SVCHOST.EXE Keeps the CPU useage at 100% for awhile.

[willmon18]

Logfile of HijackThis v1.99.1
Scan saved at 5:59:56 AM, on 7/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
D:\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
D:\NetZero\exec.exe
D:\NetZero\exec.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - D:\NetZero\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Karen's Alarm Clock] D:\Karen's Alarm Clock\PTAlarm.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O8 - Extra context menu item: Download All Links with IDM - D:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1150774732592
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C04E6EE-EAF1-49FA-9AD9-2338F050FA45}: NameServer = 64.136.28.120 64.136.20.120
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C04E6EE-EAF1-49FA-9AD9-2338F050FA45}: NameServer = 64.136.28.120 64.136.20.120
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

[Vikesrock8411]

Hello and welcome to TSF

I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• I also recommend changing the "Update interval" to something more reasonable like 12 hours.

If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear
• Select the first option, to run Windows in Safe Mode.

Tools
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
• Cleanup! All Users
• Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked.

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
• When the scan is complete click Recommended Action and change it to Quarantine
• Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
2. Click Scan Now
3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Click on see report. Then click Save report

Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

In your next post please include:

• Panda Activescan Log
• Ewido Log
• A new Hijackthis! Log

[willmon18]

I was wanting to point out that you put on the post Ewido Anti-Malware, but it was updated to Ewido Antispyware and is no longer Ewido Anti-Malware. But your instructions seemed to of been exactly right when doing the Ewido scan so I assumed that you just put Anti-Malware on there still. Well anyways here is some stuff my Zone-Alarm Security Suite picked up on a scheduled scan right when I was reading the post. All of this stuff was automatically cleaned and deleted by my Zone-Alarm Security Suite.
Virus's:Java.ByteVerify!exploit, Win32.MS05-002!exploit, Win32.MS05-002!exploit, Win32.Worto
JS.MS05-054!exploit, JS.SillyDIScript.BG, JS.MS05-054!exploit, JS.MS05-054!exploit
Tracking Cookies:2o7, Ads.addynamix, Advertising, Atdmt, Doubleclick, Falkag, Hitbox, Mediaplex, Questionmarketm, Serving-sys, Statcounter, Tribalfusion, Zedo
Here is my Ewido log don't ask me how my alarm clock set up is a infection. It is just an installer for Karen's alarm clock well that is what it is called anyways.
Ewido anti-spyware - Scan Report
Created at:3:19:23 PM 7/28/2006
Scan result:HKU\S-1-5-21-1390067357-507921405-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : No action taken.
C:\WINDOWS\Setup1.exe -> Backdoor.Agobot.xb : No action taken.
E:\ptalarm-setup.exe/PTAlarm.CAB/SETUP1.EXE -> Backdoor.Agobot.xb : No action taken.
Report end
And here is my Panda Active Scan Log Some second opinion in Security software detecting spyware cookies...
Incident: Status Location
Spyware:Cookie/Advertising:Not disinfected:C:\Documents and Settings\William\Cookies\william@advertising[2].txt
Spyware:Cookie/Doubleclick:Not disinfected:C:\Documents and Settings\William\Cookies\william@doubleclick[1].txt Spyware:Cookie/QuestionMarket:Not disinfected:C:\Documents and Settings\William\Cookies\william@questionmarket[2].txt Spyware:Cookie/Atlas DMT:Not disinfected:C:\Documents and Settings\William\Cookies\william@atdmt[1].txt
Well I think that my zone alarm should of had a scheduled scan before I posted this. I usally run a Zonealarm scan before I post but it didn't find anything at the time. I have Ad-Aware Professional if you want me to scan with it some time. Also I rewrote the logs to save space. All of the data is still on there.

[Vikesrock8411]

Please follow the instructions here to clear Sun Java's cache.

Open Internet Explorer and click Tools->Internet Options. On the General tab click the Delete Cookies button. Click OK twice and close IE.

Go to Start > Run
Type:

• regedit

Click OK.

• On the leftside, click to highlight My Computer at the top.
• Go up to "File > Export"
  • Make sure in that window there is a tick next to "All" under Export Branch.
    Leave the "Save As Type" as "Registration Files".
    Under "Filename" put backup
• Choose to save it to C:\
• Click save and then go to File > Exit.

This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Open Notepad and copy and paste everything from the box below.

