Thread: Hello from New Zealand everyone
View Single Post
Old 08-11-2006, 03:19 PM   #45 (permalink)
Download Junkie
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: Combofix,Kaspersky, HJT results
Hi Ried,
I had a problem with the combofix from http://www.techsupportforum.com/sectools/combofix.exe. it downloaded ok but came up error and needs to close sorry for the inconvinence, blah blah
It was also a smaller file than the one I got from http://download.bleepingcomputer.com/sUBs/combofix.exe which worked fine

Any way Here are the logs you asked for I've put them in the attachment named Combofix1
Cheers,
Download Junkie.

Start Time= 06-08-11 20:50:57.29
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 22:35:22 92160 ( A.... ) "C:\WINDOWS\system32\winrestores.exe"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-10 17:30:32 ( .D... ) "C:\Program Files\Ascentive"
2006-08-10 12:50:16 33934 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 13:03:24 2080128 ( A.... ) "C:\WINDOWS\system32\kernel1.exe"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-02 18:53:38 ( .D... ) "C:\Program Files\Screensavers.com"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 21:32:36 ( .D... ) "C:\Program Files\Security Stronghold"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-27 05:48:42 0 ( A.... ) "C:\WINDOWS\system32\qghumeay.dll"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-18 13:14:24 18359 ( A.... ) "C:\WINDOWS\system32\Ntaccess.sys"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-10 22:31 92,160 C:\WINDOWS\system32\winrestores.exe
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-10 17:30 143,360 C:\WINDOWS\system32\ConTest.dll
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 21:26 479,232 C:\WINDOWS\system32\Solar
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-31 20:18 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-31 20:18 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-31 10:43 6,694 C:\WINDOWS\system32\.exe
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 11:14 0 C:\WINDOWS\system32\qghumeay.dll
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"ActiveSpeed"="C:\\Program Files\\Ascentive\\ActiveSpeed\\AS.exe -b"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"
"VCS Host"="vcshost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"
"VCS Host"="vcshost.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: 06-08-11 20:51:05.28
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

-----------------------------

KASPERSKY ONLINE SCANNER REPORT
06-08-12 05:52
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/08/2006
Kaspersky Anti-Virus database records: 214056
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 76103
Number of viruses found: 14
Number of infected objects: 28 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:53

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\winrestores.exe Infected: Backdoor.Win32.Rbot.gen skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/SpyRename.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Stevz Comp\Stuff\kmd.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
E:\Stevz Comp\Stuff\kmd.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Stevz Comp\Stuff\kmd.exe/data0007/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped
E:\Stevz Comp\Stuff\kmd.exe/data0007/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\Stevz Comp\Stuff\kmd.exe/data0007 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\Stevz Comp\Stuff\kmd.exe Inno: infected - 14 skipped
E:\Stevz Comp\bootskins\theearthedition.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Stevz Comp\bootskins\theearthedition.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
E:\Stevz Comp\bootskins\theearthedition.exe WiseSFX: infected - 2 skipped
E:\Stevz Comp\bootskins\theearthedition.exe WiseSFX Dropper: infected - 2 skipped
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\89QZSPMR\script[1].htm.pvaa.dkb Infected: Exploit.HTML.Mht skipped
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\SLEZK5AZ\popup[1].php.pvaa.dkb/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\SLEZK5AZ\popup[1].php.pvaa.dkb GZIP: infected - 1 skipped

-----------------------------

Logfile of HijackThis v1.99.1
Scan saved at 05:54, on 06-08-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestores.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestores.exe
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestores.exe
O4 - Startup: DataKeeper.lnk = C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Attached Files
File Type: zip ComboFix1.zip (12.4 KB, 2 views)
Last edited by Ried; 08-11-2006 at 08:42 PM.
Download Junkie is offline