|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
08-23-2006, 02:05 AM
|
#61 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 57
OS: XP Home edition
|
Hi RIED RE: Avenger & hjt logs
Hi Ried
When I read the avenger log and saw It couldn't locate the Files it was asked to... I had words with my son who told me he had Deleted them. When I asked him how he said he had put them in the recycle bin and then emptied it.  Needless to say I hit the roof and told him to stay off the PC till further notice.  Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\uufnqphl ******************* Script file located at: \??\C:\WINDOWS\System32\tjrnykgj.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\vcshost.exe not found! Deletion of file C:\WINDOWS\System32\vcshost.exe failed! Could not process line: C:\WINDOWS\System32\vcshost.exe Status: 0xc0000034 File C:\My Shared Folder\cmb_243461.exe not found! Deletion of file C:\My Shared Folder\cmb_243461.exe failed! Could not process line: C:\My Shared Folder\cmb_243461.exe Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. --------------------------------------------------------------------- --------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:27, on 06-08-23 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MSI\Live Update 3\LMonitor.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\TURBOC~1\netdetect.exe C:\Documents and Settings\Black Dragon\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/ O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Error Expert] C:\Program Files\Error Expert\ErrorExpert.exe /scan O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized O4 - HKCU\..\Run: [TurboConnect] C:\PROGRA~1\TURBOC~1\TurboConnect.exe 1 O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153690380437 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
08-23-2006, 07:12 AM
|
#62 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista
|
Ok, DJ. Let's make sure they haven't regenerated. I'm going to have to ask you to run another combofix.exe and post the log here, along with another Kaspersky scan and those results.
 Are you still experiencing random crashes after deleting those 2 files? |
|
|
|
|
08-24-2006, 02:56 AM
|
#63 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 57
OS: XP Home edition
|
Hi RIED RE: Combofix,Kaspersky
Hi Ried here are the results of the steps you asked me to run
the PC was running sweet till I got to 98% of the Kaspersky Scan Everything when Black and the PC restarted its self. As it went through the startup procedure I noticed the outline of a window appear for a split second, then the usual windows that appear and go down to the system tray. what does Object is locked skipped mean? Cheers. Download Junkie. ------------------------------------------------------------------- Start Time= 06-08-22 21:02:00.73 Running from: C:\Reids QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-22 19:56:42 ( .D... ) "C:\Program Files\SpywareGuard" 2006-08-22 19:45:06 ( .D... ) "C:\Program Files\SpywareBlaster" 2006-08-22 16:39:12 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Free Download Manager" 2006-08-22 16:38:20 ( .D... ) "C:\Program Files\Free Download Manager" 2006-08-22 14:12:00 ( .D... ) "C:\Program Files\Teddy Factory" 2006-08-22 13:51:24 ( .D... ) "C:\Program Files\Rocket Mania Deluxe" 2006-08-22 13:45:14 ( .D... ) "C:\Program Files\Flying Leo" 2006-08-22 13:28:18 ( .D... ) "C:\Program Files\Balloon Blast" 2006-08-21 17:42:30 ( .D... ) "C:\Program Files\Tropix" 2006-08-20 12:59:18 ( .D... ) "C:\Program Files\Easter Bonus" 2006-08-20 09:54:46 ( .D... ) "C:\Program Files\AstroAvenger" 2006-08-20 09:48:58 ( .D... ) "C:\Program Files\Colony" 2006-08-20 07:50:06 ( .D... ) "C:\Program Files\Windows Media Bonus Pack for Windows XP" 2006-08-19 19:22:28 331582 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log" 2006-08-19 16:20:28 33533 ( A.... ) "C:\WINDOWS\system32\CoreVorbis-uninstall.exe" 2006-08-19 13:38:00 ( .D... ) "C:\Program Files\Internet TV Player" 2006-08-19 10:13:24 2053120 ( A.... ) "C:\WINDOWS\system32\kernel1.exe" 2006-08-18 19:53:22 ( .D... ) "C:\Program Files\Trivia Machine" 2006-08-18 19:20:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Alawar" 2006-08-18 19:07:36 ( .D... ) "C:\Program Files\Fireworks Extravaganza" 2006-08-18 14:50:54 ( .D... ) "C:\Program Files\3D Studio" 2006-08-18 13:36:42 36864 ( ..... ) "C:\WINDOWS\system32\vcshost.exe" 2006-08-18 09:58:20 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Chasing Dogs Studios" 2006-08-18 09:54:36 ( .D... ) "C:\Program Files\Crimsonland" 2006-08-18 09:48:58 ( .D... ) "C:\Program Files\Cosmic Bugs" 2006-08-18 09:44:30 ( .D... ) "C:\Program Files\Garden Dreams" 2006-08-17 18:27:46 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\7Wonders" 2006-08-17 18:27:34 ( .D... ) "C:\Program Files\7 Wonders" 2006-08-17 18:15:04 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\PlayFirst" 2006-08-17 18:00:28 ( .D... ) "C:\Program Files\5 Spots II" 2006-08-17 17:49:46 ( .D... ) "C:\Program Files\Fluff 'Em Up" 2006-08-17 17:44:10 ( .D... ) "C:\Program Files\Platypus" 2006-08-17 14:51:10 ( .D... ) "C:\Program Files\Bud Redhead" 2006-08-17 12:04:04 ( .D... ) "C:\Program Files\QBeez 2" 2006-08-17 11:59:26 ( .D... ) "C:\Program Files\Puppy Luv" 2006-08-17 11:53:08 ( .D... ) "C:\Program Files\QBicles" 2006-08-16 18:49:14 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Magic Match" 2006-08-16 18:48:24 ( .D... ) "C:\Program Files\Magic Match" 2006-08-16 18:19:14 ( .D... ) "C:\Program Files\Cubozoid" 2006-08-16 17:58:02 ( .D... ) "C:\Program Files\Chainz 2" 2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp" 2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland" 2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com" 2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll" 2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor" 2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds" 2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising" 2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade" 2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty" 2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll" 2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez" 2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez" 2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17" 2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files" 2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16" 2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI" 2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20" 2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL" 2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT" 2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse" 2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic" 2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll" 2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!" 2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer" 2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta" 2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery" 2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS" 2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL" 2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC" 2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help" 2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink" 2006-07-29 11  50 ( .D... ) "C:\Program Files\Zone Labs"2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync" 2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio" 2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer" 2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H" 2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office" 2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution" 2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic" 2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE" 2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys" 2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys" 2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe" 2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP" 2006-07-26 09 34 441 ( A.... ) "C:\bootbak.bat"2006-07-24 22:02:48 ( .D... ) "C:\Program Files\TurboConnectDemo" 2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla" 2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla" 2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger" 2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA" 2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA" 2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute" 2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher" 2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack" 2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia" 2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft" 2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7" 2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll" 2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll" 2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft" 2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC" 2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines" 2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared" 2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files" 2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini" 2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager" 2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack" 2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA" 2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information" 2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest" 2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield" 2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities" 2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information" 2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft" 2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox" 2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage" 2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT" 2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services" 2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap" 2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker" 2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting" 2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express" 2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System" 2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer" 2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications" 2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate" 2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player" 2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services" 2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger" 2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone" 2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT" 2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN" 2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll" 2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll" 2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll" 2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll" 2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll" 2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll" 2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll" 2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll" 2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll" 2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe" 2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll" 2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll" 2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll" 2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-20 07:50 131,072 C:\WINDOWS\system32\dzip32.dll 2006-08-20 07:50 110,592 C:\WINDOWS\system32\dunzip32.dll 2006-08-19 16:20 33,533 C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2006-08-18 13:34 36,864 C:\WINDOWS\system32\vcshost.exe 2006-08-18 11:07 73,728 C:\WINDOWS\system32\asuninst.exe 2006-08-18 11:07 11,776 C:\WINDOWS\system32\ZPORT4AS.dll 2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll 2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll 2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll 2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll 2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll 2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll 2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll 2006-08-12 14:35 256 C:\W32OMSB.SYS 2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll 2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL 2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll 2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll 2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll 2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll 2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll 2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll 2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe 2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll 2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll 2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll 2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys 2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe 2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll 2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe 2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll 2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe 2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll 2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll 2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys 2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll 2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll 2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll 2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll 2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll 2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll 2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll 2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE 2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe 2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe 2006-07-26 09:06 441 C:\bootbak.bat 2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys 2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE 2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll 2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll 2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe 2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe 2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll 2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll 2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll 2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll 2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll 2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll 2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll 2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll 2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll 2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll 2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll 2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll 2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll 2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll 2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe 2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll 2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll 2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll 2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll 2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll 2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll 2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll 2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll 2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll 2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll 2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll 2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll 2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe 2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll 2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll 2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll 2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll 2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll 2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll 2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll 2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll 2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll 2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll 2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe 2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll 2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll 2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll 2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll 2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll 2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll 2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll 2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll 2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll 2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll 2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll 2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll 2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll 2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll 2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe 2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe 2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll 2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll 2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll 2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll 2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll 2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe 2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe 2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll 2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll 2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe 2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll 2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg 2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg 2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll 2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll 2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll 2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll 2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll 2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll 2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll 2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll 2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll 2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll 2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll 2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll 2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll 2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll 2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll 2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll 2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll 2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll 2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll 2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll 2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll 2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll 2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll 2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe 2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll 2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll 2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll 2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll 2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll 2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll 2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll 2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll 2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll 2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll 2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL 2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll 2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll 2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll 2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll 2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll 2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE 2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll 2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll 2006-07-22 10:06 352,321,536 C:\pagefile.sys 2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL 2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL 2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll 2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe 2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe 2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe 2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe 2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe 2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll 2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll 2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll 2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe 2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys 2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe 2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll 2006-07-21 22:25 0 C:\MSDOS.SYS 2006-07-21 22:25 0 C:\IO.SYS 2006-07-21 22:25 0 C:\CONFIG.SYS 2006-07-21 22:25 0 C:\AUTOEXEC.BAT 2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe 2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll 2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll 2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll 2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll 2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll 2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll 2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll 2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll 2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll 2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll 2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll 2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll 2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll 2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll 2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe 2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll 2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll 2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll 2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll 2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll 2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll 2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll 2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll 2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll 2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll 2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll 2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll 2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll 2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe 2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe 2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll 2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe 2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll 2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe 2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe 2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe 2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll 2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll 2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll 2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe 2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe 2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll 2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe 2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe 2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe 2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe 2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe 2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe 2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe 2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll 2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe 2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll 2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe 2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe 2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe 2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe 2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe 2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe 2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe 2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe 2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe 2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd 2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe 2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll 2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll 2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll 2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll 2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll 2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll 2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll 2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll 2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll 2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe 2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll 2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll 2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll 2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll 2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll 2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll 2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll 2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe 2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll 2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe 2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll 2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll 2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe 2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe 2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll 2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe 2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll 2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe 2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll 2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll 2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll 2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll 2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll 2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll 2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll 2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll 2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll 2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll 2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll 2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll 2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe 2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe 2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe 2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe 2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll 2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll 2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HTpatch"="C:\\WINDOWS\\htpatch.exe" "SoundMan"="SOUNDMAN.EXE" "SiS Tray"="" "SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe" "LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "AGRSMMSG"="AGRSMMSG.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized" "TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1" "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk] "path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk" "backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\"" "item"="DataKeeper" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "cmdService"=dword:00000002 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder Completion time: 06-08-22 21:02:11.43 ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt ComboFix.2006-08-19.091922.txt ComboFix.2006-08-20.084212.txt ComboFix.2006-08-22.210200.txt ----------------------------------------------------------------------- ----------------------------------------------------------------------- ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 06-08-24 20:33 Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 24/08/2006 Kaspersky Anti-Virus database records: 217894 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Scan Statistics: Total number of scanned objects: 86818 Number of viruses found: 3 Number of infected objects: 7 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:47:20 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\commonFunc[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\CommonFunc[2].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Common[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Common[2].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\defaultsettings[1].xml Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\firstpage[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\loc_strings[2].xml Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\logo[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\NavBar[1].xml Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\NavBar[2].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\note[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Search[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[2].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[3].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[4].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[5].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[6].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shared[7].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\shortcutHot[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\sysinfomain[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\tshoot[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\Uabrand[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\watermark_300x[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85OFIPOX\wrapperparam[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\alttext[1].xml Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\coUAprint[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\HHWRAPPER[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\icon_articles_12x[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\MiniNavBar[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\minusCold[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\msinfohss[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\plusCold[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\searchblurb[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\shared[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\shared[2].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\sysInfoLaunch[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\tsUSB[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\tsUSB_sniff[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OLU54N2V\wrapperparam[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\arrow_blue_normal_shadow[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\arrow_green_normal[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Behaviors[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\blank[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\buttonForm[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Common[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\Common[2].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\coUA[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\endnode[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\MiniNavBar[1].xml Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\progbar[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\reusable[1].xml Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[2].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[3].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[4].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shared[5].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\shortcutCold[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\SubSite[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\tsctl[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\tshoot_shared[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SRKTC7C9\warning[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_mousedown[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_mouseover[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\arrow_green_normal_shadow[1].bmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Channels[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\collapsed[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Common[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Context[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\coUA[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\helpdoc[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\Layout[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\plusHot[1].gif Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[1].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[1].js Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[2].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\shared[3].css Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Y7KTOPUH\tsUSB_result[1].htm Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Black Dragon\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\Black Dragon\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped C:\Documents and Settings\Black Dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Black Dragon\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Black Dragon\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Black Dragon\Local Settings\History\History.IE5\MSHist012006082420060825\index.dat Object is locked skipped C:\Documents and Settings\Black Dragon\Local Settings\Temp\~DF641C.tmp Object is locked skipped C:\Documents and Settings\Black Dragon\Local Settings\Temp\~DFE5D7.tmp Object is locked skipped C:\Documents and Settings\Black Dragon\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Black Dragon\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Black Dragon\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\WINDOWS\Debug\oakley.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\THE-LAIR.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\ModemLog_Actiontec MDC AC'97 Modem v2122A.txt Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\Temp\ZLT04438.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe/SpyRename.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 skipped E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped E:\Stevz Comp\Warez P2P Client\My Shared Folder\Spytech spy agent 4 0 (pc & key logger).exe ViseMan: infected - 2 skipped Scan process completed. |
|
|
|
|
08-24-2006, 07:40 AM
|
#64 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista
|
Hiya,
Quote:
vcshost.exe is still there. Let's scan with this tool: Download and Install UnHackMe Unzip to a folder Double click "unhackme300b2.exe" to install Bring up UnHackMe Click the "Check Me Now" button When finished, if a Rootkit is found it will show you the results. Click the "Stop" button and reboot. ----------------------------------- Please let me know if it found anything. ----------------------------------- Please go Start->Control Panel. In the control Panel, be sure you are on Classic View and then choose System. *In the System window, go to Advanced tab. There, under the headline of Startup and Recovery, please click the Settings button. *Under the headline of System failure, please UNcheck the box that says Automatically restart. Now, instead of just rebooting, your pc will show a blue screen including information that may help. Please, when it happens, either take a picture of it and upload it here or write down the message that it gives on your next reply. I'll need a new combofix log as well. |
|
|
|
|
|
08-24-2006, 03:53 PM
|
#65 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 57
OS: XP Home edition
|
Hi RIED RE: UnHackMe, combofix
Hi Ried.
