Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Hello from New Zealand everyone
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 3 of 4 12 3 4
 
LinkBack Thread Tools
Old 08-09-2006, 08:56 PM   #41 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Hi,

Do you have the results of the file I asked you to submit for an online scan? (See post #38)

Quote:
I clicked on Application
In the Type collum was a lot of icons that looked like a document icon with a shredded flag in the middle of it….But all it said was. No event record is selected,or details for the selected event are unavailable
I'd like you to open the Event Viewer again, repeating the steps you did earlier, and provide a screen shot for me:

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.
  1. Press the Print screen key
  2. Click the "Start" button (normally located in the bottom left of your screen).
  3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
  4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
  5. Click the "Edit" menu and select "Paste".
  6. Click the "File" menu and select "Save As...". A dialog box will appear.
  7. In the "File name" field, enter a name of your choice.
  8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
  9. Click the "Save" button.

Now, upload that image here via the Manage Attachments button.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-10-2006, 04:05 PM   #42 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: eventvwr
Hi RIED, who said you can't teach an old dog new tricks.
Here are the Screen shots you asked for.

What is winrestores.exe and should I give it server rights through Zone Alarm.

AVG alerted me about dsmart this mornig and said it healed it.
Attached Files
File Type: zip Event viewer.zip (143.8 KB, 2 views)
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-10-2006, 07:23 PM   #43 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: post 38
While looking for the file C:\WINDOWS\system32\.exe to upload to jotti.org/ . AVG poked its nose in and told me it is a virus i told it to ignore it. To see what the online scan would say.

This is what it had to say

http://virusscan.jotti.org/
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file.

While Typing up this post Generic host decided to rear its ugly head

Then my windows did a disappearing act and came back only to say I'm not online any more
But the Dialup icon in systray say still connected at 45.2 kbps.
Ive taken some sreen shots of all this. except for the disappearing windows, I found it quite dificult to take a screen shot of something that wasn't there Hee Hee
I rebooted and things seem okay for the momment, Dialup is running 48.5 kbps
Avg is quiet and I havent had any unusual requests for internet access from Zone Alarm.
Attached Files
File Type: zip In the middle of a post.zip (154.8 KB, 1 views)
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2006, 12:07 AM   #44 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Do not allow winrestores.exe access through ZoneAlarm--it is malware that has returned.

I'll need all new reports done in the following order:

Delete your current combofix.exe and download it again as it has been updated since your last download:
  1. Download combofix from one of these locations:
  2. Double click on combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-------------------------------------------

Online scan at Kaspersky:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-------------------------------------------

Run a scan with HijackThis and save the log.

Please post the results of all 3 scans here.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-11-2006, 03:19 PM   #45 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: Combofix,Kaspersky, HJT results
Hi Ried,
I had a problem with the combofix from http://www.techsupportforum.com/sectools/combofix.exe. it downloaded ok but came up error and needs to close sorry for the inconvinence, blah blah
It was also a smaller file than the one I got from http://download.bleepingcomputer.com/sUBs/combofix.exe which worked fine

Any way Here are the logs you asked for I've put them in the attachment named Combofix1
Cheers,
Download Junkie.

Start Time= 06-08-11 20:50:57.29
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-10 22:35:22 92160 ( A.... ) "C:\WINDOWS\system32\winrestores.exe"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-10 17:30:32 ( .D... ) "C:\Program Files\Ascentive"
2006-08-10 12:50:16 33934 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 13:03:24 2080128 ( A.... ) "C:\WINDOWS\system32\kernel1.exe"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-02 18:53:38 ( .D... ) "C:\Program Files\Screensavers.com"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 21:32:36 ( .D... ) "C:\Program Files\Security Stronghold"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-27 05:48:42 0 ( A.... ) "C:\WINDOWS\system32\qghumeay.dll"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-18 13:14:24 18359 ( A.... ) "C:\WINDOWS\system32\Ntaccess.sys"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-10 22:31 92,160 C:\WINDOWS\system32\winrestores.exe
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-10 17:30 143,360 C:\WINDOWS\system32\ConTest.dll
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 21:26 479,232 C:\WINDOWS\system32\Solar
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-31 20:18 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-31 20:18 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-31 10:43 6,694 C:\WINDOWS\system32\.exe
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 11:14 0 C:\WINDOWS\system32\qghumeay.dll
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"SoundMan"="SOUNDMAN.EXE"
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"ActiveSpeed"="C:\\Program Files\\Ascentive\\ActiveSpeed\\AS.exe -b"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"
"VCS Host"="vcshost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"
"VCS Host"="vcshost.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: 06-08-11 20:51:05.28
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

-----------------------------

KASPERSKY ONLINE SCANNER REPORT
06-08-12 05:52
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/08/2006
Kaspersky Anti-Virus database records: 214056
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 76103
Number of viruses found: 14
Number of infected objects: 28 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:53

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\winrestores.exe Infected: Backdoor.Win32.Rbot.gen skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/SpyRename.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
E:\Stevz Comp\Stuff\kmd.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
E:\Stevz Comp\Stuff\kmd.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
E:\Stevz Comp\Stuff\kmd.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Stevz Comp\Stuff\kmd.exe/data0007/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped
E:\Stevz Comp\Stuff\kmd.exe/data0007/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\Stevz Comp\Stuff\kmd.exe/data0007 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
E:\Stevz Comp\Stuff\kmd.exe Inno: infected - 14 skipped
E:\Stevz Comp\bootskins\theearthedition.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
E:\Stevz Comp\bootskins\theearthedition.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
E:\Stevz Comp\bootskins\theearthedition.exe WiseSFX: infected - 2 skipped
E:\Stevz Comp\bootskins\theearthedition.exe WiseSFX Dropper: infected - 2 skipped
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\89QZSPMR\script[1].htm.pvaa.dkb Infected: Exploit.HTML.Mht skipped
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\SLEZK5AZ\popup[1].php.pvaa.dkb/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\SLEZK5AZ\popup[1].php.pvaa.dkb GZIP: infected - 1 skipped

-----------------------------

Logfile of HijackThis v1.99.1
Scan saved at 05:54, on 06-08-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ActiveSpeed] C:\Program Files\Ascentive\ActiveSpeed\AS.exe -b
O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestores.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestores.exe
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestores.exe
O4 - Startup: DataKeeper.lnk = C:\Program Files\PowerQuest\DataKeeper 5.0\DataKeeper.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Attached Files
File Type: zip ComboFix1.zip (12.4 KB, 2 views)
Last edited by Ried; 08-11-2006 at 08:42 PM.
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-12-2006, 08:48 AM   #46 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Ok, we're going to start all over again. Hopefully now that your other issues with running scripts was fixed, these tools will work properly this round.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence--without interruption.

**If you incur any problems during any of the steps, do not pause to contact me, simply move on to the next step and tell me any problems you had, when you return with the logs requested.

**********************************************************

Download the attached dj.zip file to your desktop.

Download AlcanShorty from here.
  • Click the download button below and agree to download the fix.
  • Download Alcanshorty to your desktop.
  • DoubleClick alcanshorty_en.exe and click install
  • This will create a new folder on your desktop called alcanshorty_en
  • Open that folder and doubleclick Run.bat
  • Once the fix starts, your icons and desktop will disappear, this is normal.

Make sure you have a working internet connection. In case your firewall gives an alert, don't block it,because alcanshorty needs to download some additional files to let the tool run properly.
  • Wait for the complete script execution box to popup and press OK.
  • Press exit to terminate the BFU program.

-----------------------------

Please download VundoFix5.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt along with any other reports requested.

-----------------------------------

Disconnect from the internet.

-----------------------------------

Reboot into Safe Mode.

-----------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Screensavers.com

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any)

O4 - HKLM\..\Run: [Microsoft Telecoms Center] winrestores.exe
O4 - HKLM\..\RunServices: [Microsoft Telecoms Center] winrestores.exe
O4 - HKCU\..\Run: [Microsoft Telecoms Center] winrestores.exe

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

-----------------------------------

Delete the following Files and Folders if they still exist.

C:\WINDOWS\system32\ i
C:\WINDOWS\system32\ winrestores.exe
E:\Stevz Comp\Stuff\ kmd.exe
E:\Stevz Comp\bootskins\ theearthedition.exe
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\89QZSPMR\ script[1].htm.pvaa.dkb
F:\DataKeeper Backup Of C\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\SLEZK5AZ\ popup[1].php.pvaa.dkb
C:\Program Files\ Screensavers.com
vschost.exe <---Search for this file via Start>Search>All files and folders and delete if found. Careful of the spelling--make sure it is exact!

-----------------------------------

Double click on the dj.zip folder you downloaded earlier, then double click on the .reg file within. Click yes to allow it to merge into your registry.

-----------------------------------

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions" **Please ensure it is set to Quarantine
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Run another online scan at Kaspersky:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

-----------------------------------

Run combofix.exe

-----------------------------------

Run a scan with HijackThis and save the log

-----------------------------------

Please return with the following:

vundofix.txt
Ewido results
Kaspersky results
combofix log
New HijackThis log
Any problems you ran into
How is the system behaving
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 08-20-2006 at 08:13 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2006, 07:44 PM   #47 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: Starting Over
Some more uglies have appeared and
I found a suspisious zippedfolder and an unzipped folder on my desktop. they are called localnet 2001 Crack
my son assures me It wasnt him ,.... So not right! And my browser been
Hijacked by some security site there is allso a dialup connection that keeps disconnecting my dialup and reinstalling and its self after I delete it and countless other trojans. there is a programme ishost.exe that constantly tryies to get thruogh zone alarm I have it in the blocked area. There is also a firewall programme trying to come through from my ISP provider should I let it in?
I still havn't got any tabs in the task manager. the system suffer several crashes while doing the online scan at Kaspersky. It would get 95% .I finally got a complete scan and report after the third atempt there was also a yellow triangle with a exclamation mark in the system tray trying to hypnotise me with its constant flashing all this was before I carried out the instructions you gave me.

I've completed the tasks you set for me.
I still havn't got any tabs in the task manager
I still have the security page problem The flashing yellow triangle has gone. Man what and exciting weekend NOT HeeHee
Any way here are the reports you asked for Have fun I've also included a Screenshot of the Security page thats Highjacked my Browser.
Cheers
Download Junkie.
Ps: Would you like a Screen shot of Task manager.


VundoFix V5.1.11

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Sun Java not detected
Scan started at 18:43:50 06-08-15

Listing files found while scanning....

No infected files were found.


Beginning removal...

-----------------------------

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:24 06-08-15

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-117609710-484061587-682003330-1004\Dc6.exe -> Backdoor.Rbot.bcj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TFTP3956 -> Backdoor.Rbot.bcj : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Cookies\black dragon@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Cookies\black dragon@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\G760YYHX\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\win34.tmp.exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd1.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd1D.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd27.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd2A.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd2D.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd3.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd33.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd36.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd37.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd38.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd39.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd3C.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd3D.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd3E.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd3F.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd43.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd4B.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd5.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd5DF.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd5E1.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd5E4.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd5E7.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\idd8.tmp.exe -> Trojan.Dialer.qy : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).


::Report end

----------------------------
KASPERSKY ONLINE SCANNER REPORT
06-08-15 23:25
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 15/08/2006
Kaspersky Anti-Virus database records: 215145
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 77857
Number of viruses found: 8
Number of infected objects: 15 / 0
Number of suspicious objects: 8
Duration of the scan process: 00:45:13

C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\G760YYHX\script[1].htm
C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\I550EU0D\srvetp[1].exe Suspicious
C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\I550EU0D\srvjck[1].exe Suspicious
C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\I550EU0D\srvktu[1].exe Suspicious
C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\U0RVVEMZ\srvxqz[1].exe Suspicious
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\winwea32.dll
C:\WINDOWS\Temp\idd2.tmp.exe
C:\WINDOWS\Temp\idd2E6.tmp.exe
C:\WINDOWS\Temp\idd45.tmp.exe
C:\WINDOWS\Temp\idd815.tmp.exe
C:\WINDOWS\Temp\idd9.tmp.exe
C:\WINDOWS\Temp\iddB.tmp.exe
C:\WINDOWS\Temp\iddB30.tmp.exe
C:\WINDOWS\Temp\win35.tmp.exe Suspicious
C:\WINDOWS\Temp\win5DE.tmp.exe Suspicious
C:\WINDOWS\Temp\win5E0.tmp.exe Suspicious
C:\WINDOWS\Temp\win5E3.tmp.exe Suspicious
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc

----------------------

Start Time= 06-08-15 23:28:29.51
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-15 22:33:36 20992 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-08-15 22:33:36 4608 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp"
2006-08-15 17:36:06 20992 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-08-15 15:59:02 20480 ( A.... ) "C:\smarty.exe"
2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland"
2006-08-15 10:28:32 8796 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-08-14 18:13:42 20992 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-08-13 21:28:32 32768 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-08-13 20:41:50 410743 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com"
2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll"
2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor"
2006-08-13 11:38:08 15872 ( A.... ) "C:\WINDOWS\system32\winwea32.dll"
2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds"
2006-08-12 22:51:38 2185344 ( A.... ) "C:\WINDOWS\system32\ntosk_53.exe"
2006-08-12 22:44:46 2185344 ( A.... ) "C:\WINDOWS\system32\ntosk_52.exe"
2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising"
2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-08-12 14:56:14 2185088 ( A.... ) "C:\WINDOWS\system32\ntosk_51.exe"
2006-08-12 14:40:56 2185088 ( A.... ) "C:\WINDOWS\system32\ntosk_50.exe"
2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty"
2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll"
2006-08-12 09:35:36 32784 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-10 17:30:32 ( .D... ) "C:\Program Files\Ascentive"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 13:03:24 2080128 ( A.... ) "C:\WINDOWS\system32\kernel1.exe"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-27 05:48:42 0 ( A.... ) "C:\WINDOWS\system32\qghumeay.dll"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll"
2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-18 13:14:24 18359 ( A.... ) "C:\WINDOWS\system32\Ntaccess.sys"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-15 20:34 20,992 C:\WINDOWS\system32\ixt2.dll
2006-08-15 15:58 20,480 C:\smarty.exe
2006-08-14 19:39 20,992 C:\WINDOWS\system32\ixt1.dll
2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll
2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll
2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll
2006-08-13 21:28 8,796 C:\WINDOWS\system32\isnotify.exe
2006-08-13 21:28 32,768 C:\WINDOWS\system32\issearch.exe
2006-08-13 21:28 20,992 C:\WINDOWS\system32\ixt0.dll
2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll
2006-08-13 11:38 15,872 C:\WINDOWS\system32\winwea32.dll
2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll
2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-08-12 22:51 2,185,344 C:\WINDOWS\system32\ntosk_53.exe
2006-08-12 22:44 2,185,344 C:\WINDOWS\system32\ntosk_52.exe
2006-08-12 14:56 2,185,088 C:\WINDOWS\system32\ntosk_51.exe
2006-08-12 14:40 2,185,088 C:\WINDOWS\system32\ntosk_50.exe
2006-08-12 14:35 256 C:\W32OMSB.SYS
2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll
2006-08-12 09:35 4,608 C:\WINDOWS\system32\ismon.exe
2006-08-12 09:35 32,784 C:\WINDOWS\system32\ishost.exe
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-31 20:18 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-31 20:18 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 11:14 0 C:\WINDOWS\system32\qghumeay.dll
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk]
"path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk"
"backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\""
"item"="DataKeeper"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: 06-08-15 23:28:38.75
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

Logfile of HijackThis v1.99.1
Scan saved at 23:30, on 06-08-15
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.nz/
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Attached Files
File Type: zip RIEDS Starting Over.zip (185.4 KB, 1 views)
Last edited by Ried; 08-15-2006 at 08:31 PM.
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2006, 09:31 PM   #48 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista




DJ--do you see a pattern here? We just start making some headway, and the system gets reinfected with the same nasties--and then some.

If we're ever going to get this system clean, he has to stay off the internet until we're through. This PC should not be used for the internet at all except to download the tools or run online scans as stated in these instructions--and then reply to me. Do what you have to do to keep this PC under 'lock and key' until we're through here.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence--no stopping in between-- no connecting this PC to internet except when instructed and to reply here with the logs requested.

***************************************************

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

-------------------------------------

Download the attached dj2.zip file to your desktop. Do not run it yet.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

-----------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

-----------------------------------

Double click on HijackThis.exe to run it.
* Go to Config> Misc Tools
* Click the button labeled "Delete A File on Reboot..."
* In the dialogue that shows up, copy/paste the following into the "file name:" field

C:\WINDOWS\SYSTEM32\winwea32.dll

*Do not reboot yet.

----------------------------

Click the 'Back' button in the lower right hand corner.

----------------------------

Run a scan with HijackThis and click on 'Do a System Scan Only'. Check the following entry:

O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll

Click 'Fix Checked' and close HijackThis.

______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : " Registry cleaning - Do you want to clean the registry?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question " Replace infected file?" by typing Y and hit Enter.


A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: (C:rapport.txt) or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files.

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.
---------------------------------------------------------------------------------------------

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:
· "Security Info"
· "Warning Message"
· "Security Desktop"
· "Warning Homepage"
· "Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

______________________________

IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
  • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido

------------------------------------------

Double click on the dj2.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry.

_____________________________

Reboot back into Normal Mode.

_____________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Once you reboot......

Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report

---------------------------------------------------------------------------------------------

Run Combofix once more.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

C:\Combofix.previous.run.txt
rapport.txt (from the SmitfraudFix tool)
Ewido results
Panda results
C:\Combofix.txt
New HJT log
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 08-23-2006 at 05:47 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2006, 08:20 PM   #49 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: A pattern forming Here
Hi Ried This my second attempt at sending you this Post My PC froze when I pressed the submit Post button. I opened up Task manager That still dosn't have any tabs to see what was going on in there and found that svchost.exe was using up 100% of the CPU's resourses.
I tried to upload the zip file containing the reports but kept getting an Upload Error.
I've completed the steps you asked. All except for the Panda Online Scan
I couldn't get it to Scan My PC I'd get as far as the do you accept section and
thats as far as it would go. I tried four times with the same result each time.
On the Main Online Scan page in the bottom left corner it said done but with errors on the page.
Anyway here are the logs without the panda log.

Cheers.
Download Junkie.

Start Time= 06-08-15 23:28:29.51
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-15 22:33:36 20992 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-08-15 22:33:36 4608 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp"
2006-08-15 17:36:06 20992 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-08-15 15:59:02 20480 ( A.... ) "C:\smarty.exe"
2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland"
2006-08-15 10:28:32 8796 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-08-14 18:13:42 20992 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-08-13 21:28:32 32768 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-08-13 20:41:50 410743 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com"
2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll"
2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor"
2006-08-13 11:38:08 15872 ( A.... ) "C:\WINDOWS\system32\winwea32.dll"
2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds"
2006-08-12 22:51:38 2185344 ( A.... ) "C:\WINDOWS\system32\ntosk_53.exe"
2006-08-12 22:44:46 2185344 ( A.... ) "C:\WINDOWS\system32\ntosk_52.exe"
2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising"
2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-08-12 14:56:14 2185088 ( A.... ) "C:\WINDOWS\system32\ntosk_51.exe"
2006-08-12 14:40:56 2185088 ( A.... ) "C:\WINDOWS\system32\ntosk_50.exe"
2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty"
2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll"
2006-08-12 09:35:36 32784 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-10 17:30:32 ( .D... ) "C:\Program Files\Ascentive"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 13:03:24 2080128 ( A.... ) "C:\WINDOWS\system32\kernel1.exe"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-27 05:48:42 0 ( A.... ) "C:\WINDOWS\system32\qghumeay.dll"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll"
2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-18 13:14:24 18359 ( A.... ) "C:\WINDOWS\system32\Ntaccess.sys"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-15 20:34 20,992 C:\WINDOWS\system32\ixt2.dll
2006-08-15 15:58 20,480 C:\smarty.exe
2006-08-14 19:39 20,992 C:\WINDOWS\system32\ixt1.dll
2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll
2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll
2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll
2006-08-13 21:28 8,796 C:\WINDOWS\system32\isnotify.exe
2006-08-13 21:28 32,768 C:\WINDOWS\system32\issearch.exe
2006-08-13 21:28 20,992 C:\WINDOWS\system32\ixt0.dll
2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll
2006-08-13 11:38 15,872 C:\WINDOWS\system32\winwea32.dll
2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll
2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-08-12 22:51 2,185,344 C:\WINDOWS\system32\ntosk_53.exe
2006-08-12 22:44 2,185,344 C:\WINDOWS\system32\ntosk_52.exe
2006-08-12 14:56 2,185,088 C:\WINDOWS\system32\ntosk_51.exe
2006-08-12 14:40 2,185,088 C:\WINDOWS\system32\ntosk_50.exe
2006-08-12 14:35 256 C:\W32OMSB.SYS
2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll
2006-08-12 09:35 4,608 C:\WINDOWS\system32\ismon.exe
2006-08-12 09:35 32,784 C:\WINDOWS\system32\ishost.exe
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-31 20:18 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-31 20:18 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 11:14 0 C:\WINDOWS\system32\qghumeay.dll
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk]
"path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk"
"backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\""
"item"="DataKeeper"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: 06-08-15 23:28:38.75
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>


SmitFraudFix v2.81

Scan done at 21:19:06.53, 06-08-17
Run from C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismon.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\WINDOWS\system32\components\flx??.dll Deleted
C:\WINDOWS\system32\components\flx???.dll Deleted
C:\Documents and Settings\Black Dragon\Application Data\Microsoft\Internet Explorer\Quick Launch\Malware-Wipe 4.2.lnk Deleted
C:\DOCUME~1\BLACKD~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\BLACKD~1\STARTM~1\Malware-Wipe 4.2.lnk Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:33 06-08-17

+ Scan result:



Nothing found.



::Report end


Start Time= 06-08-17 21:04:53.84
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-17 21:00:44 20992 ( A.... ) "C:\WINDOWS\system32\ixt2.dll"
2006-08-17 18:27:46 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\7Wonders"
2006-08-17 18:27:34 ( .D... ) "C:\Program Files\7 Wonders"
2006-08-17 18:15:04 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\PlayFirst"
2006-08-17 18:00:28 ( .D... ) "C:\Program Files\5 Spots II"
2006-08-17 17:49:46 ( .D... ) "C:\Program Files\Fluff 'Em Up"
2006-08-17 17:44:10 ( .D... ) "C:\Program Files\Platypus"
2006-08-17 14:51:10 ( .D... ) "C:\Program Files\Bud Redhead"
2006-08-17 12:04:04 ( .D... ) "C:\Program Files\QBeez 2"
2006-08-17 11:59:26 ( .D... ) "C:\Program Files\Puppy Luv"
2006-08-17 11:53:08 ( .D... ) "C:\Program Files\QBicles"
2006-08-16 18:49:14 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Magic Match"
2006-08-16 18:48:24 ( .D... ) "C:\Program Files\Magic Match"
2006-08-16 18:19:14 ( .D... ) "C:\Program Files\Cubozoid"
2006-08-16 17:58:02 ( .D... ) "C:\Program Files\Chainz 2"
2006-08-16 09:42:10 4608 ( A.... ) "C:\WINDOWS\system32\ismon.exe"
2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp"
2006-08-15 17:36:06 20992 ( A.... ) "C:\WINDOWS\system32\ixt1.dll"
2006-08-15 15:59:02 20480 ( A.... ) "C:\smarty.exe"
2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland"
2006-08-15 10:28:32 8796 ( A.... ) "C:\WINDOWS\system32\isnotify.exe"
2006-08-14 18:13:42 20992 ( A.... ) "C:\WINDOWS\system32\ixt0.dll"
2006-08-13 21:28:32 32768 ( A.... ) "C:\WINDOWS\system32\issearch.exe"
2006-08-13 20:41:50 410743 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com"
2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll"
2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor"
2006-08-13 11:38:08 15872 ( A.... ) "C:\WINDOWS\system32\winwea32.dll"
2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds"
2006-08-12 22:51:38 2185344 ( A.... ) "C:\WINDOWS\system32\ntosk_53.exe"
2006-08-12 22:44:46 2185344 ( A.... ) "C:\WINDOWS\system32\ntosk_52.exe"
2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising"
2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-08-12 14:56:14 2185088 ( A.... ) "C:\WINDOWS\system32\ntosk_51.exe"
2006-08-12 14:40:56 2185088 ( A.... ) "C:\WINDOWS\system32\ntosk_50.exe"
2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty"
2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll"
2006-08-12 09:35:36 32784 ( A.... ) "C:\WINDOWS\system32\ishost.exe"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-10 17:30:32 ( .D... ) "C:\Program Files\Ascentive"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 13:03:24 2080128 ( A.... ) "C:\WINDOWS\system32\kernel1.exe"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-27 05:48:42 0 ( A.... ) "C:\WINDOWS\system32\qghumeay.dll"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll"
2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-18 13:14:24 18359 ( A.... ) "C:\WINDOWS\system32\Ntaccess.sys"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-15 20:34 20,992 C:\WINDOWS\system32\ixt2.dll
2006-08-15 15:58 20,480 C:\smarty.exe
2006-08-14 19:39 20,992 C:\WINDOWS\system32\ixt1.dll
2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll
2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll
2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll
2006-08-13 21:28 8,796 C:\WINDOWS\system32\isnotify.exe
2006-08-13 21:28 32,768 C:\WINDOWS\system32\issearch.exe
2006-08-13 21:28 20,992 C:\WINDOWS\system32\ixt0.dll
2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll
2006-08-13 11:38 15,872 C:\WINDOWS\system32\winwea32.dll
2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll
2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-08-12 22:51 2,185,344 C:\WINDOWS\system32\ntosk_53.exe
2006-08-12 22:44 2,185,344 C:\WINDOWS\system32\ntosk_52.exe
2006-08-12 14:56 2,185,088 C:\WINDOWS\system32\ntosk_51.exe
2006-08-12 14:40 2,185,088 C:\WINDOWS\system32\ntosk_50.exe
2006-08-12 14:35 256 C:\W32OMSB.SYS
2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll
2006-08-12 09:35 4,608 C:\WINDOWS\system32\ismon.exe
2006-08-12 09:35 32,784 C:\WINDOWS\system32\ishost.exe
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-31 20:18 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-31 20:18 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 11:14 0 C:\WINDOWS\system32\qghumeay.dll
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"ishost.exe"="ishost.exe"
"issearch.exe"="issearch.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,36,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk]
"path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk"
"backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\""
"item"="DataKeeper"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: 06-08-17 21:05:01.23
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-17.210453.txt


--------------------------------------------------------
--------------------------------------------------------

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Logfile of HijackThis v1.99.1
Scan saved at 13:14, on 06-08-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2006, 08:49 AM   #50 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Hi Download Junkie,

It appears you ran the second combofix before the SmitfraudFix. It is important you run the tools in the order given so I can accurately assess what files are still remaining after the use of the tools.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download KillBox. (it's important that you get version v2.0.0.175)

***************************************************

Upload this file C:\WINDOWS\jestertb.dll to http://virusscan.jotti.org and report back what it found.

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

----------------------------------

Reboot into Safe Mode.

----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry:

O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll

Click 'Fix Checked' and close HijackThis.

-----------------------------------

Launch KillBox.exe & select the following options:
  • Delete on Reboot
  • All files (if available)
Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\system32\qghumeay.dll
C:\smarty.exe
C:\WINDOWS\system32\winwea32.dll

In Killbox, go to the File menu, and choose Paste from Clipboard
*Click on the dropdown menu next to Full Path of File to Delete field.
*Verify that the filenames you pasted are found there.

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click Yes at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.
* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to manually restart Windows.

-----------------------------

Try again to get an online scan done at Panda or Kaspersky:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

----------------------------

Run combofix.exe once again and post the log here.

----------------------------

Run another scan with HijackThis and save the log.

I'll need the following in your next reply:

jotti results
Online scan results
combofix log
New HijackThis log

Any improvement in your system yet?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2006, 03:53 PM   #51 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: online scan results
Hi Ried My System seems to be okay so far today Sorry about the stuffup with the last set of instructions.

Here are the results you asked for

Service
Service load: 0% 100%

File: jestertb.dll
Status: OK
MD5 65dabb831da51500dfa31b40252803e2
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06-08-19 09:17
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 18/08/2006
Kaspersky Anti-Virus database records: 216200
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 78765
Number of viruses found: 3
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:45:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\commonFunc[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\CommonFunc[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\defaultsettings[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\firstpage[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\loc_strings[2].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\logo[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\NavBar[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\NavBar[2].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\note[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Search[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shortcutHot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\sysinfomain[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\tshoot[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Uabrand[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\watermark_300x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\alttext[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\coUAprint[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\HHWRAPPER[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\icon_articles_12x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\MiniNavBar[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\minusCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\msinfohss[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\plusCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\searchblurb[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\sysInfoLaunch[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\tsUSB[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\tsUSB_sniff[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\arrow_blue_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\arrow_green_normal[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Behaviors[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\blank[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\buttonForm[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\coUA[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\endnode[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\MiniNavBar[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\progbar[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\reusable[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shortcutCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\SubSite[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\tsctl[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\tshoot_shared[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\warning[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_mousedown[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_mouseover[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Channels[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\collapsed[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Context[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\coUA[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\helpdoc[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Layout[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\plusHot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\tsUSB_result[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Black Dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Black Dragon\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Local Settings\History\History.IE5\MSHist012006081920060820\index.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Local Settings\Temp\~DFB355.tmp Object is locked skipped
C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Black Dragon\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\THE-LAIR.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Actiontec MDC AC'97 Modem v2122A.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{57F60DF7-A8CA-4F6B-B55F-A5DC5C1F13D1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\ZLT02f08.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/SpyRename.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped
E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped

Scan process completed.



Start Time= 06-08-19 9:19:22.04
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-18 19:53:22 ( .D... ) "C:\Program Files\Trivia Machine"
2006-08-18 19:20:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Alawar"
2006-08-18 19:07:36 ( .D... ) "C:\Program Files\Fireworks Extravaganza"
2006-08-18 14:50:54 ( .D... ) "C:\Program Files\3D Studio"
2006-08-18 13:36:42 36864 ( A.... ) "C:\WINDOWS\system32\vcshost.exe"
2006-08-18 09:58:20 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Chasing Dogs Studios"
2006-08-18 09:54:36 ( .D... ) "C:\Program Files\Crimsonland"
2006-08-18 09:48:58 ( .D... ) "C:\Program Files\Cosmic Bugs"
2006-08-18 09:44:30 ( .D... ) "C:\Program Files\Garden Dreams"
2006-08-17 21:29:52 10625 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-17 18:27:46 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\7Wonders"
2006-08-17 18:27:34 ( .D... ) "C:\Program Files\7 Wonders"
2006-08-17 18:15:04 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\PlayFirst"
2006-08-17 18:00:28 ( .D... ) "C:\Program Files\5 Spots II"
2006-08-17 17:49:46 ( .D... ) "C:\Program Files\Fluff 'Em Up"
2006-08-17 17:44:10 ( .D... ) "C:\Program Files\Platypus"
2006-08-17 14:51:10 ( .D... ) "C:\Program Files\Bud Redhead"
2006-08-17 12:04:04 ( .D... ) "C:\Program Files\QBeez 2"
2006-08-17 11:59:26 ( .D... ) "C:\Program Files\Puppy Luv"
2006-08-17 11:53:08 ( .D... ) "C:\Program Files\QBicles"
2006-08-16 18:49:14 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Magic Match"
2006-08-16 18:48:24 ( .D... ) "C:\Program Files\Magic Match"
2006-08-16 18:19:14 ( .D... ) "C:\Program Files\Cubozoid"
2006-08-16 17:58:02 ( .D... ) "C:\Program Files\Chainz 2"
2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp"
2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland"
2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com"
2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll"
2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor"
2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds"
2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising"
2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty"
2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-10 17:30:32 ( .D... ) "C:\Program Files\Ascentive"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll"
2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-18 13:34 36,864 C:\WINDOWS\system32\vcshost.exe
2006-08-18 11:07 73,728 C:\WINDOWS\system32\asuninst.exe
2006-08-18 11:07 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll
2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll
2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll
2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll
2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll
2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-08-12 14:35 256 C:\W32OMSB.SYS
2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Microsoft Telecoms Center"="winrestores.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk]
"path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk"
"backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\""
"item"="DataKeeper"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder

Completion time: 06-08-19 9:19:31.28
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-19.091922.txt
---------------------------------------------------------------------
---------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 09:21, on 06-08-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-18-2006, 04:53 PM   #52 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Hiya,

Thank you for the prompt carrying out of instructions...it's helping.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Reboot into Safe Mode.

-------------------------------

Run a scan with HijackThis and fix this entry:

O20 - Winlogon Notify: winwea32 - winwea32.dll (file missing)

Click 'Fix Checked' and close HijackThis.

-------------------------------

Delete this file:

C:\WINDOWS\system32\ vcshost.exe < --Careful of the spelling--make sure it is exact. Do NOT delete the legit C:\WINDOWS\system32\svchost.exe

-------------------------------

I'm going to send you in for these registry entries to ensure they get removed.

Click START…RUN…Type in regedit. Make sure just "My Computer" is showing in the left pane and click..FILE….EXPORT…and save a copy some were in case you make a mistake.
  • Now navigate to the following keys by clicking the + sign next to each category to expand them.
  • Continue doing so until you've reached the folder I highlighted in blue. Double click that folder to open it.
  • You will see the entry listed below in red, in the right hand panel. Right click the entry in that panel and select 'delete'.

HKEY_USERS\.default\software\microsoft\windows\cur rentversion\ run
"Microsoft Telecoms Center"="winrestores.exe"

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\ run
" Microsoft Telecoms Center"="winrestores.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\ services
"Network Monitor"=dword:00000002
"cmdService"=dword:00000002

If the above registry keys are giving you problems deleting:
  • Right click on it and click on Permissions.
  • Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK.
  • Now try deleting the entry again.
Once you're done, close the Registry Editor.

------------------------------

Reboot back into Normal Mode.

------------------------------

Run combofix.exe one more time so I can verify those entries are indeed gone, along with a new HijackThis log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-19-2006, 03:12 PM   #53 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: Reg edit
Hi Ried I backed up the registry and completed the task you set for me.
the second entry you asked me to delete HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
"Microsoft Telecoms Center"="winrestores.exe"
wasn't there.
any way here are the combofix and hjt logs

Cheers.
Download Junkie.



Start Time= 06-08-20 8:42:13.01
Running from: C:\Reids

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-20 07:50:06 ( .D... ) "C:\Program Files\Windows Media Bonus Pack for Windows XP"
2006-08-19 19:22:28 331582 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log"
2006-08-19 16:20:28 33533 ( A.... ) "C:\WINDOWS\system32\CoreVorbis-uninstall.exe"
2006-08-19 13:38:00 ( .D... ) "C:\Program Files\Internet TV Player"
2006-08-19 10:13:24 2053120 ( A.... ) "C:\WINDOWS\system32\kernel1.exe"
2006-08-18 19:53:22 ( .D... ) "C:\Program Files\Trivia Machine"
2006-08-18 19:20:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Alawar"
2006-08-18 19:07:36 ( .D... ) "C:\Program Files\Fireworks Extravaganza"
2006-08-18 14:50:54 ( .D... ) "C:\Program Files\3D Studio"
2006-08-18 13:36:42 36864 ( A.... ) "C:\WINDOWS\system32\vcshost.exe"
2006-08-18 09:58:20 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Chasing Dogs Studios"
2006-08-18 09:54:36 ( .D... ) "C:\Program Files\Crimsonland"
2006-08-18 09:48:58 ( .D... ) "C:\Program Files\Cosmic Bugs"
2006-08-18 09:44:30 ( .D... ) "C:\Program Files\Garden Dreams"
2006-08-17 18:27:46 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\7Wonders"
2006-08-17 18:27:34 ( .D... ) "C:\Program Files\7 Wonders"
2006-08-17 18:15:04 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\PlayFirst"
2006-08-17 18:00:28 ( .D... ) "C:\Program Files\5 Spots II"
2006-08-17 17:49:46 ( .D... ) "C:\Program Files\Fluff 'Em Up"
2006-08-17 17:44:10 ( .D... ) "C:\Program Files\Platypus"
2006-08-17 14:51:10 ( .D... ) "C:\Program Files\Bud Redhead"
2006-08-17 12:04:04 ( .D... ) "C:\Program Files\QBeez 2"
2006-08-17 11:59:26 ( .D... ) "C:\Program Files\Puppy Luv"
2006-08-17 11:53:08 ( .D... ) "C:\Program Files\QBicles"
2006-08-16 18:49:14 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Magic Match"
2006-08-16 18:48:24 ( .D... ) "C:\Program Files\Magic Match"
2006-08-16 18:19:14 ( .D... ) "C:\Program Files\Cubozoid"
2006-08-16 17:58:02 ( .D... ) "C:\Program Files\Chainz 2"
2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp"
2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland"
2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com"
2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll"
2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor"
2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds"
2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising"
2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade"
2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty"
2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll"
2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez"
2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez"
2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17"
2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files"
2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16"
2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI"
2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20"
2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL"
2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT"
2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse"
2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic"
2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll"
2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!"
2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer"
2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta"
2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery"
2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS"
2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL"
2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC"
2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help"
2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink"
2006-07-29 1150 ( .D... ) "C:\Program Files\Zone Labs"
2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio"
2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer"
2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H"
2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office"
2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution"
2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic"
2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys"
2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe"
2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP"
2006-07-26 0934 441 ( A.... ) "C:\bootbak.bat"
2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo"
2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla"
2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla"
2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger"
2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA"
2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA"
2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute"
2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher"
2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack"
2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia"
2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft"
2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7"
2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll"
2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll"
2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft"
2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared"
2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files"
2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini"
2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager"
2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack"
2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA"
2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information"
2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest"
2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield"
2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities"
2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information"
2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox"
2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage"
2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT"
2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services"
2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap"
2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker"
2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting"
2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express"
2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System"
2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer"
2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications"
2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player"
2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services"
2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger"
2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT"
2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN"
2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll"
2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll"
2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll"
2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll"
2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll"
2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe"
2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll"
2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll"
2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-20 07:50 131,072 C:\WINDOWS\system32\dzip32.dll
2006-08-20 07:50 110,592 C:\WINDOWS\system32\dunzip32.dll
2006-08-19 16:20 33,533 C:\WINDOWS\system32\CoreVorbis-uninstall.exe
2006-08-18 13:34 36,864 C:\WINDOWS\system32\vcshost.exe
2006-08-18 11:07 73,728 C:\WINDOWS\system32\asuninst.exe
2006-08-18 11:07 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll
2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll
2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll
2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll
2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll
2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll
2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll
2006-08-12 14:35 256 C:\W32OMSB.SYS
2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll
2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL
2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll
2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll
2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll
2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll
2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll
2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll
2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe
2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll
2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll
2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll
2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys
2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll
2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe
2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll
2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe
2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll
2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll
2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys
2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll
2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll
2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll
2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll
2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll
2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll
2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll
2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE
2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe
2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe
2006-07-26 09:06 441 C:\bootbak.bat
2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys
2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE
2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll
2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe
2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe
2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll
2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll
2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll
2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll
2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll
2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll
2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll
2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll
2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll
2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll
2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll
2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll
2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll
2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll
2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe
2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll
2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll
2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll
2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll
2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll
2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll
2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll
2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll
2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll
2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll
2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe
2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll
2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll
2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll
2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll
2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll
2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll
2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll
2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll
2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe
2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll
2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll
2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll
2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll
2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll
2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll
2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll
2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll
2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll
2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll
2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll
2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll
2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll
2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll
2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe
2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe
2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll
2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll
2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll
2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll
2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll
2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe
2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe
2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll
2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll
2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe
2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg
2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg
2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll
2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll
2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll
2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll
2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll
2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll
2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll
2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll
2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll
2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll
2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll
2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll
2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll
2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll
2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll
2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll
2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll
2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll
2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll
2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll
2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll
2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll
2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll
2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll
2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll
2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll
2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll
2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL
2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll
2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll
2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll
2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll
2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE
2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll
2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll
2006-07-22 10:06 352,321,536 C:\pagefile.sys
2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL
2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL
2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe
2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe
2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe
2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe
2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe
2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll
2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll
2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll
2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe
2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys
2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe
2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll
2006-07-21 22:25 0 C:\MSDOS.SYS
2006-07-21 22:25 0 C:\IO.SYS
2006-07-21 22:25 0 C:\CONFIG.SYS
2006-07-21 22:25 0 C:\AUTOEXEC.BAT
2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe
2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll
2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll
2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll
2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll
2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll
2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll
2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll
2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll
2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll
2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll
2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll
2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll
2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll
2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll
2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe
2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll
2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll
2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll
2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll
2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll
2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll
2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll
2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll
2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll
2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll
2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll
2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll
2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll
2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe
2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe
2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll
2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe
2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll
2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe
2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe
2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe
2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll
2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll
2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll
2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe
2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe
2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll
2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe
2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe
2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe
2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe
2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe
2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll
2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe
2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll
2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe
2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe
2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe
2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe
2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe
2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe
2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe
2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd
2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe
2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll
2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll
2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll
2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll
2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll
2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll
2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll
2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll
2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe
2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll
2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll
2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll
2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll
2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll
2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll
2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll
2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe
2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll
2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe
2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll
2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll
2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe
2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe
2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll
2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe
2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll
2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe
2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll
2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll
2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll
2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll
2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll
2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll
2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll
2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll
2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll
2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll
2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll
2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll
2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe
2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe
2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe
2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe
2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll
2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll
2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AGRSMMSG"="AGRSMMSG.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized"
"TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk]
"path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk"
"backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\""
"item"="DataKeeper"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"cmdService"=dword:00000002

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job

Completion time: 06-08-20 8:42:20.95
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-19.091922.txt
ComboFix.2006-08-20.084212.txt
------------------------------------------------------------------------

------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 08:45, on 06-08-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TURBOC~1\netdetect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O17 - HKLM\System\CS1\Services\Tcpip\..\{4C8EE07F-10F5-4D88-8121-B488943FDC30}: NameServer = 202.27.158.40 202.27.156.72
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-19-2006, 08:40 PM   #54 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Hi,

Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts

Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete.

When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.


Download StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post that log in your next reply.

---------------------------------------

Close any open browsers.

Run a scan with HijackThis and fix the following entry:

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activ...33352D2D2D.exe

Click 'Fix Checked' and close HijackThis.

-----------------------------------------

Please post the logs from the 2 tools and a new HijackThis log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2006, 03:38 AM   #55 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: Silent runner Stardreck & HJT logs
Hi Ried My System Has only CRASHED once today, down on the four or five it normally dose. I've Attached These logs Because Stardreck is quite large.

Cheers
Download Junkie.
Attached Files
File Type: zip Silent Runnings Startdreck HJT.zip (176.2 KB, 1 views)
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2006, 10:01 AM   #56 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


From Normal Mode.

Launch KillBox.exe & select the following options:
  • Delete on Reboot
  • All files (if available)
Copy/paste the following into the 'Full Path of File to Delete' field:

C:\WINDOWS\system32\vcshost.exe

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
Click the RED X button.

Click Yes at the 'Delete on Reboot' prompt. Click Yes at the Pending Operations prompt.

-------------------------------

I'd like you to add some protection before continuing.

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items .

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, and save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

---------------------------------

After completing the above, please run another online scan at Kaspersky and post the results here.

Run combofix.exe and post that log here again as well.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2006, 03:12 PM   #57 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi Ried. Just a Quick word while waiting for downloads to come through. Is the IE-SPYAD an Update of the one I already have installed?
I sent an Error report To Microsoft and they said My system crashes are being caused by a Driver but they couldnt tell me Which one. Bumma

Cheers
Download Junkie.
Download Junkie is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-21-2006, 04:27 PM   #58 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,563
OS: WinXP and Vista


Whoops..I forgot I had you download that back on page 1. Yes, it's the same IESpyAd--no need to download it again.

Let's wait for these scan results, then we'll see about the driver issue.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-22-2006, 03:15 AM   #59 (permalink)
Registered User
 
Download Junkie's Avatar
 
Join Date: Jul 2006
Posts: 57
OS: XP Home edition


Hi RIED RE: Kaspersky,Combofix, results
Hi Ried Here are the results of the online Scan and the combofix log.
Is there any way to findout if the anti porn measures we are applying Have been Disabled and then enabled again or tampered with in any way?

Cheers
Download Junkie.



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
06-08-22 20:58
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/08/2006
Kaspersky Anti-Virus database records: 217107
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 84425
Number of viruses found: 4
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:49:10

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\commonFunc[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\CommonFunc[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\defaultsettings[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\firstpage[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\loc_strings[2].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\logo[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\NavBar[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\NavBar[2].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\note[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Search[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[6].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[7].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shortcutHot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\sysinfomain[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\tshoot[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Uabrand[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\watermark_300x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\alttext[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\coUAprint[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\HHWRAPPER[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\icon_articles_12x[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\MiniNavBar[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\minusCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\msinfohss[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\plusCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\searchblurb[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\sysInfoLaunch[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\tsUSB[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\tsUSB_sniff[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\wrapperparam[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\arrow_blue_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\arrow_green_normal[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Behaviors[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\blank[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\buttonForm[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Common[2].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\coUA[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\endnode[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\MiniNavBar[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\progbar[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\reusable[1].xml Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[4].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[5].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shortcutCold[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\SubSite[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\tsctl[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\tshoot_shared[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\warning[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_mousedown[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_mouseover[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_normal_shadow[1].bmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Channels[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\collapsed[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Common[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Context[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\coUA[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\helpdoc[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Layout[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\plusHot[1].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[1].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[1].js Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[2].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[3].css Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\tsUSB_result[1].htm Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Black Dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Black Dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settin