
2008-10-30 07:30:53 ----D---- C:\Documents and Settings\Cathy\Application Data\Ventrilo
2008-10-30 07:30:44 ----D---- C:\Program Files\Ventrilo
2008-10-30 07:30:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-30 06:56:44 ----D---- C:\Documents and Settings\Cathy\Application Data\Malwarebytes
2008-10-30 06:56:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-30 06:24:50 ----D---- C:\WINDOWS\temp
2008-10-30 03:33:43 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-10-29 15:45:16 ----D---- C:\drvrtmp
2008-10-29 15:44:02 ----A---- C:\WINDOWS\system32\mhwt.dll
2008-10-29 15:44:02 ----A---- C:\WINDOWS\system32\intelmoh.dll
2008-10-29 15:44:02 ----A---- C:\WINDOWS\system32\IntelCci.dll
2008-10-29 15:43:34 ----D---- C:\Program Files\Intel
2008-10-29 15:43:28 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-29 15:43:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-29 15:42:05 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-29 15:42:05 ----D---- C:\WINDOWS\VirtualEar
2008-10-29 15:42:05 ----D---- C:\Program Files\Analog Devices
2008-10-29 15:42:05 ----A---- C:\WINDOWS\system32\virtear.dll
2008-10-29 15:42:05 ----A---- C:\WINDOWS\system32\DSndUp.exe
2008-10-29 15:42:05 ----A---- C:\WINDOWS\system32\CleanUp.exe
2008-10-29 15:42:05 ----A---- C:\WINDOWS\system32\Audio3d.dll
2008-10-29 15:41:58 ----A---- C:\WINDOWS\system32\PostProc.dll
2008-10-29 15:41:58 ----A---- C:\WINDOWS\system32\Edcrypt.dll
2008-10-29 15:41:57 ----D---- C:\dell
2008-10-29 15:41:08 ----D---- C:\Program Files\Common Files\InstallShield
2008-10-29 15:33:54 ----SHD---- C:\WINDOWS\Installer
2008-10-29 15:33:52 ----D---- C:\Documents and Settings\Cathy\Application Data\Identities
2008-10-29 15:33:49 ----HD---- C:\Program Files\Uninstall Information
2008-10-29 15:33:47 ----SD---- C:\Documents and Settings\Cathy\Application Data\Microsoft
2008-10-29 15:33:47 ----ASH---- C:\Documents and Settings\Cathy\Application Data\desktop.ini
2008-10-29 15:33:16 ----SHD---- C:\System Volume Information
2008-10-29 15:33:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 15:31:09 ----D---- C:\WINDOWS\system32\xircom
2008-10-29 15:31:09 ----D---- C:\Program Files\xerox
2008-10-29 15:31:09 ----D---- C:\Program Files\microsoft frontpage
2008-10-29 15:31:06 ----A---- C:\WINDOWS\control.ini
2008-10-29 15:31:06 ----A---- C:\AUTOEXEC.BAT
2008-10-29 15:31:03 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-29 15:31:01 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-29 15:30:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-29 15:30:35 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-29 15:30:35 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-29 15:30:31 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-29 15:30:18 ----D---- C:\WINDOWS\system32\DirectX
2008-10-29 15:29:55 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-29 15:29:55 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-29 15:29:55 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-29 15:29:55 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-29 15:29:55 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-29 15:29:53 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-29 15:29:53 ----A---- C:\WINDOWS\desktop.ini
2008-10-29 15:29:46 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-29 15:29:46 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-29 15:29:46 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-29 15:29:45 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-29 15:29:44 ----D---- C:\Program Files\Common Files\Services
2008-10-29 15:29:43 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-29 15:29:41 ----SD---- C:\WINDOWS\Tasks
2008-10-29 15:29:40 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-29 15:29:40 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-29 15:29:40 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-29 15:29:40 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-29 15:29:40 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-29 15:29:38 ----D---- C:\Program Files\Common Files\MSSoap
2008-10-29 15:29:34 ----D---- C:\WINDOWS\srchasst
2008-10-29 15:29:33 ----D---- C:\WINDOWS\system32\Macromed
2008-10-29 15:29:32 ----D---- C:\Program Files\Movie Maker
2008-10-29 15:29:32 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-29 15:29:26 ----D---- C:\WINDOWS\PCHealth
2008-10-29 15:29:25 ----D---- C:\WINDOWS\system32\Restore
2008-10-29 15:29:25 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-29 15:29:25 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-29 15:29:25 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-29 15:29:24 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-29 15:29:24 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-29 15:29:24 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-29 15:29:24 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-29 15:29:21 ----D---- C:\Program Files\NetMeeting
2008-10-29 15:29:21 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-29 15:29:21 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-29 15:29:20 ----D---- C:\Program Files\Outlook Express
2008-10-29 15:29:20 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-29 15:29:20 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-29 15:29:19 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-29 15:29:19 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-29 15:29:15 ----D---- C:\Program Files\Internet Explorer
2008-10-29 15:29:15 ----D---- C:\Program Files\Common Files\System
2008-10-29 15:29:12 ----D---- C:\Program Files\ComPlus Applications
2008-10-29 15:29:12 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-29 15:29:12 ----A---- C:\WINDOWS\vb.ini
2008-10-29 15:29:11 ----D---- C:\WINDOWS\Registration
2008-10-29 15:28:58 ----HD---- C:\Program Files\WindowsUpdate
2008-10-29 15:28:58 ----D---- C:\Program Files\Windows Media Player
2008-10-29 15:28:51 ----D---- C:\Program Files\MSN Gaming Zone
2008-10-29 15:28:51 ----A---- C:\WINDOWS\system32\write.exe
