PDA

View Full Version : Number of viruses 93, infected objects 719


piratenews
2008-05-30, 05:59
Spybot was unable to remove this RED item in SAFE mode, it just came back twice on reboot:

Product: Win32.Soundmix
Threat: Trojan
Win32.Soundmix copies itself as soundmix.exe into the system directory and pretends to be a soundmixer. It starts itself in autorun as "soundmix" without user consent. It also adds itself to the exefile shell open command so that it will be started synchronously with every other exe file.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:20 PM, on 5/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
F2 - REG:system.ini: Shell=Explorer.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN

LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\JOHN

LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - C:\WINDOWS\system32\admdsc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [dhprthpl] rundll32.exe "C:\WINDOWS\system32\rdpthj.sys" WLEntryPoint
O4 - HKUS\S-1-5-21-1420582129-1497244195-3520757181-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common

Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\torapcfm.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: http://www.tallemu.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4947 bytes

===========================================


KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 4:14:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812154
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 185169
Number of viruses found: 93
Number of infected objects: 719
Number of suspicious objects: 4
Duration of the scan process: 02:09:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\bspefqpk\tufmlwnu.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\cnifshqp\uzqpkbcb.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\danwhoha\fmhurabo.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\dgxwxyjw\xqvkngze.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\dsxmtkvi\vijcnshy.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\dunwjghm\jmdifsvi.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\fmpkrczw\bajylylq.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\fspmjgfy\tibatqzc.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\fyvgtytu\jobkzwry.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\hydmhcby\rmxodsla.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\izgtgbct\qbetelyx.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\jahihoxw\fqpajude.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll Infected: Trojan.Win32.Obfuscated.sc skipped
C:\Documents and Settings\All Users\Application Data\obunarah.dll Infected: Trojan.Win32.Obfuscated.sc skipped
C:\Documents and Settings\All Users\Application Data\parifcpm\jkhsvujc.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\qtglohyd\qpuxgzan.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSLDPinchIE5.zip/partnership.dll Infected: Trojan-Proxy.Win32.Xorpix.dg skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PWSLDPinchIE5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/vedxga1me4t1.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/vedxg4am1et2.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/dllgh8jkd1q2.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/dllgh8jkd1q6.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/dllgh8jkd1q7.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/vedxga3me2.exe Infected: Trojan-Downloader.Win32.VB.ded skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/vedxga4me1.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/vedxg6ame4.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/wind32.exe Infected: Trojan-Downloader.Win32.Tibs.vz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/desktop.html Infected: not-virus:Hoax.Win32.Renos.cy skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/BraveSentry0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip/autorun.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip/svchost.exe Infected: Trojan-Downloader.Win32.Small.svi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip/autorun.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip/SpySheriff.exe Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur000.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur001.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur002.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip/heur003.dll Infected: not-a-virus:FraudTool.Win32.SpySheriff.a skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff6.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip/syslook.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip/sys16.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip/synsv.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip/powersys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip/poweragent.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde14.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip/hostwin.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde17.zip/shift.exe.exe Infected: Email-Worm.Win32.Zhelatin.vg skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/mljgh.dll Infected: Trojan-Spy.Win32.Agent.hn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/syssys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde55.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde55.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/monpower.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde64.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde64.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip/avp.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde8.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde82.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde82.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde85.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde85.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde99.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde99.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack10.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack11.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack11.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack12.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack15.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack15.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack16.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack17.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack17.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack18.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack19.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack20.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack21.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack22.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack23.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack23.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack24.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack24.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack26.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack26.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack27.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack27.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack28.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack29.zip/xloader30029.exe Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack29.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack30.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack5.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack6.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack7.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack9.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbid4.zip/winlogon.exe Infected: Trojan-Proxy.Win32.Small.kx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentbid4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje10.zip/1205424199.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje6.zip/1205424199.dll Infected: not-a-virus:AdWare.Win32.E404.f skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBHOje6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinGBDialerj.zip/npdl.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinGBDialerj.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLoadAdvh.zip/hlpsrv.exe Infected: Trojan-Clicker.Win32.Small.mv skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinLoadAdvh.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh10.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh10.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh13.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh13.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh16.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh16.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh19.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh19.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh2.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh21.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh21.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh25.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh25.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh28.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh28.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh30.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh30.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh33.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh33.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh36.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh36.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh39.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh39.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh4.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh41.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh41.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh43.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh43.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh46.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh46.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh48.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh48.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh51.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh51.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh53.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh53.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh56.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh56.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh58.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh58.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh60.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh60.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh63.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh63.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh66.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh66.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh68.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh68.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh7.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl2.zip/mrofinu27.exe Infected: Trojan-Downloader.Win32.Agent.lbx skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zlockuc.zip/onuxuped.dll Infected: not-a-virus:AdWare.Win32.Agent.wk skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zlockuc.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\stwjkzmz\qvkfkfej.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\vmxkzufk\jevmxazo.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\whulahat\ynehglit.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\yvktobmb\yjolabel.exe Infected: Trojan-Dropper.Win32.Agent.amm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/0.EXE Infected: Trojan-Downloader.Win32.Small.ius skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/1922.tmp Infected: Trojan-Downloader.Win32.Agent.lcx skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/csrssc.exe Infected: Trojan-Downloader.Win32.Suurch.dw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Documents and Settings/John Lee/Local Settings/Temp/file834.exe Infected: Trojan-Spy.Win32.Zbot.amb skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/1.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/2.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/238A.tmp Infected: Trojan-Downloader.Win32.Zlob.jbe skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/5.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/6.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/63.tmp Infected: Trojan.Win32.Pakes.cix skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/7.dllb Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/A984.tmp Infected: Trojan-Downloader.Win32.Agent.lcx skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/codec.exe Infected: Trojan-Downloader.Win32.Zlob.jhh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/D5.tmp Infected: Trojan-Downloader.Win32.Flux.eh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/dpdbjf.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/G5F-tmp.exe Infected: Trojan-Downloader.Win32.Flux.eh skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/iframestat.exe Infected: Trojan-Downloader.Win32.Tibs.vz skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/kfmtonetcrm.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/lebsbord.exe Infected: Email-Worm.Win32.Locksky.da skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/lhdtpp.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/sh.exe Infected: Trojan-Downloader.Win32.Agent.lab skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/WINDOWS/temp/tmp.exe Infected: Backdoor.Win32.Agent.fnb skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/crap.1165507431.old/data0000 Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/crap.1165507431.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1165951424.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1166051149.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1166073115.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1166394446.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167002879.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167199060.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167455550.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1167715835.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168035795.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168242245.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168519775.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU/C:/Program Files/WinBudget/bin/matrix.dll.1168936518.old Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39524.0746234722.WCU ZIP: infected - 36 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BN1.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BN2.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BN6A.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/BND.tmp Infected: Backdoor.Win32.Agobot.pbq skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/ldlddpldttt.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/nhphhhtlpht.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/sjapcrahsjq.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/WINDOWS/TEMP/ttnhtlpp.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/10.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/13.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/14.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1A.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1D.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1E.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/1F.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/22D7.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/22D8.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/25.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/27.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/2A.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/2B.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/2D.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/30.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/39.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/5.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/6.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/8.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/9.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/B.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU/C:/F.tmp Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39539.8254425231.WCU ZIP: infected - 30 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU/C:/WINDOWS/TEMP/hltpdhtdlhd.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU/C:/WINDOWS/TEMP/thpldt.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU/C:/WINDOWS/TEMP/ttpddptp.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39554.6742069907.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU/C:/WINDOWS/TEMP/bpnfbnhtdnp.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU/C:/WINDOWS/TEMP/hhfpplbfth.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU/C:/WINDOWS/TEMP/ltprflbnhjf.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39563.1994920023.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU/C:/WINDOWS/TEMP/ddhnlnthpl.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU/C:/WINDOWS/TEMP/dhtjdlpt.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU/C:/WINDOWS/TEMP/pppjlh.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39564.1587857986.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU/C:/WINDOWS/TEMP/ffjdhf.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU/C:/WINDOWS/TEMP/nfhtpddpdjf.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU/C:/WINDOWS/TEMP/rprpdlfr.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\Documents and Settings\John Lee\Application Data\Business Logic\UWC\Backup\J39573.9436123727.WCU ZIP: infected - 3 skipped
C:\Documents and Settings\John Lee\Application Data\OnlineArmor\client.dat Object is locked skipped
C:\Documents and Settings\John Lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe CreateInstall: infected - 1 skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech59peter-sap14.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech59peter-sap14.exe CreateInstall: infected - 1 skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\John Lee\ftpdll.dll Infected: Trojan-Dropper.Win32.Small.bgx skipped
C:\Documents and Settings\John Lee\ie_updates3r.exe Infected: Trojan-Downloader.Win32.Winlagons.al skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe Infected: Worm.Win32.Socks.jf skipped
C:\Documents and Settings\John Lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\nax.exe Infected: Trojan-Dropper.Win32.Small.bgl skipped
C:\Documents and Settings\John Lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John Lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ftpdll.dll Infected: Trojan-Dropper.Win32.Small.bgx skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe Infected: Worm.Win32.Socks.jf skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\backups\backup-20061219-025422-705.dll Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Cmkkhknc\qitpxpww.exe Suspicious: Type_Win32 skipped
C:\Program Files\CuteComp.exe/file21 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\CuteComp.exe Inno: infected - 1 skipped
C:\Program Files\IE Extensions\cj.v2.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Lpxiesdk\bpmqzonk.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Program Files\Orffrake\fucghrpz.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Program Files\Robot Voices\male-voice-american.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Program Files\Robot Voices\male-voice-american.exe CreateInstall: infected - 1 skipped
C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
piratenews
2008-05-30, 05:59
C:\Program Files\Tall Emu\Online Armor\antispam.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\DNSTask.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\firewall.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\fwdata.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\history.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\IPRanges.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\NoteBook.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\NoteBook.pak Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\oacached.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\programs.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\reference.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\SentList.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\server.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\signs.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\sites.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\unins000.dat Object is locked skipped
C:\Program Files\tmp123497953.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123497968.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123498765.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123498843.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp123504953.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080326-203148-229.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Wkrlenst\hxymopxj.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\qoobox\Quarantine\C\Documents and Settings\John Lee\Local Settings\Application Data\cftmon.exe.vir Infected: Worm.Win32.Socks.jf skipped
C:\qoobox\Quarantine\C\Documents and Settings\LocalService\Local Settings\Application Data\cftmon.exe.vir Infected: Worm.Win32.Socks.jf skipped
C:\qoobox\Quarantine\C\Program Files\ucleaner_setup.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\qoobox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir Infected: Trojan.Win32.Agent.htt skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ctfmona.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.gj skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\aoeqhbvc.dat.vir Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir Infected: Trojan.Win32.Pakes.cix skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\os1zn2mO7Z.exe.vir Infected: Trojan.Win32.Obfuscated.gx skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/Rxd51.sys Infected: Email-Worm.Win32.Agent.du skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/aoeqhbvc.dat Infected: Rootkit.Win32.Agent.aap skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/aoeqhbvc.dat.1 Infected: Rootkit.Win32.Agent.aap skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/hgnid.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/hipsrv.mm Infected: Trojan.Win32.Agent.gau skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/guntest.chm Infected: Rootkit.Win32.Agent.aey skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip/46096144.Evt Infected: Backdoor.Win32.Hupigon.ayik skipped
C:\qoobox\Quarantine\catchme2008-03-18_144954.89.zip ZIP: infected - 7 skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFixMarch2008.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFixMarch2008.exe RAR: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000002.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000012.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000013.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000014.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000015.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\A0000016.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP1\snapshot\MFEX-1.DAT Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP11\A0003332.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP12\A0003350.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP14\A0003395.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP14\A0003396.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP15\A0003408.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP16\A0003587.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP17\A0003602.exe Infected: Trojan-Spy.Win32.Zbot.arw skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP17\A0003618.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP19\A0003643.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.j skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP20\A0003681.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP21\A0003786.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP22\A0003822.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP23\A0004786.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP24\A0004824.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP25\A0004868.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP25\A0004870.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP26\A0004892.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP26\A0004902.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP27\A0004930.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP28\A0005902.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP28\A0005919.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP28\A0005935.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP29\A0005966.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000031.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000033.dll Infected: Trojan-Downloader.Win32.Small.iqx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000036.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000037.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000038.exe Infected: Trojan-Dropper.Win32.Agent.qqa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000039.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000044.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000045.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000046.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000047.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000048.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000049.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000050.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000052.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000053.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000055.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000056.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000057.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000058.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000059.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000060.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000061.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000062.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000063.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000064.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000065.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000066.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000067.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000068.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000069.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000070.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000071.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000072.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000073.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000074.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000075.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000076.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000077.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000078.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000079.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000080.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000081.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000082.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000083.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000084.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000085.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000086.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000087.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000088.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000089.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000090.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000091.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000092.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000093.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000094.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000095.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000096.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000098.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000099.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000100.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000101.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000102.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000103.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000105.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000106.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000107.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000108.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000109.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000110.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000112.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000113.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000114.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000115.exe Infected: Trojan-Dropper.Win32.Agent.qqa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000116.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000117.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000118.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000119.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP3\A0000142.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP30\A0005981.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP30\A0005987.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP31\A0006981.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP31\A0006997.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP31\A0007046.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP32\A0007098.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP32\A0008046.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP33\A0008055.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP35\A0008239.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP35\A0008266.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP35\A0008269.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP36\A0008287.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP36\A0008301.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP36\A0009287.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP38\A0009324.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP38\A0009334.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP39\A0009358.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP39\A0010334.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP4\A0000151.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP4\A0000173.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP4\A0000179.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP40\A0010353.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP40\A0011334.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP41\A0011350.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP41\A0011356.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP42\A0011373.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP42\A0011376.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP43\A0011406.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP44\A0012406.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP45\A0012431.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP45\A0012434.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP47\A0012571.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP48\A0012582.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP49\A0012594.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP49\A0013582.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0000189.dll Infected: Trojan-Downloader.Win32.Mutant.bk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0000194.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001189.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001203.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001214.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\A0001222.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP5\snapshot\MFEX-1.DAT Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP50\A0013608.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP51\A0013632.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP52\A0013668.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP52\A0013696.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP53\A0014059.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP54\A0014119.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP54\A0014120.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP54\A0014132.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP55\A0015132.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP56\A0016132.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP57\A0016146.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP58\A0016171.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016199.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016204.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016209.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP6\A0001234.sys Infected: Trojan-Downloader.Win32.Agent.lxa skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP6\A0002222.dll Infected: Email-Worm.Win32.Agent.eg skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP6\A0002243.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP60\A0016312.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP60\A0016464.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP60\A0016470.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP61\A0016489.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP61\A0016493.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016533.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016534.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016535.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016537.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016539.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016540.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016541.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016542.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016543.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016544.dll Infected: Trojan.Win32.Obfuscated.sc skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016545.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016546.dll Infected: not-a-virus:AdWare.Win32.Agent.wk skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016547.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016548.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016549.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016550.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016551.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016552.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016553.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016554.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016555.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016556.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016557.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016558.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016559.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016560.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016561.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016563.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016564.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016565.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016572.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016573.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016576.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016577.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016579.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016583.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016584.dll Infected: Trojan-Downloader.Win32.Small.sxn skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016585.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016586.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016587.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016589.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016591.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016593.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016594.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016595.exe Infected: Worm.Win32.Socks.c skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016596.exe Infected: Trojan-Proxy.Win32.Xorpix.dh skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016597.exe Infected: Trojan-Downloader.Win32.Small.svf skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016598.exe Infected: Trojan.Win32.Pakes.cif skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016599.exe Infected: Trojan.Win32.Agent.gau skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016600.exe Infected: Trojan-Clicker.Win32.Agent.tp skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016601.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016602.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016603.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016604.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016605.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016606.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016607.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016608.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016609.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016610.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016612.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016614.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016615.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016618.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016619.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016620.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016622.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016623.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016625.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP62\A0016651.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP63\A0016710.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP63\A0016722.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP63\A0016726.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016739.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016740.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016750.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016764.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0016767.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0017767.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP64\A0018767.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP65\A0018814.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP66\A0018910.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP66\A0018914.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018940.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018945.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018956.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018969.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP67\A0018974.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0018991.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0018995.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0019017.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP68\A0019021.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP69\A0019054.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP69\A0019058.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP7\A0003243.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP70\A0019078.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP70\A0019082.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP70\A0019085.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019101.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019124.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019129.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019143.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019170.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019180.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019187.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019194.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019208.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019221.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019235.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019240.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019296.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP71\A0019314.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019379.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019460.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019468.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019472.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019476.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019477.exe Suspicious: Type_Win32 skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019478.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019481.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019486.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019515.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019535.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019540.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019559.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019577.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019583.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019601.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP75\A0019669.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP76\A0019690.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP76\A0019720.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP77\A0019737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP77\A0020737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP78\A0021737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP79\A0022737.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP8\A0003257.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP81\A0022831.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP81\A0022853.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP82\A0022923.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP82\A0022930.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022951.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022958.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022970.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\A0022974.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP83\change.log Object is locked skipped
C:\Virus\3 march 2008 virus\C_WINDOWS_SYSTEM32_maxpaynow1.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\Virus\3 march 2008 virus\C_WINDOWS_SYSTEM32_maxpaynowti1.exe Infected: Trojan-Downloader.Win32.Tibs.wh skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{1ad4b29b-ff03-42c5-9803-969fdcb47c9d}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{2931ea2a-6692-45ed-8180-2ffc3378c658}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{29e9372a-d7d2-4003-91ea-da7e38635700}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{53b4046e-0116-4d23-b5ce-a76c1a758511}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{74fdc03e-393c-4c0d-806a-19b427bfd6c8}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll Infected: Trojan-Dropper.Win32.Agent.fwj skipped
C:\WINDOWS\Installer\{ac633de7-14d4-4297-8e5f-613b933fb5ab}\KbdSetup.dll Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\WINDOWS\Installer\{d5922084-f076-4b91-abc8-9390f0f76e02}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{e82124db-dadc-4f41-977a-12c725dd7cc0}\DrvAvp.dll Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\system32\183aa.exe Infected: Trojan-Downloader.Win32.Agent.gbj skipped
C:\WINDOWS\system32\alrsvco.exe Infected: Backdoor.Win32.IRCBot.bye skipped
C:\WINDOWS\system32\ALSNDMGRd.exe Infected: Backdoor.Win32.IRCBot.bye skipped
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe Infected: Backdoor.Win32.Agent.egy skipped
C:\WINDOWS\system32\bohodqhy.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\WINDOWS\system32\bqxgvwxo.exe Infected: Trojan.Win32.Obfuscated.gx skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\credigui.dll Infected: Trojan-Downloader.Win32.Small.iqt skipped
C:\WINDOWS\system32\drivers\Gms31.sys Object is locked skipped
C:\WINDOWS\system32\drivers\OADriver.sys Object is locked skipped
C:\WINDOWS\system32\drivers\OAmon.sys Object is locked skipped
C:\WINDOWS\system32\drivers\oanet.sys Object is locked skipped
C:\WINDOWS\system32\drivers\spools.exe Infected: Worm.Win32.Socks.jf skipped
C:\WINDOWS\system32\ftpdll.dll Infected: Trojan-Dropper.Win32.Small.bgx skipped
C:\WINDOWS\system32\gdid32.dll Infected: Trojan-Downloader.Win32.Small.iqu skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hlnftdrlttr.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\hlphnttnjhr.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\iphelp.dll Infected: Trojan.Win32.Pakes.cku skipped
C:\WINDOWS\system32\iSecurity.cpl Infected: Trojan-Downloader.Win32.Agent.mso skipped
C:\WINDOWS\system32\Kf94lfg.dll Infected: Trojan-Downloader.Win32.Small.sxo skipped
C:\WINDOWS\system32\netd.dll Infected: Trojan.Win32.Pakes.ckv skipped
C:\WINDOWS\system32\protect.dll Infected: Trojan.Win32.Pakes.ckw skipped
C:\WINDOWS\system32\psx.dll Infected: Trojan-Downloader.Win32.Small.iqv skipped
C:\WINDOWS\system32\ptldtl.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\ptpdrfhlhbt.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\ptpdrfhlhbt_ORIGINAL.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\puvkbohq.exe Suspicious: Type_Win32 skipped
C:\WINDOWS\system32\pxcrt.dll Infected: Trojan-Downloader.Win32.Small.iqw skipped
C:\WINDOWS\system32\rcdll.dll Infected: Trojan.Win32.Pakes.ckt skipped
C:\WINDOWS\system32\rdpthj.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\system32\torapcfm.dll Infected: Email-Worm.Win32.Locksky.da skipped
C:\WINDOWS\system32\vmnylyrg.exe Suspicious: Type_Win32 skipped
C:\WINDOWS\system32\wbem\csrss.exe Infected: Trojan.Win32.Agent.gci skipped
C:\WINDOWS\system32\winlugan.exe Infected: Trojan-Downloader.Win32.Winlagons.al skipped
C:\WINDOWS\system32\winmed.exe Infected: Trojan-Downloader.Win32.Agent.laq skipped
C:\WINDOWS\system32\WLCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.bj skipped
C:\WINDOWS\system32\wsock32d.dll Infected: Trojan.Win32.Pakes.ckx skipped
C:\WINDOWS\TEMP\bthhht_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\ddpphhdl_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\djfjtd_ORIGINAL.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\dplhdhjthd.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\dplldf_ORIGINAL.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\fdtdlllhlp_ORIGINAL.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\hhfdnpddnjt_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\hlnftdrlttr.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\jfnplj_ORIGINAL.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\lhttlh_ORIGINAL.nls Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\ndrlblhljb.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\pltbddtp_ORIGINAL.drv Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\plttplht_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\prphnrpdtd_ORIGINAL.sys Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\TEMP\ptpdrfhlhbt.dll Infected: Email-Worm.Win32.Locksky.cm skipped
C:\WINDOWS\Web\def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
piratenews
2008-05-30, 06:12
This has been a problem since March 2008, thanks to Virtumonde. Lots of crashes, loss of all programs, etc.

Limping along pretty well for now, after learning more than I cared to learn about computers.

Online Armor firewall does okay but tends to shut down all programs if I get carried away deleting stuff. Still seems to be a couple dozen connections in LISTEN mode (botnet?).

Spybot Teatimer catches viruses with popups every 10 seconds, 24/7.

MS Explorer is locked down as tight as I can get it, but is very annoying having to click 10 times for each webpage.

Windows Installer is damaged and won't repair nor reinstall, so I cannot switch to Opera, which cannot install. Also lost MS Word, which cannot reinstall due to loss of Windows Installer. Any ideas how to fix Windows Installer? I think an antispyware program killed Installer.exe.

Also having weird effects on my mouse in certain programs, having to right click on SELECT ALL before the mouse will work, with copy/paste disabled. Any suggestions?

I've learned my lesson, with my next computer I'll just refry the harddrives and start over. With this one I'm too committed to try that. Cannot reinstall certain critical programs. Data is backed up though.

Thanks for the help.
piratenews
2008-05-30, 06:17
I use an online email, and MS Outlook is not installed (I think).

But is Navigator Communicator hijacked by a botnet? Is that a problem if I never open Navigator?
piratenews
2008-05-30, 06:30
I manually disconnect from the modem when not using internet, and disconnect when booting up. This seems to help reduce new infections.

I delete Virtumonde each STARTUP using MSCONFIG before each SHUTDOWN.

I use TASK MANAGER to delete Virtumonde or other virus if and when it pops up. But there still seems to be some other viruses running in Processes, but Bad Things happen sometimes when I try deleting RundDLL, CSRSS or SVCHOST.
tashi
2008-06-05, 18:51
Hello,

I see you posted in the Waiting Room: http://forums.spybot.info/showthread.php?p=199202#post199202

Because of the volume of posts to your own topic, helpers may have thought you were already being assisted.

For our helpers information, what happened here: http://forums.spybot.info/showthread.php?p=179275#post179275


One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:You requested assistance to attempt a clean anyway and the thread was closed due to inactivity.

As you say, this was back in March 2008.

Regards.
piratenews
2008-06-06, 03:16
Thanks. I'll buy a new computer as soon as I can afford to. This one cannot be reformated without losing too much work. Lesson learned.

So what do I do next?
Shaba
2008-06-06, 18:18
Hi piratenews

Regarding amount of viruses and their nature, reformatting would be best option here.

If you really don't want to do it, we can try to clean you :)
piratenews
2008-06-07, 12:39
Yes, let's try to clean it. Hopefully without frying anything.

The computer is working amazingly well, considering what it's been through. Last thing I remember downloading before the attack was a freeware program to morph photographs, from a website with a million little adverts. Only used the program for one photo, then uninstalled it. Apparently it had some little viruses left over.

The only real problem I'm having is Windows Installer is not working. Which is a big problem, actually. But probably something I can fix.
Shaba
2008-06-07, 12:43
Hi

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report
- sdfix report
piratenews
2008-06-08, 21:06
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:00:13 PM, on 6/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - C:\WINDOWS\system32\admdsc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4501 bytes


=========================================================


ComboFix 08-06-07.3 - John Lee 2008-06-08 14:25:53.5 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\system32\183aa.exe
C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
C:\WINDOWS\system32\drivers\Cksu78.sys
C:\WINDOWS\system32\hlnftdrlttr.nls
C:\WINDOWS\system32\hlphnttnjhr.sys
C:\WINDOWS\system32\pltllp.drv
C:\WINDOWS\system32\ptldtl.dll
C:\WINDOWS\system32\ptpdrfhlhbt.dll
C:\WINDOWS\system32\ptpdrfhlhbt_ORIGINAL.dll
C:\WINDOWS\system32\rdpthj.sys
C:\WINDOWS\system32\torapcfm.dll
C:\WINDOWS\TEMP\brfnhbjtdp.dll
C:\WINDOWS\TEMP\nntnnbrh.dll
C:\WINDOWS\TEMP\pltllp.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CKSU78
-------\Service_Cksu78
-------\Service_CKSU78


((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-21 23:08 . 2008-06-08 14:41 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Program Files\Cmkkhknc
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\zazodeji
2008-05-21 11:56 . 2008-05-21 11:56 110,592 --a------ C:\WINDOWS\system32\admdsc.dll
2008-05-21 11:56 . 2008-05-21 11:56 110,592 --a------ C:\Documents and Settings\All Users\Application Data\ufofsron.dll
2008-05-21 11:56 . 2008-05-21 11:56 106,496 --a------ C:\WINDOWS\system32\vmnylyrg.exe
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-19 19:01 . 2008-05-19 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dgpixcds
2008-05-19 19:01 . 2008-05-19 19:01 122,880 --a------ C:\Documents and Settings\All Users\Application Data\ubcredal.dll
2008-05-19 19:01 . 2008-05-19 19:01 4,096 --a------ C:\WINDOWS\system32\anticipator_delete_virus.dll
2008-05-19 19:00 . 2008-05-19 19:00 122,880 --a------ C:\WINDOWS\system32\strsys.dll
2008-05-19 19:00 . 2008-05-19 19:00 102,400 --a------ C:\WINDOWS\system32\puvkbohq.exe
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
2008-05-09 15:20 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-09 15:20 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-05-09 15:20 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2008-05-09 15:20 . 2008-05-09 15:20 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-09 12:38 . 2008-05-09 13:00 <DIR> d-------- C:\Program Files\worthles
2008-05-09 12:38 . 2008-05-09 12:38 <DIR> d-------- C:\Program Files\WAYBEY~1
2008-05-09 12:38 . 2008-05-09 12:58 <DIR> d-------- C:\Program Files\NEUROC~1
2008-05-09 12:38 . 2008-05-09 13:01 <DIR> d-------- C:\Program Files\MOTORC~1
2008-05-09 12:37 . 2008-05-09 12:57 <DIR> d-------- C:\Program Files\jeru
2008-05-09 12:37 . 2008-05-09 12:56 <DIR> d-------- C:\Program Files\GENERA~1
2008-05-09 12:37 . 2008-05-09 12:55 <DIR> d-------- C:\Program Files\empirest
2008-05-09 12:37 . 2008-05-09 12:37 <DIR> d-------- C:\Program Files\dodger
2008-05-09 12:37 . 2008-05-09 12:37 <DIR> d-------- C:\Program Files\dirtydoz
2008-05-09 12:36 . 2008-05-09 12:45 <DIR> d-------- C:\Program Files\cube
2008-05-09 12:36 . 2008-05-09 12:45 <DIR> d-------- C:\Program Files\creature
2008-05-09 12:36 . 2008-05-09 12:36 <DIR> d-------- C:\Program Files\crass
2008-05-09 12:36 . 2008-05-09 12:44 <DIR> d-------- C:\Program Files\crakoom
2008-05-09 12:36 . 2008-05-09 12:36 <DIR> d-------- C:\Program Files\COPPAK~1
2008-05-09 12:35 . 2008-05-09 12:35 <DIR> d-------- C:\Program Files\conca
2008-05-09 12:35 . 2008-05-09 12:35 <DIR> d-------- C:\Program Files\COLLEG~2
2008-05-09 12:35 . 2008-05-09 12:44 <DIR> d-------- C:\Program Files\COLLEG~1
2008-05-09 12:35 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\CLONEW~1
2008-05-09 12:35 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\CAPTAI~1
2008-05-09 12:34 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BURLES~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BLUELI~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\BLINDM~1
2008-05-09 12:33 . 2008-05-09 12:43 <DIR> d-------- C:\Program Files\beatmygu
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\autobahn
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\arnon
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ARMORP~1
2008-05-09 12:33 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ARMAGG~1
2008-05-09 12:32 . 2008-05-09 13:01 <DIR> d-------- C:\Program Files\ANYTHI~1
2008-05-09 12:32 . 2008-05-09 12:42 <DIR> d-------- C:\Program Files\ANGRYB~1
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ANCIEN~1
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\amerika
2008-05-09 12:32 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ALIENS~1
2008-05-09 12:32 . 2008-05-09 12:32 <DIR> d-------- C:\Program Files\alien
2008-05-09 12:32 . 2008-05-09 12:32 <DIR> d-------- C:\Program Files\aldo
2008-05-09 12:31 . 2008-05-09 12:31 <DIR> d-------- C:\Program Files\ACTION~1
2008-05-09 12:30 . 2008-05-09 12:41 <DIR> d-------- C:\Program Files\ABDUCT~1
2008-05-08 12:39 . 2008-05-08 12:39 29 --a------ C:\WINDOWS\system32\auqwqdas.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 03:40 --------- d-----w C:\Program Files\Screenshot Pilot
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-30 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\vmxkzufk
2008-04-28 15:48 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\atubgxav.dll
2008-04-28 15:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\yvktobmb
2008-04-27 11:10 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\whulibwj.dll
2008-04-27 11:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\parifcpm
2008-04-25 23:25 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
2008-04-25 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\dunwjghm
2008-04-24 06:49 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\elitcvol.dll
2008-04-24 06:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\fmpkrczw
2008-04-23 18:42 118,784 ----a-w C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
2008-04-23 02:56 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
2008-04-23 02:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\dgxwxyjw
2008-04-22 00:52 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
2008-04-22 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\hydmhcby
2008-04-21 10:32 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
2008-04-21 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\fspmjgfy
2008-04-21 00:31 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
2008-04-21 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\izgtgbct
2008-04-19 23:40 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
2008-04-19 23:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\qtglohyd
2008-04-18 10:50 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\azqteduj.dll
2008-04-18 10:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\fyvgtytu
2008-04-16 06:48 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
2008-04-16 06:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\dsxmtkvi
2008-04-14 20:11 131,072 ----a-w C:\Documents and Settings\All Users\Application Data\pabedoza.dll
2008-04-13 15:55 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
2008-04-11 04:39 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
2008-04-11 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\danwhoha
2008-04-10 04:15 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
2008-04-10 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\whulahat
2008-04-09 18:10 122,880 ----a-w C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
2008-04-09 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\cnifshqp
2008-04-08 08:35 126,976 ----a-w C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
2008-04-08 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\jahihoxw
2008-04-07 21:59 63,488 ----a-w C:\WINDOWS\xobglu16.dll
2008-04-07 21:59 23,552 ----a-w C:\WINDOWS\xobglu32.dll
2008-04-07 05:35 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\dojazyds.dll
2008-04-05 04:05 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
2008-04-02 19:13 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-28 21:18 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
2008-03-27 19:37 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
2008-03-27 03:24 110,592 ----a-w C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-27 00:20 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 09:41 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
2008-03-26 03:14 114,688 ----a-w C:\Documents and Settings\All Users\Application Data\elazqfct.dll
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-18 18:34 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\obunarah.dll
2008-03-18 17:13 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
2008-03-18 04:24 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\tijwncze.dll
2008-03-18 01:04 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
2008-03-17 23:36 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 22:35 98,304 ----a-w C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2007-06-08 16:01 27,917,104 -c--a-w C:\Program Files\downloadable_install_wizard.exe
2007-04-27 05:39 4,960,221 -c--a-w C:\Program Files\RivaEncoderSetup.exe
2007-04-02 08:12 1,512,927 -c--a-w C:\Program Files\LADSPA_plugins-win-0.4.15.exe
2007-04-02 08:11 2,228,534 -c--a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-02 07:57 614,943 ----a-w C:\Program Files\lame-3.96.1.zip
2007-03-16 11:07 502,941 ----a-w C:\Program Files\MPEG_Streamclip_1.1.zip
2007-02-27 19:59 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
2007-02-27 19:57 1,629,496 ----a-w C:\Program Files\VOB2MPGv2_3.zip
2007-02-27 09:48 392,984 ----a-w C:\Program Files\SmartRipper 2.41.zip
2007-01-29 11:53 3,602,120 -c--a-w C:\Program Files\SFTPMSI.exe
2007-01-16 11:58 363,800 -c--a-w C:\Program Files\download-flvplayer_setup.exe.exe
2007-01-09 10:22 20,368,912 -c--a-w C:\Program Files\GoogleEarthWinProSetup.exe
2007-01-02 07:54 55,217 ----a-w C:\Program Files\Copy of checkboxtemplate.zip
2007-01-02 07:54 55,217 ----a-w C:\Program Files\checkboxtemplate.zip
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-18_14.59.37.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-09 13:16:16 582,656 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\rpcrt4.dll
+ 2007-06-19 07:24:36 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB933729\SP2QFE\xpsp3res.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB933729\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\spcustom.dll
+ 2005-10-12 23:12:28 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\update.exe
+ 2005-10-12 23:12:33 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB933729\update\updspapi.dll
+ 2007-08-21 06:25:02 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB941202\SP2QFE\inetcomm.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941202\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941202\update\updspapi.dll
+ 2007-10-29 22:35:13 1,287,680 ----a-w C:\WINDOWS\$hf_mig$\KB941568\SP2QFE\quartz.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941568\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941568\update\updspapi.dll
+ 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
+ 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-14 07:18:03 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB942840\SP2QFE\jscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB942840\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB942840\update\updspapi.dll
+ 2007-12-04 18:29:10 551,936 ----a-w C:\WINDOWS\$hf_mig$\KB943055\SP2QFE\oleaut32.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\updspapi.dll
+ 2007-10-26 03:34:01 8,460,288 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\shell32.dll
+ 2007-10-29 10:04:03 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB943460\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:33 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spmsg.dll
+ 2007-03-06 01:22:39 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943460\spuninst.exe
+ 2007-03-06 01:22:31 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\spcustom.dll
+ 2007-03-06 01:22:56 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\update.exe
+ 2007-03-06 01:23:47 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943460\update\updspapi.dll
+ 2007-11-07 09:50:47 727,040 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
+ 2007-12-07 00:44:30 1,024,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\browseui.dll
+ 2007-12-07 00:44:30 151,040 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\cdfview.dll
+ 2007-12-07 00:44:32 1,054,208 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\danim.dll
+ 2007-12-07 00:44:33 357,888 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtmsft.dll
+ 2007-12-07 00:44:33 205,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\dxtrans.dll
+ 2007-12-07 00:44:33 55,808 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\extmgr.dll
+ 2007-12-06 10:05:52 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iedw.exe
+ 2007-12-07 00:44:33 251,904 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\iepeers.dll
+ 2007-12-07 00:44:33 96,256 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\inseng.dll
+ 2007-12-07 00:44:33 16,384 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\jsproxy.dll
+ 2007-12-07 00:44:35 3,066,368 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtml.dll
+ 2007-12-07 00:44:36 449,024 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mshtmled.dll
+ 2007-12-07 00:44:36 146,432 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\msrating.dll
+ 2007-12-07 00:44:36 532,480 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\mstime.dll
+ 2007-12-07 00:44:36 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\pngfilt.dll
+ 2007-12-07 00:44:37 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shdocvw.dll
+ 2007-12-07 00:44:38 474,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\shlwapi.dll
+ 2007-12-07 00:44:39 617,984 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\urlmon.dll
+ 2007-12-07 00:44:39 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\wininet.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\$hf_mig$\KB944533\SP2QFE\xpsp3res.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944533\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944533\update\updspapi.dll
+ 2007-11-13 08:47:45 20,480 ----a-w C:\WINDOWS\$hf_mig$\KB944653\SP2QFE\secdrv.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944653\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944653\update\updspapi.dll
+ 2007-12-18 09:38:59 179,712 ----a-w C:\WINDOWS\$hf_mig$\KB946026\SP2QFE\mrxdav.sys
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\updspapi.dll
+ 2003-03-31 12:00:00 1,740 -c----w C:\WINDOWS\$NtServicePackUninstall$\dcache.bin
+ 2002-08-29 22:32:34 2,816 -c----w C:\WINDOWS\$NtServicePackUninstall$\drmkaud.sys
+ 2004-08-04 07:56:44 581,120 -c----w C:\WINDOWS\$NtUninstallKB933729$\rpcrt4.dll
+ 2005-10-12 23:12:26 213,216 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
+ 2005-10-12 23:12:33 371,424 -c----w C:\WINDOWS\$NtUninstallKB933729$\spuninst\updspapi.dll
+ 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\$NtUninstallKB941202$\inetcomm.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941202$\spuninst\updspapi.dll
+ 2005-08-30 03:54:26 1,287,168 -c----w C:\WINDOWS\$NtUninstallKB941568$\quartz.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941568$\spuninst\updspapi.dll
+ 2007-10-27 20:39:36 213,216 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
+ 2007-10-27 20:39:46 371,424 -c----w C:\WINDOWS\$NtUninstallKB941569$\spuninst\updspapi.dll
+ 2004-09-22 22:46:12 229,376 -c----w C:\WINDOWS\$NtUninstallKB941569$\wmasf.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB941644$\spuninst\updspapi.dll
+ 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942763$\spuninst\updspapi.dll
+ 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\$NtUninstallKB942763$\tzchange.exe
+ 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\$NtUninstallKB942840$\jscript.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB942840$\spuninst\updspapi.dll
+ 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\$NtUninstallKB943055$\oleaut32.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943055$\spuninst\updspapi.dll
+ 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\$NtUninstallKB943460$\shell32.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w C:\WINDOWS\$NtUninstallKB943460$\spuninst\updspapi.dll
+ 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\$NtUninstallKB943485$\lsasrv.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB943485$\spuninst\updspapi.dll
+ 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\$NtUninstallKB944533$\browseui.dll
+ 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\$NtUninstallKB944533$\cdfview.dll
+ 2007-06-14 18:09:18 1,054,208 -c----w C:\WINDOWS\$NtUninstallKB944533$\danim.dll
+ 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtmsft.dll
+ 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\$NtUninstallKB944533$\dxtrans.dll
+ 2007-06-14 18:09:19 55,808 -c----w C:\WINDOWS\$NtUninstallKB944533$\extmgr.dll
+ 2007-06-14 14:07:24 18,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\iedw.exe
+ 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\$NtUninstallKB944533$\iepeers.dll
+ 2007-06-14 18:09:19 96,256 -c----w C:\WINDOWS\$NtUninstallKB944533$\inseng.dll
+ 2007-06-14 18:09:19 16,384 -c----w C:\WINDOWS\$NtUninstallKB944533$\jsproxy.dll
+ 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtml.dll
+ 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\$NtUninstallKB944533$\mshtmled.dll
+ 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\$NtUninstallKB944533$\msrating.dll
+ 2007-06-14 18:09:20 532,480 -c----w C:\WINDOWS\$NtUninstallKB944533$\mstime.dll
+ 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\pngfilt.dll
+ 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\$NtUninstallKB944533$\shdocvw.dll
+ 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\$NtUninstallKB944533$\shlwapi.dll
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\spuninst\updspapi.dll
+ 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\$NtUninstallKB944533$\urlmon.dll
+ 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
+ 2007-06-14 13:39:54 115,712 -c----w C:\WINDOWS\$NtUninstallKB944533$\xpsp3res.dll
+ 2005-03-03 04:48:59 12,400 -c----w C:\WINDOWS\$NtUninstallKB944653$\secdrv.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB944653$\spuninst\updspapi.dll
+ 2004-08-04 06:00:56 181,248 -c----w C:\WINDOWS\$NtUninstallKB946026$\mrxdav.sys
+ 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\$NtUninstallKB946026$\spuninst\updspapi.dll
+ 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2003-10-06 06:59:14 49,152 -c--a-w C:\WINDOWS\CTDCRES.DLL
+ 2006-08-11 18:55:52 10,240 ----a-w C:\WINDOWS\CTDCRES.DLL
+ 2006-08-11 18:56:02 17,920 ----a-w C:\WINDOWS\CTHELPER.EXE
+ 2006-08-11 18:56:06 3,072 ----a-w C:\WINDOWS\CTXFIRES.DLL
+ 2007-09-11 17:49:24 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\LibComm.dll
+ 2007-09-11 17:49:28 38,280 ----a-w C:\WINDOWS\Downloaded Program Files\NanoInst.dll
+ 2007-09-11 17:49:30 43,824 ----a-w C:\WINDOWS\Downloaded Program Files\PSComm.dll
+ 2007-09-11 17:49:34 100,656 ----a-w C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 12:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2008-06-08 06:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-08 16:52:25 12,705,792 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-08 16:52:25 282,624 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-08 06:22:14 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-08 05:06:16 12,705,792 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-08 05:06:16 282,624 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2000-08-31 12:00:00 89,504 ----a-w C:\WINDOWS\fdsv.exe
+ 2000-08-31 12:00:00 80,412 ----a-w C:\WINDOWS\grep.exe
+ 2003-03-31 12:00:00 2,589 -c----w C:\WINDOWS\I386\RUNW32.BAT
- 2003-10-06 06:48:18 20,480 -c--a-w C:\WINDOWS\INRES.DLL
+ 2006-08-11 18:57:06 11,776 -c--a-w C:\WINDOWS\INRES.DLL
+ 2008-03-20 03:43:00 22,666 --sh--r C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll
+ 2008-03-18 21:44:10 22,614 --sh--r C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll
+ 2008-03-18 20:10:00 22,782 ----a-w C:\WINDOWS\Installer\{d5922084-f076-4b91-abc8-9390f0f76e02}\zip.dll
+ 2008-03-18 20:09:47 22,610 --sh--r C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll
+ 2007-09-15 09:00:26 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\3FHBXBRT.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\9JD7RRLZ.DAT
+ 2007-09-15 09:00:23 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\L3V5NZPR.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\MPNHB79J.DAT
+ 2007-09-15 09:00:22 2,678 -c--a-w C:\WINDOWS\java\Packages\Data\NNT793TB.DAT
+ 2005-12-29 05:34:27 2,232 -c--a-w C:\WINDOWS\java\Packages\Data\RJ5NXZXN.DAT
- 2003-06-20 10:13:46 49,152 -c--a-w C:\WINDOWS\MIDIDEF.EXE
+ 2006-08-11 18:42:52 25,600 ----a-w C:\WINDOWS\MIDIDEF.EXE
- 2006-12-09 20:26:25 11,402 -c--a-w C:\WINDOWS\mozver.dat
+ 2008-05-05 15:01:04 12,007 -c--a-w C:\WINDOWS\mozver.dat
- 2003-10-06 06:59:00 184,320 -c--a-w C:\WINDOWS\PSCONV.EXE
+ 2006-08-11 18:56:04 34,304 ----a-w C:\WINDOWS\PSCONV.EXE
- 2003-10-06 06:58:50 180,224 -c--a-w C:\WINDOWS\READREG.EXE
+ 2006-08-11 18:56:08 35,840 ----a-w C:\WINDOWS\READREG.EXE
+ 2000-08-31 12:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2004-08-04 08:07:21 1,788 -c----w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 06:07:57 2,944 -c----w C:\WINDOWS\ServicePackFiles\i386\drmkaud.sys
+ 2003-03-31 12:00:00 138,752 ----a-w C:\WINDOWS\sndvol32.exe
+ 2000-08-31 12:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 12:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe
+ 2000-08-31 12:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe
- 2002-11-22 13:07:10 765,952 ----a-w C:\WINDOWS\system\crlds3d.dll
+ 2005-06-08 00:58:54 765,952 ----a-w C:\WINDOWS\system\crlds3d.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system\KEYBOARD.DRV
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system\MOUSE.DRV
+ 1996-11-13 20:33:32 1,504 -c--a-w C:\WINDOWS\system\NPRX16.DLL
+ 1996-11-27 16:01:18 1,540 -c--a-w C:\WINDOWS\system\NSX83P16.DLL
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system\SOUND.DRV
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system\VGA.DRV
- 2003-10-06 06:38:06 65,536 -c--a-w C:\WINDOWS\system32\a3d.dll
+ 2006-08-11 18:56:28 33,792 ----a-w C:\WINDOWS\system32\a3d.dll
- 2003-10-06 06:55:56 53,248 -c--a-w C:\WINDOWS\system32\AC3API.DLL
+ 2006-08-11 18:56:16 26,624 -c--a-w C:\WINDOWS\system32\AC3API.DLL
+ 2008-04-24 06:49:46 126,976 ----a-w C:\WINDOWS\system32\actmnt.dll
+ 2008-04-14 20:11:50 131,072 ----a-w C:\WINDOWS\system32\admcomwin.dll
+ 2008-04-23 18:42:28 118,784 ----a-w C:\WINDOWS\system32\apismart.dll
+ 2008-04-23 02:56:01 122,880 ----a-w C:\WINDOWS\system32\aplen.dll
+ 2008-04-27 11:10:55 102,400 ----a-w C:\WINDOWS\system32\bohodqhy.exe
+ 2008-04-02 19:13:37 102,400 ----a-w C:\WINDOWS\system32\bqxgvwxo.exe
- 2007-06-14 18:09:18 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 ----a-w C:\WINDOWS\system32\browseui.dll
- 2007-06-14 18:09:18 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2007-12-07 01:07:12 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2003-10-06 06:44:28 114,688 ----a-w C:\WINDOWS\system32\commonfx.dll
+ 2006-08-11 18:48:08 87,552 ----a-w C:\WINDOWS\system32\commonfx.dll
- 2008-03-13 16:12:41 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-02 18:43:28 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-13 16:12:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-02 18:43:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-13 16:12:41 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-02 18:43:28 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-08-11 18:45:36 200,192 ----a-w C:\WINDOWS\system32\CT_OAL.DLL
+ 2006-08-11 18:48:50 158,720 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
- 2003-10-06 06:57:50 57,344 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
+ 2006-08-11 18:56:02 7,168 ----a-w C:\WINDOWS\system32\CTAGENT.DLL
- 2003-11-19 02:09:46 126,976 -c--a-w C:\WINDOWS\system32\CTASIO.DLL
+ 2006-08-11 18:45:34 74,752 ----a-w C:\WINDOWS\system32\CTASIO.DLL
- 2003-11-18 07:23:50 585,728 ----a-w C:\WINDOWS\system32\ctaudfx.dll
+ 2006-08-11 18:48:12 536,576 ----a-w C:\WINDOWS\system32\ctaudfx.dll
- 2003-10-21 09:54:48 140,643 ----a-w C:\WINDOWS\system32\ctbas2w.dat
+ 2006-08-11 18:45:08 140,643 ----a-w C:\WINDOWS\system32\ctbas2w.dat
- 2003-10-21 09:50:46 112,411 -c--a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2006-08-11 18:43:20 113,221 ----a-w C:\WINDOWS\system32\CTBASICW.DAT
+ 2006-08-11 18:57:18 37,888 ----a-w C:\WINDOWS\system32\CTBURST.DLL
- 2003-10-06 06:48:30 69,632 -c--a-w C:\WINDOWS\system32\ctcoinst.dll
+ 2006-08-11 18:57:04 81,920 ----a-w C:\WINDOWS\system32\CTCOINST.DLL
- 2003-10-21 09:47:34 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
+ 2006-08-11 18:43:04 53,932 ----a-w C:\WINDOWS\system32\ctdaught.dat
- 2003-11-27 01:35:26 327,680 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
+ 2006-08-11 18:55:52 190,976 ----a-w C:\WINDOWS\system32\CTDC0000.DLL
- 2003-12-03 01:08:46 466,944 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
+ 2006-08-11 18:55:52 286,208 ----a-w C:\WINDOWS\system32\CTDC0001.DLL
- 2003-10-06 06:57:12 139,264 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
+ 2006-08-11 18:55:54 129,536 ----a-w C:\WINDOWS\system32\CTDCIFCE.DLL
- 2003-10-21 09:54:50 217,272 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-08-11 18:49:24 323,640 ----a-w C:\WINDOWS\system32\ctdlang.dat
+ 2006-08-11 18:49:24 44,567 ----a-w C:\WINDOWS\system32\ctdnlstr.dat
- 2003-10-06 06:46:42 110,592 ----a-w C:\WINDOWS\system32\CTDPROXY.DLL
+ 2006-08-11 18:45:34 71,680 ----a-w C:\WINDOWS\system32\ctdproxy.dll
- 2003-10-06 06:48:42 143,360 -c--a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2006-08-11 18:57:06 146,432 ----a-w C:\WINDOWS\system32\ctdvinst.dll
+ 2006-08-11 18:48:28 160,768 ----a-w C:\WINDOWS\system32\cteapsfx.dll
+ 2006-08-11 18:45:36 47,616 ----a-w C:\WINDOWS\system32\CTEDASIO.DLL
+ 2006-08-11 18:45:40 269,824 ----a-w C:\WINDOWS\system32\CTEDSPFX.DLL
+ 2006-08-11 18:45:50 115,200 ----a-w C:\WINDOWS\system32\CTEDSPIO.DLL
+ 2006-08-11 18:48:06 317,952 ----a-w C:\WINDOWS\system32\CTEDSPSY.DLL
- 2003-10-06 06:45:28 36,864 -c--a-w C:\WINDOWS\system32\CTEMUPIA.DLL
+ 2006-08-11 18:48:52 108,032 ----a-w C:\WINDOWS\system32\ctemupia.dll
+ 2006-08-11 18:48:42 1,170,432 ----a-w C:\WINDOWS\system32\CTEXFIFX.dll
+ 2006-08-11 18:48:52 61,952 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
+ 2005-06-16 22:17:16 71,680 ----a-w C:\WINDOWS\system32\CTMMACTL.DLL
- 2003-10-06 06:57:48 28,672 -c--a-w C:\WINDOWS\system32\CTMMEP.DLL
+ 2006-08-11 18:56:00 11,776 ----a-w C:\WINDOWS\system32\CTMMEP.DLL
- 2003-10-06 06:46:50 159,744 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-08-11 18:45:22 132,096 ----a-w C:\WINDOWS\system32\CTOSUSER.DLL
+ 2006-08-11 18:56:00 30,208 ----a-w C:\WINDOWS\system32\CTPCMCIA.DLL
+ 2006-08-11 18:55:56 9,216 ----a-w C:\WINDOWS\system32\CTPRES.DLL
- 2003-10-21 09:54:42 264,466 -c--a-w C:\WINDOWS\system32\ctsbas2w.dat
+ 2006-08-11 18:43:26 265,042 ----a-w C:\WINDOWS\system32\ctsbas2w.dat
- 2003-10-21 09:50:44 230,201 -c--a-w C:\WINDOWS\system32\CTSBASW.DAT
+ 2006-08-11 18:43:18 231,281 ----a-w C:\WINDOWS\system32\CTSBASW.DAT
- 2003-10-06 06:46:14 606,208 ----a-w C:\WINDOWS\system32\ctsblfx.dll
+ 2006-08-11 18:48:32 548,352 ----a-w C:\WINDOWS\system32\ctsblfx.dll
- 2003-10-06 06:57:20 118,784 -c--a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2006-08-11 18:55:54 75,264 ----a-w C:\WINDOWS\system32\CTSCAL.DLL
+ 2005-06-30 19:24:14 121,856 ----a-w C:\WINDOWS\system32\CTSFINST.DLL
- 2003-10-06 06:58:46 45,056 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
+ 2006-08-11 18:56:02 23,040 ----a-w C:\WINDOWS\system32\CTSPKHLP.DLL
- 2003-10-21 09:47:40 298,971 ----a-w C:\WINDOWS\system32\ctstatic.dat
+ 2006-08-11 18:43:04 313,207 ----a-w C:\WINDOWS\system32\ctstatic.dat
- 2003-12-31 00:48:26 106,496 -c--a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-08-11 18:55:54 64,000 ----a-w C:\WINDOWS\system32\CTTHXCAL.DLL
+ 2006-08-11 18:56:06 26,112 ----a-w C:\WINDOWS\system32\CTXFIBTN.DLL
+ 2006-08-11 18:56:04 18,944 ----a-w C:\WINDOWS\system32\CTXFIHLP.EXE
+ 2006-08-11 18:53:22 42,496 ----a-w C:\WINDOWS\system32\CTXFIREG.EXE
+ 2006-08-11 18:53:22 52,224 ----a-w C:\WINDOWS\system32\CTXFISPI.DLL
+ 2006-08-11 18:53:20 733,184 ----a-w C:\WINDOWS\system32\CTXFISPI.EXE
+ 2006-08-11 18:56:06 25,088 ----a-w C:\WINDOWS\system32\CTXFISPK.DLL
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2007-12-07 01:07:12 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2003-10-21 09:50:40 232,319 -c--a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2006-08-11 18:43:12 232,847 ----a-w C:\WINDOWS\system32\Data\CT0060W.DAT
+ 2006-08-11 18:43:04 15,899 ----a-w C:\WINDOWS\system32\Data\CTD20X.DAT
+ 2006-08-11 18:43:18 199,465 ----a-w C:\WINDOWS\system32\Data\CTEAPSW.DAT
+ 2006-08-11 18:43:40 364,754 ----a-w C:\WINDOWS\system32\Data\CTEDSP2W.DAT
+ 2006-08-11 18:43:42 339,138 ----a-w C:\WINDOWS\system32\Data\CTEDSPHW.DAT
+ 2006-08-11 18:43:40 285,488 ----a-w C:\WINDOWS\system32\Data\CTEDSPKW.DAT
+ 2006-08-11 18:43:40 285,488 ----a-w C:\WINDOWS\system32\Data\CTEDSPLW.DAT
+ 2006-08-11 18:43:42 321,378 ----a-w C:\WINDOWS\system32\Data\CTEDSPPW.DAT
+ 2006-08-11 18:43:40 261,640 ----a-w C:\WINDOWS\system32\Data\CTEDSPTW.DAT
+ 2006-08-11 18:43:42 261,640 ----a-w C:\WINDOWS\system32\Data\CTEDSPUW.DAT
+ 2006-08-11 18:43:32 364,754 ----a-w C:\WINDOWS\system32\Data\CTEDSPW.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0060W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0061W.DAT
- 2003-10-21 09:54:40 279,288 -c--a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
+ 2006-08-11 18:43:20 279,864 ----a-w C:\WINDOWS\system32\Data\CTP0070W.DAT
- 2003-10-21 09:54:40 279,288 -c--a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
+ 2006-08-11 18:43:20 279,864 ----a-w C:\WINDOWS\system32\Data\CTP0073W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
+ 2006-08-11 18:43:20 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0090W.DAT
- 2003-10-21 09:54:42 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
+ 2006-08-11 18:43:26 265,624 ----a-w C:\WINDOWS\system32\Data\CTP0091W.DAT
- 2003-10-21 09:54:42 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0092W.DAT
- 2003-10-21 09:54:42 264,466 -c--a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
+ 2006-08-11 18:43:26 265,042 ----a-w C:\WINDOWS\system32\Data\CTP0095W.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0100W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0101W.DAT
- 2003-10-21 09:50:40 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
+ 2006-08-11 18:43:12 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0102W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
+ 2006-08-11 18:43:14 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0103W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
+ 2006-08-11 18:43:16 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0105W.DAT
- 2003-10-21 09:50:38 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP0150W.DAT
- 2003-10-21 09:54:40 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
+ 2006-08-11 18:43:22 265,882 ----a-w C:\WINDOWS\system32\Data\CTP0161W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0162W.DAT
- 2003-10-21 09:50:42 232,523 -c--a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
+ 2006-08-11 18:43:16 232,964 ----a-w C:\WINDOWS\system32\Data\CTP0170W.DAT
- 2003-10-21 09:50:42 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017AW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017BW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017CW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
+ 2006-08-11 18:43:16 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017DW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017EW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017FW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017GW.DAT
- 2003-10-21 09:50:44 232,319 -c--a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
+ 2006-08-11 18:43:18 232,847 ----a-w C:\WINDOWS\system32\Data\CTP017HW.DAT
- 2003-10-21 09:54:40 265,048 -c--a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
+ 2006-08-11 18:43:22 265,624 ----a-w C:\WINDOWS\system32\Data\CTP0191W.DAT
- 2003-10-21 09:54:40 266,617 -c--a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
+ 2006-08-11 18:43:22 267,193 ----a-w C:\WINDOWS\system32\Data\CTP0192W.DAT
- 2003-10-21 09:50:42 233,453 -c--a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
+ 2006-08-11 18:43:14 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0221W.DAT
- 2003-10-21 09:50:42 233,453 -c--a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
+ 2006-08-11 18:43:14 233,894 ----a-w C:\WINDOWS\system32\Data\CTP0222W.DAT
- 2003-10-21 09:54:42 267,038 -c--a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
+ 2006-08-11 18:43:24 267,614 ----a-w C:\WINDOWS\system32\Data\CTP0230W.DAT
- 2003-10-21 09:54:42 265,695 -c--a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
+ 2006-08-11 18:43:24 266,271 ----a-w C:\WINDOWS\system32\Data\CTP0231W.DAT
- 2003-10-21 09:54:42 267,038 -c--a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
+ 2006-08-11 18:43:24 267,614 ----a-w C:\WINDOWS\system32\Data\CTP0232W.DAT
- 2003-10-21 09:54:42 265,396 -c--a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
+ 2006-08-11 18:43:24 265,972 ----a-w C:\WINDOWS\system32\Data\CTP0238W.DAT
- 2003-10-21 09:54:44 307,781 -c--a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
+ 2006-08-11 18:43:26 309,525 ----a-w C:\WINDOWS\system32\Data\CTP0240W.DAT
- 2003-10-21 09:54:44 308,441 -c--a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
+ 2006-08-11 18:43:28 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0242W.DAT
- 2003-10-21 09:54:44 307,511 -c--a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
+ 2006-08-11 18:43:28 309,255 ----a-w C:\WINDOWS\system32\Data\CTP0243W.DAT
- 2003-10-21 09:54:44 308,441 -c--a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
+ 2006-08-11 18:43:28 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0244W.DAT
- 2003-10-21 09:54:44 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2006-08-11 18:43:28 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0245W.DAT
+ 2006-08-11 18:43:30 310,185 ----a-w C:\WINDOWS\system32\Data\CTP0246W.DAT
- 2003-10-21 09:54:44 307,052 -c--a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
+ 2006-08-11 18:43:30 308,796 ----a-w C:\WINDOWS\system32\Data\CTP0249W.DAT
- 2003-10-21 09:54:46 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
+ 2006-08-11 18:43:30 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0280W.DAT
- 2003-10-21 09:54:46 306,965 -c--a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
+ 2006-08-11 18:43:32 308,709 ----a-w C:\WINDOWS\system32\Data\CTP0320W.DAT
- 2003-10-21 09:54:46 312,351 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
+ 2006-08-11 18:43:32 314,095 ----a-w C:\WINDOWS\system32\Data\CTP0350W.DAT
- 2003-10-21 09:54:46 310,240 -c--a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2006-08-11 18:43:32 311,984 ----a-w C:\WINDOWS\system32\Data\CTP0352W.DAT
+ 2006-08-11 18:43:36 312,649 ----a-w C:\WINDOWS\system32\Data\CTP0355W.DAT
+ 2006-08-11 18:43:34 312,007 ----a-w C:\WINDOWS\system32\Data\CTP0358W.DAT
+ 2006-08-11 18:43:34 311,077 ----a-w C:\WINDOWS\system32\Data\CTP0359W.DAT
- 2003-10-21 09:54:46 308,787 -c--a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2006-08-11 18:43:34 310,531 ----a-w C:\WINDOWS\system32\Data\CTP0360W.DAT
+ 2006-08-11 18:43:36 310,531 ----a-w C:\WINDOWS\system32\Data\CTP0380W.DAT
+ 2006-08-11 18:43:36 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0400W.DAT
+ 2006-08-11 18:45:08 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0460W.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP0463W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0464W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0465W.DAT
+ 2006-08-11 18:45:08 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0466W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0468W.DAT
+ 2006-08-11 18:45:10 245,093 ----a-w C:\WINDOWS\system32\Data\CTP0469W.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046AW.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046BW.DAT
+ 2006-08-11 18:45:10 244,765 ----a-w C:\WINDOWS\system32\Data\CTP046CW.DAT
+ 2006-08-11 18:44:24 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0530L.DAT
+ 2006-08-11 18:43:42 312,182 ----a-w C:\WINDOWS\system32\Data\CTP0530W.DAT
+ 2006-08-11 18:45:08 222,944 ----a-w C:\WINDOWS\system32\Data\CTP0531L.DAT
+ 2006-08-11 18:44:26 312,182 ----a-w C:\WINDOWS\system32\Data\CTP0531W.DAT
+ 2006-08-11 18:45:10 245,351 ----a-w C:\WINDOWS\system32\Data\CTP0550W.DAT
+ 2006-08-11 18:45:12 245,023 ----a-w C:\WINDOWS\system32\Data\CTP055AW.DAT
+ 2006-08-11 18:43:38 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0600W.DAT
+ 2006-08-11 18:43:38 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0610W.DAT
+ 2006-08-11 18:43:40 310,562 ----a-w C:\WINDOWS\system32\Data\CTP0669W.DAT
+ 2006-08-11 18:45:08 326,466 ----a-w C:\WINDOWS\system32\Data\CTP0679W.DAT
+ 2006-08-11 18:45:10 245,847 ----a-w C:\WINDOWS\system32\Data\CTP0730W.DAT
+ 2006-08-11 18:45:12 245,847 ----a-w C:\WINDOWS\system32\Data\CTP073AW.DAT
- 2003-10-21 09:50:36 230,861 -c--a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
+ 2006-08-11 18:43:06 231,389 ----a-w C:\WINDOWS\system32\Data\CTP1140W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
+ 2006-08-11 18:43:04 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4620W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4670W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
+ 2006-08-11 18:43:04 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4760W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4780W.DAT
- 2003-10-21 09:50:38 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4790W.DAT
- 2003-10-21 09:54:40 257,478 -c--a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
+ 2006-08-11 18:43:20 258,054 ----a-w C:\WINDOWS\system32\Data\CTP4820W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4830W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4831W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
+ 2006-08-11 18:43:10 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4832W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4840W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4850W.DAT
- 2003-10-21 09:50:36 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4870W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4871W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
+ 2006-08-11 18:43:08 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4872W.DAT
- 2003-10-21 09:50:38 230,201 -c--a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
+ 2006-08-11 18:43:06 230,729 ----a-w C:\WINDOWS\system32\Data\CTP4875W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4890W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
+ 2006-08-11 18:43:10 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4891W.DAT
- 2003-10-21 09:50:40 229,335 -c--a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
+ 2006-08-11 18:43:12 229,863 ----a-w C:\WINDOWS\system32\Data\CTP4893W.DAT
- 2003-10-21 09:50:40 232,319 -c--a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
+ 2006-08-11 18:43:14 232,847 ----a-w C:\WINDOWS\system32\Data\CTPDXW.DAT
- 2003-10-21 09:50:36 230,861 -c--a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2006-08-11 18:43:06 231,389 ----a-w C:\WINDOWS\system32\Data\CTPM002W.DAT
+ 2006-08-11 18:43:04 2,091 ----a-w C:\WINDOWS\system32\Data\CTS20X.DAT
+ 2008-04-28 15:48:15 98,304 ----a-w C:\WINDOWS\system32\dbcfg.dll
+ 2004-08-04 08:07:21 1,788 -c--a-w C:\WINDOWS\system32\dcache.bin
+ 2006-08-11 18:42:50 47,104 ----a-w C:\WINDOWS\system32\DEVREG.DLL
- 2003-10-06 06:38:06 65,536 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
+ 2006-08-11 18:56:28 33,792 -c--a-w C:\WINDOWS\system32\dllcache\a3d.dll
- 2007-06-14 18:09:18 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2007-12-07 01:07:12 1,023,488 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2007-06-14 18:09:18 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2007-12-07 01:07:12 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2007-06-14 18:09:18 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2007-12-07 01:07:12 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 06:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
+ 2004-08-04 05:07:58 60,288 -c--a-w C:\WINDOWS\system32\dllcache\drmk.sys
piratenews
2008-06-08, 21:08
COMBOFIX PART 2


- 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
+ 2008-05-28 15:39:58 10,752 -c--a-w C:\WINDOWS\system32\dllcache\dumprep.exe
- 2007-06-14 18:09:18 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2007-06-14 18:09:19 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2007-12-07 01:07:12 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2004-08-04 05:08:22 10,624 -c--a-w C:\WINDOWS\system32\dllcache\gameenum.sys
- 2007-06-14 14:07:24 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2007-12-06 13:07:07 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2007-06-14 18:09:19 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2007-12-07 01:07:12 251,392 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2007-05-16 15:12:02 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 -c----w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2007-12-07 01:07:12 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-11-14 07:26:56 450,560 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv
- 2004-08-04 06:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 05:15:22 140,928 -c--a-w C:\WINDOWS\system32\dllcache\ks.sys
+ 2004-08-04 06:56:42 4,096 -c--a-w C:\WINDOWS\system32\dllcache\ksuser.dll
- 2006-08-17 12:28:27 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv
+ 2007-12-18 09:51:35 179,584 -c----w C:\WINDOWS\system32\dllcache\mrxdav.sys
- 2007-06-14 18:09:20 3,058,688 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2007-06-14 18:09:19 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2007-06-14 18:09:19 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2007-12-07 01:07:13 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2007-12-07 01:07:13 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2007-05-17 11:28:05 549,376 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 -c----w C:\WINDOWS\system32\dllcache\oleaut32.dll
- 2007-06-14 18:09:20 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2004-08-04 06:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2004-08-04 05:15:50 145,792 -c--a-w C:\WINDOWS\system32\dllcache\portcls.sys
+ 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2007-07-09 13:09:42 584,192 -c----w C:\WINDOWS\system32\dllcache\rpcrt4.dll
- 2007-06-14 18:09:20 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2007-06-14 18:09:20 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv
- 2004-08-04 06:08:02 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
+ 2004-08-04 05:08:02 48,640 -c--a-w C:\WINDOWS\system32\dllcache\stream.sys
- 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2007-06-14 18:09:20 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-07 01:07:14 615,424 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv
+ 2004-08-04 06:56:58 23,552 -c--a-w C:\WINDOWS\system32\dllcache\wdmaud.drv
- 2007-06-26 14:09:10 658,944 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2007-12-07 01:07:14 659,456 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe
- 2004-09-22 22:46:12 229,376 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2007-10-27 21:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe
+ 2005-06-08 17:08:34 1,359,744 ----a-w C:\WINDOWS\system32\drivers\CT0531FL.SYS
- 2003-11-05 06:26:02 645,392 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
+ 2006-08-11 18:45:14 502,272 ----a-w C:\WINDOWS\system32\drivers\ctac32k.sys
- 2003-11-19 02:13:54 366,160 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
+ 2006-08-11 18:45:38 499,584 ----a-w C:\WINDOWS\system32\drivers\ctaud2k.sys
- 2003-10-14 03:17:56 332,800 -c--a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
+ 2005-11-10 21:06:04 340,704 ----a-w C:\WINDOWS\system32\drivers\ctdvda2k.sys
- 2002-12-30 02:53:36 12,160 -c--a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2002-12-30 14:53:36 12,160 ----a-w C:\WINDOWS\system32\drivers\CTGAME.SYS
+ 2005-09-06 18:02:20 1,365,888 ----a-w C:\WINDOWS\system32\drivers\CTMMFILT.SYS
- 2003-10-08 02:06:50 178,672 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
+ 2006-08-11 18:45:24 116,224 ----a-w C:\WINDOWS\system32\drivers\ctoss2k.sys
- 2003-10-08 02:08:12 6,096 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
+ 2006-08-11 18:45:40 7,168 ----a-w C:\WINDOWS\system32\drivers\ctprxy2k.sys
- 2003-10-08 02:09:10 130,288 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
+ 2006-08-11 18:45:18 143,872 ----a-w C:\WINDOWS\system32\drivers\ctsfm2k.sys
- 2004-08-04 06:07:58 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 05:07:58 60,288 ----a-w C:\WINDOWS\system32\drivers\drmk.sys
+ 2004-08-04 06:07:57 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys
- 2003-10-13 09:42:12 145,488 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
+ 2006-08-11 18:45:18 78,336 ----a-w C:\WINDOWS\system32\drivers\emupia2k.sys
- 2004-08-04 06:08:21 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
+ 2004-08-04 05:08:22 10,624 ----a-w C:\WINDOWS\system32\drivers\gameenum.sys
- 2003-10-21 09:26:08 904,496 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2006-08-11 18:45:26 766,976 ----a-w C:\WINDOWS\system32\drivers\ha10kx2k.sys
+ 2006-08-11 18:45:32 1,110,016 ----a-w C:\WINDOWS\system32\drivers\ha20x2k.sys
- 2003-10-21 09:23:44 148,432 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2006-08-11 18:45:26 154,112 ----a-w C:\WINDOWS\system32\drivers\haP16v2k.sys
+ 2006-08-11 18:45:28 180,224 ----a-w C:\WINDOWS\system32\drivers\haP17v2k.sys
- 2004-08-04 06:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
+ 2004-08-04 05:15:22 140,928 ----a-w C:\WINDOWS\system32\drivers\ks.sys
- 2004-08-04 06:00:56 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
+ 2003-03-31 12:00:00 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys
- 2003-03-05 16:19:28 15,840 ----a-w C:\WINDOWS\system32\drivers\PfModNT.sys
+ 2006-08-11 18:56:36 8,192 ----a-w C:\WINDOWS\system32\drivers\pfmodnt.sys
- 2004-08-04 06:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
+ 2004-08-04 05:15:50 145,792 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
- 2005-03-03 04:48:59 12,400 -c--a-w C:\WINDOWS\system32\drivers\secdrv.sys
+ 2007-11-13 10:25:53 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
- 2004-08-04 06:08:02 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
+ 2004-08-04 05:08:02 48,640 ----a-w C:\WINDOWS\system32\drivers\stream.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2004-07-31 22:50:36 51,200 -c--a-w C:\WINDOWS\system32\dumphive.exe
+ 2004-07-31 21:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
- 2004-08-04 07:56:48 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
+ 2008-05-28 15:39:58 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
- 2007-06-14 18:09:18 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2007-12-07 01:07:12 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2007-06-14 18:09:19 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2007-12-07 01:07:12 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2001-07-11 02:51:00 77,824 -c--a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2001-07-11 14:51:00 77,824 ----a-w C:\WINDOWS\system32\EAXAC3.DLL
+ 2006-08-11 18:43:02 4,096 ----a-w C:\WINDOWS\system32\ENLOCSTR.EXE
- 2007-06-14 18:09:19 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2007-12-07 01:07:12 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-02-18 00:16:19 395,960 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-05-09 18:53:05 423,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-03-26 12:50:45 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2007-06-14 18:09:19 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2007-12-07 01:07:12 251,392 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2002-05-27 01:00:00 294,912 ------w C:\WINDOWS\system32\Import-Export\EpExifpi.dll
+ 2002-06-03 18:31:52 172,032 ------w C:\WINDOWS\system32\Import-Export\EPPIM2pi.DLL
+ 2002-05-27 01:00:00 229,376 ------w C:\WINDOWS\system32\Import-Export\EpTiffpi.dll
- 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2007-06-14 18:09:19 96,256 -c--a-w C:\WINDOWS\system32\inseng.dll
+ 2007-12-07 01:07:12 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-11-14 07:26:56 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2007-06-14 18:09:19 16,384 -c--a-w C:\WINDOWS\system32\jsproxy.dll
+ 2007-12-07 01:07:12 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2003-03-31 12:00:00 2,000 -c--a-w C:\WINDOWS\system32\keyboard.drv
- 2007-11-22 17:41:57 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2008-05-27 14:31:36 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
- 2003-03-14 01:33:40 53,248 -c--a-w C:\WINDOWS\system32\KILLAPPS.EXE
+ 2006-08-11 18:43:00 9,216 ----a-w C:\WINDOWS\system32\KILLAPPS.EXE
- 2004-08-04 07:56:42 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
+ 2004-08-04 06:56:42 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
- 2006-08-17 12:28:27 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:26:56 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2003-03-31 12:00:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll
+ 2008-03-25 00:21:00 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
+ 2008-03-25 00:21:00 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-04-22 00:52:34 110,592 ----a-w C:\WINDOWS\system32\monsrv.dll
+ 2003-03-31 12:00:00 2,032 -c--a-w C:\WINDOWS\system32\mouse.drv
- 2007-09-05 23:50:44 17,474,680 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 12:30:56 19,148,408 -c--a-w C:\WINDOWS\system32\MRT.exe
+ 2008-04-19 23:40:58 126,976 ----a-w C:\WINDOWS\system32\MsgCfg.dll
- 2007-06-14 18:09:20 3,058,688 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2007-12-07 14:37:14 3,059,200 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2007-06-14 18:09:19 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2007-12-07 01:07:13 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2007-06-14 18:09:19 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2007-12-07 01:07:13 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2007-06-14 18:09:20 532,480 -c--a-w C:\WINDOWS\system32\mstime.dll
+ 2007-12-07 01:07:13 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2006-03-29 11:38:48 663,675 ----a-w C:\WINDOWS\system32\OALInst.exe
- 2007-05-17 11:28:05 549,376 ------w C:\WINDOWS\system32\oleaut32.dll
+ 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
- 2003-10-14 03:53:40 155,648 -c--a-w C:\WINDOWS\system32\OPENAL32.DLL
+ 2008-03-19 20:47:37 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
- 2008-03-18 18:06:36 70,232 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-21 18:29:43 70,232 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-18 18:06:36 419,224 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-21 18:29:43 419,224 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2003-10-13 09:41:16 114,688 ----a-w C:\WINDOWS\system32\PIAPROXY.DLL
+ 2006-08-11 18:45:16 73,728 ----a-w C:\WINDOWS\system32\piaproxy.dll
- 2007-06-14 18:09:20 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2007-12-07 01:07:13 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 00:31:31 106,496 ----a-w C:\WINDOWS\system32\procen.dll
- 2003-06-06 01:13:00 53,248 -c--a-w C:\WINDOWS\system32\Process.exe
+ 2003-06-06 00:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2008-04-18 10:50:35 102,400 ----a-w C:\WINDOWS\system32\ProcMnt.dll
+ 2008-05-06 03:17:56 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
+ 2008-05-06 03:18:12 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
- 2005-08-30 03:54:26 1,287,168 ----a-w C:\WINDOWS\system32\quartz.dll
+ 2007-10-29 22:43:03 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
- 2001-06-28 03:05:52 36,864 -c--a-w C:\WINDOWS\system32\REGPLIB.EXE
+ 2006-08-11 18:45:18 33,792 ----a-w C:\WINDOWS\system32\REGPLIB.EXE
- 2004-08-04 07:56:44 581,120 ----a-w C:\WINDOWS\system32\rpcrt4.dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4.dll
- 2001-08-17 06:35:46 36,864 -c--a-w C:\WINDOWS\system32\sfman32.dll
+ 2006-08-11 18:45:20 21,504 ----a-w C:\WINDOWS\system32\sfman32.dll
- 2003-10-06 06:47:46 172,032 -c--a-w C:\WINDOWS\system32\SFMS32.DLL
+ 2006-08-11 18:45:20 120,832 -c--a-w C:\WINDOWS\system32\SFMS32.DLL
- 2007-06-14 18:09:20 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2007-12-07 01:07:13 1,494,528 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-06-14 18:09:20 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2007-12-07 01:07:13 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2003-03-31 12:00:00 1,744 -c--a-w C:\WINDOWS\system32\sound.drv
+ 2003-07-08 07:00:00 2,523 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_A4X2H1.DAT
+ 2002-06-12 08:00:00 315,392 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DCON02.DLL
+ 2003-07-24 09:00:00 51,472 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DDSP13.DLL
+ 2003-06-16 08:00:00 117,760 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DHMM12.DLL
+ 2003-06-27 08:00:00 750,592 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DHT41D.DLL
+ 2003-07-23 06:01:00 1,108,480 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DI08FA.DLL
+ 2003-06-19 08:00:00 418,304 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DJB307.DLL
+ 2003-07-04 09:00:00 64,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DMAI16.DLL
+ 2003-01-14 07:00:00 151,552 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DMSG00.EXE
+ 2003-01-09 08:00:00 144,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DPPE03.EXE
+ 2003-02-05 08:00:00 509,952 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DPUI03.DLL
+ 2003-07-29 08:00:00 4,679,680 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DS80FE.DLL
+ 2003-08-06 09:00:00 384,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DU18KE.DLL
+ 2003-06-27 08:00:00 90,112 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_DUMWF2.DLL
+ 2003-07-08 05:01:00 115,712 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H26UIA.DLL
+ 2003-08-05 05:00:00 954,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H490H2.DLL
+ 2003-08-05 05:00:00 80,384 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_H4E0H2.DLL
+ 2002-07-01 06:02:00 62,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S00RP1.EXE
+ 2003-02-14 07:06:00 105,984 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S10MT1.EXE
+ 2003-02-14 07:04:00 77,312 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S10RN1.EXE
+ 2003-05-19 07:11:00 200,704 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S1T0A1.EXE
+ 2003-08-06 07:00:00 318,464 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S490H1.DLL
+ 2003-08-06 07:00:00 236,032 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S4E2H1.DLL
+ 2003-07-08 07:00:00 99,840 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_S4I2H1.EXE
+ 2003-05-16 08:13:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SIINS1.EXE
+ 2003-04-18 07:01:00 16,048 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SKN161.DLL
+ 2003-04-18 07:01:00 78,336 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\E_SKN321.DLL
+ 2003-07-17 05:04:00 139,264 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBAPI4.DLL
+ 2003-07-28 05:07:00 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBPLPT4.DLL
+ 2002-09-30 05:01:00 94,208 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EBPSHRE4.DLL
+ 2002-06-07 08:00:00 28,160 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPIBSR30.EXE
+ 2003-04-03 08:00:00 52,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPIPGI10.DLL
+ 2003-02-20 05:08:00 54,784 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPSET32.DLL
+ 2002-12-13 09:57:00 414,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUPDATE.EXE
+ 2003-06-27 11:00:06 180,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUTIX25.DLL
+ 2003-06-27 11:00:06 38,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\EPUTIX25.EXE
+ 2002-12-11 05:03:00 122,880 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\SAGENT4.EXE
+ 2002-12-13 09:57:00 48,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_photo_r2c5c0\SETUP32.DLL
+ 2002-12-13 13:57:00 414,976 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\EPUPDATE.EXE
+ 2002-12-13 13:57:00 48,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\SETUP32.DLL
- 2006-04-27 21:49:30 288,417 -c--a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2006-04-27 20:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2008-04-21 10:32:42 106,496 ----a-w C:\WINDOWS\system32\srvapl.dll
+ 2008-04-25 23:25:12 106,496 ----a-w C:\WINDOWS\system32\straplmsg.dll
- 2007-07-18 12:42:22 60,416 -c----w C:\WINDOWS\system32\tzchange.exe
+ 2007-11-13 11:31:11 60,416 ------w C:\WINDOWS\system32\tzchange.exe
- 2007-06-14 18:09:20 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2007-12-07 01:07:14 615,424 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-27 11:10:55 110,592 ----a-w C:\WINDOWS\system32\UtilAdm.dll
+ 2008-04-16 06:48:23 110,592 ----a-w C:\WINDOWS\system32\UtilComSet.dll
+ 2008-03-22 19:49:39 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
- 2007-09-06 04:22:24 289,144 -c--a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-09-06 03:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2003-03-31 12:00:00 2,176 -c--a-w C:\WINDOWS\system32\vga.drv
- 2004-08-04 07:56:57 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
+ 2004-08-04 06:56:58 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv
- 2007-06-26 14:09:10 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2007-12-07 01:07:14 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2003-03-31 12:00:00 2,864 -c--a-w C:\WINDOWS\system32\winsock.dll
+ 2003-03-31 12:00:00 2,112 -c--a-w C:\WINDOWS\system32\winspool.exe
- 2004-09-22 22:46:12 229,376 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2003-03-31 12:00:00 2,736 -c--a-w C:\WINDOWS\system32\wowdeb.exe
+ 2008-03-19 20:47:37 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
+ 2007-10-04 03:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
- 2007-06-14 13:39:54 115,712 ------w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-12-06 09:38:31 350,720 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2000-08-31 12:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe
+ 2000-08-31 12:00:00 68,096 ----a-w C:\WINDOWS\zip.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344B7EF2-9819-299E-51CB-018EEAA2D736}]
2008-05-21 11:56 110592 --a------ C:\WINDOWS\system32\admdsc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgnid]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gms31.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd51.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
backup=C:\WINDOWS\pss\svchost.exeCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John Lee^Start Menu^Programs^Startup^info.exe]
path=C:\Documents and Settings\John Lee\Start Menu\Programs\Startup\info.exe
backup=C:\WINDOWS\pss\info.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 05:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\admrgzcl]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\admrgzcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\advap32]
C:\WINDOWS\system32\msgk387.exe/r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\agzlhjyb]
C:\Program Files\Zailakrn\agzlhjyb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ajwvivwh]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atubgxav]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\atubgxav.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoload]
C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avkftkuj]
--a------ 2008-04-02 15:13 102400 C:\WINDOWS\system32\bqxgvwxo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\azqteduj]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\azqteduj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdbhljfb]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdpfdpft]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bdrtjhfh]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfbjffnb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bfjbjbbr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bhnbbblr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjfbbnfj]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bjjrtb]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bnjprlnj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Brave-Sentry]
C:\Program Files\BraveSentry\BraveSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brfnnbnn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brlbjnrr]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\buvobwlu]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\buvobwlu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bvwptbsi]
--a------ 2008-04-27 07:10 102400 C:\WINDOWS\system32\bohodqhy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bwbcvybi]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfuvubgd]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
--a------ 2008-03-13 01:10 26112 C:\WINDOWS\system32\wbem\csrss.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a------ 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddopuymx]
C:\Program Files\Jgcizuhb\ddopuymx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddphnj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddrpphfd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dhhlldtp]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dhpdtj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlfhldtt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlttddlh]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dnfjnfpd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveSystem]
C:\WINDOWS\system32\maxpaynowti1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtbdpl]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtdddhdt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtddtttf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtfjrrrh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dtrnffdj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\elitcvol]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\elitcvol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbfnrfnj]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fbnjflrb]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fdtdtp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffbnbdpb]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ffffnf]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhfphp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fhfrjjnf]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjbdjjrh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjsskbze]
C:\Program Files\Iuzmoqrn\fjsskbze.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flcvscpl]
C:\Program Files\Ffotrmup\flcvscpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fldtphth]
C:\WINDOWS\TEMP\ldlddpldttt.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fnfbnr]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fpntrppt]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fucghrpz]
--a------ 2008-03-17 19:36 48640 C:\Program Files\Orffrake\fucghrpz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
--a--c--- 2005-07-12 15:35 473928 C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gdizatqp]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\gdizatqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\glssewff]
C:\WINDOWS\system32\rklwbqty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcjjrfga]
C:\Program Files\Ukwgteha\hcjjrfga.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hddhlthh]
C:\WINDOWS\TEMP\ttllbnrddlj.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdfpltpp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdhflhdl]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdhrhtpn]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hdltthhh]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hgbqlgnq]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhdbpd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhjg5jfd93dftdf]
C:\WINDOWS\TEMP\winlogan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhpjrtrh]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hhtdptph]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hjdbttdp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hjzskweh]
C:\WINDOWS\system32\haxqpepk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlbhrdrt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hlphllrp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hntnldpb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a--c--- 2005-06-21 17:44 126976 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpdtttdd]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpnwviiy]
C:\WINDOWS\system32\nmdyfyne.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppdbhth]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htddtlll]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htdthlhd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\htgmiqwj]
C:\WINDOWS\system32\sjofkvmz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthdphnj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthhdj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hthpdhdd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hvjxtkos]
C:\WINDOWS\system32\mvclorsx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxaoehiw]
C:\Program Files\Bruslibn\hxaoehiw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hxymopxj]
--a------ 2008-03-18 00:24 48640 C:\Program Files\Wkrlenst\hxymopxj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iiuqhadp]
C:\WINDOWS\system32\ankfslit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ikfrdeos]
C:\Program Files\Nemgmdaq\ikfrdeos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\imwmpapb]
C:\Program Files\Pghxgfpu\imwmpapb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iqccrbxf]
C:\Program Files\Urfhsfjs\iqccrbxf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSecurity applet]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ixbvwfoo]
C:\WINDOWS\system32\mrgdmhql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jbhtndtt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jddnrddp]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfbhjnrn]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfnbrfrp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfntlt]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfrfnrjj]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnbnbfnd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jnjbfnbf]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint
piratenews
2008-06-08, 21:08
COMBOFIX PART 3


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jnskdfmf9eldfd]
C:\DOCUME~1\JOHNLE~1\LOCALS~1\Temp\csrssc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrfjfdlt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrjbfrbd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jrnjnbjr]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jthlpd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jzclvydd]
C:\WINDOWS\system32\bedarspg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kbqnmhel]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kekponwx]
C:\WINDOWS\system32\xitidwty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\klmngtet]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\klmngtet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kozqfxfg]
C:\Program Files\Rrljelam\kozqfxfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\krwzmpex]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\krwzmpex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktobqrwd]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lbhnlnpf]
C:\WINDOWS\TEMP\dhtjdlpt.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldblhhfj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lddhphll]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lddthlpt]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldhphjtt]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldttjhpp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Manager]
--a--c--- 2001-06-14 13:42 53248 C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X83 Button Monitor]
--a--c--- 2001-10-18 11:25 40960 C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfffbfnr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfprbplj]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lfrtrl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhhtthfr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lhppttdd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ljlfhthp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llbhjh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lldddhhl]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lldthhbn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhfftlh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhjhttj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llhrdjpj]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lllldtdh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llltlpht]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\llpdhllt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lltpdrjf]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lltttdph]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lndfpp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lnfnhrjb]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lpfhldjf]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lppptldp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lpthpptt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrfpbb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mdcvwpqv]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlqdwxef]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mppds]
C:\WINDOWS\mppds.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msphldex]
C:\WINDOWS\system32\yrcrkdun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
--a--c--- 2005-10-17 16:24 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\naiotpqs]
C:\Program Files\Tkmrdeil\naiotpqs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nboybimn]
C:\Program Files\Uocxgrut\nboybimn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ncwsiyal]
C:\WINDOWS\system32\tghapypy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndbnbdfj]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndprhldl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ndtfrplj]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nfjnfjtb]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njnbrntf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njrrbn]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nldtnphp]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nlrzkvgr]
C:\Program Files\Yvnmpsfq\nlrzkvgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nnjnfbjb]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nplttrdd]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\npphtdlh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrdnjntj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrfbnbrt]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrjqrgwi]
C:\Program Files\Bjwgpido\nrjqrgwi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrlnflrr]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nrnjrnff]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oiopwjko]
C:\Program Files\Jzdxcrvx\oiopwjko.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnlineArmor GUI]
--a------ 2008-04-17 05:25 5545536 C:\Program Files\Tall Emu\Online Armor\oaui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ozmvkdqp]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pabedoza]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pabedoza.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdbphtnr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdltdpth]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdpdphdp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdtddtph]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pftptnbh]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phpphdpt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pjrdnjjb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pkfsykan]
C:\WINDOWS\system32\mjirirez.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\plpppdpl]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pmlypovk]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\pmlypovk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pnbdbj]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppdprp]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pphttpdp]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppjdbnjn]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppldfdlp]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pplrthld]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pptdltdt]
C:\WINDOWS\TEMP\ttpplddldlp.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pptpplpt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PromoReg]
C:\WINDOWS\system32\alt.exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qavrnrjb]
C:\WINDOWS\system32\qavrnrjb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qfoeeqkl]
C:\Program Files\Mobrdadk\qfoeeqkl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qpasynse]
C:\Program Files\Hphnwvyk\qpasynse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qrtdrglx]
--a------ 2008-05-19 19:00 102400 C:\WINDOWS\system32\puvkbohq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvwvklqf]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rbjrnjbn]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rddfhbff]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rddhfl]
C:\WINDOWS\TEMP\ttpplddldlp.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-13 15:40 214608 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regscan]
C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]
--a--c--- 2003-10-08 16:35 139264 C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfrfljnl]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rfrjfnnj]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhffrbrt]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rhthpl]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rjbnrbbj]
C:\WINDOWS\TEMP\lrnhhthh.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rkjovyzk]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnbnrnjr]
C:\WINDOWS\TEMP\dtfjfrllrrp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rnhffphn]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rrbrnr]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu27.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ryfktuji]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ryfktuji.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-01-28 11:43 5146448 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a--c--- 2005-10-14 01:18 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
C:\WINDOWS\system32\wind32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemDrive]
C:\WINDOWS\system32\maxpaynow1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskmon]
C:\WINDOWS\taskmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbtfhtbd]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdlhtdht]
C:\WINDOWS\TEMP\thpldt.drv WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdpjltdl]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdrrhj]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tdtdltpt]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
--a------ 2007-03-07 10:58 1773568 C:\Program Files\Support.com\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thlhdh]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thptdt]
C:\WINDOWS\TEMP\ffjdhf.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tijwncze]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\tijwncze.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tjhjlhhr]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-13 15:40 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlldnldp]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlpddtth]
C:\WINDOWS\TEMP\lhdtpp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlphjlph]
C:\WINDOWS\TEMP\bnhljd.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlphnt]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tlrpbttd]
C:\WINDOWS\TEMP\bpnfbnhtdnp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tltphhlh]
C:\WINDOWS\TEMP\ndrlblhljb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tnmynbil]
C:\Program Files\Ihjyqtpj\tnmynbil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tntjnd]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpblshao]
C:\Program Files\Hnqkjucr\tpblshao.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tplhptth]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tpphhppp]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tptldptf]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracker]
c:\program files\tracker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trnpfljj]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\trttphnd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ttbhhhrb]
C:\WINDOWS\TEMP\nnrfnnbbnrj.sys WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tthlddhh]
C:\WINDOWS\TEMP\ltpplllp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tttpdphd]
C:\WINDOWS\TEMP\hcjqhsj.nls WLEntryPoint

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ubcredal]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ubcredal.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ufofsron]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\ufofsron.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uugokkhw]
C:\WINDOWS\system32\nwxyhkxs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uweoswtc]
C:\WINDOWS\system32\qxgrmxgl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a--c--- 2004-11-12 13:24 106557 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vqzyjyno]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vzhdavza]
C:\Program Files\Zsuczuvx\vzhdavza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdqzcjeh]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webscan]
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wggdpiak]
C:\Program Files\Iazyumko\wggdpiak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\whulibwj]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\whulibwj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-15 18:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAVX]
C:\WINDOWS\system32\WinAvXX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinMed]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
--------- 2008-01-27 01:38 316728 C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\woclqjdh]
C:\WINDOWS\system32\dcnezuly.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xbtxgkze]
C:\WINDOWS\system32\hufcpoxi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xiumixpr]
C:\Program Files\Kfacetsk\xiumixpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xmrezyho]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\xmrezyho.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xtijziod]
C:\WINDOWS\system32\lejkrohm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xyyhtwwe]
C:\Program Files\Kgatfkzm\xyyhtwwe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydeuhenr]
C:\Program Files\Agglrhai\ydeuhenr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ydgstffl]
C:\Program Files\Ujfdpyxl\ydgstffl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yxqylskv]
C:\WINDOWS\system32\qpebubqn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zguupthq]
C:\Program Files\Vzovtvph\zguupthq.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zhofmsgn]
C:\WINDOWS\system32\hufsrmhs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zlmvompz]
C:\Program Files\Jmvthami\zlmvompz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zqjctcjy]
regsvr32 /u C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Regscan"=C:\WINDOWS\system32\regscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mppds"=C:\WINDOWS\mppds.exe
"fnrtlllf"=rundll32.exe "C:\WINDOWS\TEMP\thpldt.drv" WLEntryPoint
"klmngtet"=regsvr32 /u "C:\Documents and Settings\All Users\Application Data\klmngtet.dll"
"csrss"=C:\WINDOWS\system32\wbem\csrss.exe
"dddltrhb"=rundll32.exe "C:\WINDOWS\TEMP\thpldt.drv" WLEntryPoint
"iSecurity applet"=rundll32.exe iSecurity.cpl,SecurityMonitor
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCP:@xpsp2res.dll,-22005
"26952:TCP"= 26952:TCP:@xpsp2res.dll,-22005
"6071:TCP"= 6071:TCP:@xpsp2res.dll,-22005
"15946:TCP"= 15946:TCP:@xpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 14:38:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-08 14:54:56 - machine was rebooted [John Lee]
ComboFix-quarantined-files.txt 2008-06-08 18:54:44
ComboFix2.txt 2008-03-18 19:02:20

Pre-Run: 35,028,836,352 bytes free
Post-Run: 35,357,483,008 bytes free

1709 --- E O F --- 2008-03-21 11:30:12
piratenews
2008-06-08, 21:10
SDFix: Version 1.189
Run by John Lee on Sun 06/08/2008 at 01:01 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
Google Online Search Service
GMS31

Path :

Google Online Search Service - Deleted
GMS31 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Schedule Service Path
Resetting AppInit_DLLs value


Rebooting

Service asc3550p - Deleted

Checking Files :

Trojan Files Found:

C:\Documents and Settings\John Lee\Local Settings\Application Data\windowsupdate.exe - Deleted
C:\Documents and Settings\LocalService\Local Settings\Application Data\windowsupdate.exe - Deleted
C:\DOCUME~1\JOHNLE~1\FTPDLL.DLL - Deleted
C:\DOCUME~1\LOCALS~1\FTPDLL.DLL - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\Program Files\tmp123497953.exe - Deleted
C:\Program Files\tmp123497968.exe - Deleted
C:\Program Files\tmp123498765.exe - Deleted
C:\Program Files\tmp123498843.exe - Deleted
C:\Program Files\tmp123502031.exe - Deleted
C:\Program Files\tmp123504953.exe - Deleted
C:\Documents and Settings\John Lee\ie_updates3r.exe - Deleted
C:\WINDOWS\system32\smp\msrc.exe - Deleted
C:\Program Files\IE Extensions\cj.v2.dll - Deleted
C:\Documents and Settings\John Lee\nax.exe - Deleted
C:\WINDOWS\system32\akttzn.exe - Deleted
C:\WINDOWS\system32\awtoolb.dll - Deleted
C:\WINDOWS\system32\bdn.com - Deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - Deleted
C:\WINDOWS\system32\credigui.dll - Deleted
C:\WINDOWS\system32\dpcproxy.exe - Deleted
C:\WINDOWS\system32\emesx.dll - Deleted
C:\WINDOWS\system32\gdid32.dll - Deleted
C:\WINDOWS\system32\hoproxy.dll - Deleted
C:\WINDOWS\system32\hxiwlgpm.dat - Deleted
C:\WINDOWS\system32\hxiwlgpm.exe - Deleted
C:\WINDOWS\system32\iphelp.dll - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\medup012.dll - Deleted
C:\WINDOWS\system32\msgp.exe - Deleted
C:\WINDOWS\system32\msnbho.dll - Deleted
C:\WINDOWS\system32\mssecu.exe - Deleted
C:\WINDOWS\system32\mssrv32.exe - Deleted
C:\WINDOWS\system32\msvchost.exe - Deleted
C:\WINDOWS\system32\mtr2.exe - Deleted
C:\WINDOWS\system32\mwin32.exe - Deleted
C:\WINDOWS\system32\n.ini - Deleted
C:\WINDOWS\system32\netd.dll - Deleted
C:\WINDOWS\system32\netode.exe - Deleted
C:\WINDOWS\system32\newsd32.exe - Deleted
C:\WINDOWS\system32\protect.dll - Deleted
C:\WINDOWS\system32\ps1.exe - Deleted
C:\WINDOWS\system32\psof1.exe - Deleted
C:\WINDOWS\system32\psoft1.exe - Deleted
C:\WINDOWS\system32\psx.dll - Deleted
C:\WINDOWS\system32\pxcrt.dll - Deleted
C:\WINDOWS\system32\regc64.dll - Deleted
C:\WINDOWS\system32\regm64.dll - Deleted
C:\WINDOWS\system32\Rundl1.exe - Deleted
C:\WINDOWS\system32\sncntr.exe - Deleted
C:\WINDOWS\system32\ssurf022.dll - Deleted
C:\WINDOWS\system32\ssvchost.com - Deleted
C:\WINDOWS\system32\ssvchost.exe - Deleted
C:\WINDOWS\system32\svchost.t__ - Deleted
C:\WINDOWS\system32\sysreq.exe - Deleted
C:\WINDOWS\system32\taack.dat - Deleted
C:\WINDOWS\system32\taack.exe - Deleted
C:\WINDOWS\system32\temp#01.exe - Deleted
C:\WINDOWS\system32\thun.dll - Deleted
C:\WINDOWS\system32\thun32.dll - Deleted
C:\WINDOWS\system32\VBIEWER.OCX - Deleted
C:\WINDOWS\system32\vbsys2.dll - Deleted
C:\WINDOWS\system32\vcatchpi.dll - Deleted
C:\WINDOWS\system32\winlogonpc.exe - Deleted
C:\WINDOWS\system32\winlugan.exe - Deleted
C:\WINDOWS\system32\winmed.exe - Deleted
C:\WINDOWS\system32\winsystem.exe - Deleted
C:\WINDOWS\system32\WINWGPX.EXE - Deleted
C:\WINDOWS\system32\WLCtrl32.dll - Deleted
C:\WINDOWS\system32\wsock32d.dll - Deleted
C:\WINDOWS\Web\def.htm - Deleted
C:\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\Documents and Settings\John Lee\Local Settings\Application Data\cftmon.exe - Deleted
C:\DOCUME~1\JOHNLE~1\FTPDLL.DLL - Deleted
C:\SDFIX\BACKUP~2\FTPDLL.DLL - Deleted
C:\WINDOWS\SYSTEM32\FTPDLL.DLL - Deleted
C:\SDFix\backups_old1\ie_updates3r.exe - Deleted
C:\WINDOWS\system32\iSecurity.cpl - Deleted
C:\WINDOWS\system32\drivers\spools.exe - Deleted
C:\WINDOWS\system32\drivers\GMS31.sys - Deleted



Folder C:\Program Files\IE Extensions - Removed
Folder C:\Program Files\iSecurity - Removed
Folder C:\WINDOWS\PerfInfo - Removed
Folder C:\WINDOWS\system32\smp - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 13:33:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cksu78]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Cksu78]
"Type"=dword:00000001
"Tag"=dword:00000001
"Group"="System Reserved\0Boot Bus Extender\0System Bus Extender\0SCSI miniport\0Port\0Primary Disk\0SCSI Class\0SCSI CDROM Class\0FSFilter Infrastructure\0FSFilter System\0FSFilter Bottom\0FSFilter Copy Protection\0FSFilter Security Enhancer\0FSFilter Open File\0FSFilter Physical Quota Management\0FSFilter Encryption\0FSFilter Compression\0FSFilter HSM\0FSFilter Cluster File System\0FSFilter System Recovery\0FSFilter Quota Management\0FSFilter Content Screener\0FSFilter Continuous Backup\0FSFilter Replication\0FSFilter Anti-Virus\0FSFilter Undelete\0FSFilter Activity Monitor\0FSFilter Top\0Filter\0Boot File System\0Base\0Pointer Port\0Keyboard Port\0Pointer Class\0Keyboard Class\0Video Init\0Video\0Video Save\0File System\0Event Log\0Streams Drivers\0NDIS Wrapper\0COM Infrastructure\0UIGroup\0LocalValidation\0PlugPlay\0PNP_TDI\0NDIS\0TDI\0NetBIOSGroup\0ShellSvcGroup\0SchedulerGroup\0SpoolerGroup\0AudioGroup\0SmartCardGroup\0NetworkProvider\0RemoteValidation\0NetDDEGroup\0Parallel arbitrator\0Extended Base\0PCI Configuration\0"
"ErrorControl"=dword:00000001
"Start"=dword:00000000

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\Cksu78.sys 167936 bytes executable

scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 1


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"\\findfast.exe"="\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\Replay Converter\14_43260.dll"
Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\Replay Converter\28_83260.dll"
Mon 9 Dec 2002 73,766 A..HR --- "C:\Program Files\Replay Converter\atrc3260.dll"
Mon 9 Dec 2002 65,575 A..HR --- "C:\Program Files\Replay Converter\cook3260.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\Replay Converter\dnet3260.dll"
Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Mon 9 Dec 2002 94,208 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 548,940 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Mon 9 Dec 2002 102,439 A..HR --- "C:\Program Files\Replay Converter\sipr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 5 Jan 2008 4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Thu 13 Mar 2008 38,400 ..SHR --- "C:\WINDOWS\system32\alrsvco.exe"
Thu 13 Mar 2008 38,400 ..SHR --- "C:\WINDOWS\system32\ALSNDMGRd.exe"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 27 May 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 18 Mar 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"
Thu 13 Mar 2008 22,802 ..SHR --- "C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll"
Mon 17 Mar 2008 22,686 ..SHR --- "C:\WINDOWS\Installer\{1ad4b29b-ff03-42c5-9803-969fdcb47c9d}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{2931ea2a-6692-45ed-8180-2ffc3378c658}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{29e9372a-d7d2-4003-91ea-da7e38635700}\zip.dll"
Thu 13 Mar 2008 22,774 ..SHR --- "C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll"
Wed 19 Mar 2008 22,666 ..SHR --- "C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{53b4046e-0116-4d23-b5ce-a76c1a758511}\zip.dll"
Tue 18 Mar 2008 22,614 ..SHR --- "C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll"
Fri 14 Mar 2008 22,786 ..SHR --- "C:\WINDOWS\Installer\{74fdc03e-393c-4c0d-806a-19b427bfd6c8}\zip.dll"
Thu 13 Mar 2008 22,614 ..SHR --- "C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll"
Thu 13 Mar 2008 22,714 ..SHR --- "C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll"
Thu 13 Mar 2008 22,678 ..SHR --- "C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll"
Tue 18 Mar 2008 22,610 ..SHR --- "C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll"

Finished!
Shaba
2008-06-09, 16:25
Hi

I say this once again:

I see no point of cleaning computer infected that badly.

You are using this computer solely on your risk, even after "cleaning".

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\admdsc.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\auqwqdas.tmp
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll

Folder::
C:\Documents and Settings\All Users\Application Data\zazodeji
C:\Documents and Settings\All Users\Application Data\dgpixcds
C:\Documents and Settings\All Users\Application Data\jahihoxw
C:\Documents and Settings\All Users\Application Data\cnifshqp
C:\Documents and Settings\All Users\Application Data\whulahat
C:\Documents and Settings\All Users\Application Data\danwhoha
C:\Documents and Settings\All Users\Application Data\dsxmtkvi
C:\Documents and Settings\All Users\Application Data\fyvgtytu
C:\Documents and Settings\All Users\Application Data\qtglohyd
C:\Documents and Settings\All Users\Application Data\izgtgbct
C:\Documents and Settings\All Users\Application Data\fspmjgfy
C:\Documents and Settings\All Users\Application Data\hydmhcby
C:\Documents and Settings\All Users\Application Data\vmxkzufk
C:\Documents and Settings\All Users\Application Data\yvktobmb
C:\Documents and Settings\All Users\Application Data\parifcpm
C:\Documents and Settings\All Users\Application Data\dunwjghm
C:\Documents and Settings\All Users\Application Data\fmpkrczw
C:\Documents and Settings\All Users\Application Data\dgxwxyjw

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gms31.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxd51.sys]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe]

[-HKLM\~\startupfolder\C:^Documents and Settings^John Lee^Start Menu^Programs^Startup^info.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Regscan"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mppds"=-
"fnrtlllf"=-
"klmngtet"=-
"csrss"=-
"dddltrhb"=-
"iSecurity applet"=-

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{344B7EF2-9819-299E-51CB-018EEAA2D736}]
2008-05-21 11:56 110592 --a------ C:\WINDOWS\system32\admdsc.dll

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgnid]


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
piratenews
2008-06-10, 07:55
Darn! When I ran Combofix my computer just exploded and my house burned down.















Just kidding.

Now how do I hunt down those hackers and get revenge? I'm open to filing criminal charges, as well as extra-judicial measures.

==============================================


ComboFix 08-06-07.3 - John Lee 2008-06-10 1:32:27.6 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John Lee\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\WINDOWS\system32\admdsc.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\auqwqdas.tmp
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\admrgzcl.dll
C:\Documents and Settings\All Users\Application Data\ahgtmdmv.dll
C:\Documents and Settings\All Users\Application Data\ajwvivwh.dll
C:\Documents and Settings\All Users\Application Data\atubgxav.dll
C:\Documents and Settings\All Users\Application Data\azqteduj.dll
C:\Documents and Settings\All Users\Application Data\buvobwlu.dll
C:\Documents and Settings\All Users\Application Data\bwbcvybi.dll
C:\Documents and Settings\All Users\Application Data\cfuvubgd.dll
C:\Documents and Settings\All Users\Application Data\cnifshqp
C:\Documents and Settings\All Users\Application Data\cnifshqp\uzqpkbcb.exe
C:\Documents and Settings\All Users\Application Data\danwhoha
C:\Documents and Settings\All Users\Application Data\danwhoha\fmhurabo.exe
C:\Documents and Settings\All Users\Application Data\dgpixcds
C:\Documents and Settings\All Users\Application Data\dgpixcds\balyzspq.exe
C:\Documents and Settings\All Users\Application Data\dgxwxyjw
C:\Documents and Settings\All Users\Application Data\dgxwxyjw\xqvkngze.exe
C:\Documents and Settings\All Users\Application Data\dojazyds.dll
C:\Documents and Settings\All Users\Application Data\dsxmtkvi
C:\Documents and Settings\All Users\Application Data\dsxmtkvi\vijcnshy.exe
C:\Documents and Settings\All Users\Application Data\dunwjghm
C:\Documents and Settings\All Users\Application Data\dunwjghm\jmdifsvi.exe
C:\Documents and Settings\All Users\Application Data\elazqfct.dll
C:\Documents and Settings\All Users\Application Data\elitcvol.dll
C:\Documents and Settings\All Users\Application Data\fmpkrczw
C:\Documents and Settings\All Users\Application Data\fmpkrczw\bajylylq.exe
C:\Documents and Settings\All Users\Application Data\fspmjgfy
C:\Documents and Settings\All Users\Application Data\fspmjgfy\tibatqzc.exe
C:\Documents and Settings\All Users\Application Data\fyvgtytu
C:\Documents and Settings\All Users\Application Data\fyvgtytu\jobkzwry.exe
C:\Documents and Settings\All Users\Application Data\gdizatqp.dll
C:\Documents and Settings\All Users\Application Data\ghotkrex.dll
C:\Documents and Settings\All Users\Application Data\hydmhcby
C:\Documents and Settings\All Users\Application Data\hydmhcby\rmxodsla.exe
C:\Documents and Settings\All Users\Application Data\izgtgbct
C:\Documents and Settings\All Users\Application Data\izgtgbct\qbetelyx.exe
C:\Documents and Settings\All Users\Application Data\jahihoxw
C:\Documents and Settings\All Users\Application Data\jahihoxw\fqpajude.exe
C:\Documents and Settings\All Users\Application Data\kbqnmhel.dll
C:\Documents and Settings\All Users\Application Data\krwzmpex.dll
C:\Documents and Settings\All Users\Application Data\ktobqrwd.dll
C:\Documents and Settings\All Users\Application Data\mdcvwpqv.dll
C:\Documents and Settings\All Users\Application Data\mlqdwxef.dll
C:\Documents and Settings\All Users\Application Data\ncbqjkxg.dll
C:\Documents and Settings\All Users\Application Data\obunarah.dll
C:\Documents and Settings\All Users\Application Data\ozmvkdqp.dll
C:\Documents and Settings\All Users\Application Data\pabedoza.dll
C:\Documents and Settings\All Users\Application Data\parifcpm
C:\Documents and Settings\All Users\Application Data\parifcpm\jkhsvujc.exe
C:\Documents and Settings\All Users\Application Data\pmlypovk.dll
C:\Documents and Settings\All Users\Application Data\qbqfgjod.dll
C:\Documents and Settings\All Users\Application Data\qtglohyd
C:\Documents and Settings\All Users\Application Data\qtglohyd\qpuxgzan.exe
C:\Documents and Settings\All Users\Application Data\qvwvklqf.dll
C:\Documents and Settings\All Users\Application Data\rkjovyzk.dll
C:\Documents and Settings\All Users\Application Data\ryfktuji.dll
C:\Documents and Settings\All Users\Application Data\tijwncze.dll
C:\Documents and Settings\All Users\Application Data\ubcredal.dll
C:\Documents and Settings\All Users\Application Data\ufofsron.dll
C:\Documents and Settings\All Users\Application Data\vmxkzufk
C:\Documents and Settings\All Users\Application Data\vmxkzufk\jevmxazo.exe
C:\Documents and Settings\All Users\Application Data\vqzyjyno.dll
C:\Documents and Settings\All Users\Application Data\wdqzcjeh.dll
C:\Documents and Settings\All Users\Application Data\whulahat
C:\Documents and Settings\All Users\Application Data\whulahat\ynehglit.exe
C:\Documents and Settings\All Users\Application Data\whulibwj.dll
C:\Documents and Settings\All Users\Application Data\xmrezyho.dll
C:\Documents and Settings\All Users\Application Data\yvktobmb
C:\Documents and Settings\All Users\Application Data\yvktobmb\yjolabel.exe
C:\Documents and Settings\All Users\Application Data\zazodeji
C:\Documents and Settings\All Users\Application Data\zazodeji\rclkxmzi.exe
C:\Documents and Settings\All Users\Application Data\zqjctcjy.dll
C:\WINDOWS\system32\admdsc.dll
C:\WINDOWS\system32\anticipator_delete_virus.dll
C:\WINDOWS\system32\auqwqdas.tmp
C:\WINDOWS\system32\puvkbohq.exe
C:\WINDOWS\system32\strsys.dll
C:\WINDOWS\system32\vmnylyrg.exe
C:\WINDOWS\xobglu16.dll
C:\WINDOWS\xobglu32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-21 23:08 . 2008-06-10 01:31 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 11:56 . 2008-05-21 11:56 <DIR> d-------- C:\Program Files\Cmkkhknc
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 03:40 --------- d-----w C:\Program Files\Screenshot Pilot
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-28 15:39 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-27 14:31 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-09 17:01 --------- d-----w C:\Program Files\MOTORC~1
2008-05-09 17:01 --------- d-----w C:\Program Files\ANYTHI~1
2008-05-09 17:00 --------- d-----w C:\Program Files\worthles
2008-05-09 16:58 --------- d-----w C:\Program Files\NEUROC~1
2008-05-09 16:57 --------- d-----w C:\Program Files\jeru
2008-05-09 16:56 --------- d-----w C:\Program Files\GENERA~1
2008-05-09 16:55 --------- d-----w C:\Program Files\empirest
2008-05-09 16:45 --------- d-----w C:\Program Files\cube
2008-05-09 16:45 --------- d-----w C:\Program Files\creature
2008-05-09 16:44 --------- d-----w C:\Program Files\crakoom
2008-05-09 16:44 --------- d-----w C:\Program Files\COLLEG~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CLONEW~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CAPTAI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BURLES~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLUELI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLINDM~1
2008-05-09 16:43 --------- d-----w C:\Program Files\beatmygu
2008-05-09 16:42 --------- d-----w C:\Program Files\autobahn
2008-05-09 16:42 --------- d-----w C:\Program Files\arnon
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMORP~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMAGG~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ANGRYB~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ANCIEN~1
2008-05-09 16:41 --------- d-----w C:\Program Files\amerika
2008-05-09 16:41 --------- d-----w C:\Program Files\ALIENS~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ABDUCT~1
2008-05-09 16:38 --------- d-----w C:\Program Files\WAYBEY~1
2008-05-09 16:37 --------- d-----w C:\Program Files\dodger
2008-05-09 16:37 --------- d-----w C:\Program Files\dirtydoz
2008-05-09 16:36 --------- d-----w C:\Program Files\crass
2008-05-09 16:36 --------- d-----w C:\Program Files\COPPAK~1
2008-05-09 16:35 --------- d-----w C:\Program Files\conca
2008-05-09 16:35 --------- d-----w C:\Program Files\COLLEG~2
2008-05-09 16:32 --------- d-----w C:\Program Files\alien
2008-05-09 16:32 --------- d-----w C:\Program Files\aldo
2008-05-09 16:31 --------- d-----w C:\Program Files\ACTION~1
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
2008-05-07 00:48 2,014 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-06 03:18 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
2008-05-06 03:17 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-28 15:48 98,304 ----a-w C:\WINDOWS\system32\dbcfg.dll
2008-04-27 11:10 110,592 ----a-w C:\WINDOWS\system32\UtilAdm.dll
2008-04-27 11:10 102,400 ----a-w C:\WINDOWS\system32\bohodqhy.exe
2008-04-25 23:25 106,496 ----a-w C:\WINDOWS\system32\straplmsg.dll
2008-04-24 06:49 126,976 ----a-w C:\WINDOWS\system32\actmnt.dll
2008-04-23 18:42 118,784 ----a-w C:\WINDOWS\system32\apismart.dll
2008-04-23 02:56 122,880 ----a-w C:\WINDOWS\system32\aplen.dll
2008-04-22 00:52 110,592 ----a-w C:\WINDOWS\system32\monsrv.dll
2008-04-21 10:32 106,496 ----a-w C:\WINDOWS\system32\srvapl.dll
2008-04-21 00:31 106,496 ----a-w C:\WINDOWS\system32\procen.dll
2008-04-19 23:40 126,976 ----a-w C:\WINDOWS\system32\MsgCfg.dll
2008-04-18 10:50 102,400 ----a-w C:\WINDOWS\system32\ProcMnt.dll
2008-04-16 06:48 110,592 ----a-w C:\WINDOWS\system32\UtilComSet.dll
2008-04-14 20:11 131,072 ----a-w C:\WINDOWS\system32\admcomwin.dll
2008-04-02 19:13 102,400 ----a-w C:\WINDOWS\system32\bqxgvwxo.exe
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 12:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-22 19:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-19 20:47 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 20:47 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-03-13 15:57 38,400 --sh--r C:\WINDOWS\system32\ALSNDMGRd.exe
2008-03-13 15:57 38,400 --sh--r C:\WINDOWS\system32\alrsvco.exe
2008-03-13 15:56 10,000 ------w C:\WINDOWS\system32\Kf94lfg.dll
2008-03-13 15:45 8,704 ----a-w C:\WINDOWS\system32\rcdll.dll
2008-03-13 05:10 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot_2008-06-08_14.51.24.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 04:17:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 03:56 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCP:@xpsp2res.dll,-22005
"26952:TCP"= 26952:TCP:@xpsp2res.dll,-22005
"6071:TCP"= 6071:TCP:@xpsp2res.dll,-22005
"15946:TCP"= 15946:TCP:@xpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 01:39:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
Completion time: 2008-06-10 1:45:20
ComboFix-quarantined-files.txt 2008-06-10 05:44:14
ComboFix2.txt 2008-06-08 18:54:59
ComboFix3.txt 2008-03-18 19:02:20

Pre-Run: 34,259,288,064 bytes free
Post-Run: 34,242,891,776 bytes free

396 --- E O F --- 2008-03-21 11:30:12


================================================


Am I cured, Doc?

Computer seems to be running great. My mouse problem disappeared, and now I can copy and post in my online email. And I don't have 10 mouse clicks per webpage. Still have a Windows Installer problem. But all in all, it's a big improvement.

Thank ye!
piratenews
2008-06-10, 08:17
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:14:55 AM, on 6/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4465 bytes
Shaba
2008-06-10, 09:04
Hi

We will come to that a bit later :)

Do you recognize these folders?

2008-05-09 17:01 --------- d-----w C:\Program Files\MOTORC~1
2008-05-09 17:01 --------- d-----w C:\Program Files\ANYTHI~1
2008-05-09 17:00 --------- d-----w C:\Program Files\worthles
2008-05-09 16:58 --------- d-----w C:\Program Files\NEUROC~1
2008-05-09 16:57 --------- d-----w C:\Program Files\jeru
2008-05-09 16:56 --------- d-----w C:\Program Files\GENERA~1
2008-05-09 16:55 --------- d-----w C:\Program Files\empirest
2008-05-09 16:45 --------- d-----w C:\Program Files\cube
2008-05-09 16:45 --------- d-----w C:\Program Files\creature
2008-05-09 16:44 --------- d-----w C:\Program Files\crakoom
2008-05-09 16:44 --------- d-----w C:\Program Files\COLLEG~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CLONEW~1
2008-05-09 16:43 --------- d-----w C:\Program Files\CAPTAI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BURLES~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLUELI~1
2008-05-09 16:43 --------- d-----w C:\Program Files\BLINDM~1
2008-05-09 16:43 --------- d-----w C:\Program Files\beatmygu
2008-05-09 16:42 --------- d-----w C:\Program Files\autobahn
2008-05-09 16:42 --------- d-----w C:\Program Files\arnon
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMORP~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ARMAGG~1
2008-05-09 16:42 --------- d-----w C:\Program Files\ANGRYB~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ANCIEN~1
2008-05-09 16:41 --------- d-----w C:\Program Files\amerika
2008-05-09 16:41 --------- d-----w C:\Program Files\ALIENS~1
2008-05-09 16:41 --------- d-----w C:\Program Files\ABDUCT~1
2008-05-09 16:38 --------- d-----w C:\Program Files\WAYBEY~1
2008-05-09 16:37 --------- d-----w C:\Program Files\dodger
2008-05-09 16:37 --------- d-----w C:\Program Files\dirtydoz
2008-05-09 16:36 --------- d-----w C:\Program Files\crass
2008-05-09 16:36 --------- d-----w C:\Program Files\COPPAK~1
2008-05-09 16:35 --------- d-----w C:\Program Files\conca
2008-05-09 16:35 --------- d-----w C:\Program Files\COLLEG~2
2008-05-09 16:32 --------- d-----w C:\Program Files\alien
2008-05-09 16:32 --------- d-----w C:\Program Files\aldo
2008-05-09 16:31 --------- d-----w C:\Program Files\ACTION~1
2008-05-07 22:58 --------- d-----w C:\Program Files\EMPTY
piratenews
2008-06-12, 02:01
Very mysterious names...

Actually, they all look like old font folders that I failed to download to windows/fonts/ directory. Deletable. I've already moved the font files. Folders are empty except for junk txt files.

My file keeping is a little sloppy.
piratenews
2008-06-12, 02:11
Here's a live one today, perhaps:

c:\program files\Cmkkhknc\qitpxww.exe
80kb 5/21/2008
Shaba
2008-06-12, 15:35
Hi

Please click this link-->Jotti (http://virusscan.jotti.org/)

Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\UtilComSet.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\bqxgvwxo.exe

Repeat steps for all files on the list.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
piratenews
2008-06-13, 01:05
File: dbcfg.dll
Status: INFECTED/MALWARE
MD5: 3d28bdacf9b3ddd38195e3bc9abca6a4
Packers detected: -
Scan taken on 12 Jun 2008 22:34:26 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: UtilAdm.dll
Status: INFECTED/MALWARE
MD5: bc9932efe02310de7d0071017faa337f
Packers detected: -
Scan taken on 12 Jun 2008 22:36:55 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: bohodqhy.exe
Status: INFECTED/MALWARE
MD5: 26147e7b4794dadc528d47d9034ae82d
Packers detected: -
Scan taken on 12 Jun 2008 22:38:53 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Downloader.Obfuskated
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Obfuscated.gx
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found Trojan.Win32.Obfuscated.gx
NOD32 Found a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: straplmsg.dll
Status: INFECTED/MALWARE
MD5: d6c69f2ba2aa2668f622efbf0631145d
Packers detected: -
Scan taken on 12 Jun 2008 22:40:51 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: actmnt.dll
Status: INFECTED/MALWARE
MD5: 2ac7afda29681fb3d98125debeae013a
Packers detected: -
Scan taken on 12 Jun 2008 22:42:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found I-Worm/Stration.GWR
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: apismart.dll
Status: INFECTED/MALWARE
MD5: 18437d13e60304b8e89d1dcaad9dc772
Packers detected: -
Scan taken on 12 Jun 2008 22:44:20 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found Vundo.gen170
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: aplen.dll
Status: INFECTED/MALWARE
MD5: 1d64830655e2255760ed5088a4f169d6
Packers detected: -
Scan taken on 12 Jun 2008 22:46:06 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Virtumonde.UXO
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: monsrv.dll
Status: INFECTED/MALWARE
MD5: 5078875f6073909bd27608ddd29ac3d3
Packers detected: -
Scan taken on 12 Jun 2008 22:47:54 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: srvapl.dll
Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false

positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this

scan will not be recorded in the database.)
MD5: 863635efd98ca80cdf148e3cc1a662f4
Packers detected: PE_PATCH
Scan taken on 12 Jun 2008 22:49:59 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

File: procen.dll
Status: INFECTED/MALWARE
MD5: 8a2dd51feedeef88ef106989532384bf
Packers detected: -
Scan taken on 12 Jun 2008 22:51:58 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: MsgCfg.dll
Status: INFECTED/MALWARE
MD5: 4bd86ec30b73bb4336d141759a733ab1
Packers detected: -
Scan taken on 12 Jun 2008 22:53:48 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found Generic10.NYH
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found W32/Virtumonde.USD
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: ProcMnt.dll
Status: INFECTED/MALWARE
MD5: 94dd07b6ebfdd5fb9db71ee7f2314651
Packers detected: PE_PATCH
Scan taken on 12 Jun 2008 22:55:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: UtilComSet.dll
Status: INFECTED/MALWARE
MD5: f4266eb5a17aa0054669ba2599d0ac5d
Packers detected: -
Scan taken on 12 Jun 2008 22:57:11 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: admcomwin.dll
Status: INFECTED/MALWARE
MD5: 4d62528df3771ba56e45a2548f3b19a4
Packers detected: -
Scan taken on 12 Jun 2008 22:58:49 (GMT)
A-Squared Found nothing
AntiVir Found TR/Vundo.Gen
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found Trojan.Vundo
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/EncPk-DG
VirusBuster Found nothing
VBA32 Found nothing

File: bqxgvwxo.exe
Status: INFECTED/MALWARE
MD5: 397cd7d4381e6b7aa77d6e1fa87c0923
Packers detected: -
Scan taken on 12 Jun 2008 23:00:30 (GMT)
A-Squared Found nothing
AntiVir Found TR/Crypt.XPACK.Gen
ArcaVir Found nothing
Avast Found Win32:PureMorph
AVG Antivirus Found Downloader.Obfuskated
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan.Win32.Obfuscated.gx
Fortinet Found nothing
Ikarus Found Trojan.Crypt.XPACK
Kaspersky Anti-Virus Found Trojan.Win32.Obfuscated.gx
NOD32 Found a variant of Win32/TrojanDownloader.FakeAlert.BP
Norman Virus Control Found W32/Smalltroj.DTVA
Panda Antivirus Found nothing
Sophos Antivirus Found Mal/Generic-A
VirusBuster Found nothing
VBA32 Found nothing


Yikes!
Shaba
2008-06-13, 14:17
Hi

Yes all are bad as I expected.

Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)

Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\UtilComSet.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\bqxgvwxo.exe

Go to spykiller (http://www.thespykiller.co.uk/index.php?PHPSESSID=d65884362fbc872b70e1a9a9a7e13700&board=1.0)

Press new topic, make threads title "Files for Shaba"
Include to your message a link to here, then attach the cab/zip file to your message and post the topic
If you cant locate it through the browse button just copy/paste the filename and path.

After that, please reply here and we'll continue :)
piratenews
2008-06-14, 12:25
http://thespykiller.co.uk/index.php/topic,6633.new.html#new
Shaba
2008-06-14, 12:33
Hi

Thanks for that :)

Open notepad and copy/paste the text in the codebox below into it:


File::
C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\UtilComSet.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\bqxgvwxo.exe
C:\WINDOWS\system32\ALSNDMGRd.exe
C:\WINDOWS\system32\alrsvco.exe
C:\WINDOWS\system32\Kf94lfg.dll
C:\WINDOWS\system32\rcdll.dll

Folder::
C:\Program Files\MOTORC~1
C:\Program Files\ANYTHI~1
C:\Program Files\worthles
C:\Program Files\NEUROC~1
C:\Program Files\jeru
C:\Program Files\GENERA~1
C:\Program Files\empirest
C:\Program Files\cube
C:\Program Files\creature
C:\Program Files\crakoom
C:\Program Files\COLLEG~1
C:\Program Files\CLONEW~1
C:\Program Files\CAPTAI~1
C:\Program Files\BURLES~1
C:\Program Files\BLUELI~1
C:\Program Files\BLINDM~1
C:\Program Files\beatmygu
C:\Program Files\autobahn
C:\Program Files\arnon
C:\Program Files\ARMORP~1
C:\Program Files\ARMAGG~1
C:\Program Files\ANGRYB~1
C:\Program Files\ANCIEN~1
C:\Program Files\amerika
C:\Program Files\ALIENS~1
C:\Program Files\ABDUCT~1
C:\Program Files\WAYBEY~1
C:\Program Files\dodger
C:\Program Files\dirtydoz
C:\Program Files\crass
C:\Program Files\COPPAK~1
C:\Program Files\conca
C:\Program Files\COLLEG~2
C:\Program Files\alien
C:\Program Files\aldo
C:\Program Files\ACTION~1
C:\Program Files\EMPTY
C:\Program Files\Cmkkhknc


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
piratenews
2008-06-14, 22:39
ComboFix 08-06-07.3 - John Lee 2008-06-14 16:06:45.7 - NTFSx86

Running from: C:\Documents and Settings\John Lee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\John Lee\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\alrsvco.exe
C:\WINDOWS\system32\ALSNDMGRd.exe
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\bqxgvwxo.exe
C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\Kf94lfg.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\rcdll.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\UtilComSet.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ABDUCT~1
C:\Program Files\ABDUCT~1\AbductionII.txt
C:\Program Files\ACTION~1
C:\Program Files\ACTION~1\Action_Force.ttf
C:\Program Files\ACTION~1\Action_Force.txt
C:\Program Files\aldo
C:\Program Files\aldo\aldo.txt
C:\Program Files\aldo\ALDO6.TTF
C:\Program Files\alien
C:\Program Files\alien\alien.txt
C:\Program Files\alien\ALIEN5.TTF
C:\Program Files\ALIENS~1
C:\Program Files\ALIENS~1\statica.txt
C:\Program Files\amerika
C:\Program Files\amerika\Am Erika.txt
C:\Program Files\ANCIEN~1
C:\Program Files\ANCIEN~1\GEEK.TXT
C:\Program Files\ANGRYB~1
C:\Program Files\ANGRYB~1\FONTEX2000MG-HELP.HLP
C:\Program Files\ANGRYB~1\readme.txt
C:\Program Files\ANYTHI~1
C:\Program Files\ANYTHI~1\A font by Alex C.txt
C:\Program Files\ANYTHI~1\anythingyouwant\anythingyouwant.ttf
C:\Program Files\ARMAGG~1
C:\Program Files\ARMORP~1
C:\Program Files\ARMORP~1\font info.txt
C:\Program Files\arnon
C:\Program Files\autobahn
C:\Program Files\autobahn\!pizzadude.txt
C:\Program Files\beatmygu
C:\Program Files\beatmygu\READ_ME.TXT
C:\Program Files\BLINDM~1
C:\Program Files\BLINDM~1\!pizzadude.txt
C:\Program Files\BLUELI~1
C:\Program Files\BLUELI~1\!pizzadude.txt
C:\Program Files\BURLES~1
C:\Program Files\BURLES~1\!pizzadude.txt
C:\Program Files\CAPTAI~1
C:\Program Files\CAPTAI~1\free.txt
C:\Program Files\CLONEW~1
C:\Program Files\Cmkkhknc
C:\Program Files\Cmkkhknc\qitpxpww.exe
C:\Program Files\COLLEG~1
C:\Program Files\COLLEG~1\Readme.txt
C:\Program Files\COLLEG~1\SF Collegiate Sample.jpg
C:\Program Files\COLLEG~2
C:\Program Files\COLLEG~2\SF Collegiate v1.0\Readme.txt
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Italic.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Sample.jpg
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid Bold Italic.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid Bold.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid Italic.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate Solid.ttf
C:\Program Files\COLLEG~2\SF Collegiate v1.0\SF Collegiate.ttf
C:\Program Files\conca
C:\Program Files\conca\conca.txt
C:\Program Files\COPPAK~1
C:\Program Files\COPPAK~1\VTCinfo.txt
C:\Program Files\crakoom
C:\Program Files\crakoom\The Greatest fonts in the world.txt
C:\Program Files\crass
C:\Program Files\creature
C:\Program Files\creature\creature.txt
C:\Program Files\cube
C:\Program Files\dirtydoz
C:\Program Files\dirtydoz\Read_Me.txt
C:\Program Files\dodger
C:\Program Files\dodger\dodge.txt
C:\Program Files\empirest
C:\Program Files\EMPTY
C:\Program Files\GENERA~1
C:\Program Files\jeru
C:\Program Files\jeru\jeru.txt
C:\Program Files\MOTORC~1
C:\Program Files\MOTORC~1\!pizzadude.txt
C:\Program Files\MOTORC~1\MOTOE___.TTF
C:\Program Files\NEUROC~1
C:\Program Files\NEUROC~1\Read_Me.txt
C:\Program Files\WAYBEY~1
C:\Program Files\WAYBEY~1\!pizzadude.txt
C:\Program Files\WAYBEY~1\Waybeyondblue.TTF
C:\Program Files\worthles
C:\Program Files\worthles\READ_ME.TXT
C:\WINDOWS\system32\actmnt.dll
C:\WINDOWS\system32\admcomwin.dll
C:\WINDOWS\system32\alrsvco.exe
C:\WINDOWS\system32\ALSNDMGRd.exe
C:\WINDOWS\system32\apismart.dll
C:\WINDOWS\system32\aplen.dll
C:\WINDOWS\system32\bohodqhy.exe
C:\WINDOWS\system32\bqxgvwxo.exe
C:\WINDOWS\system32\dbcfg.dll
C:\WINDOWS\system32\Kf94lfg.dll
C:\WINDOWS\system32\monsrv.dll
C:\WINDOWS\system32\MsgCfg.dll
C:\WINDOWS\system32\procen.dll
C:\WINDOWS\system32\ProcMnt.dll
C:\WINDOWS\system32\rcdll.dll
C:\WINDOWS\system32\srvapl.dll
C:\WINDOWS\system32\straplmsg.dll
C:\WINDOWS\system32\UtilAdm.dll
C:\WINDOWS\system32\UtilComSet.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ALGNetDDEdsdm
-------\Service_ALGNetDDEdsdm


((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-06-14 06:13 . 2008-06-14 06:16 <DIR> d-------- C:\sfp
2008-06-14 06:13 . 2008-06-14 06:13 264,875 --a------ C:\sfp.zip
2008-06-10 18:09 . 2008-06-13 02:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-10 18:09 . 2008-06-10 18:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-10 04:04 . 2008-06-10 04:04 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-06-10 04:03 . 2008-06-10 04:05 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-10 04:02 . 2008-06-10 04:02 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2008-06-08 03:00 . 2008-06-08 03:00 <DIR> d-------- C:\OnlineArmor
2008-06-08 01:05 . 2008-06-08 01:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-05-31 05:01 . 2008-05-31 05:15 <DIR> d-------- C:\Program Files\MediaCoder
2008-05-31 05:00 . 2008-05-31 05:00 17,352,333 --a------ C:\MediaCoder-0.6.1.4111-flv-to-mpg.exe
2008-05-30 20:47 . 2008-05-30 20:47 <DIR> d-------- C:\Program Files\MSECACHE
2008-05-30 20:43 . 2008-05-30 20:43 359,656 --a------ C:\ms-windows-installer-cleanup-remove-programs-only2.exe
2008-05-30 19:22 . 2008-05-30 19:22 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 19:22 . 2008-05-30 19:22 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 19:22 . 2008-05-30 19:22 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 19:22 . 2008-05-30 19:22 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 19:22 . 2008-05-30 19:22 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 19:22 . 2008-05-30 19:22 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll
2008-05-30 19:22 . 2008-05-30 19:22 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll
2008-05-30 19:22 . 2008-05-30 19:22 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2008-05-30 19:22 . 2008-05-30 19:22 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll
2008-05-30 19:22 . 2008-05-30 19:22 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll
2008-05-27 13:12 . 2008-05-27 13:12 2,585,872 --a------ C:\WindowsInstaller-KB893803-v2-x86.exe
2008-05-22 18:22 . 2008-05-22 18:22 3,596,288 --a--c--- C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 18:22 . 2008-05-22 18:22 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-22 18:22 . 2008-05-22 18:22 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-22 18:20 . 2008-05-22 18:20 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll
2008-05-22 18:20 . 2008-05-22 18:20 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll
2008-05-22 18:19 . 2008-05-22 18:19 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2008-05-22 18:19 . 2008-05-22 18:19 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll
2008-05-22 18:19 . 2008-05-22 18:19 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 18:19 . 2008-05-22 18:19 416 --a--c--- C:\WINDOWS\system32\dtu100.dll.manifest
2008-05-22 18:19 . 2008-05-22 18:19 416 --a--c--- C:\WINDOWS\system32\dpl100.dll.manifest
2008-05-22 18:18 . 2008-05-22 18:18 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-21 23:08 . 2008-06-14 16:15 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\OnlineArmor
2008-05-21 23:08 . 2008-05-21 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-05-21 23:07 . 2008-05-21 23:07 <DIR> d-------- C:\Program Files\Tall Emu
2008-05-21 23:07 . 2008-04-17 05:25 80,584 --a------ C:\WINDOWS\system32\drivers\OADriver.sys
2008-05-21 23:07 . 2008-04-17 05:25 32,456 --a------ C:\WINDOWS\system32\drivers\OAmon.sys
2008-05-21 23:07 . 2008-04-17 05:25 28,872 --a------ C:\WINDOWS\system32\drivers\oanet.sys
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\WINDOWS
2008-05-21 00:27 . 2004-05-04 13:19 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\Symantec
2008-05-21 00:27 . 2004-05-18 16:07 <DIR> d-------- C:\Documents and Settings\Web Surfing\Application Data\CyberLink
2008-05-21 00:27 . 2008-05-21 00:27 <DIR> d-------- C:\Documents and Settings\Web Surfing
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\EPSONREG
2008-05-19 20:01 . 2008-05-19 20:01 <DIR> d-------- C:\Documents and Settings\John Lee\Application Data\Leadertech
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\WINDOWS\system32\Import-Export
2008-05-19 19:59 . 2008-05-19 21:00 <DIR> d-------- C:\Program Files\EPSON Print CD
2008-05-19 19:59 . 2008-05-19 19:59 <DIR> d-------- C:\Program Files\EPSON
2008-05-19 19:58 . 2008-05-19 21:22 66 --a------ C:\WINDOWS\ESPR200.ini
2008-05-19 19:53 . 2003-05-29 01:01 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2008-05-19 19:53 . 2003-07-28 01:10 76,045 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2008-05-19 19:53 . 2003-02-13 01:10 69,632 --a------ C:\WINDOWS\system32\EAL.EXE
2008-05-19 19:53 . 2003-05-21 02:27 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2008-05-19 19:53 . 2002-03-01 01:00 44,544 --a------ C:\WINDOWS\system32\EAL32.DLL
2008-05-19 19:53 . 2000-06-07 01:01 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2008-05-19 19:53 . 2001-09-04 02:04 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2008-05-16 17:39 . 2008-05-16 17:39 <DIR> d-------- C:\Program Files\Common Files\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 20:11 --------- d-----w C:\Program Files\Screenshot Pilot
2008-06-13 04:18 --------- d-----w C:\Documents and Settings\John Lee\Application Data\SmartFTP
2008-06-10 18:20 --------- d-----w C:\Program Files\DivX
2008-05-31 01:06 --------- d-----w C:\Documents and Settings\John Lee\Application Data\AdobeUM
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-29 02:21 --------- d-----w C:\Program Files\RogueRemover FREE
2008-05-28 15:39 10,752 -c--a-w C:\WINDOWS\system32\dumprep.exe
2008-05-27 15:35 4,931,320 ----a-w C:\Opera_9.27_English_Setup.exe
2008-05-27 14:31 12,208 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 03:07 10,402,864 ----a-w C:\OnlineArmor_Setup_Free.exe
2008-05-19 23:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-17 03:37 --------- d-----w C:\Program Files\support.com
2008-05-13 20:41 --------- d-----w C:\Program Files\Pinnacle
2008-05-07 00:48 2,014 ----a-w C:\WINDOWS\system32\tmp.reg
2008-05-06 03:18 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTHER2.dll
2008-05-06 03:17 108,177 ----a-w C:\WINDOWS\system32\ptpdrfhlhbt_BUTCHER.dll
2008-05-05 07:35 6,039,048 ----a-w C:\Firefox Setup 2.0.0.14.exe
2008-04-02 00:32 1,676,293 ----a-w C:\vixybeta_install_1apr08.exe
2008-03-31 22:34 8,161,400 ----a-w C:\Windows-malicious-software-removal-mar08.exe
2008-03-30 21:36 1,415,095 ----a-w C:\SDFixMarch2008.exe
2008-03-30 21:35 1,603,366 ----a-w C:\ComboFixMarch2008.exe
2008-03-27 00:52 1,306,722 ----a-w C:\SmitfraudFixMarch2008.exe
2008-03-26 22:31 147,456 ----a-w C:\VundoFix.exe
2008-03-26 12:50 82,432 ----a-w C:\WINDOWS\system32\IEDFix.exe
2008-03-23 00:32 318,369 ----a-w C:\HiJackThis202.zip
2008-03-22 19:49 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-03-21 03:24 106,496 ----a-w C:\Documents and Settings\All Users\Application Data\klmngtet.dll
2008-03-19 23:56 15,452,536 ----a-w C:\IE7-WindowsXP-x86-enu.exe
2008-03-19 20:47 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-03-19 20:47 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-18 22:30 8,705,840 ----a-w C:\winamp552_full_emusic-7plus_en-us.exe
2008-03-18 22:22 6,956 -c--a-w C:\Program Files\hijackthis.log
2008-03-18 21:28 2,671,816 ----a-w C:\spywareblastersetup40.exe
2008-03-18 21:25 706,360 ----a-w C:\winpatrolsetup-ok.exe
2008-03-18 18:36 1,580,267 ----a-w C:\ComboFix_old.exe
2008-03-15 01:26 14,113,576 ----a-w C:\ewido-avg-antispyware-setup-7.5-30days.exe
2008-03-14 19:53 690,568 ----a-w C:\rogue-remover-free-setup.exe
2008-01-13 19:38 12,879,368 ----a-w C:\Program Files\RealPlayer10-5GOLD.exe
2007-12-21 06:09 4,398,984 -c--a-w C:\Program Files\MorphVOXPro_Install.exe
2007-12-21 06:07 1,083,064 -c--a-w C:\Program Files\SP-SpookySounds_Install.exe
2007-12-16 05:14 17,760,400 -c--a-w C:\Program Files\DivXInstaller.exe
2007-12-08 10:56 1,781,292 -c--a-w C:\Program Files\vixybeta_install.exe
2007-10-23 05:46 34,441,990 -c--a-w C:\Program Files\Second Life 1-18-2-0 Setup.exe
2007-10-11 17:21 904,984 -c--a-w C:\Program Files\cuz4_setup.exe
2007-08-12 22:05 1,035,000 -c--a-w C:\Program Files\daemon-tools-iso-SPTDinst-v150-x64.exe
2007-08-12 14:14 1,207,026 -c--a-w C:\Program Files\winrar370.exe
2007-06-08 16:01 27,917,104 -c--a-w C:\Program Files\downloadable_install_wizard.exe
2007-04-27 05:39 4,960,221 -c--a-w C:\Program Files\RivaEncoderSetup.exe
2007-04-02 08:12 1,512,927 -c--a-w C:\Program Files\LADSPA_plugins-win-0.4.15.exe
2007-04-02 08:11 2,228,534 -c--a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-02 07:57 614,943 ----a-w C:\Program Files\lame-3.96.1.zip
2007-03-16 11:07 502,941 ----a-w C:\Program Files\MPEG_Streamclip_1.1.zip
2007-02-27 19:59 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
2007-02-27 19:57 1,629,496 ----a-w C:\Program Files\VOB2MPGv2_3.zip
2007-02-27 09:48 392,984 ----a-w C:\Program Files\SmartRipper 2.41.zip
2007-01-29 11:53 3,602,120 -c--a-w C:\Program Files\SFTPMSI.exe
2007-01-16 11:58 363,800 -c--a-w C:\Program Files\download-flvplayer_setup.exe.exe
2007-01-09 10:22 20,368,912 -c--a-w C:\Program Files\GoogleEarthWinProSetup.exe
2007-01-02 07:54 55,217 ----a-w C:\Program Files\Copy of checkboxtemplate.zip
2007-01-02 07:54 55,217 ----a-w C:\Program Files\checkboxtemplate.zip
2007-01-02 06:39 1,761,856 -c--a-w C:\Program Files\OCONVPCK.EXE
2007-01-02 06:38 1,533,096 -c--a-w C:\Program Files\wp6rtf.exe
2007-01-02 06:37 12,307,656 -c--a-w C:\Program Files\wdviewer.exe
2006-12-28 03:02 6,181,783 -c--a-w C:\Program Files\win2k_xp14103.exe
2006-12-28 02:44 315,624 -c--a-w C:\Program Files\dxwebsetup.exe
2006-12-28 01:52 5,007,104 -c--a-w C:\Program Files\GoogleVideoPlayerSetup.exe
2006-12-23 03:16 5,461,975 -c--a-w C:\Program Files\gtm130.exe
2006-12-22 05:45 6,464,978 ----a-w C:\Program Files\gpsbabel-arc-counties.zip
2006-12-22 05:45 1,101,545 ----a-w C:\Program Files\gpsbabel-arc-states.zip
2006-12-22 05:43 929,896 ----a-w C:\Program Files\gpsbabel-1.3.2.zip
2006-12-19 08:16 2,855,080 -c--a-w C:\Program Files\aawsepersonal.exe
2006-12-19 07:28 5,900,416 -c--a-w C:\Program Files\Firefox Setup 2.0.exe
2006-12-18 10:58 11,856,112 -c--a-w C:\Program Files\CutePDF.exe
2006-12-18 09:50 16,451,776 -c--a-w C:\Program Files\GoogleEarthPro.exe
2006-12-08 03:52 14,879,120 -c--a-w C:\Program Files\GoogleEarthWin.exe
2006-11-20 08:35 23,654,120 -c--a-w C:\Program Files\dvdlabpro22.exe
2006-11-18 10:30 6,066,416 -c--a-w C:\Program Files\cinemaforge.exe
2006-11-18 10:21 8,282,187 -c--a-w C:\Program Files\vlc-0.8.5-win32.exe
2006-07-11 01:20 5,781,480 -c--a-w C:\Program Files\iconed4.exe
2006-07-08 20:56 1,244,944 -c--a-w C:\Program Files\FlashCatcher.exe
2006-07-08 02:10 10,321,592 -c--a-w C:\Program Files\SkypeSetup.exe
2006-07-08 01:55 77,188 -c--a-w C:\Program Files\CrazyTalk.exe
2006-07-06 15:19 247,608 -c--a-w C:\Program Files\jre-1_5_0_07-windows-i586-p-iftw.exe
2006-06-10 19:30 599,318 -c--a-w C:\Program Files\squirrelmail-1.4.6.tar.gz
2006-06-01 13:31 618,541 -c--a-w C:\Program Files\wordpress-2.0.3.zip
2006-06-01 05:33 2,210,097 -c--a-w C:\Program Files\VeohSetup-2.1.3.1005.exe
2006-05-07 11:08 6,453,469 -c--a-w C:\Program Files\VC2_UserGuide_Download.pdf
2006-05-07 01:43 54,881,280 -c--a-w C:\Program Files\VC2TrialSeriousMagic.exe
2006-05-06 00:30 2,188,104 -c--a-w C:\Program Files\CutePDFEvl.exe
2006-05-05 23:56 5,254,656 -c--a-w C:\Program Files\converter.exe
2006-05-05 23:56 2,064,136 -c--a-w C:\Program Files\CuteWriter.exe
2006-05-05 23:56 1,701,848 -c--a-w C:\Program Files\CuteComp.exe
2006-02-01 23:11 398,574 -c--a-w C:\Program Files\jscalendar-1.0.zip
2006-01-31 21:49 82,056 -c--a-w C:\Program Files\cursors98.zip
2006-01-28 23:59 3,890,462 -c--a-w C:\Program Files\cinemaforge.xmfg
2006-01-24 14:13 786,432 -c--a-w C:\Program Files\DICVViewer.exe
2006-01-24 14:13 249,856 -c--a-w C:\Program Files\DICVNetCtrl.dll
2006-01-06 08:55 54,942,299 -c--a-w C:\Program Files\Magix Music Studio Generation 6 Deluxe .Zip
2005-11-16 02:45 342,528 -c--a-w C:\Program Files\Horowitz.exe
2008-03-13 16:05 22,802 --sh--r C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll
2008-03-13 23:38 22,774 --sh--r C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll
2008-03-13 23:37 22,614 --sh--r C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll
2008-03-13 16:11 22,714 --sh--r C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll
2008-03-13 23:37 22,678 --sh--r C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll
2005-07-14 19:31 27,648 -csha-w C:\WINDOWS\system32\AVSredirect.dll
.

------- Sigcheck -------

2003-03-31 08:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 03:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-03-13 01:10 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2008-03-13 01:10 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-08_14.51.24.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll
- 2008-06-08 18:33:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 20:11:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2004-09-22 22:46:10 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-11-01 22:31:34 315,904 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-09-22 22:45:36 8,192 -c--a-w C:\WINDOWS\system32\asferror.dll
+ 2006-10-19 01:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
- 2004-09-22 22:45:36 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll
+ 2006-10-19 01:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll
- 2004-09-22 22:45:38 233,472 -c--a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-10-19 01:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-09-22 22:45:38 161,792 -c--a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
- 2004-09-22 22:45:36 8,192 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
+ 2006-10-19 01:47:08 7,168 -c--a-w C:\WINDOWS\system32\dllcache\asferror.dll
- 2004-09-22 22:45:38 233,472 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
+ 2006-10-19 01:47:10 542,720 -c--a-w C:\WINDOWS\system32\dllcache\blackbox.dll
- 2004-09-22 22:45:38 161,792 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
+ 2006-10-19 01:47:10 229,376 -c--a-w C:\WINDOWS\system32\dllcache\cewmdm.dll
- 2004-09-22 22:45:42 527,360 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 -c--a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll
- 2004-09-22 22:45:44 6,656 -c--a-w C:\WINDOWS\system32\dllcache\laprxy.dll
+ 2006-10-19 01:47:14 11,264 -c--a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll
- 2004-09-22 22:45:44 96,768 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
+ 2006-10-19 00:03:58 100,864 -c--a-w C:\WINDOWS\system32\dllcache\logagent.exe
- 2004-08-04 07:56:42 310,272 -c--a-w C:\WINDOWS\system32\dllcache\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP43DMOD.dll
- 2004-08-04 07:56:42 384,512 -c--a-w C:\WINDOWS\system32\dllcache\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MP4SDMOD.dll
- 2004-08-04 07:56:42 240,640 -c--a-w C:\WINDOWS\system32\dllcache\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 -c--a-w C:\WINDOWS\system32\dllcache\MPG4DMOD.dll
- 2004-09-22 22:45:52 344,064 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-10-19 01:47:14 243,712 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-09-22 22:45:52 141,312 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 -c--a-w C:\WINDOWS\system32\dllcache\msnetobj.dll
- 2004-09-22 22:45:54 25,088 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
+ 2006-10-19 01:47:16 27,136 -c--a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll
- 2004-09-22 22:45:54 169,472 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
+ 2006-10-19 01:47:16 175,616 -c--a-w C:\WINDOWS\system32\dllcache\mspmsp.dll
- 2004-09-22 22:45:56 360,176 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-10-19 01:47:16 414,208 -c--a-w C:\WINDOWS\system32\dllcache\msscp.dll
- 2004-09-22 22:45:56 311,296 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
+ 2006-10-19 01:47:16 321,536 -c--a-w C:\WINDOWS\system32\dllcache\mswmdm.dll
- 2004-09-22 22:46:02 221,184 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
+ 2006-10-19 01:47:18 211,456 -c--a-w C:\WINDOWS\system32\dllcache\qasf.dll
- 2004-09-22 22:46:04 819,200 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-11-01 22:31:38 1,669,120 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-09-22 22:46:10 192,512 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2006-11-01 22:31:34 315,904 -c--a-w C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2004-09-22 22:46:10 380,144 -c--a-w C:\WINDOWS\system32\dllcache\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll
- 2004-09-22 22:46:10 712,704 -c--a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 -c--a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll
- 2007-10-27 21:40:06 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmasf.dll
+ 2006-10-19 01:47:18 222,208 -c--a-w C:\WINDOWS\system32\dllcache\WMASF.dll
- 2004-09-22 22:46:12 30,208 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
+ 2006-10-19 01:47:18 33,792 -c--a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll
- 2004-09-22 22:46:12 34,304 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
+ 2006-10-19 01:47:18 37,376 -c--a-w C:\WINDOWS\system32\dllcache\wmdmps.dll
- 2004-09-22 22:46:14 189,440 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
+ 2006-10-19 01:47:20 227,328 -c--a-w C:\WINDOWS\system32\dllcache\wmerror.dll
- 2004-09-22 22:46:14 150,016 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
+ 2006-10-19 01:47:20 157,184 -c--a-w C:\WINDOWS\system32\dllcache\wmidx.dll
- 2004-09-22 22:46:16 1,027,072 -c--a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 -c--a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
+ 2006-10-19 01:47:20 10,834,432 -c--a-w C:\WINDOWS\system32\dllcache\wmp.dll
- 2004-09-22 22:46:20 135,168 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 -c--a-w C:\WINDOWS\system32\dllcache\wmpasf.dll
- 2004-09-22 22:46:20 77,824 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-10-19 01:47:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-09-22 22:46:20 282,624 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 -c--a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll
- 2004-09-22 22:46:22 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-10-19 01:46:20 64,000 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2004-09-22 22:46:22 3,371,008 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 -c--a-w C:\WINDOWS\system32\dllcache\wmploc.dll
- 2004-09-22 22:46:24 86,016 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 -c--a-w C:\WINDOWS\system32\dllcache\wmpshell.dll
- 2004-09-22 22:46:26 773,368 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll
- 2004-09-22 22:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll
- 2004-09-22 22:46:30 531,192 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll
- 2004-09-22 22:46:30 936,960 -c--a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 -c--a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll
- 2006-12-07 06:40:49 2,362,184 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 -c--a-w C:\WINDOWS\system32\dllcache\wmvcore.dll
- 2004-09-22 22:46:34 871,160 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll
- 2004-09-22 22:46:34 999,424 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 -c--a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll
+ 2006-10-19 01:47:22 671,232 ------w C:\WINDOWS\system32\drivers\umdf\wpdmtpdr.dll
- 2004-09-22 22:46:38 18,944 -c--a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-10-19 00:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-09-22 22:45:42 527,360 -c--a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-10-19 01:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
- 2008-05-09 18:53:05 423,024 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-12 16:23:24 427,000 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-09-22 22:45:44 6,656 -c--a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-10-19 01:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-09-22 22:45:44 96,768 -c--a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 00:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-10-19 01:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:56:42 310,272 -c--a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-10-19 01:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:56:42 384,512 -c--a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-10-19 01:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 07:56:42 240,640 -c--a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-10-19 01:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-10-02 19:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll
- 2004-09-22 22:45:52 141,312 -c--a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-10-19 01:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-09-22 22:45:54 25,088 -c--a-w C:\WINDOWS\system32\MsPMSNSv.dll
+ 2006-10-19 01:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
- 2004-09-22 22:45:54 169,472 ----a-w C:\WINDOWS\system32\MsPMSP.dll
+ 2006-10-19 01:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll
- 2004-09-22 22:45:56 360,176 -c--a-w C:\WINDOWS\system32\MSSCP.dll
+ 2006-10-19 01:47:16 414,208 ----a-w C:\WINDOWS\system32\msscp.dll
- 2004-09-22 22:45:56 311,296 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-10-19 01:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-10-19 01:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-10-19 01:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-10-19 01:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-10-19 01:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-10-19 01:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-09-22 22:46:02 221,184 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-10-19 01:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll
- 2006-11-17 20:14:30 14,640 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2006-09-25 21:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2005-06-28 14:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2006-09-25 21:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2004-09-22 22:46:10 47,104 -c--a-w C:\WINDOWS\system32\uwdf.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe
- 2004-09-22 22:46:10 15,872 -c--a-w C:\WINDOWS\system32\wdfapi.dll
+ 2006-10-19 01:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll
- 2004-09-22 22:46:10 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe
+ 2006-10-19 01:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe
- 2004-09-22 22:46:10 380,144 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-10-19 01:47:18 757,248 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-09-22 22:46:10 712,704 -c--a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-10-19 01:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2007-10-27 21:40:06 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-10-19 01:47:18 222,208 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-09-22 22:46:12 30,208 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
+ 2006-10-19 01:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll
- 2004-09-22 22:46:12 34,304 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-10-19 01:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll
- 2004-09-22 22:46:12 344,064 -c--a-w C:\WINDOWS\system32\WMDRMdev.dll
+ 2006-10-19 01:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll
- 2004-09-22 22:46:14 290,816 -c--a-w C:\WINDOWS\system32\WMDRMNet.dll
+ 2006-10-19 01:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-10-19 01:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-09-22 22:46:14 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-10-19 01:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-09-22 22:46:14 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-10-19 01:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-09-22 22:46:16 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-10-19 01:47:20 937,984 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 12:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-10-19 01:47:20 10,834,432 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-09-22 22:46:20 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-10-19 01:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-09-22 22:46:20 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-10-19 01:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
- 2004-09-22 22:46:20 1,589,760 -c--a-w C:\WINDOWS\system32\wmpencen.dll
+ 2006-10-19 01:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll
- 2004-09-22 22:46:22 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-10-19 01:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-10-19 01:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-09-22 22:46:24 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-10-19 01:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
- 2004-09-22 22:46:24 175,104 -c--a-w C:\WINDOWS\system32\wmpsrcwp.dll
+ 2006-10-19 01:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-09-22 22:46:26 773,368 -c--a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-09-22 22:46:26 1,116,160 -c--a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-09-22 22:46:30 531,192 -c--a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-10-19 01:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-09-22 22:46:30 936,960 -c--a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-10-19 01:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
- 2004-09-22 22:46:32 1,181,944 -c--a-w C:\WINDOWS\system32\wmvadvd.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll
- 2004-09-22 22:46:32 1,509,376 -c--a-w C:\WINDOWS\system32\WMVADVE.DLL
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-07 06:40:49 2,362,184 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-10-19 01:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-09-22 22:46:34 871,160 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-09-22 22:46:34 999,424 -c--a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-10-19 01:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-10-19 01:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-10-19 01:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-10-19 01:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll
- 2004-09-22 22:46:38 38,912 -c--a-w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-10-19 01:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll
- 2004-09-22 22:46:36 61,952 -c--a-w C:\WINDOWS\system32\wpdconns.dll
+ 2006-10-19 01:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll
- 2004-09-22 22:46:36 114,176 -c--a-w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-10-19 01:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll
- 2004-09-22 22:46:36 66,560 -c--a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-10-19 01:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-10-19 00:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-10-19 01:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll
+ 2006-10-19 01:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
- 2004-09-22 22:46:36 327,680 -c--a-w C:\WINDOWS\system32\wpdsp.dll
+ 2006-10-19 01:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 45,056 2002-12-03 22:06:52 C:\Program Files\Creative\SB Drive Det\bak\SBDrvDet.exe

-c--a-w 98,304 2004-11-02 16:03:55 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 282,624 2006-10-25 23:58:18 C:\Program Files\QuickTime\qttask.exe

-c--a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\bak\MSConfig.exe
----a-w 158,208 2004-08-04 07:56:53 C:\WINDOWS\PCHealth\HelpCtr\Binaries\msconfig.exe

-c--a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\bak\PSDrvCheck.exe
----a-w 406,016 2004-03-10 21:26:10 C:\WINDOWS\system32\PSDrvCheck.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 17:26 406016]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 17:48 155648]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 10:43 57344]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-04-17 05:25 5545536]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 03:56 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-04-17 05:25 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"vidc.iv50"= C:\PROGRA~1\REPLAY~1\ir50_32.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ABP Alert 2.0.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ABP Alert 2.0.LNK
backup=C:\WINDOWS\pss\ABP Alert 2.0.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MySoftware NewsFlash.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MySoftware NewsFlash.lnk
backup=C:\WINDOWS\pss\MySoftware NewsFlash.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"Schedule"=2 (0x2)
"SBService"=2 (0x2)
"SAVScan"=3 (0x3)
"ERSvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SNDSrvc"=3 (0x3)
"navapsvc"=3 (0x3)
"Themes"=2 (0x2)
"iPod Service"=3 (0x3)
"Veoh Client Service"=2 (0x2)
"UPS"=3 (0x3)
"MaxBackServiceInt"=2 (0x2)
"ICF"=2 (0x2)
"Google Online Search Service"=2 (0x2)
"LexBceS"=2 (0x2)
"CryptSvc"=3 (0x3)
"upnphost"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"SysmonLog"=3 (0x3)
"ImapiService"=3 (0x3)
"Eventlog"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=
"C:\\Program Files\\Conference\\Conference.dll"=
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33125:TCP"= 33125:TCP:@xpsp2res.dll,-22005
"26952:TCP"= 26952:TCP:@xpsp2res.dll,-22005
"6071:TCP"= 6071:TCP:@xpsp2res.dll,-22005
"15946:TCP"= 15946:TCP:@xpsp2res.dll,-22005


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef67e0f7-0ab4-11d9-8ce8-806d6172696f}]
\shell\play\Command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L"

.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 01:40:30 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 16:16:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc21.tmp"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-06-14 16:26:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-14 20:25:56
ComboFix2.txt 2008-06-10 05:45:25
ComboFix3.txt 2008-06-08 18:54:59
ComboFix4.txt 2008-03-18 19:02:20

Pre-Run: 33,849,069,568 bytes free
Post-Run: 33,894,375,424 bytes free

666 --- E O F --- 2008-03-21 11:30:12
Shaba
2008-06-15, 11:11
Hi

Please post also a fresh HijackThis log :)
piratenews
2008-06-16, 05:52
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:16 PM, on 6/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4401 bytes



===============================================


Trivia Question:

Is

C:\WINDOWS\system32\svchost.exe

the same directory as

C:\WINDOWS\System32\svchost.exe

?
Shaba
2008-06-16, 16:27
Hi

Yes they are the same.

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
piratenews
2008-06-17, 00:12
SmitFraudFix v2.309

Scan done at 18:08:11.25, Mon 06/16/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNLE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Shaba
2008-06-17, 15:36
Hi

Latest version of smitfraudfix is 2.325.

So please delete your copy, download a fresh one and try again, please :)
piratenews
2008-06-17, 20:33
Hi

Latest version of smitfraudfix is 2.325.

So please delete your copy, download a fresh one and try again, please :)

When I run the new download from today, it says v2.309, even on the mirror link.

Maybe somebody hacked Siri?


http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

SmitFraudFix v2.325 (WinXP, Win2K)

Use this URL to download the latest version (the file contains both English and French versions):
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Mirrors: Alternate official download locations for Smitfraudfix.zip
http://siri.geekstogo.com/SmitfraudFix.exe
http://downloads.securitycadets.com/SmitfraudFix.exe
Shaba
2008-06-18, 18:55
Hi

Really strange.

Please clear your browser cache and try again.
piratenews
2008-06-19, 03:12
Browser cache mad no difference.

I had to let smitfraudfix update itself.

Maybe Online Armor was blocking the newer version, even when turned off?



SmitFraudFix v2.327

Scan done at 21:06:04.20, Wed 06/18/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Lee\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNLE~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Shaba
2008-06-20, 11:10
Hi and sorry for delay.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

After that:

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}
C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}
C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}
C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}
C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post along with a fresh HijackThis log.
piratenews
2008-06-20, 12:23
Hi and sorry for delay.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

I always run Spybot S&D Teatimer, plus Online Armor Firewall which also blocks certains programs. I disable both when running Combofix or other specialized antivirus programs, and manually disconnect from internet. Explorer is locked down to the max, with downloads disabled.

AVG Anti-Virus was causing crashes and other problems, so I quit that.

Still can't install Java upgrade, due to defective Windows Installer (anti-virus ate it), which now refuses to reapir itself.
piratenews
2008-06-20, 12:29
C:\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7} moved successfully.
C:\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a} moved successfully.
C:\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546} moved successfully.
C:\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7} moved successfully.
C:\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b} moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06202008_062618






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:28:18, on 6/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 4454 bytes
Shaba
2008-06-20, 12:49
Hi

"AVG Anti-Virus was causing crashes and other problems, so I quit that."

So then you can try one of two other antiviruses I listed?
piratenews
2008-06-20, 19:13
Hi

"AVG Anti-Virus was causing crashes and other problems, so I quit that."

So then you can try one of two other antiviruses I listed?

So now I'm running Spybot S&D, Online Armor firewall and Avira AntiVir.





Avira AntiVir Personal
Report file date: Friday, June 20, 2008 13:07

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: John Lee
Computer name: CTV

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 3/21/2008 01:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 3/25/2008 14:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 4/7/2008 21:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 4/7/2008 21:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 4/7/2008 21:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 3/18/2008 17:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 4/7/2008 21:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 4/7/2008 21:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 4/7/2008 21:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 4/7/2008 21:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 4/7/2008 21:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 4/8/2008 15:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, June 20, 2008 13:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'oaui.exe' - '0' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'oasrv.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
18 processes with 18 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '23' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'
C:\WINDOWS\system32\drivers\OADriver.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OAmon.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\oanet.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\wbem\csrss.exe
[DETECTION] Is the Trojan horse TR/Spy.Pipet
[NOTE] The file was moved to '48cde510.qua'!


End of the scan: Friday, June 20, 2008 13:10
Used time: 03:37 min

The scan has been done completely.

273 Scanning directories
7778 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
7777 Files not concerned
11 Archives were scanned
3 Warnings
1 Notes
Shaba
2008-06-20, 19:27
Hi

Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
piratenews
2008-06-22, 04:11
I didn't do a complete scan with Avira, so I did a full scan. Then I realized most of the 901 viruses were already in quarantine by Spybot and Combofix (and 20 from Avira), so I deleted those and ran another scan. Seems some of the freeware downloads were infected.

----------------------------------------------------------------
FIRST FULL SCAN WITH AVIRA BEFORE DELETING OLD QUARANTINE
----------------------------------------------------------------

End of the scan: Saturday, June 21, 2008 16:34
Used time: 9:58:39 min

The scan has been done completely.

15699 Scanning directories
539792 Files were scanned
901 viruses and/or unwanted programs were found
8 Files were classified as suspicious:
0 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
538891 Files not concerned
10486 Archives were scanned
800 Warnings
21 Notes

----------------------------------------------------------------
2ND FULL SCAN WITH AVIRA AFTER DELETING OLD QUARANTINE
----------------------------------------------------------------




Avira AntiVir Personal
Report file date: Saturday, June 21, 2008 18:50

Scanning for 1349608 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CTV

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 15:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 14:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 14:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 14:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 19:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 6/14/2008 04:07:10
ANTIVIR3.VDF : 7.0.4.232 250880 Bytes 6/20/2008 04:07:12
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 2/25/2008 15:58:21
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 6/21/2008 04:07:25
AESCN.DLL : 8.1.0.22 119157 Bytes 6/21/2008 04:07:24
AERDL.DLL : 8.1.0.20 418165 Bytes 6/21/2008 04:07:23
AEPACK.DLL : 8.1.1.6 364918 Bytes 6/21/2008 04:07:22
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 6/21/2008 04:07:21
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 6/21/2008 04:07:21
AEHELP.DLL : 8.1.0.15 115063 Bytes 6/21/2008 04:07:18
AEGEN.DLL : 8.1.0.29 307573 Bytes 6/21/2008 04:07:17
AEEMU.DLL : 8.1.0.6 430451 Bytes 6/21/2008 04:07:15
AECORE.DLL : 8.1.0.31 168310 Bytes 6/21/2008 04:07:13
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/23/2008 23:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 16:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 19:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 1/23/2008 23:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 14:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 14:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 23:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/23/2008 23:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 18:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 20:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 18:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Saturday, June 21, 2008 18:50

The scan of running processes will be started
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'oaui.exe' - '0' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'oasrv.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
21 processes with 21 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '18' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Installer\{1ad4b29b-ff03-42c5-9803-969fdcb47c9d}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cd9f4b.qua'!
C:\WINDOWS\Installer\{2931ea2a-6692-45ed-8180-2ffc3378c658}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cd9f54.qua'!
C:\WINDOWS\Installer\{29e9372a-d7d2-4003-91ea-da7e38635700}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cd9f55.qua'!
C:\WINDOWS\Installer\{47a73001-2c42-45e0-95ee-64c647a0c7b9}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '4944b606.qua'!
C:\WINDOWS\Installer\{53b4046e-0116-4d23-b5ce-a76c1a758511}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cd9f56.qua'!
C:\WINDOWS\Installer\{6ea97d2b-af03-4653-9ca0-ff61d00d5cbf}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '4944b607.qua'!
C:\WINDOWS\Installer\{74fdc03e-393c-4c0d-806a-19b427bfd6c8}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cd9f57.qua'!
C:\WINDOWS\Installer\{ac633de7-14d4-4297-8e5f-613b933fb5ab}\KbdSetup.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48c19f53.qua'!
C:\WINDOWS\Installer\{d5922084-f076-4b91-abc8-9390f0f76e02}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cd9f5b.qua'!
C:\WINDOWS\Installer\{e82124db-dadc-4f41-977a-12c725dd7cc0}\DrvAvp.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48d39f64.qua'!
C:\WINDOWS\Installer\{ffec9829-e3c4-4c07-ae34-3eadf8b7a6bf}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '4944b60c.qua'!
C:\WINDOWS\system32\drivers\OADriver.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\OAmon.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\oanet.sys
[WARNING] The file could not be opened!
C:\_OTMoveIt\MovedFiles\06202008_062618\WINDOWS\Installer\{0bfb355f-1157-4832-81f7-b2da5b3957c7}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cda0e4.qua'!
C:\_OTMoveIt\MovedFiles\06202008_062618\WINDOWS\Installer\{334ff6d0-523d-4f68-828b-09d34d3a6b9a}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '4941e0d5.qua'!
C:\_OTMoveIt\MovedFiles\06202008_062618\WINDOWS\Installer\{8dceb2ba-45a6-4b83-8580-51cb2b532546}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cda0e6.qua'!
C:\_OTMoveIt\MovedFiles\06202008_062618\WINDOWS\Installer\{9d00dc2b-b071-4706-876d-4bac586f2ab7}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '48cda0e5.qua'!
C:\_OTMoveIt\MovedFiles\06202008_062618\WINDOWS\Installer\{ac234da1-fa9d-4cff-850c-b9d5e6659f1b}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '4941e0d6.qua'!
Begin scan in 'E:\' <DSK2_VOL1>
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026306.exe
[DETECTION] Is the Trojan horse TR/Drop.Halloween.A
[NOTE] The file was moved to '488da33f.qua'!
E:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026307.exe
[DETECTION] Is the Trojan horse TR/Drop.Halloween.A
[NOTE] The file was moved to '488da340.qua'!
Begin scan in 'H:\' <Maxtor 300GB>
H:\C Program Backup Virus Crash 13mar08\CuteComp.exe
[DETECTION] Contains detection pattern of the dropper DR/WhenU.A.112
[NOTE] The file was moved to '48d1a3c0.qua'!
H:\C Program Backup Virus Crash 13mar08\SP-SpookySounds_Install.exe
[0] Archive type: ZIP SFX (self extracting)
--> setup.exe
[DETECTION] Is the Trojan horse TR/Drop.Joiner.DV.2
[NOTE] The file was moved to '488aa3ab.qua'!
H:\C Program Backup Virus Crash 13mar08\Robot Voices\male-voice-american.exe
[DETECTION] Contains detection pattern of the dropper DR/Spy.Delf.FK
[NOTE] The file was moved to '48c9a516.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP59\A0016208.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da85b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026154.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da85d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026155.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '4904810e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026156.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da85e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026157.sys
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '4904810f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026158.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da840.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026159.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '49048111.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026160.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da85f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026161.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49048130.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026162.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da861.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026163.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048132.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026164.sys
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da860.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026165.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49048131.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026166.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da862.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026167.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da863.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026168.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048134.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026169.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da865.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026170.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048136.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026171.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '49048133.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026173.sys
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da864.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026174.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '49048135.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026175.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da866.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026176.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da867.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026177.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '49048138.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026178.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da869.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026181.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '4904813a.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026182.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '49048137.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026183.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da868.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026184.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.aci
[NOTE] The file was moved to '49048139.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026185.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da86b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026186.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '4904813c.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026187.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da86a.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026188.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '4904813b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026189.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.aci
[NOTE] The file was moved to '488da86c.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026190.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da86d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026191.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '4904813e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026192.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da86f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026193.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '49048120.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026194.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '4904813d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026195.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da86e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026196.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '4904813f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026197.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da810.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026198.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da871.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026199.exe
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[NOTE] The file was moved to '49048122.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026200.exe
[DETECTION] Is the Trojan horse TR/Spy.Agent.aci
[NOTE] The file was moved to '488da873.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026201.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '49048141.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026202.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[NOTE] The file was moved to '488da812.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026203.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Click.Agent.WD
[NOTE] The file was moved to '49048143.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026207.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[NOTE] The file was moved to '49048124.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026209.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da814.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026210.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048145.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026214.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[NOTE] The file was moved to '488da875.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026215.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.MA.3
[NOTE] The file was moved to '49048126.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026216.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da877.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026217.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048128.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026218.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da816.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026219.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49048147.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026220.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da818.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026221.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '49048149.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026222.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da879.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026223.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '4904812a.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026224.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da87b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026225.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4904812c.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026226.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da870.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026227.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49048121.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026228.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da872.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026229.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49048123.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026230.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da87d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026231.dll
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was moved to '4904812e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026232.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da87f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026233.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '490481d0.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026234.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da874.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026235.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048125.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026236.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da876.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026237.drv
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '49048127.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026238.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da881.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026239.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481d2.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026240.sys
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '488da883.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026241.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '490481d4.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026242.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da878.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026243.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048129.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026244.exe
[DETECTION] Contains detection pattern of the worm WORM/Socks.C
[NOTE] The file was moved to '488da87a.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026245.exe
[DETECTION] Is the Trojan horse TR/Hijacker.Gen
[NOTE] The file was moved to '488da885.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026246.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.svf
[NOTE] The file was moved to '490481d6.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026247.exe
[DETECTION] Is the Trojan horse TR/Pakes.cif
[NOTE] The file was moved to '488da887.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026248.exe
[DETECTION] Is the Trojan horse TR/Peed.A.41
[NOTE] The file was moved to '4904812b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026249.exe
[DETECTION] Is the Trojan horse TR/Clicker.Agent.TP
[NOTE] The file was moved to '488da87c.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026250.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481d8.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026251.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da889.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026252.dll
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '490481da.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026253.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da88b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026254.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4904812d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026255.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da87e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026256.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4904812f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026257.sys
[DETECTION] Contains detection pattern of the worm WORM/Locksky.CM.1
[NOTE] The file was moved to '490481dc.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026258.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da88d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026259.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481de.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026260.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da88f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026261.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da81a.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026262.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4904814b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026264.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '490481c0.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026265.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da891.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026266.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da81c.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026267.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '4904814d.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026268.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da81e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026269.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481c2.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026270.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da893.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026271.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481c4.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026272.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4904814f.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026273.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da800.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026274.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048151.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026275.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da895.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026276.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481c6.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026277.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da897.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026283.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481c8.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026284.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da880.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026285.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481d1.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026286.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '488da882.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026287.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da899.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026288.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481ca.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026289.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da89b.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026290.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481cc.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026291.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '490481d3.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026292.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f54.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026293.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f56.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026294.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f58.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026295.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da884.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026296.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f55.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026298.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488da886.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026299.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f5a.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026300.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f5c.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026301.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f5e.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026302.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49048f40.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026368.exe
[DETECTION] Contains detection pattern of the dropper DR/WhenU.A.112
[NOTE] The file was moved to '49048f57.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026369.exe
[0] Archive type: ZIP SFX (self extracting)
--> setup.exe
[DETECTION] Is the Trojan horse TR/Drop.Joiner.DV.2
[NOTE] The file was moved to '488da888.qua'!
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026370.exe
[DETECTION] Contains detection pattern of the dropper DR/Spy.Delf.FK
[NOTE] The file was moved to '49048f42.qua'!


End of the scan: Saturday, June 21, 2008 21:19
Used time: 2:28:29 min

The scan has been done completely.

15569 Scanning directories
532542 Files were scanned
157 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
157 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
532385 Files not concerned
8990 Archives were scanned
5 Warnings
157 Notes
piratenews
2008-06-22, 06:15
SDFix: Version 1.195
Run by John Lee on Sat 06/21/2008 at 23:23

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:13:20, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 5104 bytes
Shaba
2008-06-22, 11:12
Hi

Is that really a complete SDFix log?
piratenews
2008-06-23, 01:44
It took over 45 minutes for SDfix to run Final Check Catchme Rootkit Scan after reboot.

Also noticed that Spybot S&D Teatimer was off for the past 2 weeks. Resident was checked ON in Tools, but apparently its not really ON without double clicking REPORT. Only then is the Resident Teatimer checkbox visible. Spybot might want to simplify the Teatimer ON/OFF display to make it more obvious. Online Armor Firewall Program Guard was on at all times.




SDFix: Version 1.195
Run by John Lee on Sun 06/22/2008 at 18:20

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\TASKKILL.EXE - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 18:38:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\Conference\\Conference.dll"="C:\\Program Files\\Conference\\Conference.dll:*:Enabled:Audio/Video Conference by KIOSK Team"
"C:\\Program Files\\support.com\\bin\\tgcmd.exe"="C:\\Program Files\\support.com\\bin\\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"\\findfast.exe"="\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 4 Jun 2002 84,992 A..HR --- "C:\Program Files\Replay Converter\14_43260.dll"
Tue 4 Jun 2002 44,032 A..HR --- "C:\Program Files\Replay Converter\28_83260.dll"
Mon 9 Dec 2002 73,766 A..HR --- "C:\Program Files\Replay Converter\atrc3260.dll"
Mon 9 Dec 2002 65,575 A..HR --- "C:\Program Files\Replay Converter\cook3260.dll"
Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 4 Jun 2002 20,480 A..HR --- "C:\Program Files\Replay Converter\dnet3260.dll"
Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Mon 9 Dec 2002 94,208 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 548,940 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Mon 9 Dec 2002 102,439 A..HR --- "C:\Program Files\Replay Converter\sipr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 5 Jan 2008 4,378,338 A.SH. --- "C:\Program Files\vixy.net\conv.exe"
Thu 14 Jul 2005 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 27 May 2008 12,208 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Tue 18 Mar 2008 145,920 ..SHR --- "C:\Program Files\BillP Studios\WinPatrol\Setup.exe"

Finished!






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:43:39, on 6/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JOHN LEE\Application Data\Mozilla\Profiles\default\f5sn9q7e.slt\prefs.js)
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1420582129-1497244195-3520757181-1006\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 5213 bytes
Shaba
2008-06-23, 16:11
Hi

Please disable TeaTimer or it will interfere this process.

After that, fix these:


O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - (no file)
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\

Reboot.

Please make sure that all programs are closed when installing Java.

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u6-windows-i586-p.exe to install Java.
After the Java installation has finished, please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
piratenews
2008-06-24, 12:23
I disabled TeaTimer.

I removed the BHOs with Hijack This.

I downloaded the Java file, but it will not install or run. Nothing happens at all when I double click on the file, nor right click RUN.

This appears to be related to Windows Installer failure, and inability to Repair it.

The only other program this affects is MS Word, which has "Windows Installer Error 1601".
Shaba
2008-06-24, 12:38
Hi

You can try this (http://support.microsoft.com/kb/321497) next.
piratenews
2008-06-25, 16:49
I got Java 6 installed, and MS Word now works. Yeah.

Kasperkey is not working now. Says I need "Java 1.5 or later".
Shaba
2008-06-25, 16:52
Hi

Try this then:

Please make sure that all programs are closed when installing Java.

Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
Double click on jre-6u6-windows-i586-p.exe to install Java.
After the Java installation has finished, please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
piratenews
2008-06-27, 07:56
I'm still trying to get Java to work. The Java installation seems okay.

Is there some way to test if Java is working?

Maybe a setting on my computer is keeping Java from working?

The old Kasperkey scan page worked fine this month, but that was before I upgraded Java.
piratenews
2008-06-27, 08:19
My Java Control Panel says:

Java Platform Standard Edition 6
Version 6 Update 6
Build 1.6.0_06-b.02

Kasperkey says:

You need to install Java Version 1.5 or later to run Kasperkey Online Scanner 7.0
Shaba
2008-06-27, 08:22
Hi

Then we try non-java version of kaspersky:

Please go to Kaspersky website (http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html) to perform an online scan. Please use Internet Explorer as it uses ActiveX.
Click on Accept.
It will prompt you to download an ActiveX. Allow it.
After that, you will be prompted to install it.

Note: For Vista users, if UAC is enabled, you will receive an UAC prompt. Click on Continue to install it.


Once installed, it will start downloading the definitions. This will take some time. At the same time, you may also receive another prompt to install another ActiveX. Allow it again and repeat Step 2.
When the definitions have finished downloading, click Next.
Click on Scan Settings.
Under Scan using the following antivirus database:, choose extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.
Under Scan options:, check (tick) both boxes.
Click Ok.
Under Please select a target to scan:, click on My Computer. It will start scanning. Please be patient.
Click on Save Report As....
Give this report a name and change the Save as type: to Text file (*.txt) before clicking on Save.
Please post this log in your next reply along with a fresh HijackThis log.
piratenews
2008-06-27, 19:27
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 27, 2008 13:16:34
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/06/2008
Kaspersky Anti-Virus database records: 887388
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
H:\

Scan Statistics:
Total number of scanned objects: 239667
Number of viruses found: 8
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 03:15:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\John Lee\Application Data\OnlineArmor\client.dat Object is locked skipped
C:\Documents and Settings\John Lee\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe/Realtime.dll Infected: Trojan-Spy.Win32.Delf.fk skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe CreateInstall: infected - 1 skipped
C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\History\History.IE5\MSHist012008062620080627\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\History\History.IE5\MSHist012008062720080628\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Temp\hsperfdata_John Lee\3984 Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Temp\jar_cache18932.tmp Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Temporary Internet Files\Content.IE5\89A7C9EF\get_video[1].182&ipbits=16&expire=1214553038&key=yt1&sver=2 Object is locked skipped
C:\Documents and Settings\John Lee\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Lee\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John Lee\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\backups\backup-20061219-025422-705.dll Infected: Trojan-Clicker.Win32.BHO.r skipped
C:\Program Files\Bat\Bat.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\Bat\Info.dll Infected: not-a-virus:AdWare.Win32.Rabio.m skipped
C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Tall Emu\Online Armor\antispam.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\DNSTask.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\firewall.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\fwdata.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\history.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\IPRanges.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\NoteBook.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\NoteBook.pak Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\oacached.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\programs.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\reference.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\SentList.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\server.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\signs.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\sites.dat Object is locked skipped
C:\Program Files\Tall Emu\Online Armor\unins000.dat Object is locked skipped
C:\SDFix\backups_old3\def.htm Infected: not-virus:Hoax.HTML.Secureinvites.c skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP73\A0019478.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP86\A0024943.dll Infected: Email-Worm.Win32.Locksky.da skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP89\A0025981.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP96\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\OADriver.sys Object is locked skipped
C:\WINDOWS\system32\drivers\OAmon.sys Object is locked skipped
C:\WINDOWS\system32\drivers\oanet.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\Old Computer Archive Files 3\SECRET SOCIETIES\BOHEMIAN GROVE CULT\BOHEMIAN-GROVE.HTML Infected: Trojan.IRC.KarmaHotel skipped
H:\Old Computer Archive Files 3\SECRET SOCIETIES\SKULLS\SKULL_BONES_MEMBER_LIST.HTML Infected: Trojan.IRC.KarmaHotel skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{879E598B-020E-408B-AC9B-13ABBD7D02C3}\RP91\A0026297.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped

Scan process completed.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:44, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///E:/September911surprise%20CTV/PirateNews-org/Homepage/index2.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref(".aim.away.autoreply", true);
user_pref(".aim.buddy.SndPlayFirstIncoming", true);
user_pref(".aim.buddy.SndPlayIncoming", true);
user_pref(".aim.buddy.SndPlayOutgoing", true);
user_pref(".aim.buddy.SndPlaySignOff", true);
user_pref(".aim.buddy.SndPlaySignOn", true);
user_pref(".aim.chat.AnnounceChatRoom", true);
user_pref(".aim.chat.FlashChatWin", true);
user_pref(".aim.chat.SndPlayIncoming", true);
user_pref(".aim.chat.SndPlayOutgoing", true);
user_pref(".aim.chat.unavailable", false);
user_pref(".aim.general.im.enterCR", false);
user_pref(".aim.general.im.smilies", true);
user_pref(".aim.general.im.tabKey", false);
user_pref(".aim.general.im.timeStamp", true);
user_pref(".aim.im.playall", false);
user_pref(".aim.mail.presence", true);
user_pref(".aim.proxy.host", "");
user_pref(".aim.proxy.password", "");
user_pref(".aim.proxy.port", 1080);
user_pref(".aim.proxy.protocol", 1);
user_pref(".aim.proxy.use", false);
user_pref(".
N2 - Netscape 6: # Mozilla User Preferences
// This is a generated file!

user_pref(".aim.away.autoreply", true);
user_pref(".aim.buddy.SndPlayFirstIncoming", true);
user_pref(".aim.buddy.SndPlayIncoming", true);
user_pref(".aim.buddy.SndPlayOutgoing", true);
user_pref(".aim.buddy.SndPlaySignOff", true);
user_pref(".aim.buddy.SndPlaySignOn", true);
user_pref(".aim.chat.AnnounceChatRoom", true);
user_pref(".aim.chat.FlashChatWin", true);
user_pref(".aim.chat.SndPlayIncoming", true);
user_pref(".aim.chat.SndPlayOutgoing", true);
user_pref(".aim.chat.unavailable", false);
user_pref(".aim.general.im.enterCR", false);
user_pref(".aim.general.im.smilies", true);
user_pref(".aim.general.im.tabKey", false);
user_pref(".aim.general.im.timeStamp", true);
user_pref(".aim.im.playall", false);
user_pref(".aim.mail.presence", true);
user_pref(".aim.proxy.host", "");
user_pref(".aim.proxy.password", "");
user_pref(".aim.proxy.port", 1080);
user_pref(".aim.proxy.protocol", 1);
user_pref(".aim.proxy.use", false);
user_pref(".
O2 - BHO: (no name) - {344B7EF2-9819-299E-51CB-018EEAA2D736} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O15 - Trusted Zone: http://www.archive.org
O15 - Trusted Zone: http://tvplanner.comcast.net
O15 - Trusted Zone: http://www.comcast.net
O15 - Trusted Zone: http://www.disabilityforms.com
O15 - Trusted Zone: http://www.fireflyfans.net
O15 - Trusted Zone: http://www.infowars.com
O15 - Trusted Zone: http://www.infowars.net
O15 - Trusted Zone: http://*.infowars.net
O15 - Trusted Zone: http://*.myspace.com
O15 - Trusted Zone: http://ww2.nero.com
O15 - Trusted Zone: http://vhost.oddcast.com
O15 - Trusted Zone: http://flash.picturetail.com
O15 - Trusted Zone: http://www.picturetrail.com
O15 - Trusted Zone: *.picturetrail.com
O15 - Trusted Zone: www.piratenews.org
O15 - Trusted Zone: *.piratenews.org
O15 - Trusted Zone: http://*.piratenews.org
O15 - Trusted Zone: *.piratenews_supremecenter38.com
O15 - Trusted Zone: http://forums.spybot.info
O15 - Trusted Zone: *.supremecenter38.com
O15 - Trusted Zone: http://www.tallemu.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O20 - Winlogon Notify: hgnid - C:\WINDOWS\
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6934 bytes
Shaba
2008-06-27, 19:49
Hi

Delete these:

C:\Documents and Settings\John Lee\Desktop\Unused Desktop Shortcuts\cool-speech-59mary-sap14.exe
C:\Program Files\Bat\
C:\SDFix\backups_old3
H:\Old Computer Archive Files 3\SECRET SOCIETIES\BOHEMIAN GROVE CULT\BOHEMIAN-GROVE.HTML
H:\Old Computer Archive Files 3\SECRET SOCIETIES\SKULLS\SKULL_BONES_MEMBER_LIST.HTML

Empty Recycle Bin.

Logs look good.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?
piratenews
2008-06-28, 19:38
MS Explorer will still not run in Kasperkey, with message: "You need to install Java version 1.5 or later."

With MS Explorer the Java.com test page message: "You have the recommended Java installed (Version 6 Update 6)."
http://java.com/en/download/installed.jsp?detect=jre&try=1

Opera is now installed and runs fine in Kasperkey Java page.

With Opera the Java.com test page message: "You have the recommended Java installed (Version 6 Update 6)."
http://java.com/en/download/installed.jsp?detect=jre&try=1

In MS Explorer I'm having severe problems with my website filemanager uploads, with CPU at 100% for 10 minutes just to upload 2 small files. Problem began about 2 months ago, after the virus attack, but my webhost also changed their format on that upload page. Opera will not upload files at all. Is this a Java problem?

Opera is having problems with basic Flash and/or javascript on my homepage, which has never happened in MS Explorer. Flash runs slow, and text looks like an earthquake.

I manually deleted older versions of Java directories, but the only change it made is that Java.com now recognizes Java 6.6 in MS Explorer.
Shaba
2008-06-28, 19:46
Hi

Yes could be very well java problem.

Have you removed all old javas?
piratenews
2008-06-30, 11:06
All old Javas are deleted, and Trash emptied. Is that the same as "removed"?
Shaba
2008-06-30, 12:28
Hi

Yes, it is.

Go here (http://support.microsoft.com/kb/290301) and remove all old javas from list if you see any.

Let me know how it went.
piratenews
2008-07-04, 00:55
MS Windows Installer Cleanup Tool says I have:

Java DB 10.3.1.4.
Java 2 Runtime Environment SE v1.4.2
Java 6 Update 6 (1.6.0.60)
Java SE Development Kit 6 Update (1.6.0.60)
J2SE Runtime Environment 5.0 Update 3 (1.5.0.30)
J2SE Runtime Environment 5.0 Update 7 (1.5.0.70)

Do I need to manually remove any of these using Installer Cleanup Tool?
Shaba
2008-07-04, 09:14
Hi

Remove only these:

Java 2 Runtime Environment SE v1.4.2
J2SE Runtime Environment 5.0 Update 3 (1.5.0.30)
J2SE Runtime Environment 5.0 Update 7 (1.5.0.70)

And let me know if that helped.
piratenews
2008-07-08, 15:00
Java files deleted.

I'm still having problems with some forms in MS Explorer. CPU goes to 100% for 10 minutes, and page cannot refresh, with 2 files max upload. That's my website upload file manager page, so I just use FTP, but it has problems too.

Opera is not working at all on some forms and pages, like my email. Text is still having an earthquake on one page with Flash and Javascript, but only on that one page (piratenews.org). No Java on that page.
Shaba
2008-07-08, 15:09
Hi

That is sorry to hear but as those are not malware issues and not part of my knowledge, is it OK to re-direct you to some windows forum?
piratenews
2008-07-10, 22:05
Hi

That is sorry to hear but as those are not malware issues and not part of my knowledge, is it OK to re-direct you to some windows forum?

Yes, any links are welcome, so long as they don't have viri embedded in html.

The problems in MS Explorer did not stop when I disabled all Java. FTP is now working, perhaps because I disabled Java?

It's just weird that this problem didn't start until after the virus attack. Perhaps this is another symptom of antiviri eating Windows?

Otherwise, looks like my computer is "cured". Thanks.

So what are you doing in Finland? Are you expat American? I lived in UK for 8 years, 1 year in Germany.

My virus problems began the same day I pissed off a bunch of police and federal government employees, who verbally threatened me and banned me from a forum that same day, and who try to ban me on other forums, for reporting on govt corruption. Coincidence theory or coincidence factory?

How can I join the army of counter-intelligence computer investigators, to identify, track and arrest hackers?

As a footnote, I spoke with a waitress at Hooters, who was stationed in Germany in US Air Force Intelligence, at a base near where I was stationed in USAF. She said her main job was writing code to create computer viruses. Later that same night a gunman shot the manager and killed a customer at that restaurant (http://www.knoxnews.com/news/2007/dec/29/customer-manager-shot-hooters/). That gunman previously knocked on the door of the home of the guy I dined with at Hooters that night. Gotta love those Victim Disarmament Zones. As a journalist with a weekly TV news show, I've gotten several death threats from govt employees. Seems to go with the territory. Hacking is a pleasant change from death threats.
piratenews
2008-07-11, 00:51
FYI - Germany seems to be the source of the milspec attack on the web:


Analysis: U.S. military to patrol Internet (http://209.85.165.104/search?q=cache:RwYKyPdxf9QJ:www.upi.com/Emerging_Threats/2008/06/30/Analysis_US_military_to_patrol_Internet/UPI-83401214841029/+%22Analysis:+U.S.+military+to+patrol+Internet%22&hl=en&ct=clnk&cd=1&gl=us)

UPI
June 30, 2008

WASHINGTON -- The U.S. military is looking for a contractor to patrol cyberspace, watching for warning signs of forthcoming terrorist attacks or other hostile activity on the Web.

"If someone wants to blow us up, we want to know about it," Robert Hembrook, the deputy intelligence chief of the U.S. Army's Fifth Signal Command in Mannheim, Germany, told United Press International.

In a solicitation posted on the Web last week, the command said it was looking for a contractor to provide "Internet awareness services" to support "force protection" -- the term of art for the security of U.S. military installations and personnel.

"The purpose of the services will be to identify and assess stated and implied threat, antipathy, unrest and other contextual data relating to selected Internet domains," says the solicitation.

Hembrook was tight-lipped about the proposal. "The more we talk about it, the less effective it will be," he said. "If we didn't have to put it out in public (to make the contract award), we wouldn't have."

He would not comment on the kinds of Internet sites the contractor would be directed to look at but acknowledged it would "not (be) far off" to assume violent Islamic extremists would be at the top of the list.

The solicitation says the successful contractor will "analyze various Web pages, chat rooms, blogs and other Internet domains to aggregate and assess data of interest," adding, "The contractor will prioritize foreign-language domains that relate to specific areas of concern … (and) will also identify new Internet domains" that might relate to "specific local requirements" of the command.

Officials were keen to stress the contract covered only information that could be found by anyone with a computer and Internet connection.

"We're not interested in being Big Brother," said LeAnne MacAllister, chief spokeswoman for the command, which runs communications in Europe for the U.S. Army and the military's joint commands there....


Blonde and blue-eyed. Meet the new 'white' Al-Qaeda (http://www.wakeupfromyourslumber.com/node/5326)

Fox Video: White, blonde, blue-eyed AllCIAduh (http://www.youtube.com/watch?v=GBO7xBpJtoc)

Bring it on! I got my Spybot S&D!
Shaba
2008-07-11, 07:46
Hi

I recommend this (http://forums.pcpitstop.com/) place.
piratenews
2008-07-15, 03:49
Thanks. I'll check it out.

How come these 20,000 soldiers don't protect us from hack attack?


The Network Warfare Battalion (http://www.strategypage.com/htmw/htiw/articles/20080712.aspx)

July 12, 2008: The U.S. Army has activated its first Network Warfare Battalion. The unit will not operate together, but mostly as many detachments, supporting combat forces in Iraq and Afghanistan, counter-terror operations throughout the world, as well as in joint Cyber War operations with other services and foreign countries. The battalion belongs to the 704th Military Intelligence Brigade (http://www.meade-704mi.army.mil/), which is in turn subordinate to INSCOM (http://www.inscom.army.mil) (the U.S. Army Intelligence and Security Command).

All the services are making a major effort to develop defensive and offensive Cyber War weapons. The U.S. Air Force has established a major command (involving over 20,000 specialists) for this, and is attempting to become the lead for all Department of Defense Cyber War activities. The other services oppose this attempt to take over, although they appreciate air force efforts to develop new tools and capabilities. The army and navy both have thousands of troops, in many different units, working on Cyber War activities. Creating major units (battalions and larger) dedicated to Cyber War, is a new development.

Unless their job is to manufacture viruses.
piratenews
2008-07-15, 04:13
FYI

Here's a link for making complaints against malware crooks (http://www.malwarecomplaints.info/viewtopic.php?t=1839&postdays=0&postorder=asc&start=30), posted at the PitStop forum.

Here's the 20,000 soldiers at US Air Force Cyber War Command (http://www.afcyber.af.mil/). Perhaps we can make complaints with them?
Shaba
2008-07-15, 13:05
Hi

Any malware issues left?
piratenews
2008-07-18, 09:02
Can't find any problems. Scans are clean.

Is there software that logs surfing and firewall activity, that can backtrack to when malware and virus files are first downloaded, then identify the URL of the hacker?

A name and address can be identified for that account, and that exhibit can be taken to federal police, along with an affidavit of probable cause for criminal complaint. I don't mind testifying in court to send a crook to prison for felony vandalism, etc. Federal court here in Knoxville Tennessee sends little old ladies to prison for selling puppies, so I'm sure they like to hang a hacker.
Shaba
2008-07-18, 13:25
Hi

"Is there software that logs surfing and firewall activity, that can backtrack to when malware and virus files are first downloaded, then identify the URL of the hacker?"

I don't think that there is one but most popular firewalls have logging ability.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://bfccomputers.com/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://bfccomputers.com/index.php?showtopic=1645)


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean!
Shaba
2008-07-20, 11:11
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.