Thread: Virus:Trj/Jupillites.G
View Single Post
Old 10-14-2006, 01:11 AM   #3 (permalink)
quaa
Registered User
 
Join Date: Jan 2006
Posts: 20
OS: XP HOME


1. The contents of C:\ComboFix.txt,

Owner - 06-10-13 19:11:53.26 Service Pack 1
ComboFix 06.10.14 - Running from: "C:\Documents and Settings\Owner\Desktop\XPFIX\new"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\csvhost.exe
C:\WINDOWS\Eim03.exe
C:\WINDOWS\justin.exe
C:\WINDOWS\MirarSetup_876075.exe
C:\WINDOWS\offun.exe
C:\WINDOWS\RDFX4.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\uni_ehhhh.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\system32\adrotate.dll
C:\WINDOWS\system32\scmt16.exe
C:\WINDOWS\system32\WinNB58.dll
C:\Program Files\Common Files\misc002
C:\Program Files\batty2
C:\Program Files\cmfibula
C:\Program Files\PSLister
C:\WINDOWS\system32\crunner
C:\Program Files\Common Files\{BC9E7CA7-0701-1033-1122-010928000001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-13 to 2006-10-13 ))))))))))))))))))))))))))))))))))


2006-10-13 18:58 3,968 --a------ C:\WINDOWS\SYSTEM32\drivers\AvgAsCln.sys
2006-10-13 18:49 67,584 --a------ C:\WINDOWS\SYSTEM32\magnify.exe
2006-10-13 18:49 53,760 --a------ C:\WINDOWS\SYSTEM32\cryptsvc.dll
2006-10-13 18:49 51,200 --a------ C:\WINDOWS\SYSTEM32\narrator.exe
2006-10-13 18:49 238,080 --a------ C:\WINDOWS\SYSTEM32\newdev.dll
2006-10-13 18:49 212,480 --a------ C:\WINDOWS\SYSTEM32\osk.exe
2006-10-13 18:49 179,200 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2006-10-13 18:48 50,176 --a------ C:\WINDOWS\SYSTEM32\dpwsockx.dll
2006-10-13 18:48 214,528 --a------ C:\WINDOWS\SYSTEM32\dplayx.dll
2006-10-13 18:47 831,519 --a------ C:\WINDOWS\SYSTEM32\mswdat10.dll
2006-10-13 18:47 614,431 --a------ C:\WINDOWS\SYSTEM32\mswstr10.dll
2006-10-13 18:47 552,989 --a------ C:\WINDOWS\SYSTEM32\msrepl40.dll
2006-10-13 18:47 53,279 --a------ C:\WINDOWS\SYSTEM32\msjter40.dll
2006-10-13 18:47 512,029 --a------ C:\WINDOWS\SYSTEM32\msexch40.dll
2006-10-13 18:47 421,919 --a------ C:\WINDOWS\SYSTEM32\msrd2x40.dll
2006-10-13 18:47 380,957 --a------ C:\WINDOWS\SYSTEM32\expsrv.dll
2006-10-13 18:47 358,976 --------- C:\WINDOWS\SYSTEM32\msjetoledb40.dll
2006-10-13 18:47 348,189 --a------ C:\WINDOWS\SYSTEM32\msxbde40.dll
2006-10-13 18:47 348,189 --a------ C:\WINDOWS\SYSTEM32\mspbde40.dll
2006-10-13 18:47 319,517 --a------ C:\WINDOWS\SYSTEM32\msexcl40.dll
2006-10-13 18:47 315,423 --a------ C:\WINDOWS\SYSTEM32\msrd3x40.dll
2006-10-13 18:47 30,749 --a------ C:\WINDOWS\SYSTEM32\vbajet32.dll
2006-10-13 18:47 258,077 --a------ C:\WINDOWS\SYSTEM32\mstext40.dll
2006-10-13 18:47 241,693 --a------ C:\WINDOWS\SYSTEM32\msjtes40.dll
2006-10-13 18:47 213,023 --a------ C:\WINDOWS\SYSTEM32\msltus40.dll
2006-10-13 18:47 151,583 --a------ C:\WINDOWS\SYSTEM32\msjint40.dll
2006-10-13 18:47 1,507,356 --a------ C:\WINDOWS\SYSTEM32\msjet40.dll
2006-10-13 18:46 32,256 --a------ C:\WINDOWS\SYSTEM32\msgsvc.dll
2006-10-13 18:41 260,096 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2006-10-13 18:41 172,544 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-10-13 18:41 10,752 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2006-10-13 17:51 991,232 --a------ C:\WINDOWS\SYSTEM32\esent.dll
2006-10-13 17:24 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-10-13 16:39 9,216 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-10-13 16:39 88,064 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2006-10-13 16:39 86,528 --a------ C:\WINDOWS\SYSTEM32\wlnotify.dll
2006-10-13 16:39 86,016 --a------ C:\WINDOWS\SYSTEM32\xactsrv.dll
2006-10-13 16:39 82,944 --a------ C:\WINDOWS\SYSTEM32\smlogsvc.exe
2006-10-13 16:39 81,920 --a------ C:\WINDOWS\SYSTEM32\trkwks.dll
2006-10-13 16:39 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpstub.exe
2006-10-13 16:39 77,824 --a------ C:\WINDOWS\SYSTEM32\wmpshell.dll
2006-10-13 16:39 72,192 --------- C:\WINDOWS\SYSTEM32\telnet.exe
2006-10-13 16:39 71,168 --------- C:\WINDOWS\SYSTEM32\storprop.dll
2006-10-13 16:39 667,648 --a------ C:\WINDOWS\SYSTEM32\ss3dfo.scr
2006-10-13 16:39 66,560 --a------ C:\WINDOWS\SYSTEM32\spoolss.dll
2006-10-13 16:39 638,976 --a------ C:\WINDOWS\SYSTEM32\sstext3d.scr
2006-10-13 16:39 63,488 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2006-10-13 16:39 61,952 --a------ C:\WINDOWS\SYSTEM32\sti.dll
2006-10-13 16:39 60,416 --a------ C:\WINDOWS\SYSTEM32\wextract.exe
2006-10-13 16:39 569,344 --a------ C:\WINDOWS\SYSTEM32\sspipes.scr
2006-10-13 16:39 56,832 --a------ C:\WINDOWS\SYSTEM32\wzcdlg.dll
2006-10-13 16:39 534,016 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2006-10-13 16:39 51,200 --a------ C:\WINDOWS\SYSTEM32\wmerrenu.dll
2006-10-13 16:39 48,640 --a------ C:\WINDOWS\SYSTEM32\vdmredir.dll
2006-10-13 16:39 48,128 --a------ C:\WINDOWS\SYSTEM32\winsta.dll
2006-10-13 16:39 479,261 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-13 16:39 47,616 --a------ C:\WINDOWS\SYSTEM32\utilman.exe
2006-10-13 16:39 446,464 --a------ C:\WINDOWS\SYSTEM32\wmvdmoe.dll
2006-10-13 16:39 442,398 --a------ C:\WINDOWS\SYSTEM32\wmadmoe.dll
2006-10-13 16:39 43,008 --a------ C:\WINDOWS\SYSTEM32\ssdpsrv.dll
2006-10-13 16:39 409,088 --a------ C:\WINDOWS\SYSTEM32\vssapi.dll
2006-10-13 16:39 40,960 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2006-10-13 16:39 384,000 --a------ C:\WINDOWS\SYSTEM32\themeui.dll
2006-10-13 16:39 38,912 --a------ C:\WINDOWS\SYSTEM32\wsnmp32.dll
2006-10-13 16:39 364,544 --a------ C:\WINDOWS\SYSTEM32\ssflwbox.scr
2006-10-13 16:39 339,456 --a------ C:\WINDOWS\SYSTEM32\usp10.dll
2006-10-13 16:39 334,848 --a------ C:\WINDOWS\SYSTEM32\smlogcfg.dll
2006-10-13 16:39 32,256 --a------ C:\WINDOWS\SYSTEM32\umandlg.dll
2006-10-13 16:39 316,416 --a------ C:\WINDOWS\SYSTEM32\wiaservc.dll
2006-10-13 16:39 311,327 --a------ C:\WINDOWS\SYSTEM32\wmv8dmod.dll
2006-10-13 16:39 296,448 --a------ C:\WINDOWS\SYSTEM32\wmstream.dll
2006-10-13 16:39 294,912 --a------ C:\WINDOWS\SYSTEM32\wmvdmod.dll
2006-10-13 16:39 274,432 --a------ C:\WINDOWS\SYSTEM32\wmasf.dll
2006-10-13 16:39 27,136 --a------ C:\WINDOWS\SYSTEM32\ssdpapi.dll
2006-10-13 16:39 266,752 --a------ C:\WINDOWS\winhlp32.exe