2008-10-29 15:28:42 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-29 15:28:41 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-29 15:28:41 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-29 15:28:41 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-29 15:28:41 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-29 15:28:41 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-29 15:28:41 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-29 15:28:40 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-29 15:28:40 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-29 15:28:33 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-29 15:28:33 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-29 15:28:32 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-29 15:28:32 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-29 15:28:32 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-29 15:28:32 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-29 15:28:31 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-29 15:28:30 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-29 15:28:29 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-29 15:28:29 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-29 15:28:29 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-29 15:28:28 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-29 15:28:28 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-29 15:28:28 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-29 15:28:28 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-29 15:28:27 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-29 15:28:26 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-29 15:28:25 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-29 15:28:25 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-29 15:28:25 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-29 15:28:20 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-29 15:28:20 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-29 15:28:20 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-29 15:28:20 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-29 15:28:14 ----D---- C:\Program Files\Windows NT
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-29 15:28:14 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-29 15:28:13 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-29 15:28:13 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-29 15:28:13 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-29 15:28:13 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-29 15:28:13 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-29 15:28:13 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-29 15:28:12 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-29 15:28:12 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-29 15:28:11 ----D---- C:\WINDOWS\system32\Com
2008-10-29 15:28:11 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-29 15:28:11 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-29 15:28:10 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-29 15:28:05 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-29 14:43:57 ----A---- C:\WINDOWS\system32\tmp.txt
2008-10-29 14:40:15 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 13:40:56 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2008-10-29 13:40:10 ----D---- C:\ATI
2008-10-29 13:31:17 ----D---- C:\Documents and Settings\Cathy\Application Data\Macromedia
2008-10-29 13:31:17 ----D---- C:\Documents and Settings\Cathy\Application Data\Adobe
2008-10-29 13:12:16 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-29 12:58:17 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-29 12:57:16 ----D---- C:\Program Files\Common Files\iS3
2008-10-29 12:57:15 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-29 12:37:55 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-29 12:28:22 ----D---- C:\Program Files\World of Warcraft
2008-10-29 12:28:12 ----D---- C:\WINDOWS\RegisteredPackages
2008-10-29 12:27:53 ----A---- C:\WINDOWS\system32\wstdecod.dll
2008-10-29 12:27:53 ----A---- C:\WINDOWS\system32\psisdecd.dll
2008-10-29 12:27:53 ----A---- C:\WINDOWS\system32\msyuv.dll
2008-10-29 12:27:53 ----A---- C:\WINDOWS\system32\msvidctl.dll
2008-10-29 12:27:53 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\quartz.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\qedwipes.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\qedit.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\qdvd.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\qdv.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\qcap.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\qasf.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\msdmo.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\mciqtz32.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\encapi.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\dmusic.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\dmsynth.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\dmstyle.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\dmloader.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\dmime.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\dmcompos.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\devenum.dll
2008-10-29 12:27:52 ----A---- C:\WINDOWS\system32\amstream.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dxdiagn.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dxdiag.exe
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dx8vb.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dx7vb.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dswave.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dsound3d.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dsound.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dsdmoprp.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dsdmo.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpwsockx.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpvvox.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpvsetup.exe
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpvoice.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpvacm.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpnsvr.exe
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpnlobby.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpnhupnp.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpnhpast.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpnet.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpnaddr.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dpmodemx.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dplayx.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dplaysvr.exe
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dmscript.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\dmband.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\d3d9.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\d3d8thk.dll
2008-10-29 12:27:51 ----A---- C:\WINDOWS\system32\d3d8.dll
2008-10-29 12:27:50 ----A---- C:\WINDOWS\system32\ddrawex.dll