Code:

REGEDIT4
Hkey_Users\S-1-5-21-1390067357-507921405-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB}

Click on File, Save it to your desktop, in file name save as
TrustCleaner.reg
click OK.

Next go to your desktop and double click on TrustCleaner.reg, allow it to merge to the registry. It should give you a prompt "sucessfully merged".

Download combofix.exe-Save it to your Desktop.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

[willmon18]

Start Time= Sun 07/30/2006 12:09:58.59
Running from: C:\Documents and Settings\William\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-30 10:26:28 53739574 ( A.... ) "C:\backup.reg"
2006-07-19 20:47:46 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-18 10:48:12 ( .D... ) "C:\Program Files\BitLord"
2006-07-18 10:19:54 34308 ( A.... ) "C:\WINDOWS\system32\BASSMOD.dll"
2006-07-18 10:00:50 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-07-16 09:22:22 ( .D... ) "C:\Program Files\CP-Autos"
2006-07-16 09:21:22 ( .D... ) "C:\Program Files\CP-AUTOS.COM"
2006-07-12 15:35:46 ( .D... ) "C:\Program Files\Common Files\Adobe"
2006-07-07 13:43:00 61440 ( A.... ) "C:\WINDOWS\system32\Big Kahuna Reef 2.scr"
2006-07-07 13:42:58 57344 ( A.... ) "C:\WINDOWS\system32\Big Kahuna Reef.scr"
2006-07-05 07:24:42 ( .D... ) "C:\Documents and Settings\William\Application Data\Lavasoft"
2006-07-02 13:17:38 23104 ( A.... ) "C:\WINDOWS\system32\svcprmpt.dll"
2006-07-02 13:17:34 30976 ( A.... ) "C:\WINDOWS\rascntrl.dll"
2006-07-02 11:32:54 5 ( A.... ) "C:\WINDOWS\Modemx.dll"
2006-07-01 22:07:14 ( .D... ) "C:\Documents and Settings\William\Application Data\Sun"
2006-07-01 08:15:18 ( .D... ) "C:\Documents and Settings\William\Application Data\Yahoo!"
2006-06-23 06:46:52 3120 ( A.... ) "C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll"
2006-06-22 05:05:16 ( .D... ) "C:\Documents and Settings\William\Application Data\LimeWire"
2006-06-20 15:51:38 ( .D... ) "C:\Program Files\NZSearch"
2006-06-19 21:30:44 184808 ( A.... ) "C:\Documents and Settings\William\Application Data\shb.dat"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-18 20:52:10 249856 ( ..... ) "C:\WINDOWS\Setup1.exe"
2006-06-18 20:52:08 73216 ( A.... ) "C:\WINDOWS\ST6UNST.EXE"
2006-06-18 19:02:42 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-06-18 19:02:22 ( .D... ) "C:\Program Files\Microsoft.NET"
2006-06-18 19:02:02 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-06-18 19:00:56 ( .D... ) "C:\Program Files\Common Files\DESIGNER"
2006-06-18 19:00:44 ( .D... ) "C:\Program Files\Microsoft Works"
2006-06-18 19:00:22 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-06-18 18:51:04 ( .D... ) "C:\Program Files\Common Files\Java"
2006-06-18 18:45:18 ( .D... ) "C:\Documents and Settings\William\Application Data\Google"
2006-06-18 18:45:14 ( .D... ) "C:\Program Files\Google"
2006-06-18 18:31:52 ( .D... ) "C:\Program Files\Yahoo!"
2006-06-18 18:22:46 ( .D... ) "C:\Documents and Settings\William\Application Data\IDM"
2006-06-18 18:22:46 ( .D... ) "C:\Documents and Settings\William\Application Data\DMCache"
2006-06-18 18:19:04 ( .D... ) "C:\Program Files\hp deskjet 930c series"
2006-06-18 18:18:54 ( .D... ) "C:\Program Files\Hewlett-Packard"
2006-06-18 18:08:08 ( .D... ) "C:\Documents and Settings\William\Application Data\TuneUp Software"
2006-06-18 18:07:16 ( .D... ) "C:\Program Files\Common Files\Wise Installation Wizard"
2006-06-18 18:05:14 ( .D... ) "C:\Documents and Settings\William\Application Data\Webroot"
2006-06-18 18:05:12 ( .D... ) "C:\Program Files\Common Files\Webroot Shared"
2006-06-18 18:02:48 ( .D... ) "C:\Documents and Settings\William\Application Data\Apple Computer"
2006-06-18 17:58:54 ( .D... ) "C:\Program Files\Common Files\xing shared"
2006-06-18 17:58:46 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"
2006-06-18 17:58:40 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"
2006-06-18 17:58:40 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"
2006-06-18 17:58:36 ( .D... ) "C:\Program Files\Common Files\Real"
2006-06-18 17:57:16 ( .D... ) "C:\Documents and Settings\William\Application Data\Real"
2006-06-18 17:55:36 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:58 394872 ( A.... ) "C:\WINDOWS\system32\vsdatant.sys"
2006-06-18 17:54:48 75776 ( A.... ) "C:\WINDOWS\zllsputility.exe"
2006-06-18 17:54:26 83960 ( A.... ) "C:\WINDOWS\system32\zlcomm.dll"
2006-06-18 17:54:26 71672 ( A.... ) "C:\WINDOWS\system32\zlcommdb.dll"
2006-06-18 17:54:24 100344 ( A.... ) "C:\WINDOWS\system32\vsxml.dll"
2006-06-18 17:54:24 59384 ( A.... ) "C:\WINDOWS\system32\vswmi.dll"
2006-06-18 17:54:22 440312 ( A.... ) "C:\WINDOWS\system32\vsutil.dll"
2006-06-18 17:54:22 71672 ( A.... ) "C:\WINDOWS\system32\vsregexp.dll"
2006-06-18 17:54:20 268280 ( A.... ) "C:\WINDOWS\system32\vspubapi.dll"
2006-06-18 17:54:20 157688 ( A.... ) "C:\WINDOWS\system32\vsinit.dll"
2006-06-18 17:54:20 104440 ( A.... ) "C:\WINDOWS\system32\vsmonapi.dll"
2006-06-18 17:54:18 83960 ( A.... ) "C:\WINDOWS\system32\vsdata.dll"
2006-06-18 17:53:38 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-06-18 17:44:16 ( .D... ) "C:\Program Files\WildTangent"
2006-06-18 17:05:42 ( .D... ) "C:\Program Files\Common Files\DirectX"
2006-06-18 16:51:48 ( .D... ) "C:\Documents and Settings\William\Application Data\PlayFirst"
2006-06-18 16:42:12 20 ( A.... ) "C:\WINDOWS\prefs_bg.dll"
2006-06-18 16:09:14 ( .D... ) "C:\Documents and Settings\William\Application Data\Macromedia"
2006-06-18 16:02:44 ( .D... ) "C:\Program Files\TryMedia"
2006-06-18 14:59:22 ( .D... ) "C:\Documents and Settings\William\Application Data\Identities"
2006-06-18 14:59:16 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-06-18 14:59:06 ( .DS.. ) "C:\Documents and Settings\William\Application Data\Microsoft"
2006-06-18 14:42:38 ( .D... ) "C:\Program Files\xerox"
2006-06-18 14:42:38 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-06-18 14:42:20 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-06-18 14:39:00 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-06-18 14:37:42 ( .D... ) "C:\Program Files\Common Files\Services"
2006-06-18 14:37:36 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-06-18 14:37:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-06-18 14:37:08 ( .D... ) "C:\Program Files\NetMeeting"
2006-06-18 14:37:04 ( .D... ) "C:\Program Files\Outlook Express"
2006-06-18 14:36:54 ( .D... ) "C:\Program Files\Internet Explorer"
2006-06-18 14:36:54 ( .D... ) "C:\Program Files\Common Files\System"
2006-06-18 14:36:00 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-06-18 14:34:30 ( .D... ) "C:\Program Files\Windows Media Player"
2006-06-18 14:34:30 ( .D... ) "C:\Program Files\Online Services"
2006-06-18 14:34:18 ( .D... ) "C:\Program Files\Messenger"
2006-06-18 14:34:14 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-06-18 14:33:24 ( .D... ) "C:\Program Files\Windows NT"
2006-06-18 14:20:00 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-06-18 14:19:54 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-06-18 14:19:54 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-06-18 14:19:54 ( .D... ) "C:\Program Files\Common Files"
2006-06-18 14:19:10 62 ( A.SH. ) "C:\Documents and Settings\William\Application Data\desktop.ini"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-11 13:41:10 796584 ( A.... ) "C:\WINDOWS\system32\libeay32_0.9.6l.dll"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2006-06-01 19:09:24 208896 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2006-06-01 17:22:00 7618560 ( A.... ) "C:\WINDOWS\system32\nvcpl.dll"
2006-06-01 17:22:00 5652480 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2006-06-01 17:22:00 5632000 ( A.... ) "C:\WINDOWS\system32\nvoglnt.dll"
2006-06-01 17:22:00 5246976 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2006-06-01 17:22:00 4529408 ( A.... ) "C:\WINDOWS\system32\nv4_disp.dll"
2006-06-01 17:22:00 3100672 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2006-06-01 17:22:00 2977792 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2006-06-01 17:22:00 2924544 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2006-06-01 17:22:00 2916352 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2006-06-01 17:22:00 2859008 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2006-06-01 17:22:00 1740800 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2006-06-01 17:22:00 1662976 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2006-06-01 17:22:00 1519616 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2006-06-01 17:22:00 1466368 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2006-06-01 17:22:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2006-06-01 17:22:00 1257472 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2006-06-01 17:22:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2006-06-01 17:22:00 1011712 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2006-06-01 17:22:00 888832 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2006-06-01 17:22:00 794624 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2006-06-01 17:22:00 581632 ( A.... ) "C:\WINDOWS\system32\nvhwvid.dll"
2006-06-01 17:22:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2006-06-01 17:22:00 462848 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2006-06-01 17:22:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2006-06-01 17:22:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2006-06-01 17:22:00 311296 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2006-06-01 17:22:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2006-06-01 17:22:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2006-06-01 17:22:00 196608 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2006-06-01 17:22:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2006-06-01 17:22:00 155715 ( A.... ) "C:\WINDOWS\system32\nvsvc32.exe"
2006-06-01 17:22:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2006-06-01 17:22:00 86016 ( A.... ) "C:\WINDOWS\system32\nvmctray.dll"
2006-06-01 17:22:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2006-06-01 17:22:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2006-06-01 17:22:00 35840 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2006-06-01 02:54:48 140984 ( A.... ) "C:\WINDOWS\system32\idmmbc.dll"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2006-05-16 03:38:40 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-05-03 02:56:58 127078 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2006-05-03 01:19:40 53346 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2006-05-03 01:19:30 49248 ( A.... ) "C:\WINDOWS\system32\java.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-30 11:07 57,344 C:\WINDOWS\system32\ltremove.exe
2006-07-30 10:26 53,739,574 C:\backup.reg
2006-07-28 15:53 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-28 15:53 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-28 15:22 335,130,624 C:\hiberfil.sys
2006-07-22 05:27 57,344 C:\WINDOWS\system32\Big
2006-07-18 13:21 61,440 C:\WINDOWS\system32\Big
2006-07-08 12:21 811,008 C:\WINDOWS\FeedingFrenzy.scr
2006-07-02 13:17 30,976 C:\WINDOWS\rascntrl.dll
2006-07-02 13:17 23,104 C:\WINDOWS\system32\svcprmpt.dll
2006-07-02 11:32 5 C:\WINDOWS\Modemx.dll
2006-06-30 16:38 283,648 C:\WINDOWS\uninst.exe
2006-06-30 16:32 306,688 C:\WINDOWS\IsUninst.exe
2006-06-26 16:50 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-06-26 16:49 208,896 C:\WINDOWS\system32\NVUNINST.EXE
2006-06-23 06:46 3,120 C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2006-06-23 06:30 77,824 C:\WINDOWS\system32\driverif.dll
2006-06-23 06:30 733,236 C:\WINDOWS\system32\vete.dll
2006-06-23 06:30 12,288 C:\WINDOWS\system32\vetntmsg.dll
2006-06-20 15:39 221,184 C:\WINDOWS\system32\wmpns.dll
2006-06-20 05:11 127,208 C:\WINDOWS\system32\mucltui.dll
2006-06-19 22:58 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll
2006-06-18 20:52 73,216 C:\WINDOWS\ST6UNST.EXE
2006-06-18 20:52 249,856 C:\WINDOWS\Setup1.exe
2006-06-18 19:05 24,816 C:\WINDOWS\system32\mdimon.dll
2006-06-18 18:52 53,346 C:\WINDOWS\system32\javaw.exe
2006-06-18 18:52 49,248 C:\WINDOWS\system32\java.exe
2006-06-18 18:52 127,078 C:\WINDOWS\system32\javaws.exe
2006-06-18 18:49 61,136 C:\WINDOWS\system32\xinput9_1_0.dll
2006-06-18 18:49 230,096 C:\WINDOWS\system32\xactengine2_0.dll
2006-06-18 18:49 2,337,488 C:\WINDOWS\system32\d3dx9_25.dll
2006-06-18 18:49 2,332,368 C:\WINDOWS\system32\d3dx9_29.dll
2006-06-18 18:49 2,323,664 C:\WINDOWS\system32\d3dx9_28.dll
2006-06-18 18:49 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-06-18 18:49 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-06-18 18:49 2,222,800 C:\WINDOWS\system32\d3dx9_24.dll
2006-06-18 18:49 14,032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-06-18 18:36 83,960 C:\WINDOWS\system32\zlcomm.dll
2006-06-18 18:36 796,584 C:\WINDOWS\system32\libeay32_0.9.6l.dll
2006-06-18 18:36 75,776 C:\WINDOWS\zllsputility.exe
2006-06-18 18:36 71,672 C:\WINDOWS\system32\zlcommdb.dll
2006-06-18 18:36 71,672 C:\WINDOWS\system32\vsregexp.dll
2006-06-18 18:36 59,384 C:\WINDOWS\system32\vswmi.dll
2006-06-18 18:36 394,872 C:\WINDOWS\system32\vsdatant.sys
2006-06-18 18:36 268,280 C:\WINDOWS\system32\vspubapi.dll
2006-06-18 18:36 11,264 C:\WINDOWS\system32\SpOrder.dll
2006-06-18 18:36 104,440 C:\WINDOWS\system32\vsmonapi.dll
2006-06-18 18:36 100,344 C:\WINDOWS\system32\vsxml.dll
2006-06-18 18:35 83,960 C:\WINDOWS\system32\vsdata.dll
2006-06-18 18:35 440,312 C:\WINDOWS\system32\vsutil.dll
2006-06-18 18:35 157,688 C:\WINDOWS\system32\vsinit.dll
2006-06-18 18:23 34,308 C:\WINDOWS\system32\BASSMOD.dll
2006-06-18 18:18 53,248 C:\WINDOWS\system32\hpfinsta.exe
2006-06-18 18:18 274,432 C:\WINDOWS\system32\hpfinst.dll
2006-06-18 18:18 262,144 C:\WINDOWS\system32\hpzcon04.dll
2006-06-18 18:18 200,704 C:\WINDOWS\system32\hpzcoi04.dll
2006-06-18 18:18 114,744 C:\WINDOWS\system32\hpzlnt04.dll
2006-06-18 18:06 24,576 C:\WINDOWS\system32\STKIT432.DLL
2006-06-18 18:04 57,344 C:\WINDOWS\Unwash6.exe
2006-06-18 18:04 486,400 C:\WINDOWS\system32\wwSecure.exe
2006-06-18 17:58 6,656 C:\WINDOWS\system32\pndx5016.dll
2006-06-18 17:58 5,632 C:\WINDOWS\system32\pndx5032.dll
2006-06-18 17:58 176,167 C:\WINDOWS\system32\rmoc3260.dll
2006-06-18 17:47 90,112 C:\WINDOWS\unvise32.exe
2006-06-18 16:49 40,960 C:\WINDOWS\system32\Fish
2006-06-18 16:39 20 C:\WINDOWS\prefs_bg.dll
2006-06-18 14:42 0 C:\MSDOS.SYS
2006-06-18 14:42 0 C:\IO.SYS
2006-06-18 14:42 0 C:\CONFIG.SYS
2006-06-18 14:42 0 C:\AUTOEXEC.BAT
2006-06-18 14:41 112,128 C:\WINDOWS\system32\mapi32.dll
2006-06-18 14:37 81,920 C:\WINDOWS\system32\isign32.dll
2006-06-18 14:37 81,920 C:\WINDOWS\system32\ils.dll
2006-06-18 14:37 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-06-18 14:37 73,728 C:\WINDOWS\system32\icwdial.dll
2006-06-18 14:37 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-06-18 14:37 69,632 C:\WINDOWS\system32\msconf.dll
2006-06-18 14:37 679,424 C:\WINDOWS\system32\inetcomm.dll
2006-06-18 14:37 67,584 C:\WINDOWS\system32\srclient.dll
2006-06-18 14:37 65,536 C:\WINDOWS\system32\icwphbk.dll
2006-06-18 14:37 64,512 C:\WINDOWS\system32\acctres.dll
2006-06-18 14:37 6,656 C:\WINDOWS\system32\wuauserv.dll
2006-06-18 14:37 48,128 C:\WINDOWS\system32\inetres.dll
2006-06-18 14:37 465,176 C:\WINDOWS\system32\wuapi.dll
2006-06-18 14:37 45,568 C:\WINDOWS\system32\safrslv.dll
2006-06-18 14:37 43,520 C:\WINDOWS\system32\safrcdlg.dll
2006-06-18 14:37 43,520 C:\WINDOWS\system32\racpldlg.dll
2006-06-18 14:37 41,240 C:\WINDOWS\system32\wups.dll
2006-06-18 14:37 382,464 C:\WINDOWS\system32\qmgr.dll
2006-06-18 14:37 34,560 C:\WINDOWS\system32\mnmdd.dll
2006-06-18 14:37 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-06-18 14:37 32,768 C:\WINDOWS\system32\isrdbg32.dll
2006-06-18 14:37 29,696 C:\WINDOWS\system32\safrdm.dll
2006-06-18 14:37 28,672 C:\WINDOWS\system32\nmmkcert.dll
2006-06-18 14:37 274,944 C:\WINDOWS\system32\mstask.dll
2006-06-18 14:37 274,432 C:\WINDOWS\system32\inetcfg.dll
2006-06-18 14:37 252,928 C:\WINDOWS\system32\msoeacct.dll
2006-06-18 14:37 239,104 C:\WINDOWS\system32\srrstr.dll
2006-06-18 14:37 22,528 C:\WINDOWS\system32\fltMc.exe
2006-06-18 14:37 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-06-18 14:37 190,976 C:\WINDOWS\system32\schedsvc.dll
2006-06-18 14:37 18,944 C:\WINDOWS\system32\qmgrprxy.dll
2006-06-18 14:37 173,536 C:\WINDOWS\system32\wuweb.dll
2006-06-18 14:37 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-06-18 14:37 170,496 C:\WINDOWS\system32\srsvc.dll
2006-06-18 14:37 16,896 C:\WINDOWS\system32\fltlib.dll
2006-06-18 14:37 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-06-18 14:37 127,256 C:\WINDOWS\system32\wucltui.dll
2006-06-18 14:37 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-06-18 14:37 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-06-18 14:37 12,288 C:\WINDOWS\system32\mstinit.exe
2006-06-18 14:37 11,264 C:\WINDOWS\system32\atrace.dll
2006-06-18 14:37 105,984 C:\WINDOWS\system32\msoert2.dll
2006-06-18 14:37 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-06-18 14:34 5,632 C:\WINDOWS\system32\write.exe
2006-06-18 14:33 97,792 C:\WINDOWS\system32\comrepl.dll
2006-06-18 14:33 956,416 C:\WINDOWS\system32\msdtctm.dll
2006-06-18 14:33 93,696 C:\WINDOWS\system32\tscfgwmi.dll
2006-06-18 14:33 91,136 C:\WINDOWS\system32\mtxoci.dll
2006-06-18 14:33 9,728 C:\WINDOWS\system32\reset.exe
2006-06-18 14:33 87,176 C:\WINDOWS\system32\rdpwsx.dll
2006-06-18 14:33 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-06-18 14:33 80,384 C:\WINDOWS\system32\charmap.exe
2006-06-18 14:33 73,216 C:\WINDOWS\system32\avwav.dll
2006-06-18 14:33 67,072 C:\WINDOWS\system32\rdshost.exe
2006-06-18 14:33 655,360 C:\WINDOWS\system32\mstscax.dll
2006-06-18 14:33 625,152 C:\WINDOWS\system32\catsrvut.dll
2006-06-18 14:33 62,464 C:\WINDOWS\system32\rdpclip.exe
2006-06-18 14:33 605,696 C:\WINDOWS\system32\getuname.dll
2006-06-18 14:33 60,416 C:\WINDOWS\system32\remotepg.dll
2006-06-18 14:33 60,416 C:\WINDOWS\system32\colbact.dll
2006-06-18 14:33 6,144 C:\WINDOWS\system32\msdtc.exe
2006-06-18 14:33 58,880 C:\WINDOWS\system32\msdtclog.dll
2006-06-18 14:33 58,880 C:\WINDOWS\system32\licwmi.dll
2006-06-18 14:33 56,832 C:\WINDOWS\system32\sol.exe
2006-06-18 14:33 56,320 C:\WINDOWS\system32\servdeps.dll
2006-06-18 14:33 55,296 C:\WINDOWS\system32\freecell.exe
2006-06-18 14:33 540,160 C:\WINDOWS\system32\comuid.dll
2006-06-18 14:33 54,272 C:\WINDOWS\system32\stclient.dll
2006-06-18 14:33 538,624 C:\WINDOWS\system32\spider.exe
2006-06-18 14:33 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-06-18 14:33 498,688 C:\WINDOWS\system32\clbcatq.dll
2006-06-18 14:33 44,544 C:\WINDOWS\system32\tscupgrd.exe
2006-06-18 14:33 44,544 C:\WINDOWS\system32\hticons.dll
2006-06-18 14:33 426,496 C:\WINDOWS\system32\msdtcprx.dll
2006-06-18 14:33 407,552 C:\WINDOWS\system32\mstsc.exe
2006-06-18 14:33 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-06-18 14:33 4,096 C:\WINDOWS\system32\mtxex.dll
2006-06-18 14:33 38,912 C:\WINDOWS\system32\cfgbkend.dll
2006-06-18 14:33 35,328 C:\WINDOWS\system32\winchat.exe
2006-06-18 14:33 347,136 C:\WINDOWS\system32\hypertrm.dll
2006-06-18 14:33 343,040 C:\WINDOWS\system32\mspaint.exe
2006-06-18 14:33 33,792 C:\WINDOWS\system32\regini.exe
2006-06-18 14:33 295,424 C:\WINDOWS\system32\termsrv.dll
2006-06-18 14:33 25,600 C:\WINDOWS\system32\comaddin.dll
2006-06-18 14:33 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-06-18 14:33 227,840 C:\WINDOWS\system32\avtapi.dll
2006-06-18 14:33 225,792 C:\WINDOWS\system32\catsrv.dll
2006-06-18 14:33 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-06-18 14:33 20,992 C:\WINDOWS\system32\msg.exe
2006-06-18 14:33 20,480 C:\WINDOWS\system32\qprocess.exe
2006-06-18 14:33 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-06-18 14:33 19,968 C:\WINDOWS\system32\rdpsnd.dll
2006-06-18 14:33 185,344 C:\WINDOWS\system32\cmprops.dll
2006-06-18 14:33 183,808 C:\WINDOWS\system32\accwiz.exe
2006-06-18 14:33 17,408 C:\WINDOWS\system32\mmfutil.dll
2006-06-18 14:33 161,280 C:\WINDOWS\system32\msdtcuiu.dll
2006-06-18 14:33 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-06-18 14:33 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-06-18 14:33 16,384 C:\WINDOWS\system32\tskill.exe
2006-06-18 14:33 16,384 C:\WINDOWS\system32\avmeter.dll
2006-06-18 14:33 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-06-18 14:33 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-06-18 14:33 15,360 C:\WINDOWS\system32\logoff.exe
2006-06-18 14:33 147,968 C:\WINDOWS\system32\rdchost.dll
2006-06-18 14:33 147,456 C:\WINDOWS\system32\comsnap.dll
2006-06-18 14:33 140,800 C:\WINDOWS\system32\sessmgr.exe
2006-06-18 14:33 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-06-18 14:33 14,848 C:\WINDOWS\system32\tscon.exe
2006-06-18 14:33 14,848 C:\WINDOWS\system32\shadow.exe
2006-06-18 14:33 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-06-18 14:33 131,584 C:\WINDOWS\system32\sndrec32.exe
2006-06-18 14:33 13,824 C:\WINDOWS\system32\rdsaddin.exe
2006-06-18 14:33 126,976 C:\WINDOWS\system32\mshearts.exe
2006-06-18 14:33 123,392 C:\WINDOWS\system32\mplay32.exe
2006-06-18 14:33 119,808 C:\WINDOWS\system32\winmine.exe
2006-06-18 14:33 114,688 C:\WINDOWS\system32\calc.exe
2006-06-18 14:33 110,080 C:\WINDOWS\system32\clbcatex.dll
2006-06-18 14:33 11,776 C:\WINDOWS\system32\xolehlp.dll
2006-06-18 14:33 11,264 C:\WINDOWS\system32\icaapi.dll
2006-06-18 14:33 102,912 C:\WINDOWS\system32\clipbrd.exe
2006-06-18 14:33 1,267,200 C:\WINDOWS\system32\comsvcs.dll
2006-06-18 14:33 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-06-18 14:23 4,529,408 C:\WINDOWS\system32\nv4_disp.dll
2006-06-18 14:23 137,216 C:\WINDOWS\system32\atidrae.dll
2006-06-18 14:22 74,240 C:\WINDOWS\system32\usbui.dll
2006-06-18 14:22 4,096 C:\WINDOWS\system32\ksuser.dll
2006-06-18 14:19 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-06-18 14:19 8,704 C:\WINDOWS\system32\batt.dll
2006-06-18 14:19 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-06-18 14:19 74,752 C:\WINDOWS\system32\storprop.dll
2006-06-18 14:19 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-06-18 14:19 69,120 C:\WINDOWS\NOTEPAD.EXE
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-06-18 14:19 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-06-18 14:19 6,144 C:\WINDOWS\system32\kbdest.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdur.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdru.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdro.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-06-18 14:19 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-06-18 14:19 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-06-18 14:19 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-06-18 14:19 15,360 C:\WINDOWS\TASKMAN.EXE
2006-06-18 14:19 13,312 C:\WINDOWS\system32\irclass.dll
2006-06-18 14:19 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-06-18 14:02 503,316,480 C:\pagefile.sys
2006-06-16 14:34 48,936 C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"Zone Labs Client"="\"D:\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!ewido"="\"D:\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Karen's Alarm Clock"="D:\\Karen's Alarm Clock\\PTAlarm.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"spc_w"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"spc_w"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Sun 07/30/2006 12:11:05.96
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

[Vikesrock8411]

Please submit the following file to Jotti File Scan
C:\WINDOWS\system32\kbdycl.dll


This will produce a report after the scan is complete, please copy and paste those results in your next post

[willmon18]

Service load: 0% 100%

File: kbdycl.dll
Status: OK
MD5 552221e92d6bf55f8358b927f00696c3
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
I even scanned it with my zonealarm and ewido antispyware and it found nothing as well.

[Vikesrock8411]

Okay, Are you still experiencing the original issue?

[willmon18]

Not anymore. I did a few things myself to see if it would help. I changed my desktop theme to classic, cleaned up system restore, diskcleanup on all my hard drives, scandisk on all my hard drives, defragmented all my hard drives, cleaned up pointless things I didn't need on my hard drives any longer, also I took my two partitions from one of my hard drives off of the system restore list. I believe the situation was that the windows hard drive was being over excerted because of the fact that there was too much space being used on it. In regular mode it said I was using 7 GBs of space on my windows hard drive also it would not allow me to clean up system restore. I cleaned it up and it still I had all the restore points instead of only the most latest one, but once I went into safe mode it told me different, also it said that there was only the most recent restore point. So I did all I said I did above in safe mode and restarted the system in regular mode and to my surprise everything said the right things. So I am quite sure that it is running correctly now. Right now I am on my mom's computer doing as you told me to do in the other thread. I just hope my mom's computer does not have the same problem with it. Because in regular mode it says she is using 7.10GBs. I believe it is doing the same thing in safe mode too so there has to be a worse problem than my computer I guess. I just hope it can be fixed because she has been upset because recently her flat screen monitor blew up. She woke up and seen her monitor was all white with small blue and pink lines on the screen up and down. The computer was not on and the monitor was acting as if the computer was on though. It would not shut off and we had to unplug it. We plugged it back up to the computer and all it does now is just have a black screen and flash every once in a while when the computer is on. I had to give her a fat monitor the same as mine but older. I will tell you more about this in the other thread if you need me too just say so.

[Vikesrock8411]

That other issue definitely sounds like a hardware problem with the monitor if another monitor works properly. No malware or Windows issue could cause that type of problem to occur.

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.

• Tick the checkbox - Turn off System Restore on all drives
• Click Apply
• Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

[willmon18]

Ok well thanks for all your help.