2006-10-13 16:39 264,704 --a------ C:\WINDOWS\SYSTEM32\wzcsvc.dll
2006-10-13 16:39 258,048 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-13 16:39 253,952 --a------ C:\WINDOWS\SYSTEM32\wmpcd.dll
2006-10-13 16:39 253,952 --a------ C:\WINDOWS\SYSTEM32\wmnetmgr.dll
2006-10-13 16:39 251,904 --a------ C:\WINDOWS\SYSTEM32\strmdll.dll
2006-10-13 16:39 231,424 --a------ C:\WINDOWS\SYSTEM32\upnpui.dll
2006-10-13 16:39 23,552 --------- C:\WINDOWS\SYSTEM32\wzcsapi.dll
2006-10-13 16:39 22,016 --a------ C:\WINDOWS\SYSTEM32\udhisapi.dll
2006-10-13 16:39 203,264 --a------ C:\WINDOWS\SYSTEM32\uxtheme.dll
2006-10-13 16:39 200,192 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2006-10-13 16:39 19,456 --a------ C:\WINDOWS\SYSTEM32\ssmarque.scr
2006-10-13 16:39 184,320 --a------ C:\WINDOWS\SYSTEM32\wmadmod.dll
2006-10-13 16:39 18,944 --a------ C:\WINDOWS\SYSTEM32\ssbezier.scr
2006-10-13 16:39 172,664 --a------ C:\WINDOWS\SYSTEM32\xenroll.dll
2006-10-13 16:39 171,520 --a------ C:\WINDOWS\SYSTEM32\winmm.dll
2006-10-13 16:39 17,408 --a------ C:\WINDOWS\SYSTEM32\wtsapi32.dll
2006-10-13 16:39 17,408 --a------ C:\WINDOWS\SYSTEM32\ssmyst.scr
2006-10-13 16:39 168,448 --a------ C:\WINDOWS\SYSTEM32\wldap32.dll
2006-10-13 16:39 165,376 --a------ C:\WINDOWS\SYSTEM32\w32time.dll
2006-10-13 16:39 165,376 --a------ C:\WINDOWS\SYSTEM32\tapi32.dll
2006-10-13 16:39 164,864 --a------ C:\WINDOWS\SYSTEM32\upnphost.dll
2006-10-13 16:39 16,896 --a------ C:\WINDOWS\SYSTEM32\snmpapi.dll
2006-10-13 16:39 16,384 --a------ C:\WINDOWS\SYSTEM32\watchdog.sys
2006-10-13 16:39 16,384 --a------ C:\WINDOWS\SYSTEM32\ups.exe
2006-10-13 16:39 158,720 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2006-10-13 16:39 130,560 --a------ C:\WINDOWS\SYSTEM32\sti_ci.dll
2006-10-13 16:39 13,312 --a------ C:\WINDOWS\SYSTEM32\ssstars.scr
2006-10-13 16:39 128,512 --a------ C:\WINDOWS\SYSTEM32\taskmgr.exe
2006-10-13 16:39 124,928 --a------ C:\WINDOWS\SYSTEM32\webvw.dll
2006-10-13 16:39 120,320 --a------ C:\WINDOWS\SYSTEM32\upnp.dll
2006-10-13 16:39 119,808 --a------ C:\WINDOWS\SYSTEM32\wiadss.dll
2006-10-13 16:39 118,784 --a------ C:\WINDOWS\SYSTEM32\wmsdmoe.dll
2006-10-13 16:39 117,760 --a------ C:\WINDOWS\SYSTEM32\stobject.dll
2006-10-13 16:39 110,592 --a------ C:\WINDOWS\SYSTEM32\wmsdmod.dll
2006-10-13 16:39 106,496 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-13 16:39 10,752 --a------ C:\WINDOWS\SYSTEM32\tracert.exe
2006-10-13 16:39 1,998,848 --a------ C:\WINDOWS\SYSTEM32\wmploc.dll
2006-10-13 16:39 1,425,680 --a------ C:\WINDOWS\SYSTEM32\wmpui.dll
2006-10-13 16:39 1,220,608 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-10-13 16:38 98,304 --a------ C:\WINDOWS\SYSTEM32\oleprn.dll
2006-10-13 16:38 95,744 --a------ C:\WINDOWS\SYSTEM32\nlhtml.dll
2006-10-13 16:38 91,136 --a------ C:\WINDOWS\SYSTEM32\rastls.dll
2006-10-13 16:38 87,304 --a------ C:\WINDOWS\SYSTEM32\rdpdd.dll
2006-10-13 16:38 82,944 --a------ C:\WINDOWS\SYSTEM32\psbase.dll
2006-10-13 16:38 8,192 --a------ C:\WINDOWS\SYSTEM32\scrnsave.scr
2006-10-13 16:38 75,912 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2006-10-13 16:38 74,240 --a------ C:\WINDOWS\SYSTEM32\rtcshare.exe
2006-10-13 16:38 71,168 --a------ C:\WINDOWS\SYSTEM32\sdbinst.exe
2006-10-13 16:38 686,080 --a------ C:\WINDOWS\SYSTEM32\opengl32.dll
2006-10-13 16:38 66,048 --a------ C:\WINDOWS\SYSTEM32\sigverif.exe
2006-10-13 16:38 62,976 --a------ C:\WINDOWS\SYSTEM32\shgina.dll
2006-10-13 16:38 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccu32.dll
2006-10-13 16:38 61,440 --a------ C:\WINDOWS\SYSTEM32\odbccr32.dll
2006-10-13 16:38 60,416 --a------ C:\WINDOWS\SYSTEM32\shimeng.dll
2006-10-13 16:38 6,912 --------- C:\WINDOWS\SYSTEM32\drivers\hidir.sys
2006-10-13 16:38 6,144 --a------ C:\WINDOWS\SYSTEM32\sensapi.dll
2006-10-13 16:38 58,880 --a------ C:\WINDOWS\SYSTEM32\pautoenr.dll
2006-10-13 16:38 57,856 --a------ C:\WINDOWS\SYSTEM32\raschap.dll
2006-10-13 16:38 56,320 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2006-10-13 16:38 53,248 --a------ C:\WINDOWS\SYSTEM32\packager.exe
2006-10-13 16:38 53,248 --a------ C:\WINDOWS\SYSTEM32\odbcconf.exe
2006-10-13 16:38 52,224 --a------ C:\WINDOWS\SYSTEM32\secur32.dll
2006-10-13 16:38 511,488 --a------ C:\WINDOWS\SYSTEM32\qedit.dll
2006-10-13 16:38 504,832 --------- C:\WINDOWS\SYSTEM32\msftedit.dll
2006-10-13 16:38 5,504 --------- C:\WINDOWS\SYSTEM32\drivers\smbali.sys
2006-10-13 16:38 5,120 --------- C:\WINDOWS\SYSTEM32\hccoin.dll
2006-10-13 16:38 49,152 --a------ C:\WINDOWS\SYSTEM32\npptools.dll
2006-10-13 16:38 48,128 --a------ C:\WINDOWS\SYSTEM32\reg.exe
2006-10-13 16:38 44,032 --a------ C:\WINDOWS\SYSTEM32\regapi.dll
2006-10-13 16:38 44,032 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2006-10-13 16:38 423,424 --a------ C:\WINDOWS\SYSTEM32\riched20.dll
2006-10-13 16:38 420,864 --a------ C:\WINDOWS\SYSTEM32\shimgvw.dll
2006-10-13 16:38 403,456 --------- C:\WINDOWS\SYSTEM32\winbrand.dll
2006-10-13 16:38 392,704 --a------ C:\WINDOWS\SYSTEM32\ntmssvc.dll
2006-10-13 16:38 38,400 --a------ C:\WINDOWS\SYSTEM32\ntmsapi.dll
2006-10-13 16:38 38,400 --a------ C:\WINDOWS\SYSTEM32\ntlanman.dll
2006-10-13 16:38 36,463 --------- C:\WINDOWS\SYSTEM32\drivers\atintuxx.sys
2006-10-13 16:38 36,352 --a------ C:\WINDOWS\SYSTEM32\sens.dll
2006-10-13 16:38 357,376 --a------ C:\WINDOWS\SYSTEM32\qdvd.dll
2006-10-13 16:38 34,735 --------- C:\WINDOWS\SYSTEM32\drivers\atinxsxx.sys
2006-10-13 16:38 34,304 --a------ C:\WINDOWS\SYSTEM32\rcimlby.exe
2006-10-13 16:38 33,280 --a------ C:\WINDOWS\SYSTEM32\shmgrate.exe
2006-10-13 16:38 32,768 --a------ C:\WINDOWS\SYSTEM32\odbcad32.exe
2006-10-13 16:38 31,744 --------- C:\WINDOWS\SYSTEM32\pid.dll
2006-10-13 16:38 3,584 --------- C:\WINDOWS\SYSTEM32\dsprpres.dll
2006-10-13 16:38 3,338 --a------ C:\WINDOWS\SYSTEM32\redir.exe
2006-10-13 16:38 297,984 --a------ C:\WINDOWS\SYSTEM32\scesrv.dll
2006-10-13 16:38 29,455 --------- C:\WINDOWS\SYSTEM32\drivers\atinxbxx.sys
2006-10-13 16:38 254,976 --a------ C:\WINDOWS\SYSTEM32\pdh.dll
2006-10-13 16:38 24,576 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-10-13 16:38 24,064 --a------ C:\WINDOWS\SYSTEM32\skeys.exe