2008-10-29 12:27:50 ----A---- C:\WINDOWS\system32\ddraw.dll
2008-10-29 12:27:50 ----A---- C:\WINDOWS\system32\d3dim700.dll
2008-10-29 12:12:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 10:59:12 ----SHD---- C:\RECYCLER
2008-10-29 10:56:38 ----A---- C:\WINDOWS\system32\wpa.bak
2008-10-29 10:46:35 ----SD---- C:\WINDOWS\system32\Microsoft
2008-10-29 10:45:57 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-10-29 10:45:57 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-10-29 10:45:57 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2008-10-29 07:27:45 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-29 07:16:04 ----A---- C:\WINDOWS\imsins.BAK
2008-10-29 07:16:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 07:16:01 ----D---- C:\Program Files\Common Files\ODBC
2008-10-29 07:16:01 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-29 07:15:59 ----D---- C:\Program Files\Common Files\SpeechEngines
2008-10-29 07:15:58 ----RD---- C:\Program Files
2008-10-29 07:15:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-29 07:15:58 ----D---- C:\Program Files\Common Files
2008-10-29 07:15:57 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-29 07:15:57 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-29 07:15:57 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-29 07:15:55 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-29 07:15:53 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-29 07:15:52 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-29 07:15:52 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-29 07:15:52 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-29 07:15:52 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-29 07:15:52 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-29 07:15:50 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-29 07:15:48 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-29 07:15:48 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-29 07:15:48 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-29 07:15:48 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-29 07:15:48 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-29 07:15:46 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2008-10-29 07:15:46 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-29 07:15:46 ----A---- C:\WINDOWS\notepad.exe
2008-10-29 07:15:45 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-29 07:15:45 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-29 07:15:42 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2008-10-29 07:15:41 ----RA---- C:\WINDOWS\SET7.tmp
2008-10-29 07:15:37 ----RA---- C:\WINDOWS\SET3.tmp
2008-10-29 07:15:32 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 07:15:32 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-29 07:15:26 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-29 07:15:11 ----A---- C:\WINDOWS\setuplog.txt
2008-10-29 07:15:09 ----D---- C:\Documents and Settings
2008-10-29 07:14:22 ----RASH---- C:\boot.ini
2008-10-29 07:10:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-29 07:10:56 ----RSD---- C:\WINDOWS\Fonts
2008-10-29 07:10:56 ----RD---- C:\WINDOWS\Web
2008-10-29 07:10:56 ----HD---- C:\WINDOWS\inf
2008-10-29 07:10:56 ----D---- C:\WINDOWS\WinSxS
2008-10-29 07:10:56 ----D---- C:\WINDOWS\twain_32
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\wins
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\wbem
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\usmt
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\spool
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\Setup
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\ras
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\oobe
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\npp
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\mui
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\IME
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\icsxml
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\ias
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\export
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\dhcp
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\config
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\3076
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\2052
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1054
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1042
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1041
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1037
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1033
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1031
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1028
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32\1025
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system32
2008-10-29 07:10:56 ----D---- C:\WINDOWS\system
2008-10-29 07:10:56 ----D---- C:\WINDOWS\security
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Resources
2008-10-29 07:10:56 ----D---- C:\WINDOWS\repair
2008-10-29 07:10:56 ----D---- C:\WINDOWS\mui
2008-10-29 07:10:56 ----D---- C:\WINDOWS\msapps
2008-10-29 07:10:56 ----D---- C:\WINDOWS\msagent
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Media
2008-10-29 07:10:56 ----D---- C:\WINDOWS\java
2008-10-29 07:10:56 ----D---- C:\WINDOWS\ime
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Help
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Driver Cache
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Debug
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Cursors
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Connection Wizard
2008-10-29 07:10:56 ----D---- C:\WINDOWS\Config
2008-10-29 07:10:56 ----D---- C:\WINDOWS\AppPatch
2008-10-29 07:10:56 ----D---- C:\WINDOWS\addins
2008-10-29 07:10:56 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2008-10-30 18:12:41 ----A---- C:\WINDOWS\win.ini
2008-10-30 18:08:25 ----RASH---- C:\NTDETECT.COM
2008-10-29 07:15:58 ----A---- C:\WINDOWS\system.ini
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-09-23 3331072]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-06 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-06 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-06-16 61157]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-06 37048]
R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-09-23 581632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-30 152984]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-23 593920]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.04 2008-11-04 09:02:29