UnHackMe found nothing. I UNchecked the box that says Automatically restart. Now all I have to do is wait. Will the printSreen button work? here is the comboFix log you asked for. Cheers. DownLoad Junkie. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Start Time= 06-08-25 9:28:54.89 Running from: C:\Reids QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-25 09:16:32 ( .D... ) "C:\Program Files\UnHackMe" 2006-08-25 05:58:24 ( .D... ) "C:\Program Files\TurboConnectDemo" 2006-08-24 16:11:14 ( .D... ) "C:\Program Files\Activision" 2006-08-23 17:23:56 ( .D... ) "C:\Program Files\Garfield Goes to Pieces" 2006-08-23 10:09:46 ( .D... ) "C:\Program Files\Error Expert" 2006-08-23 09:22:28 ( .D... ) "C:\Program Files\Tiny Worlds" 2006-08-22 19:56:42 ( .D... ) "C:\Program Files\SpywareGuard" 2006-08-22 19:45:06 ( .D... ) "C:\Program Files\SpywareBlaster" 2006-08-22 16:39:12 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Free Download Manager" 2006-08-22 16:38:20 ( .D... ) "C:\Program Files\Free Download Manager" 2006-08-22 14:12:00 ( .D... ) "C:\Program Files\Teddy Factory" 2006-08-22 13:51:24 ( .D... ) "C:\Program Files\Rocket Mania Deluxe" 2006-08-22 13:45:14 ( .D... ) "C:\Program Files\Flying Leo" 2006-08-22 13:28:18 ( .D... ) "C:\Program Files\Balloon Blast" 2006-08-21 17:42:30 ( .D... ) "C:\Program Files\Tropix" 2006-08-20 12:59:18 ( .D... ) "C:\Program Files\Easter Bonus" 2006-08-20 09:54:46 ( .D... ) "C:\Program Files\AstroAvenger" 2006-08-20 09:48:58 ( .D... ) "C:\Program Files\Colony" 2006-08-20 07:50:06 ( .D... ) "C:\Program Files\Windows Media Bonus Pack for Windows XP" 2006-08-19 19:22:28 331582 ( A.... ) "C:\Documents and Settings\Black Dragon\Application Data\CleanUp!.log" 2006-08-19 16:20:28 33533 ( A.... ) "C:\WINDOWS\system32\CoreVorbis-uninstall.exe" 2006-08-19 13:38:00 ( .D... ) "C:\Program Files\Internet TV Player" 2006-08-19 10:13:24 2053120 ( A.... ) "C:\WINDOWS\system32\kernel1.exe" 2006-08-18 19:53:22 ( .D... ) "C:\Program Files\Trivia Machine" 2006-08-18 19:20:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Alawar" 2006-08-18 19:07:36 ( .D... ) "C:\Program Files\Fireworks Extravaganza" 2006-08-18 14:50:54 ( .D... ) "C:\Program Files\3D Studio" 2006-08-18 09:58:20 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Chasing Dogs Studios" 2006-08-18 09:54:36 ( .D... ) "C:\Program Files\Crimsonland" 2006-08-18 09:44:30 ( .D... ) "C:\Program Files\Garden Dreams" 2006-08-17 18:27:46 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\7Wonders" 2006-08-17 18:27:34 ( .D... ) "C:\Program Files\7 Wonders" 2006-08-17 18:15:04 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\PlayFirst" 2006-08-17 18:00:28 ( .D... ) "C:\Program Files\5 Spots II" 2006-08-17 17:49:46 ( .D... ) "C:\Program Files\Fluff 'Em Up" 2006-08-17 17:44:10 ( .D... ) "C:\Program Files\Platypus" 2006-08-17 14:51:10 ( .D... ) "C:\Program Files\Bud Redhead" 2006-08-17 12:04:04 ( .D... ) "C:\Program Files\QBeez 2" 2006-08-17 11:59:26 ( .D... ) "C:\Program Files\Puppy Luv" 2006-08-17 11:53:08 ( .D... ) "C:\Program Files\QBicles" 2006-08-16 18:49:14 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Magic Match" 2006-08-16 18:48:24 ( .D... ) "C:\Program Files\Magic Match" 2006-08-16 18:19:14 ( .D... ) "C:\Program Files\Cubozoid" 2006-08-16 17:58:02 ( .D... ) "C:\Program Files\Chainz 2" 2006-08-15 17:53:08 ( .D... ) "C:\Program Files\Beetle Bomp" 2006-08-15 12:02:22 ( .D... ) "C:\Program Files\Wonderland" 2006-08-13 15:28:30 ( .D... ) "C:\Program Files\BulletProofSoft.com" 2006-08-13 15:26:10 0 ( A.... ) "C:\WINDOWS\system32\Ultra.dll" 2006-08-13 15:23:48 ( .D... ) "C:\Program Files\PCBugDoctor" 2006-08-13 11:24:12 ( .D... ) "C:\Program Files\Wonderland Secret Worlds" 2006-08-12 20:08:38 ( .D... ) "C:\Program Files\Luxor Amun Rising" 2006-08-12 20:08:28 ( .D... ) "C:\Program Files\ReflexiveArcade" 2006-08-12 14:35:38 ( .D... ) "C:\Program Files\ScreenBooty" 2006-08-12 14:35:12 20992 ( A.... ) "C:\WINDOWS\jestertb.dll" 2006-08-10 20:28:24 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Warez" 2006-08-10 20:28:14 ( .D... ) "C:\Program Files\Warez" 2006-08-09 00:40:40 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.17" 2006-08-08 13:26:08 ( .D... ) "C:\Program Files\Setup Files" 2006-08-07 21:04:18 ( .D... ) "C:\Program Files\SiS Compatible VGA V2.16" 2006-08-07 20:50:36 ( .D... ) "C:\Program Files\MSI" 2006-08-07 20:26:14 ( .D... ) "C:\Program Files\PC_usb4_20" 2006-08-07 20:10:34 ( .D... ) "C:\Program Files\CURITEL" 2006-08-07 17:43:06 19968 ( ..... ) "C:\Documents and Settings\Black Dragon\Application Data\GDIPFONTCACHEV1.DAT" 2006-08-07 14:04:38 ( .D... ) "C:\Program Files\GameHouse" 2006-08-06 09:22:06 ( .D... ) "C:\Program Files\MsnMusic" 2006-08-05 20:01:46 528446 ( A.... ) "C:\WINDOWS\gmer.dll" 2006-08-04 10:11:58 ( .D... ) "C:\Program Files\CleanUp!" 2006-08-03 13:12:28 ( .D... ) "C:\Program Files\logonuiboot randomizer" 2006-08-03 09:32:10 ( .D... ) "C:\Program Files\Panda Beta" 2006-08-02 23:39:54 ( .D... ) "C:\Program Files\FinalRecovery" 2006-08-02 20:02:44 ( .D... ) "C:\Program Files\AWS" 2006-08-01 21:37:54 ( .D... ) "C:\Program Files\AVD FileList 3.1 TRIAL" 2006-08-01 00:05:24 ( .D... ) "C:\Program Files\mIRC" 2006-07-31 14:30:56 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-31 09:08:28 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Help" 2006-07-29 13:49:50 ( .D... ) "C:\Program Files\DVD Shrink" 2006-07-29 11 50 ( .D... ) "C:\Program Files\Zone Labs"2006-07-28 12:00:46 ( .D... ) "C:\Program Files\Microsoft ActiveSync" 2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Microsoft Visual Studio" 2006-07-28 12:00:24 ( .D... ) "C:\Program Files\Common Files\Designer" 2006-07-28 11:59:20 ( .D... ) "C:\Program Files\Common Files\L&H" 2006-07-28 11:59:04 ( .D... ) "C:\Program Files\Microsoft Office" 2006-07-27 19:00:00 ( .D... ) "C:\Program Files\Kazaa Lite Revolution" 2006-07-26 23:42:44 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Media Player Classic" 2006-07-26 17:52:00 2560 ( A.... ) "C:\WINDOWS\_MSRSTRT.EXE" 2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys" 2006-07-26 09:55:40 1063 ( A.... ) "C:\WINDOWS\system32\vksec0ce.sys" 2006-07-26 09:27:30 515072 ( A.... ) "C:\WINDOWS\logonui.exe" 2006-07-26 09:26:22 ( .D... ) "C:\Program Files\ChameleonXP" 2006-07-26 09 34 441 ( A.... ) "C:\bootbak.bat"2006-07-24 19:50:50 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Mozilla" 2006-07-24 18:04:16 ( .D... ) "C:\Program Files\Lavasoft" 2006-07-24 16:51:26 ( .D... ) "C:\Program Files\Go!Zilla" 2006-07-24 16:02:52 ( .D... ) "C:\Program Files\MSN Messenger" 2006-07-23 20:25:34 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\NASA" 2006-07-23 20:22:02 ( .D... ) "C:\Program Files\NASA" 2006-07-23 11:15:24 ( .D... ) "C:\Program Files\VisualRoute" 2006-07-23 11:10:24 ( .D... ) "C:\Program Files\FSCommandipwatcher" 2006-07-23 05:47:32 ( .D... ) "C:\Program Files\K-Lite Codec Pack" 2006-07-22 16:34:16 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Macromedia" 2006-07-22 14:54:22 ( .D... ) "C:\Program Files\TGTSoft" 2006-07-22 14:49:56 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\AVG7" 2006-07-22 14:49:50 499712 ( A.... ) "C:\WINDOWS\system32\msvcp71.dll" 2006-07-22 14:49:50 348160 ( A.... ) "C:\WINDOWS\system32\msvcr71.dll" 2006-07-22 14:49:38 ( .D... ) "C:\Program Files\Grisoft" 2006-07-22 10:14:18 ( .D... ) "C:\Program Files\Common Files\ODBC" 2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\SpeechEngines" 2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files\Microsoft Shared" 2006-07-22 10:14:16 ( .D... ) "C:\Program Files\Common Files" 2006-07-22 10:13:48 62 ( A.SH. ) "C:\Documents and Settings\Black Dragon\Application Data\desktop.ini" 2006-07-21 22:40:40 ( .D... ) "C:\Program Files\Realtek Sound Manager" 2006-07-21 22:40:38 ( .D... ) "C:\Program Files\AvRack" 2006-07-21 22:39:04 ( .D... ) "C:\Program Files\SiSVGA" 2006-07-21 22:37:12 ( .D.H. ) "C:\Program Files\InstallShield Installation Information" 2006-07-21 22:36:44 ( .D... ) "C:\Program Files\PowerQuest" 2006-07-21 22:36:14 ( .D... ) "C:\Program Files\Common Files\InstallShield" 2006-07-21 22:32:00 ( .D... ) "C:\Documents and Settings\Black Dragon\Application Data\Identities" 2006-07-21 22:31:54 ( .D.H. ) "C:\Program Files\Uninstall Information" 2006-07-21 22:31:48 ( .DS.. ) "C:\Documents and Settings\Black Dragon\Application Data\Microsoft" 2006-07-21 22:25:34 ( .D... ) "C:\Program Files\xerox" 2006-07-21 22:25:34 ( .D... ) "C:\Program Files\microsoft frontpage" 2006-07-21 22:25:26 0 ( A.... ) "C:\AUTOEXEC.BAT" 2006-07-21 22:23:36 ( .D... ) "C:\Program Files\Common Files\Services" 2006-07-21 22:23:28 ( .D... ) "C:\Program Files\Common Files\MSSoap" 2006-07-21 22:23:20 ( .D... ) "C:\Program Files\Movie Maker" 2006-07-21 22:23:14 ( .D... ) "C:\Program Files\NetMeeting" 2006-07-21 22:23:12 ( .D... ) "C:\Program Files\Outlook Express" 2006-07-21 22:23:02 ( .D... ) "C:\Program Files\Common Files\System" 2006-07-21 22:23:00 ( .D... ) "C:\Program Files\Internet Explorer" 2006-07-21 22:22:52 ( .D... ) "C:\Program Files\ComPlus Applications" 2006-07-21 22:22:32 ( .D.H. ) "C:\Program Files\WindowsUpdate" 2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Windows Media Player" 2006-07-21 22:22:32 ( .D... ) "C:\Program Files\Online Services" 2006-07-21 22:22:30 ( .D... ) "C:\Program Files\Messenger" 2006-07-21 22:22:24 ( .D... ) "C:\Program Files\MSN Gaming Zone" 2006-07-21 22:21:44 ( .D... ) "C:\Program Files\Windows NT" 2006-07-21 22:21:44 ( .D... ) "C:\Program Files\MSN" 2006-07-21 20:30:50 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll" 2006-07-17 17:19:26 579090 ( A.... ) "C:\WINDOWS\system32\x264vfw.dll" 2006-07-15 03:53:28 307200 ( A.... ) "C:\WINDOWS\system32\netapi32.dll" 2006-07-14 01:46:56 8353280 ( A.... ) "C:\WINDOWS\system32\shell32.dll" 2006-07-13 20:50:38 595968 ( ..... ) "C:\WINDOWS\system32\xpsp2res.dll" 2006-07-05 22:46:36 928768 ( A.... ) "C:\WINDOWS\system32\kernel32.dll" 2006-07-05 20:02:34 5120 ( A.... ) "C:\WINDOWS\system32\ff_vfw.dll" 2006-06-27 05:47:50 140288 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll" 2006-06-27 05:47:50 6144 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll" 2006-06-27 03:32:34 620180 ( A.... ) "C:\WINDOWS\system32\divx.dll" 2006-06-16 14:34:44 48936 ( A.... ) "C:\WINDOWS\system32\sirenacm.dll" 2006-06-06 20:49:18 745531 ( A.... ) "C:\WINDOWS\gmer.exe" 2006-05-25 00:47:12 3596288 ( A.... ) "C:\WINDOWS\system32\qt-dx331.dll" 2006-05-25 00:46:44 200704 ( A.... ) "C:\WINDOWS\system32\dtu100.dll" 2006-05-25 00:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll" 2006-05-25 00:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-08-20 07:50 131,072 C:\WINDOWS\system32\dzip32.dll 2006-08-20 07:50 110,592 C:\WINDOWS\system32\dunzip32.dll 2006-08-19 16:20 33,533 C:\WINDOWS\system32\CoreVorbis-uninstall.exe 2006-08-18 11:07 73,728 C:\WINDOWS\system32\asuninst.exe 2006-08-18 11:07 11,776 C:\WINDOWS\system32\ZPORT4AS.dll 2006-08-14 13:42 82,432 C:\WINDOWS\system32\fldrclnr.dll 2006-08-14 13:42 8,353,280 C:\WINDOWS\system32\shell32.dll 2006-08-14 13:42 700,928 C:\WINDOWS\system32\sxs.dll 2006-08-14 13:42 595,968 C:\WINDOWS\system32\xpsp2res.dll 2006-08-13 15:26 0 C:\WINDOWS\system32\Ultra.dll 2006-08-13 05:39 6,144 C:\WINDOWS\system32\rasadhlp.dll 2006-08-13 05:39 140,288 C:\WINDOWS\system32\dnsapi.dll 2006-08-12 14:35 256 C:\W32OMSB.SYS 2006-08-12 14:35 20,992 C:\WINDOWS\jestertb.dll 2006-08-10 17:30 89,360 C:\WINDOWS\system32\VB5DB.DLL 2006-08-09 20:02 307,200 C:\WINDOWS\system32\netapi32.dll 2006-08-09 00:40 98,304 C:\WINDOWS\system32\SiSApCom.dll 2006-08-09 00:40 221,184 C:\WINDOWS\system32\SiSParse.dll 2006-08-09 00:40 172,032 C:\WINDOWS\system32\SiSInst.dll 2006-08-09 00:40 1,854,918 C:\WINDOWS\system32\sisgl.dll 2006-08-09 00:40 1,067,008 C:\WINDOWS\system32\sisgrv.dll 2006-08-08 18:17 53,248 C:\WINDOWS\soundman.exe 2006-08-08 16:13 720,896 C:\WINDOWS\system32\Audio3D.dll 2006-08-08 16:13 720,896 C:\WINDOWS\system32\a3d.dll 2006-08-08 13:35 5,120 C:\WINDOWS\system32\hccoin.dll 2006-08-08 13:17 18,359 C:\WINDOWS\system32\Ntaccess.sys 2006-08-06 18:15 22,752 C:\WINDOWS\system32\spupdsvc.exe 2006-08-06 09:22 245,408 C:\WINDOWS\system32\unicows.dll 2006-08-05 20:01 745,531 C:\WINDOWS\gmer.exe 2006-08-05 20:01 528,446 C:\WINDOWS\gmer.dll 2006-08-04 18:03 21,312 C:\WINDOWS\choice.exe 2006-08-02 12:15 127,208 C:\WINDOWS\system32\mucltui.dll 2006-07-29 11:07 66,656 C:\WINDOWS\system32\vsdata.dll 2006-07-29 11:07 177,280 C:\WINDOWS\system32\vsdatant.sys 2006-07-29 11:07 119,904 C:\WINDOWS\system32\vspubapi.dll 2006-07-29 11:07 107,616 C:\WINDOWS\system32\vsmonapi.dll 2006-07-29 11:06 201,824 C:\WINDOWS\system32\vsutil.dll 2006-07-28 12:50 68,608 C:\WINDOWS\system32\olecli32.dll 2006-07-28 12:50 535,552 C:\WINDOWS\system32\rpcrt4.dll 2006-07-28 12:50 275,456 C:\WINDOWS\system32\rpcss.dll 2006-07-28 12:50 1,190,400 C:\WINDOWS\system32\ole32.dll 2006-07-26 17:51 2,560 C:\WINDOWS\_MSRSTRT.EXE 2006-07-26 09:27 515,072 C:\WINDOWS\logonui.exe 2006-07-26 09:26 86,016 C:\WINDOWS\unvise32.exe 2006-07-26 09:06 441 C:\bootbak.bat 2006-07-26 06:10 1,063 C:\WINDOWS\system32\vksec0ce.sys 2006-07-26 05:57 2,042,240 C:\WINDOWS\system32\LOGOOS.EXE 2006-07-23 20:22 2,319,568 C:\WINDOWS\system32\d3dx9_27.dll 2006-07-23 20:15 98,816 C:\WINDOWS\system32\dmstyle.dll 2006-07-23 20:15 974,848 C:\WINDOWS\system32\dxdiag.exe 2006-07-23 20:15 80,896 C:\WINDOWS\system32\dpvsetup.exe 2006-07-23 20:15 8,192 C:\WINDOWS\system32\d3d8thk.dll 2006-07-23 20:15 797,184 C:\WINDOWS\system32\d3dim700.dll 2006-07-23 20:15 79,360 C:\WINDOWS\system32\dpwsockx.dll 2006-07-23 20:15 77,824 C:\WINDOWS\system32\dpmodemx.dll 2006-07-23 20:15 76,800 C:\WINDOWS\system32\dmscript.dll 2006-07-23 20:15 733,184 C:\WINDOWS\system32\qedwipes.dll 2006-07-23 20:15 723,968 C:\WINDOWS\system32\dpnet.dll 2006-07-23 20:15 68,096 C:\WINDOWS\system32\dpnhupnp.dll 2006-07-23 20:15 64,512 C:\WINDOWS\system32\amstream.dll 2006-07-23 20:15 602,624 C:\WINDOWS\system32\dx7vb.dll 2006-07-23 20:15 58,368 C:\WINDOWS\system32\dmcompos.dll 2006-07-23 20:15 491,520 C:\WINDOWS\system32\dsdmoprp.dll 2006-07-23 20:15 470,528 C:\WINDOWS\system32\qdvd.dll 2006-07-23 20:15 47,104 C:\WINDOWS\system32\wstdecod.dll 2006-07-23 20:15 46,592 C:\WINDOWS\system32\dxdllreg.exe 2006-07-23 20:15 4,096 C:\WINDOWS\system32\ksuser.dll 2006-07-23 20:15 381,952 C:\WINDOWS\system32\dsound.dll 2006-07-23 20:15 381,952 C:\WINDOWS\system32\dpvoice.dll 2006-07-23 20:15 354,816 C:\WINDOWS\system32\psisdecd.dll 2006-07-23 20:15 34,304 C:\WINDOWS\system32\mciqtz32.dll 2006-07-23 20:15 33,280 C:\WINDOWS\system32\dmloader.dll 2006-07-23 20:15 324,096 C:\WINDOWS\system32\mswebdvd.dll 2006-07-23 20:15 32,768 C:\WINDOWS\system32\dpnhpast.dll 2006-07-23 20:15 316,928 C:\WINDOWS\system32\qdv.dll 2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnlobby.dll 2006-07-23 20:15 3,072 C:\WINDOWS\system32\dpnaddr.dll 2006-07-23 20:15 292,864 C:\WINDOWS\system32\ddraw.dll 2006-07-23 20:15 28,160 C:\WINDOWS\system32\dplaysvr.exe 2006-07-23 20:15 27,136 C:\WINDOWS\system32\dmband.dll 2006-07-23 20:15 257,024 C:\WINDOWS\system32\qcap.dll 2006-07-23 20:15 24,064 C:\WINDOWS\system32\ddrawex.dll 2006-07-23 20:15 230,400 C:\WINDOWS\system32\dplayx.dll 2006-07-23 20:15 19,968 C:\WINDOWS\system32\dpvacm.dll 2006-07-23 20:15 186,880 C:\WINDOWS\system32\dsdmo.dll 2006-07-23 20:15 181,248 C:\WINDOWS\system32\dmime.dll 2006-07-23 20:15 18,944 C:\WINDOWS\system32\encapi.dll 2006-07-23 20:15 18,432 C:\WINDOWS\system32\dswave.dll 2006-07-23 20:15 16,896 C:\WINDOWS\system32\msyuv.dll 2006-07-23 20:15 16,896 C:\WINDOWS\system32\dpnsvr.exe 2006-07-23 20:15 132,608 C:\WINDOWS\system32\devenum.dll 2006-07-23 20:15 13,312 C:\WINDOWS\system32\msdmo.dll 2006-07-23 20:15 122,880 C:\WINDOWS\system32\dmusic.dll 2006-07-23 20:15 112,128 C:\WINDOWS\system32\dpvvox.dll 2006-07-23 20:15 100,864 C:\WINDOWS\system32\dmsynth.dll 2006-07-23 20:15 1,798,144 C:\WINDOWS\system32\qedit.dll 2006-07-23 20:15 1,769,472 C:\WINDOWS\system32\dxdiagn.dll 2006-07-23 20:15 1,703,936 C:\WINDOWS\system32\d3d9.dll 2006-07-23 20:15 1,294,336 C:\WINDOWS\system32\dsound3d.dll 2006-07-23 20:15 1,230,336 C:\WINDOWS\system32\msvidctl.dll 2006-07-23 20:15 1,201,152 C:\WINDOWS\system32\d3d8.dll 2006-07-23 20:15 1,189,888 C:\WINDOWS\system32\dx8vb.dll 2006-07-23 15:07 947,472 C:\WINDOWS\system32\msjava.dll 2006-07-23 15:07 63,248 C:\WINDOWS\system32\javaprxy.dll 2006-07-23 15:07 49,424 C:\WINDOWS\system32\clspack.exe 2006-07-23 15:07 46,352 C:\WINDOWS\setdebug.exe 2006-07-23 15:07 404,752 C:\WINDOWS\system32\javart.dll 2006-07-23 15:07 313,856 C:\WINDOWS\system32\dx3j.dll 2006-07-23 15:07 286,992 C:\WINDOWS\system32\vmhelper.dll 2006-07-23 15:07 21,264 C:\WINDOWS\system32\msjdbc10.dll 2006-07-23 15:07 187,152 C:\WINDOWS\system32\javacypt.dll 2006-07-23 15:07 172,304 C:\WINDOWS\system32\jview.exe 2006-07-23 15:07 171,792 C:\WINDOWS\system32\wjview.exe 2006-07-23 15:07 171,280 C:\WINDOWS\system32\jit.dll 2006-07-23 15:07 154,384 C:\WINDOWS\system32\msawt.dll 2006-07-23 15:07 15,120 C:\WINDOWS\system32\jdbgmgr.exe 2006-07-23 15:07 139,536 C:\WINDOWS\system32\javaee.dll 2006-07-23 15:07 113 C:\WINDOWS\system32\zonedon.reg 2006-07-23 15:07 113 C:\WINDOWS\system32\zonedoff.reg 2006-07-23 05:47 90,112 C:\WINDOWS\system32\dpl100.dll 2006-07-23 05:47 856,064 C:\WINDOWS\system32\xvidcore.dll 2006-07-23 05:47 620,180 C:\WINDOWS\system32\divx.dll 2006-07-23 05:47 579,090 C:\WINDOWS\system32\x264vfw.dll 2006-07-23 05:47 5,120 C:\WINDOWS\system32\ff_vfw.dll 2006-07-23 05:47 3,596,288 C:\WINDOWS\system32\qt-dx331.dll 2006-07-23 05:47 217,088 C:\WINDOWS\system32\xvidvfw.dll 2006-07-23 05:47 200,704 C:\WINDOWS\system32\ssldivx.dll 2006-07-23 05:47 200,704 C:\WINDOWS\system32\dtu100.dll 2006-07-23 05:47 157,696 C:\WINDOWS\system32\unrar.dll 2006-07-23 05:47 1,415,680 C:\WINDOWS\system32\WMV9VCM.dll 2006-07-23 05:47 1,044,480 C:\WINDOWS\system32\libdivx.dll 2006-07-23 00:30 7,680 C:\WINDOWS\system32\bitsprx2.dll 2006-07-23 00:30 7,168 C:\WINDOWS\system32\bitsprx3.dll 2006-07-23 00:30 331,776 C:\WINDOWS\system32\winhttp.dll 2006-07-23 00:30 17,408 C:\WINDOWS\system32\qmgrprxy.dll 2006-07-23 00:30 158,720 C:\WINDOWS\system32\xpob2res.dll 2006-07-22 14:49 499,712 C:\WINDOWS\system32\msvcp71.dll 2006-07-22 14:49 348,160 C:\WINDOWS\system32\msvcr71.dll 2006-07-22 11:38 465,176 C:\WINDOWS\system32\wuapi.dll 2006-07-22 11:38 41,240 C:\WINDOWS\system32\wups.dll 2006-07-22 11:38 194,328 C:\WINDOWS\system32\wuaueng1.dll 2006-07-22 11:38 173,536 C:\WINDOWS\system32\wuweb.dll 2006-07-22 11:38 172,312 C:\WINDOWS\system32\wuauclt1.exe 2006-07-22 11:38 127,256 C:\WINDOWS\system32\wucltui.dll 2006-07-22 10:16 20,480 C:\WINDOWS\system32\hidserv.dll 2006-07-22 10:14 8,192 C:\WINDOWS\system32\kbdhept.dll 2006-07-22 10:14 67,072 C:\WINDOWS\system32\usbui.dll 2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl1.dll 2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdsl.dll 2006-07-22 10:14 6,656 C:\WINDOWS\system32\kbdhela3.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuq.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdtuf.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv1.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdlv.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdhela2.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdgkl.dll 2006-07-22 10:14 6,144 C:\WINDOWS\system32\kbdest.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdycc.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbduzb.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdur.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdtat.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru1.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdru.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdro.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdmon.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt1.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdlt.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkyr.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdkaz.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe319.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe220.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdhe.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdbu.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdblr.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdazel.dll 2006-07-22 10:14 5,632 C:\WINDOWS\system32\kbdaze.dll 2006-07-22 10:13 85,020 C:\WINDOWS\system32\dgsetup.dll 2006-07-22 10:13 71,168 C:\WINDOWS\system32\storprop.dll 2006-07-22 10:13 7,168 C:\WINDOWS\system32\kbdcz.dll 2006-07-22 10:13 66,048 C:\WINDOWS\NOTEPAD.EXE 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdycl.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdpl.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdhu.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz2.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcz1.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\kbdcr.dll 2006-07-22 10:13 6,656 C:\WINDOWS\system32\KBDAL.DLL 2006-07-22 10:13 6,656 C:\WINDOWS\system32\batt.dll 2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdpl1.dll 2006-07-22 10:13 5,632 C:\WINDOWS\system32\kbdhu1.dll 2006-07-22 10:13 24,661 C:\WINDOWS\system32\spxcoins.dll 2006-07-22 10:13 176,157 C:\WINDOWS\system32\dgrpsetu.dll 2006-07-22 10:13 15,360 C:\WINDOWS\TASKMAN.EXE 2006-07-22 10:13 13,312 C:\WINDOWS\system32\irclass.dll 2006-07-22 10:13 103,424 C:\WINDOWS\system32\EqnClass.Dll 2006-07-22 10:06 352,321,536 C:\pagefile.sys 2006-07-22 10:01 7,680 C:\WINDOWS\system32\CNMVS6s.DLL 2006-07-22 10:01 116,736 C:\WINDOWS\system32\CNMLM6s.DLL 2006-07-22 09:54 198,424 C:\WINDOWS\system32\iuengine.dll 2006-07-21 22:42 58,880 C:\WINDOWS\system32\agrsmdel.exe 2006-07-21 22:40 208,896 C:\WINDOWS\alcupd.exe 2006-07-21 22:40 135,168 C:\WINDOWS\alcrmv.exe 2006-07-21 22:38 303,104 C:\WINDOWS\system32\sistray.exe 2006-07-21 22:37 73,728 C:\WINDOWS\system32\waitwnd.exe 2006-07-21 22:37 5,632 C:\WINDOWS\system32\InstFunc.dll 2006-07-21 22:37 180,224 C:\WINDOWS\system32\setuplib.dll 2006-07-21 22:34 45,056 C:\WINDOWS\winio.dll 2006-07-21 22:34 327,168 C:\WINDOWS\IsUninst.exe 2006-07-21 22:34 3,072 C:\WINDOWS\winio.sys 2006-07-21 22:34 28,672 C:\WINDOWS\htpatch.exe 2006-07-21 22:25 112,128 C:\WINDOWS\system32\mapi32.dll 2006-07-21 22:25 0 C:\MSDOS.SYS 2006-07-21 22:25 0 C:\IO.SYS 2006-07-21 22:25 0 C:\CONFIG.SYS 2006-07-21 22:25 0 C:\AUTOEXEC.BAT 2006-07-21 22:23 9,728 C:\WINDOWS\system32\mstinit.exe 2006-07-21 22:23 81,408 C:\WINDOWS\system32\msoert2.dll 2006-07-21 22:23 77,824 C:\WINDOWS\system32\isign32.dll 2006-07-21 22:23 73,728 C:\WINDOWS\system32\ils.dll 2006-07-21 22:23 69,632 C:\WINDOWS\system32\icwdial.dll 2006-07-21 22:23 65,536 C:\WINDOWS\system32\msconf.dll 2006-07-21 22:23 64,512 C:\WINDOWS\system32\acctres.dll 2006-07-21 22:23 63,488 C:\WINDOWS\system32\srclient.dll 2006-07-21 22:23 61,440 C:\WINDOWS\system32\icwphbk.dll 2006-07-21 22:23 587,776 C:\WINDOWS\system32\inetcomm.dll 2006-07-21 22:23 47,616 C:\WINDOWS\system32\inetres.dll 2006-07-21 22:23 40,960 C:\WINDOWS\system32\safrslv.dll 2006-07-21 22:23 39,424 C:\WINDOWS\system32\safrcdlg.dll 2006-07-21 22:23 361,984 C:\WINDOWS\system32\qmgr.dll 2006-07-21 22:23 33,280 C:\WINDOWS\system32\racpldlg.dll 2006-07-21 22:23 32,768 C:\WINDOWS\system32\mnmsrvc.exe 2006-07-21 22:23 32,256 C:\WINDOWS\system32\mnmdd.dll 2006-07-21 22:23 28,672 C:\WINDOWS\system32\isrdbg32.dll 2006-07-21 22:23 266,240 C:\WINDOWS\system32\inetcfg.dll 2006-07-21 22:23 26,624 C:\WINDOWS\system32\safrdm.dll 2006-07-21 22:23 250,368 C:\WINDOWS\system32\mstask.dll 2006-07-21 22:23 24,576 C:\WINDOWS\system32\nmmkcert.dll 2006-07-21 22:23 228,864 C:\WINDOWS\system32\msoeacct.dll 2006-07-21 22:23 226,304 C:\WINDOWS\system32\srrstr.dll 2006-07-21 22:23 16,384 C:\WINDOWS\system32\icfgnt5.dll 2006-07-21 22:23 159,232 C:\WINDOWS\system32\schedsvc.dll 2006-07-21 22:23 158,720 C:\WINDOWS\system32\srsvc.dll 2006-07-21 22:23 12,288 C:\WINDOWS\system32\nmevtmsg.dll 2006-07-21 22:23 11,264 C:\WINDOWS\system32\atrace.dll 2006-07-21 22:22 9,728 C:\WINDOWS\system32\reset.exe 2006-07-21 22:22 80,384 C:\WINDOWS\system32\charmap.exe 2006-07-21 22:22 73,216 C:\WINDOWS\system32\avwav.dll 2006-07-21 22:22 61,952 C:\WINDOWS\system32\rdshost.exe 2006-07-21 22:22 605,696 C:\WINDOWS\system32\getuname.dll 2006-07-21 22:22 56,832 C:\WINDOWS\system32\sol.exe 2006-07-21 22:22 55,296 C:\WINDOWS\system32\freecell.exe 2006-07-21 22:22 5,632 C:\WINDOWS\system32\write.exe 2006-07-21 22:22 489,984 C:\WINDOWS\system32\hypertrm.dll 2006-07-21 22:22 44,544 C:\WINDOWS\system32\hticons.dll 2006-07-21 22:22 4,096 C:\WINDOWS\system32\rdpcfgex.dll 2006-07-21 22:22 35,328 C:\WINDOWS\system32\winchat.exe 2006-07-21 22:22 33,792 C:\WINDOWS\system32\regini.exe 2006-07-21 22:22 227,840 C:\WINDOWS\system32\avtapi.dll 2006-07-21 22:22 22,016 C:\WINDOWS\system32\qwinsta.exe 2006-07-21 22:22 20,992 C:\WINDOWS\system32\msg.exe 2006-07-21 22:22 18,432 C:\WINDOWS\system32\qprocess.exe 2006-07-21 22:22 179,200 C:\WINDOWS\system32\accwiz.exe 2006-07-21 22:22 16,896 C:\WINDOWS\system32\tsshutdn.exe 2006-07-21 22:22 16,896 C:\WINDOWS\system32\qappsrv.exe 2006-07-21 22:22 16,384 C:\WINDOWS\system32\tskill.exe 2006-07-21 22:22 16,384 C:\WINDOWS\system32\avmeter.dll 2006-07-21 22:22 15,872 C:\WINDOWS\system32\rwinsta.exe 2006-07-21 22:22 15,872 C:\WINDOWS\system32\cdmodem.dll 2006-07-21 22:22 15,360 C:\WINDOWS\system32\logoff.exe 2006-07-21 22:22 14,848 C:\WINDOWS\system32\tsdiscon.exe 2006-07-21 22:22 14,848 C:\WINDOWS\system32\tscon.exe 2006-07-21 22:22 14,848 C:\WINDOWS\system32\shadow.exe 2006-07-21 22:22 138,752 C:\WINDOWS\system32\sndvol32.exe 2006-07-21 22:22 126,976 C:\WINDOWS\system32\mshearts.exe 2006-07-21 22:22 124,416 C:\WINDOWS\system32\sndrec32.exe 2006-07-21 22:22 119,808 C:\WINDOWS\system32\winmine.exe 2006-07-21 22:22 114,688 C:\WINDOWS\system32\calc.exe 2006-07-21 22:22 1,161 C:\WINDOWS\system32\usrlogon.cmd 2006-07-21 22:21 98,816 C:\WINDOWS\system32\clipbrd.exe 2006-07-21 22:21 9,728 C:\WINDOWS\system32\xolehlp.dll 2006-07-21 22:21 9,216 C:\WINDOWS\system32\wuauserv.dll 2006-07-21 22:21 9,216 C:\WINDOWS\system32\icaapi.dll 2006-07-21 22:21 88,064 C:\WINDOWS\system32\tscfgwmi.dll 2006-07-21 22:21 869,376 C:\WINDOWS\system32\msdtctm.dll 2006-07-21 22:21 85,504 C:\WINDOWS\system32\catsrvps.dll 2006-07-21 22:21 83,968 C:\WINDOWS\system32\mtxoci.dll 2006-07-21 22:21 82,432 C:\WINDOWS\system32\comrepl.dll 2006-07-21 22:21 75,912 C:\WINDOWS\system32\rdpwsx.dll 2006-07-21 22:21 6,144 C:\WINDOWS\system32\msdtc.exe 2006-07-21 22:21 598,016 C:\WINDOWS\system32\mstscax.dll 2006-07-21 22:21 582,656 C:\WINDOWS\system32\catsrvut.dll 2006-07-21 22:21 57,856 C:\WINDOWS\system32\licwmi.dll 2006-07-21 22:21 56,832 C:\WINDOWS\system32\colbact.dll 2006-07-21 22:21 56,320 C:\WINDOWS\system32\remotepg.dll 2006-07-21 22:21 54,784 C:\WINDOWS\system32\msdtclog.dll 2006-07-21 22:21 54,272 C:\WINDOWS\system32\stclient.dll 2006-07-21 22:21 534,016 C:\WINDOWS\system32\spider.exe 2006-07-21 22:21 53,248 C:\WINDOWS\system32\servdeps.dll 2006-07-21 22:21 5,120 C:\WINDOWS\system32\dcomcnfg.exe 2006-07-21 22:21 495,616 C:\WINDOWS\system32\comuid.dll 2006-07-21 22:21 468,480 C:\WINDOWS\system32\clbcatq.dll 2006-07-21 22:21 44,032 C:\WINDOWS\system32\rdpclip.exe 2006-07-21 22:21 40,960 C:\WINDOWS\system32\tscupgrd.exe 2006-07-21 22:21 4,096 C:\WINDOWS\system32\mtxex.dll 2006-07-21 22:21 388,608 C:\WINDOWS\system32\mstsc.exe 2006-07-21 22:21 359,936 C:\WINDOWS\system32\msdtcprx.dll 2006-07-21 22:21 339,968 C:\WINDOWS\system32\mspaint.exe 2006-07-21 22:21 32,768 C:\WINDOWS\system32\cfgbkend.dll 2006-07-21 22:21 25,600 C:\WINDOWS\system32\comaddin.dll 2006-07-21 22:21 25,088 C:\WINDOWS\system32\mtxlegih.dll 2006-07-21 22:21 215,040 C:\WINDOWS\system32\catsrv.dll 2006-07-21 22:21 200,192 C:\WINDOWS\system32\termsrv.dll 2006-07-21 22:21 20,480 C:\WINDOWS\system32\mtxdm.dll 2006-07-21 22:21 174,592 C:\WINDOWS\system32\cmprops.dll 2006-07-21 22:21 16,384 C:\WINDOWS\system32\mmfutil.dll 2006-07-21 22:21 151,040 C:\WINDOWS\system32\msdtcuiu.dll 2006-07-21 22:21 147,456 C:\WINDOWS\system32\comsnap.dll 2006-07-21 22:21 14,848 C:\WINDOWS\system32\rdpsnd.dll 2006-07-21 22:21 135,680 C:\WINDOWS\system32\rdchost.dll 2006-07-21 22:21 129,024 C:\WINDOWS\system32\sessmgr.exe 2006-07-21 22:21 124,184 C:\WINDOWS\system32\wuauclt.exe 2006-07-21 22:21 12,288 C:\WINDOWS\system32\rdsaddin.exe 2006-07-21 22:21 116,736 C:\WINDOWS\system32\mplay32.exe 2006-07-21 22:21 100,864 C:\WINDOWS\system32\clbcatex.dll 2006-07-21 22:21 1,343,768 C:\WINDOWS\system32\wuaueng.dll 2006-07-21 22:21 1,172,992 C:\WINDOWS\system32\comsvcs.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "HTpatch"="C:\\WINDOWS\\htpatch.exe" "SoundMan"="SOUNDMAN.EXE" "SiS Tray"="" "SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe" "LiveMonitor"="C:\\Program Files\\MSI\\Live Update 3\\LMonitor.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "AGRSMMSG"="AGRSMMSG.exe" "Error Expert"="C:\\Program Files\\Error Expert\\ErrorExpert.exe /scan" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Warez"="\"C:\\Program Files\\Warez\\Warez.exe\" /minimized" "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "TurboConnect"="C:\\PROGRA~1\\TURBOC~1\\TurboConnect.exe 1" "UnHackMe Monitor"="C:\\Program Files\\UnHackMe\\hackmon.exe" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000000 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" "{81559C35-8464-49F7-BB0E-07A383BEF910}"="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Black Dragon^Start Menu^Programs^Startup^DataKeeper.lnk] "path"="C:\\Documents and Settings\\Black Dragon\\Start Menu\\Programs\\Startup\\DataKeeper.lnk" "backup"="C:\\WINDOWS\\pss\\DataKeeper.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\POWERQ~1\\DATAKE~1.0\\DATAKE~1.EXE -c \"C:\\Documents and Settings\\Black Dragon\\Local Settings\\Application Data\\DataKeeper\\Dads Backup2.dks\"" "item"="DataKeeper" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "cmdService"=dword:00000002 HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder Completion time: 06-08-25 9:29:04.46 ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt ComboFix.2006-08-19.091922.txt ComboFix.2006-08-20.084212.txt ComboFix.2006-08-22.210200.txt ComboFix.2006-08-24.055309.txt ComboFix.2006-08-25.092854.txt |
|
|
|
|
08-28-2006, 07:19 AM
|
#70 (permalink) | |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista
|
I'm very pleased to say that your system is now clean.
 I know it wasn't easy on your end--nice work.  Quote:
Now, we just have some finishing touches: Reset hidden/system files and folders Windows XP =============== Click Start. * Open My Computer. * Select the Tools menu and click Folder Options. * Select the View tab. * Deselect the Show hidden files and folders option. * Select the Hide file extensions for known types option. * Select the Hide protected operating system files option. Click Yes to confirm. Click OK. Enable Windows Auto Update *Go to Start>Run - type wuaucpl.cpl *Tick on the checkbox - "Keep my computer up to date" *Under Settings, choose "Automatically download the updates, and install them on the schedule that I specify". Click on "OK". Create a new System Restore point Click Start >> Run - type SYSDM.CPL & press Enter * Select the System Restore Tab * Tick on the checkbox - "Turn off System Restore on all drives" Click Apply * Then untick the same checkbox & click OK This will prevent any reinfection from previous restore points. ----------------- You already have IESpyAd, Spyware Blaster and SpywareGuard set up. I'd like you to add these two programs as well, if you don't already have them. Scan with these programs as well as Ewido, on a regular basis: Download Spybot Search & Destroy 1.4 Run Spybot and click on the 'Search for Updates' button. Install any updates that are available. Now click Mode menu and choose 'Advanced Mode'. Next click on Immunize to your left. Click the Immunize button on top to Immunize your computer - you should do this each time there is an update. Click 'Check for Problems' and fix all the entries, which are indicated in RED. Download Adaware SE and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Go to this Site to get the plug-in for fixing VX2 variants. Also make sure to Customize the settings in Adaware for better scan results. Run the scan and fix everything that it finds. Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls **Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. Follow this list and your potential for being infected again will reduce dramatically. **Shall we mark this thread as resolved? |
|
|
|
|
|
09-03-2006, 03:16 AM
|
#71 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 57
OS: XP Home edition
|
Hi RIED RE: system is now clean
Hi Ried
I've completed the final steps you set for me. And found those Links you gave me of great value and full of knowlege for one such as myself.I don't know if I was supposed to end up at Jasons Toolbox or not, But I was Fair drooling all over the keyboard at his amazing little programes. I passed the browser security test with flying colours. I'm Happy To say we Can mark this thread as resolved. Cheers, Download Junkie. Ps: I got em all HeeHee  
|
|
|
|
|
09-03-2006, 09:22 AM
|
#72 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista
|
I've never been happier to marked a thread resolved, Download Junkie....
 It may be a good idea for you to run periodic online scans at either Panda or Kaspersky to keep an eye on your system. Should they find any 'bad guys', post those results here in the HijackThis Forum (new thread  ) along with a HijackThis scan and we'll be happy to take a look at it for you. Happy computing and stay safe....  
|
|
|
|
| Thread Tools | |
|
|
Hi RIED RE: Tabless