2006-10-13 16:38 22,528 --a------ C:\WINDOWS\SYSTEM32\slayerxp.dll
2006-10-13 16:38 22,528 --a------ C:\WINDOWS\SYSTEM32\shfolder.dll
2006-10-13 16:38 218,112 --------- C:\WINDOWS\SYSTEM32\sbe.dll
2006-10-13 16:38 20,992 --a------ C:\WINDOWS\SYSTEM32\setup.exe
2006-10-13 16:38 193,536 --a------ C:\WINDOWS\SYSTEM32\rasppp.dll
2006-10-13 16:38 19,328 --------- C:\WINDOWS\SYSTEM32\drivers\usbehci.sys
2006-10-13 16:38 187,904 --------- C:\WINDOWS\SYSTEM32\xpsp1res.dll
2006-10-13 16:38 184,832 --a------ C:\WINDOWS\SYSTEM32\qcap.dll
2006-10-13 16:38 18,944 --------- C:\WINDOWS\SYSTEM32\faxpatch.exe
2006-10-13 16:38 174,592 --a------ C:\WINDOWS\SYSTEM32\scecli.dll
2006-10-13 16:38 172,032 --------- C:\WINDOWS\SYSTEM32\mssap.dll
2006-10-13 16:38 171,008 --a------ C:\WINDOWS\SYSTEM32\sccsccp.dll
2006-10-13 16:38 17,408 --a------ C:\WINDOWS\SYSTEM32\psapi.dll
2006-10-13 16:38 169,984 --a------ C:\WINDOWS\SYSTEM32\sccbase.dll
2006-10-13 16:38 165,888 --a------ C:\WINDOWS\SYSTEM32\ntmsdba.dll
2006-10-13 16:38 16,384 --a------ C:\WINDOWS\SYSTEM32\ping.exe
2006-10-13 16:38 16,384 --a------ C:\WINDOWS\SYSTEM32\odbc32gt.dll
2006-10-13 16:38 155,648 --a------ C:\WINDOWS\SYSTEM32\encdec.dll
2006-10-13 16:38 147,456 --a------ C:\WINDOWS\SYSTEM32\odbctrac.dll
2006-10-13 16:38 14,848 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2006-10-13 16:38 137,216 --a------ C:\WINDOWS\SYSTEM32\ntshrui.dll
2006-10-13 16:38 135,680 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2006-10-13 16:38 134,144 --------- C:\WINDOWS\regedit.exe
2006-10-13 16:38 133,632 --a------ C:\WINDOWS\SYSTEM32\rsaenh.dll
2006-10-13 16:38 133,120 --a------ C:\WINDOWS\SYSTEM32\sfc_os.dll
2006-10-13 16:38 13,824 --a------ C:\WINDOWS\SYSTEM32\rassapi.dll
2006-10-13 16:38 13,056 --------- C:\WINDOWS\SYSTEM32\drivers\wacompen.sys
2006-10-13 16:38 122,880 --a------ C:\WINDOWS\SYSTEM32\odbcconf.dll
2006-10-13 16:38 12,800 --a------ C:\WINDOWS\SYSTEM32\runonce.exe
2006-10-13 16:38 12,288 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2006-10-13 16:38 12,288 --a------ C:\WINDOWS\SYSTEM32\odbcp32r.dll
2006-10-13 16:38 12,288 --------- C:\WINDOWS\SYSTEM32\encapi.dll
2006-10-13 16:38 112,128 --a------ C:\WINDOWS\SYSTEM32\ntmarta.dll
2006-10-13 16:38 110,080 --------- C:\WINDOWS\SYSTEM32\sbeio.dll
2006-10-13 16:38 11,904 --------- C:\WINDOWS\SYSTEM32\drivers\mutohpen.sys
2006-10-13 16:38 11,776 --a------ C:\WINDOWS\SYSTEM32\sigtab.dll
2006-10-13 16:38 109,568 --a------ C:\WINDOWS\SYSTEM32\offfilt.dll
2006-10-13 16:38 1,677,312 --------- C:\WINDOWS\SYSTEM32\wmvcore2.dll
2006-10-13 16:38 1,350,144 --a------ C:\WINDOWS\SYSTEM32\query.dll
2006-10-13 16:38 1,158,656 --a------ C:\WINDOWS\SYSTEM32\quartz.dll
2006-10-13 16:38 1,157,632 --a------ C:\WINDOWS\SYSTEM32\sfcfiles.dll
2006-10-13 16:37 921,475 --------- C:\WINDOWS\SYSTEM32\ati3d2ag.dll
2006-10-13 16:37 91,136 --a------ C:\WINDOWS\SYSTEM32\MSOERT2.DLL
2006-10-13 16:37 857,600 --a------ C:\WINDOWS\SYSTEM32\netplwiz.dll
2006-10-13 16:37 844,675 --------- C:\WINDOWS\SYSTEM32\ati3d1ag.dll
2006-10-13 16:37 78,848 --a------ C:\WINDOWS\SYSTEM32\msiexec.exe
2006-10-13 16:37 72,192 --a------ C:\WINDOWS\SYSTEM32\uniime.dll
2006-10-13 16:37 699,392 --a------ C:\WINDOWS\SYSTEM32\msxml2.dll
2006-10-13 16:37 68,608 --a------ C:\WINDOWS\SYSTEM32\mscms.dll
2006-10-13 16:37 67,584 --a------ C:\WINDOWS\SYSTEM32\msctfp.dll
2006-10-13 16:37 65,536 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-10-13 16:37 63,663 --------- C:\WINDOWS\SYSTEM32\drivers\atinrvxx.sys
2006-10-13 16:37 6,656 --a------ C:\WINDOWS\SYSTEM32\laprxy.dll
2006-10-13 16:37 598,016 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2006-10-13 16:37 584,192 --a------ C:\WINDOWS\SYSTEM32\netcfgx.dll
2006-10-13 16:37 57,856 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2006-10-13 16:37 56,591 --------- C:\WINDOWS\SYSTEM32\drivers\atinbtxx.sys
2006-10-13 16:37 56,320 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-13 16:37 504,320 --a------ C:\WINDOWS\SYSTEM32\logonui.exe
2006-10-13 16:37 450,176 --------- C:\WINDOWS\SYSTEM32\drivers\ati2mtag.sys
2006-10-13 16:37 42,496 --a------ C:\WINDOWS\SYSTEM32\ncobjapi.dll
2006-10-13 16:37 401,462 --a------ C:\WINDOWS\SYSTEM32\msvcp60.dll
2006-10-13 16:37 4,608 --a------ C:\WINDOWS\SYSTEM32\msimg32.dll
2006-10-13 16:37 4,126 --a------ C:\WINDOWS\SYSTEM32\msdxmlc.dll
2006-10-13 16:37 399,360 --a------ C:\WINDOWS\SYSTEM32\netlogon.dll
2006-10-13 16:37 39,424 --a------ C:\WINDOWS\SYSTEM32\net.exe
2006-10-13 16:37 388,608 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2006-10-13 16:37 381,440 --a------ C:\WINDOWS\SYSTEM32\lmrt.dll
2006-10-13 16:37 377,984 --------- C:\WINDOWS\SYSTEM32\ati2dvaa.dll
2006-10-13 16:37 368,710 --a------ C:\WINDOWS\SYSTEM32\msisam11.dll
2006-10-13 16:37 339,968 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-10-13 16:37 327,040 --------- C:\WINDOWS\SYSTEM32\drivers\ati2mtaa.sys
2006-10-13 16:37 326,656 --------- C:\WINDOWS\SYSTEM32\netsetup.exe
2006-10-13 16:37 323,072 --a------ C:\WINDOWS\SYSTEM32\msvcrt.dll
2006-10-13 16:37 32,256 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-10-13 16:37 319,760 --a------ C:\WINDOWS\SYSTEM32\msnsspc.dll
2006-10-13 16:37 30,671 --------- C:\WINDOWS\SYSTEM32\drivers\atinraxx.sys
2006-10-13 16:37 271,360 --a------ C:\WINDOWS\SYSTEM32\msihnd.dll
2006-10-13 16:37 266,752 --a------ C:\WINDOWS\SYSTEM32\msctf.dll
2006-10-13 16:37 26,367 --------- C:\WINDOWS\SYSTEM32\drivers\atinsnxx.sys
2006-10-13 16:37 245,760 --a------ C:\WINDOWS\SYSTEM32\msscp.dll
2006-10-13 16:37 241,725 --a------ C:\WINDOWS\SYSTEM32\msuni11.dll
2006-10-13 16:37 24,576 --a------ C:\WINDOWS\SYSTEM32\logagent.exe
2006-10-13 16:37 233,472 --a------ C:\WINDOWS\SYSTEM32\mpg4dmod.dll
2006-10-13 16:37 230,400 --a------ C:\WINDOWS\SYSTEM32\msieftp.dll
2006-10-13 16:37 229,376 --a------ C:\WINDOWS\SYSTEM32\MSOEACCT.DLL
2006-10-13 16:37 22,528 --a------ C:\WINDOWS\SYSTEM32\mslbui.dll
2006-10-13 16:37 219,648 --a------ C:\WINDOWS\SYSTEM32\logon.scr
2006-10-13 16:37 210,944 --a------ C:\WINDOWS\SYSTEM32\moricons.dll
2006-10-13 16:37 21,343 --------- C:\WINDOWS\SYSTEM32\drivers\atinttxx.sys
2006-10-13 16:37 202,496 --------- C:\WINDOWS\SYSTEM32\ati2dvag.dll
2006-10-13 16:37 2,890,240 --a------ C:\WINDOWS\SYSTEM32\msi.dll
2006-10-13 16:37 196,096 --a------ C:\WINDOWS\SYSTEM32\mobsync.dll
2006-10-13 16:37 192,512 --a------ C:\WINDOWS\SYSTEM32\mswebdvd.dll
2006-10-13 16:37 19,456 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-13 16:37 182,784 --a------ C:\WINDOWS\SYSTEM32\msutb.dll
2006-10-13 16:37 175,104 --a------ C:\WINDOWS\SYSTEM32\mspmsp.dll
2006-10-13 16:37 174,592 --a------ C:\WINDOWS\SYSTEM32\msnetobj.dll
2006-10-13 16:37 163,840 --a------ C:\WINDOWS\SYSTEM32\mindex.dll
2006-10-13 16:37 143,872 --a------ C:\WINDOWS\SYSTEM32\msimtf.dll
2006-10-13 16:37 131,072 --a------ C:\WINDOWS\SYSTEM32\msorcl32.dll
2006-10-13 16:37 12,288 --a------ C:\WINDOWS\SYSTEM32\mscpx32r.dll
2006-10-13 16:37 12,047 --------- C:\WINDOWS\SYSTEM32\drivers\atinpdxx.sys
2006-10-13 16:37 116,736 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-10-13 16:37 115,200 --a------ C:\WINDOWS\SYSTEM32\net1.exe
2006-10-13 16:37 113,664 --a------ C:\WINDOWS\SYSTEM32\msvfw32.dll
2006-10-13 16:37 11,615 --------- C:\WINDOWS\SYSTEM32\drivers\atinmdxx.sys
2006-10-13 16:37 10,240 --a------ C:\WINDOWS\SYSTEM32\msrle32.dll
2006-10-13 16:37 10,240 --a------ C:\WINDOWS\SYSTEM32\localui.dll
2006-10-13 16:37 1,622,528 --a------ C:\WINDOWS\SYSTEM32\netshell.dll
2006-10-13 16:37 1,220,608 --a------ C:\WINDOWS\SYSTEM32\msvidctl.dll
2006-10-13 16:37 1,128,960 --a------ C:\WINDOWS\SYSTEM32\mmcndmgr.dll
2006-10-13 16:36 827,438 --a------ C:\WINDOWS\SYSTEM32\imjp81k.dll
2006-10-13 16:36 42,537 --a------ C:\WINDOWS\SYSTEM32\keyboard.sys
2006-10-13 16:35 98,816 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-10-13 16:35 94,720 --a------ C:\WINDOWS\SYSTEM32\dmusic.dll
2006-10-13 16:35 91,648 --a------ C:\WINDOWS\SYSTEM32\iuctl.dll
2006-10-13 16:35 91,648 --a------ C:\WINDOWS\SYSTEM32\ahui.exe
2006-10-13 16:35 91,136 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-13 16:35 9,216 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2006-10-13 16:35 9,216 --a------ C:\WINDOWS\SYSTEM32\dumprep.exe
2006-10-13 16:35 802,304 --a------ C:\WINDOWS\SYSTEM32\dxmrtp.dll
2006-10-13 16:35 8,832 --a------ C:\WINDOWS\SYSTEM32\framebuf.dll
2006-10-13 16:35 8,192 --------- C:\WINDOWS\SYSTEM32\autolfn.exe
2006-10-13 16:35 786,432 --a------ C:\WINDOWS\SYSTEM32\dxdiag.exe
2006-10-13 16:35 77,312 --a------ C:\WINDOWS\SYSTEM32\dmscript.dll
2006-10-13 16:35 76,830 --a------ C:\WINDOWS\SYSTEM32\drmstor.dll
2006-10-13 16:35 76,288 --a------ C:\WINDOWS\SYSTEM32\dfrgfat.exe
2006-10-13 16:35 76,288 --a------ C:\WINDOWS\SYSTEM32\avifil32.dll
2006-10-13 16:35 74,810 --a------ C:\WINDOWS\SYSTEM32\atl.dll
2006-10-13 16:35 73,728 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-10-13 16:35 71,680 --a------ C:\WINDOWS\SYSTEM32\browsewm.dll
2006-10-13 16:35 70,656 --a------ C:\WINDOWS\SYSTEM32\defrag.exe
2006-10-13 16:35 70,144 --a------ C:\WINDOWS\SYSTEM32\cryptdlg.dll
2006-10-13 16:35 7,168 --a------ C:\WINDOWS\SYSTEM32\fxsperf.dll
2006-10-13 16:35 7,040 --a------ C:\WINDOWS\SYSTEM32\kd1394.dll
2006-10-13 16:35 66,560 --a------ C:\WINDOWS\SYSTEM32\faultrep.dll
2006-10-13 16:35 64,512 --a------ C:\WINDOWS\SYSTEM32\ciodm.dll
2006-10-13 16:35 62,976 --a------ C:\WINDOWS\SYSTEM32\browselc.dll
2006-10-13 16:35 62,464 --a------ C:\WINDOWS\SYSTEM32\adsmsext.dll
2006-10-13 16:35 602,112 --a------ C:\WINDOWS\SYSTEM32\drmv2clt.dll
2006-10-13 16:35 6,656 --a------ C:\WINDOWS\SYSTEM32\fxsres.dll
2006-10-13 16:35 6,656 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2006-10-13 16:35 596,480 --a------ C:\WINDOWS\SYSTEM32\INETCOMM.DLL
2006-10-13 16:35 59,904 --a------ C:\WINDOWS\SYSTEM32\cabinet.dll
2006-10-13 16:35 59,392 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-13 16:35 58,368 --a------ C:\WINDOWS\SYSTEM32\dpvsetup.exe
2006-10-13 16:35 57,344 --a------ C:\WINDOWS\SYSTEM32\dmcompos.dll
2006-10-13 16:35 56,320 --a------ C:\WINDOWS\SYSTEM32\dpnhupnp.dll
2006-10-13 16:35 559,616 --a------ C:\WINDOWS\SYSTEM32\fxsst.dll
2006-10-13 16:35 55,296 --a------ C:\WINDOWS\SYSTEM32\digest.dll
2006-10-13 16:35 54,272 --a------ C:\WINDOWS\SYSTEM32\clusapi.dll
2006-10-13 16:35 51,712 --a------ C:\WINDOWS\SYSTEM32\ipconfig.exe
2006-10-13 16:35 5,120 --a------ C:\WINDOWS\SYSTEM32\asferror.dll
2006-10-13 16:35 498,205 --a------ C:\WINDOWS\SYSTEM32\dxmasf.dll
2006-10-13 16:35 49,664 --a------ C:\WINDOWS\SYSTEM32\ixsso.dll
2006-10-13 16:35 49,152 --a------ C:\WINDOWS\SYSTEM32\eventlog.dll
2006-10-13 16:35 49,152 --a------ C:\WINDOWS\SYSTEM32\browser.dll
2006-10-13 16:35 489,984 --------- C:\WINDOWS\SYSTEM32\dbghelp.dll
2006-10-13 16:35 45,568 --a------ C:\WINDOWS\SYSTEM32\docprop2.dll
2006-10-13 16:35 443,392 --a------ C:\WINDOWS\SYSTEM32\fxsapi.dll
2006-10-13 16:35 41,984 --a------ C:\WINDOWS\SYSTEM32\alg.exe
2006-10-13 16:35 41,472 --a------ C:\WINDOWS\SYSTEM32\cmdl32.exe
2006-10-13 16:35 395,264 --a------ C:\WINDOWS\SYSTEM32\fxsxp32.dll
2006-10-13 16:35 391,168 --a------ C:\WINDOWS\SYSTEM32\fxstiff.dll
2006-10-13 16:35 38,912 --a------ C:\WINDOWS\SYSTEM32\audiosrv.dll
2006-10-13 16:35 36,922 --a------ C:\WINDOWS\SYSTEM32\imeshare.dll
2006-10-13 16:35 35,328 --a------ C:\WINDOWS\SYSTEM32\dfrgsnap.dll
2006-10-13 16:35 324,608 --a------ C:\WINDOWS\SYSTEM32\cmdial32.dll
2006-10-13 16:35 32,768 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2006-10-13 16:35 32,512 --------- C:\WINDOWS\SYSTEM32\drivers\amdk7.sys
2006-10-13 16:35 318,464 --a------ C:\WINDOWS\SYSTEM32\ippromon.dll
2006-10-13 16:35 31,744 --a------ C:\WINDOWS\SYSTEM32\dmloader.dll
2006-10-13 16:35 307,712 --a------ C:\WINDOWS\SYSTEM32\cscui.dll
2006-10-13 16:35 30,208 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-13 16:35 294,912 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-13 16:35 29,696 --a------ C:\WINDOWS\SYSTEM32\dpnhpast.dll
2006-10-13 16:35 28,672 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-13 16:35 28,672 --a------ C:\WINDOWS\SYSTEM32\dbnmpntw.dll
2006-10-13 16:35 271,360 --a------ C:\WINDOWS\SYSTEM32\fxscomex.dll
2006-10-13 16:35 27,648 --------- C:\WINDOWS\SYSTEM32\pidgen.dll
2006-10-13 16:35 266,240 --a------ C:\WINDOWS\SYSTEM32\drmclien.dll
2006-10-13 16:35 263,680 --a------ C:\WINDOWS\SYSTEM32\duser.dll
2006-10-13 16:35 263,168 --a------ C:\WINDOWS\SYSTEM32\devmgr.dll
2006-10-13 16:35 26,112 --a------ C:\WINDOWS\SYSTEM32\dmband.dll
2006-10-13 16:35 253,440 --a------ C:\WINDOWS\SYSTEM32\ddraw.dll
2006-10-13 16:35 250,368 --a------ C:\WINDOWS\SYSTEM32\fxssvc.exe
2006-10-13 16:35 25,600 --a------ C:\WINDOWS\SYSTEM32\dfsshlex.dll
2006-10-13 16:35 240,640 --a------ C:\WINDOWS\SYSTEM32\hnetcfg.dll
2006-10-13 16:35 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsvinn.dll
2006-10-13 16:35 24,576 --a------ C:\WINDOWS\SYSTEM32\dbmsrpcn.dll
2006-10-13 16:35 24,576 --a------ C:\WINDOWS\SYSTEM32\conime.exe
2006-10-13 16:35 24,064 --a------ C:\WINDOWS\SYSTEM32\fxsdrv.dll
2006-10-13 16:35 239,616 --a------ C:\WINDOWS\SYSTEM32\adsnt.dll
2006-10-13 16:35 238,592 --a------ C:\WINDOWS\SYSTEM32\compatui.dll
2006-10-13 16:35 237,056 --a------ C:\WINDOWS\SYSTEM32\icm32.dll
2006-10-13 16:35 236,032 --a------ C:\WINDOWS\SYSTEM32\fxst30.dll
2006-10-13 16:35 227,840 --a------ C:\WINDOWS\SYSTEM32\dsquery.dll
2006-10-13 16:35 22,528 --a------ C:\WINDOWS\SYSTEM32\at.exe
2006-10-13 16:35 216,064 --a------ C:\WINDOWS\SYSTEM32\fxscover.exe
2006-10-13 16:35 206,336 --a------ C:\WINDOWS\SYSTEM32\dpvoice.dll
2006-10-13 16:35 204,288 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-13 16:35 20,992 --a------ C:\WINDOWS\SYSTEM32\fxsext32.dll
2006-10-13 16:35 20,480 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2006-10-13 16:35 20,480 --a------ C:\WINDOWS\SYSTEM32\dbmsadsn.dll
2006-10-13 16:35 19,456 --a------ C:\WINDOWS\SYSTEM32\fontview.exe
2006-10-13 16:35 19,456 --a------ C:\WINDOWS\SYSTEM32\ersvc.dll
2006-10-13 16:35 186,880 --a------ C:\WINDOWS\SYSTEM32\certcli.dll
2006-10-13 16:35 185,856 --a------ C:\WINDOWS\SYSTEM32\fxswzrd.dll
2006-10-13 16:35 180,224 --a------ C:\WINDOWS\SYSTEM32\dwwin.exe
2006-10-13 16:35 179,712 --a------ C:\WINDOWS\SYSTEM32\cewmdm.dll
2006-10-13 16:35 178,688 --a------ C:\WINDOWS\SYSTEM32\eudcedit.exe
2006-10-13 16:35 172,544 --a------ C:\WINDOWS\SYSTEM32\dmime.dll
2006-10-13 16:35 168,960 --a------ C:\WINDOWS\SYSTEM32\dinput8.dll
2006-10-13 16:35 165,376 --a------ C:\WINDOWS\SYSTEM32\els.dll
2006-10-13 16:35 162,816 --a------ C:\WINDOWS\SYSTEM32\adsldp.dll
2006-10-13 16:35 16,384 --a------ C:\WINDOWS\SYSTEM32\ds32gt.dll
2006-10-13 16:35 158,720 --a------ C:\WINDOWS\SYSTEM32\credui.dll
2006-10-13 16:35 156,672 --a------ C:\WINDOWS\SYSTEM32\dpnet.dll
2006-10-13 16:35 151,552 --a------ C:\WINDOWS\SYSTEM32\dinput.dll
2006-10-13 16:35 149,504 --a------ C:\WINDOWS\SYSTEM32\fxsui.dll
2006-10-13 16:35 14,366 --a------ C:\WINDOWS\SYSTEM32\asfsipc.dll
2006-10-13 16:35 139,776 --a------ C:\WINDOWS\SYSTEM32\adsldpc.dll
2006-10-13 16:35 135,680 --a------ C:\WINDOWS\SYSTEM32\dsprop.dll
2006-10-13 16:35 130,048 --a------ C:\WINDOWS\SYSTEM32\fxsclnt.exe
2006-10-13 16:35 13,312 --a------ C:\WINDOWS\SYSTEM32\ctfmon.exe
2006-10-13 16:35 126,976 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-13 16:35 124,928 --a------ C:\WINDOWS\SYSTEM32\dssenh.dll
2006-10-13 16:35 123,904 --a------ C:\WINDOWS\SYSTEM32\imapi.exe
2006-10-13 16:35 115,712 --a------ C:\WINDOWS\SYSTEM32\apphelp.dll
2006-10-13 16:35 115,200 --a------ C:\WINDOWS\SYSTEM32\dpcdll.dll
2006-10-13 16:35 114,176 --a------ C:\WINDOWS\SYSTEM32\input.dll
2006-10-13 16:35 113,152 --a------ C:\WINDOWS\SYSTEM32\idq.dll
2006-10-13 16:35 113,152 --a------ C:\WINDOWS\SYSTEM32\dfrgui.dll
2006-10-13 16:35 110,080 --a------ C:\WINDOWS\SYSTEM32\dmstyle.dll
2006-10-13 16:35 103,936 --a------ C:\WINDOWS\SYSTEM32\imm32.dll
2006-10-13 16:35 103,424 --a------ C:\WINDOWS\SYSTEM32\dgnet.dll
2006-10-13 16:35 1,180,672 --a------ C:\WINDOWS\SYSTEM32\d3d8.dll
2006-10-13 16:35 1,004,032 --a------ C:\WINDOWS\explorer.exe
2006-10-13 16:20 593,408 --a------ C:\WINDOWS\SYSTEM32\h323msp.dll
2006-10-13 16:20 548,352 --a------ C:\WINDOWS\SYSTEM32\rtcdll.dll
2006-10-13 16:20 439,808 --a------ C:\WINDOWS\SYSTEM32\ipnathlp.dll
2006-10-13 16:20 36,864 --a------ C:\WINDOWS\SYSTEM32\mf3216.dll
2006-10-13 16:18 68,608 --a------ C:\WINDOWS\SYSTEM32\locator.exe
2006-10-13 16:17 974,336 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2006-10-13 16:17 97,280 --a------ C:\WINDOWS\SYSTEM32\txflog.dll
2006-10-13 16:17 535,552 --a------ C:\WINDOWS\SYSTEM32\rpcrt4.dll
2006-10-13 16:17 499,200 --a------ C:\WINDOWS\SYSTEM32\comuid.dll
2006-10-13 16:17 368,640 --a------ C:\WINDOWS\SYSTEM32\msdtcprx.dll
2006-10-13 16:17 150,528 --a------ C:\WINDOWS\SYSTEM32\msdtcuiu.dll
2006-10-13 16:17 110,080 --a------ C:\WINDOWS\SYSTEM32\clbcatex.dll
2006-10-13 16:16 947,472 --a------ C:\WINDOWS\SYSTEM32\msjava.dll
2006-10-13 16:16 63,248 --a------ C:\WINDOWS\SYSTEM32\javaprxy.dll
2006-10-13 16:16 49,424 --a------ C:\WINDOWS\SYSTEM32\clspack.exe
2006-10-13 16:16 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-10-13 16:16 404,752 --a------ C:\WINDOWS\SYSTEM32\javart.dll
2006-10-13 16:16 313,856 --a------ C:\WINDOWS\SYSTEM32\dx3j.dll
2006-10-13 16:16 286,992 --a------ C:\WINDOWS\SYSTEM32\vmhelper.dll
2006-10-13 16:16 21,264 --a------ C:\WINDOWS\SYSTEM32\msjdbc10.dll
2006-10-13 16:16 187,152 --a------ C:\WINDOWS\SYSTEM32\javacypt.dll
2006-10-13 16:16 172,304 --a------ C:\WINDOWS\SYSTEM32\jview.exe
2006-10-13 16:16 171,792 --a------ C:\WINDOWS\SYSTEM32\wjview.exe
2006-10-13 16:16 171,280 --a------ C:\WINDOWS\SYSTEM32\jit.dll
2006-10-13 16:16 154,384 --a------ C:\WINDOWS\SYSTEM32\msawt.dll
2006-10-13 16:16 15,120 --a------ C:\WINDOWS\SYSTEM32\jdbgmgr.exe
2006-10-13 16:16 139,536 --a------ C:\WINDOWS\SYSTEM32\javaee.dll
2006-10-13 16:16 113 --a------ C:\WINDOWS\SYSTEM32\zonedon.reg
2006-10-13 16:16 113 --a------ C:\WINDOWS\SYSTEM32\zonedoff.reg
2006-10-13 16:07 226,816 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2006-10-13 16:04 38,912 --a------ C:\WINDOWS\SYSTEM32\hhsetup.dll
2006-10-13 16:04 143,872 --a------ C:\WINDOWS\SYSTEM32\itircl.dll
2006-10-13 16:04 128,000 --a------ C:\WINDOWS\SYSTEM32\itss.dll
2006-10-13 16:04 10,752 --a------ C:\WINDOWS\hh.exe
2006-10-13 16:01 125,440 --a------ C:\WINDOWS\SYSTEM32\shmedia.dll
2006-10-13 15:50 17,408 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-10-12 07:14 78,848 --a------ C:\WINDOWS\SYSTEM32\nsz197.dll
2006-10-06 21:32 76,560 --a------ C:\WINDOWS\SYSTEM32\drivers\tmcomm.sys
2006-10-06 20:54 163,840 --a------ C:\WINDOWS\win32109-1130464082006.exe
2006-10-06 20:53 163,840 --a------ C:\WINDOWS\ms074089-1130462006.exe
2006-10-06 18:37 32,768 --a------ C:\WINDOWS\zudimjll.exe
2006-10-06 18:11 65,536 --a------ C:\WINDOWS\SYSTEM32\Winwcd.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-10-13 19:12 -------- d-------- C:\Program Files\Common Files
2006-10-13 19:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-13 19:01 -------- d-------- C:\Program Files\Zone Labs
2006-10-13 18:58 -------- d-------- C:\Program Files\Grisoft
2006-10-13 18:43 -------- d-------- C:\Program Files\Windows Media Player
2006-10-13 18:18 -------- d-------- C:\Program Files\Outlook Express
2006-10-13 18:18 -------- d-------- C:\Program Files\Common Files\System
2006-10-13 18:06 -------- d-------- C:\Program Files\Messenger
2006-10-13 17:11 -------- d-------- C:\Program Files\NetMeeting
2006-10-13 16:48 -------- d-------- C:\Program Files\Movie Maker
2006-10-13 16:48 -------- d-------- C:\Program Files\Internet Explorer
2006-10-06 23:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\U3
2006-10-06 23:02 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-06 22:44 -------- d-------- C:\Program Files\iTunes
2006-10-06 22:12 -------- d-------- C:\Program Files\PSDream
2006-10-06 19:08 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-10-06 19:07 -------- d-------- C:\Program Files\Lavasoft
2006-10-06 18:59 -------- d-------- C:\Program Files\CleanUp!
2006-10-06 18:54 -------- d-------- C:\Program Files\Common Files\orfm
2006-10-06 18:35 -------- d-------- C:\Program Files\QuickTime
2006-10-06 18:28 -------- d-------- C:\Documents and Settings\Owner\Application Data\Identities
2006-10-06 18:26 1233 --a------ C:\WINDOWS\SYSTEM32\azfd6ea9.sys
2006-09-12 22:09 1110528 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-03 15:54 24 --a------ C:\WINDOWS\trnty.dll
2006-08-31 12:52 53120 --a------ C:\WINDOWS\srvvyvlqcg.exe
2006-08-31 12:52 25105 --a------ C:\WINDOWS\idlemg.exe
2006-08-31 12:52 186219 --a------ C:\WINDOWS\srvbtsebdr.exe
2006-08-31 12:52 140 --a------ C:\WINDOWS\file.bat
2006-08-31 12:49 2560 --a------ C:\WINDOWS\ac3_0002.exe
2006-08-31 12:49 215308 --a------ C:\WINDOWS\Setup90.exe
2006-08-30 23:46 -------- d-------- C:\Documents and Settings\Owner\Application Data\SystemDoctor 2006 Free
2006-08-25 08:53 561664 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-25 02:14 595968 --a------ C:\WINDOWS\SYSTEM32\xpsp2res.dll
2006-08-16 21:07 48 --a------ C:\WINDOWS\SYSTEM32\iehttpcheck.bat
2006-08-16 21:07 39936 --a------ C:\WINDOWS\SYSTEM32\iehttpcheck.dll
2006-08-16 19:16 29784 --a------ C:\Program Files\popcorn Terms.html
2006-08-16 05:14 95232 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-08-16 05:14 70656 --a------ C:\WINDOWS\SYSTEM32\ws2_32.dll
2006-08-16 05:14 54272 --a------ C:\WINDOWS\SYSTEM32\ipv6mon.dll
2006-08-16 05:14 31232 --a------ C:\WINDOWS\SYSTEM32\inetmib1.dll
2006-08-16 05:14 13312 --a------ C:\WINDOWS\SYSTEM32\wship6.dll
2006-08-16 02:42 159232 --a------ C:\WINDOWS\SYSTEM32\xpob2res.dll
2006-08-16 02:28 48640 --a------ C:\WINDOWS\SYSTEM32\ipv6.exe
2006-08-16 02:28 205120 --a------ C:\WINDOWS\SYSTEM32\drivers\tcpip6.sys
2006-08-16 02:27 83456 --a------ C:\WINDOWS\SYSTEM32\netsh.exe
2006-08-16 02:27 11776 --a------ C:\WINDOWS\SYSTEM32\drivers\tunmp.sys
2006-08-14 01:59 321536 --a------ C:\WINDOWS\SYSTEM32\drivers\srv.sys
2006-08-10 22:09 795 --a------ C:\Documents and Settings\Owner\Application Data\.googlewebacchosts
2006-08-07 08:17 61440 --a------ C:\WINDOWS\SYSTEM32\BattyRun2.dll
2006-07-21 01:30 72704 --a------ C:\WINDOWS\SYSTEM32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"License Manager"="\"C:\\Program Files\\License_Manager\\license_manager.exe \" /silent"
"DriverLoad"=""
"DriverCheck"=""
"SystemDriverLoad"=""
"cprocsvc"="C:\\WINDOWS\\System32\\crunner\\cproc.exe"
"PSDream"="\"C:\\Program Files\\PSDream\\PSDream.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"MCAgentExe"="C:\\Program Files\\mcafee.com\\Agent\\mcagent.exe"
"MCUpdateExe"="C:\\Program Files\\mcafee.com\\Agent\\mcupdate.exe /embedding"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"USB"="C:\\WINDOWS\\system32\\usb.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"loaddr"="C:\\qeoa.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DriverLoad"=""
"DriverCheck"=""
"SystemDriverLoad"=""
"SystemDriver"="c:\\DriverLoad\\windrv.exe"
"FDriver"="c:\\DriverLoad\\windrv.exe"
"ADriver"="c:\\DriverLoad\\windrv.exe"
"CDriver"="c:\\DriverLoad\\windrv.exe"
"DDriver"="c:\\DriverLoad\\windrv.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"DriverLoad"=""
"DriverCheck"=""
"SystemDriverLoad"=""
"SystemDriver"="c:\\DriverLoad\\windrv.exe"
"FDriver"="c:\\DriverLoad\\windrv.exe"
"ADriver"="c:\\DriverLoad\\windrv.exe"
"CDriver"="c:\\DriverLoad\\windrv.exe"
"DDriver"="c:\\DriverLoad\\windrv.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"DriverLoad"=""
"DriverCheck"=""
"SystemDriverLoad"=""
"Winhost"=""
"Winhost1"=""
"Winhost2"=""
"Winhost3"=""
"Winhost4"=""
"SystemDriver"="c:\\DriverLoad\\windrv.exe"
"FDriver"="c:\\DriverLoad\\windrv.exe"
"ADriver"="c:\\DriverLoad\\windrv.exe"
"CDriver"="c:\\DriverLoad\\windrv.exe"
"DDriver"="c:\\DriverLoad\\windrv.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-13 19:12:47.53
C:\ComboFix.txt ... 06-10-13 19:12








2. AVG Anti-Spyware scan report,

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:00:02 PM 10/13/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\APInstall_Tiny.dll -> Adware.AccessMedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041645.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041663.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033886.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033888.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\zudimjll.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041672.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041673.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031795.exe -> Adware.DollarRevenue : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024776.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0034007.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041670.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033940.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP86\A0033403.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041660.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033481.dll -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033892.exe -> Adware.Spysheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033522.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041668.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP86\A0033408.dll -> Adware.TrafficSol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024775.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033372.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033374.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033377.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033379.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033385.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033920.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033927.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP101\A0034582.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024781.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0025777.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0026778.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0027775.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0028778.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0029778.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0030777.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031777.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0032362.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033362.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033389.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP86\A0033398.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033546.sys -> Backdoor.ForBot.af : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP101\A0034581.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033928.exe -> Downloader.Agent.acv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033528.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031788.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041677.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041678.exe -> Downloader.Agent.c : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041657.exe -> Downloader.Agent.xq : Cleaned with backup (quarantined).
C:\WINDOWS\srvvyvlqcg.exe -> Downloader.Dyfuca.ey : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033533.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033535.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033536.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041641.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\idlemg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031793.exe -> Downloader.Small.ctf : Cleaned with backup (quarantined).
C:\WINDOWS\ac3_0002.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031797.exe -> Downloader.Small.dsx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024756.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024770.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024801.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0026782.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0027781.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0028786.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0030780.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031785.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033865.exe -> Downloader.Tiny.bn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033503.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033502.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033526.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041671.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033501.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031796.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031794.exe -> Downloader.VB.alg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033511.exe -> Downloader.VB.alu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041642.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041643.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041644.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041708.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041709.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033518.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033519.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033972.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041661.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031786.dll -> Hijacker.Agent.ac : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031787.exe -> Hijacker.Aplugin.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024800.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033513.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033512.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D19M2108NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033922.sys -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033941.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033964.exe -> Proxy.Small.bo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033971.dll -> Trojan.Mutech.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031789.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031791.exe -> Trojan.ProcKill.DJ : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033539.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033855.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0031798.exe -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP86\A0033405.dll -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033947.exe -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033966.dll -> Trojan.Sinowal.aq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033946.exe -> Trojan.Sinowal.ay : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033968.dll -> Trojan.Sinowal.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033967.dll -> Trojan.Sinowal.k : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041664.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041665.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024772.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024773.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024798.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0024799.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0025772.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033516.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033517.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033970.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mmf32.exe -> Worm.Nanspy.i : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mmsvc32.exe -> Worm.Nanspy.i : Cleaned with backup (quarantined).


::Report end









3. Kaspersky scan report,

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, October 14, 2006 12:07:54 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/10/2006
Kaspersky Anti-Virus database records: 231705
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 65412
Number of viruses found: 23
Number of infected objects: 45 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:38:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\GIB\01setup.EXE Infected: not-a-virus:Porn-Dialer.Win32.Generic skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP102\A0034679.exe Infected: Trojan.Win32.Agent.gq skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP102\A0036375.exe Infected: Trojan.Win32.Agent.gq skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP102\A0037020.exe Infected: Trojan.Win32.Agent.gq skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP102\A0037095.exe Infected: Trojan.Win32.Agent.gq skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041658.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041658.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041658.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041659.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041659.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041659.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041669.exe Infected: Trojan-Downloader.Win32.Small.dib skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041676.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041676.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041705.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041717.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041718.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041719.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041720.exe Infected: Net-Worm.Win32.Nanspy.i skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041721.exe Infected: Net-Worm.Win32.Nanspy.i skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041722.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bj skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041723.dll Infected: not-a-virus:AdWare.Win32.CASClient.n skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041724.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\A0041725.ocx Infected: Trojan-Dropper.Win32.VB.dq skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP191\change.log Object is locked skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0032353.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033365.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP85\A0033371.exe Infected: Trojan-Downloader.Win32.Dyfuca.ez skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033490.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033490.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033490.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033490.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033490.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.az skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033490.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033524.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033524.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.a skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033524.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.a skipped
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP87\A0033524.exe RarSFX: infected - 3 skipped
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Infected: Trojan.Win32.Agent.gq skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-W92P4BHLZG.ldb Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Setup90.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\Setup90.exe/data0005 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\Setup90.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\Setup90.exe NSIS: infected - 3 skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8B8A8C49-2B4E-4C9D-B6EB-E407AC71A5AB}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\srvbtsebdr.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.es skipped
C:\WINDOWS\srvbtsebdr.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT05c8f.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT05cca.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.








4. a new HiJackThis log taken after Kaspersky finishes.

Logfile of HijackThis v1.99.1
Scan saved at 12:09:19 AM, on 10/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Owner\Desktop\XPFIX\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\mcafee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\Program Files\mcafee.com\Agent\mcupdate.exe /embedding
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://www.google.com/diskless/bin/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1160200901498
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) - http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
quaa is offline