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Hosts File======

221.135.111.121 Download.McAfee.com
221.135.111.121 Download.McAfee.com

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
Akia
Active Member
 
Posts: 5
Joined: October 30th, 2008, 5:11 pm

Re: Zlob.DNSChanger - Unable to remove

Unread postby silver » November 4th, 2008, 6:56 pm

Hi Akia,

I'm glad you got the DNS hijack resolved. It's very likely that the reason malware was able to change your router settings is because the default password was left in place, it's important to change the router password to prevent this kind of access. This is not a difficult process, please see the router manual for further information.

------------------------------------------------------------------------

It appears that you have removed your antivirus program. Without antivirus software your computer is very vulnerable and can easily be infected at any time so it it is essential you have one active at all times.

McAfee is an excellent package, alternatively there are several free packages available, two of the most popular are here:
Antivir: http://www.free-av.com/
Avast!: http://www.avast.com/eng/download-avast-home.html

If you have no antivirus program then please install one immediately, update the definitions and set it to update automatically.

Please ensure you have one antivirus program installed before continuing

------------------------------------------------------------------------

Then, open HijackThis, choose Do a system scan only and place a checkmark next to the following line:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------

Please click this link to open Kaspersky Online Scanner:
http://www.kaspersky.com/kos/eng/partne ... bscan.html

Press on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Click on the Save Report As... button.
  • Change the file type to Text file (*.txt), type a filename such as kaspersky and save it to your Desktop
  • Post the contents of the report in your next response.

------------------------------------------------------------------------

Once complete, please post the Kaspersky report and a new HijackThis log.
Also, let me know how your machine is running now.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob.DNSChanger - Unable to remove

Unread postby Akia » November 5th, 2008, 4:41 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 5, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 05, 2008 05:56:06
Records in database: 1369843
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 29886
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:12:59

No malware has been detected. The scan area is clean.

The selected area was scanned.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:46 AM, on 11/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unrelenting-guild.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 221.135.111.121 Download.McAfee.com
O1 - Hosts: 221.135.111.121 Download.McAfee.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 5371712125
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4133 bytes
Akia
Active Member
 
Posts: 5
Joined: October 30th, 2008, 5:11 pm

Re: Zlob.DNSChanger - Unable to remove

Unread postby silver » November 5th, 2008, 8:32 am

The reports look pretty good, how is your machine running now?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob.DNSChanger - Unable to remove

Unread postby Akia » November 5th, 2008, 9:17 am

Everything seems fine now. :D Thank you VERY much for your help.
Akia
Active Member
 
Posts: 5
Joined: October 30th, 2008, 5:11 pm

Re: Zlob.DNSChanger - Unable to remove

Unread postby silver » November 5th, 2008, 8:00 pm

Hi,

Some important final steps:

Please now delete rsit.exe, fsbl.exe and any remaining logs from your Desktop, also delete this folder:
C:\rsit


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

------------------------------------------------------------------------

If the above went well, I think your machine is clean of malware :) here are some tips to help you keep it that way:

You have a good antivirus program installed, however I recommend you install antispyware software with real-time capabilities - this means it protects you from system changes and spyware while you are working, not just removing malware after it has been installed. There are a range of paid-for and free packages available, a free one I can recommend is Windows Defender, available here:
http://www.microsoft.com/athome/securit ... fault.mspx

I recommend you install a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
Also: subscribe to the mailing list to get update notifications.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins or ActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Zlob.DNSChanger - Unable to remove

Unread postby Akia » November 6th, 2008, 6:17 am

Thank you very much :D I can't say how much I appreciate the time you spent to help. I created a new system restore point, and will look in to the links you have posted here as well today.

Have a great day :D

Many thanks,
Kirsta
Akia
Active Member
 
Posts: 5
Joined: October 30th, 2008, 5:11 pm

Re: Zlob.DNSChanger - Unable to remove

Unread postby silver » November 6th, 2008, 6:35 am

You're most welcome Kirsta and best of luck :)



This topic is now closed
We are pleased to have been of assistance in getting you clean.

If you have been helped and wish to donate with the costs of this volunteer site, you can do so using this link
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware